Uncategorized

Morshed Mannan

The discussion surrounding regulations for Decentralized Autonomous Organizations (DAOs) encompasses various aspects. Incorporation fees, perceived as a form of taxation, pose challenges in establishing regulatory equivalence. These fees have been a recurring topic during the transposition process, evoking a negative sentiment.

Another area of contention is the verification of formation requirements in the DAO Model law. Different jurisdictions hold differing views on who should conduct the accreditation, leading to ongoing debates and a neutral sentiment on the matter.

Regulators face the task of applying existing laws to DAOs, which presents potential risks and unintended consequences. As regulators endeavor to enforce these laws, cases pertaining to DAOs may reach appellate courts, resulting in the emergence of case law related to this technology. This neutral sentiment underscores the uncertainty surrounding the outcome.

A key argument posits that decisions made in appellate courts may establish legal precedents that restrict innovation. This negative sentiment highlights the potential risks and unintended consequences of this approach.

To mitigate these risks, proponents advocate for a proactive regulatory approach, including the use of regulatory sandboxes. This proactive stance is seen as a means to shape laws in a manner that fosters innovation without impeding progress. A positive sentiment surrounds this argument, emphasizing the need to prevent harm and anticipate future risks.

Furthermore, regulators are encouraged to educate themselves about DAO technology prior to implementing laws. This sentiment stems from the belief that a thorough understanding of the intricacies of this technology is necessary for crafting effective regulations. Educating regulators would facilitate a smoother implementation process and contribute to the overall success of DAO regulation.

Jarrell James

The analysis explores the introduction of the Dow Model Law and the coalition group Koala. Koala is a multidisciplinary research and collaboration firm that brings together professionals from various fields such as law, academia, computer science, and entrepreneurship. They aim to understand the challenges and opportunities presented by decentralized technologies and their impact on the legal system and society.

Jarrell James acknowledges and appreciates the efforts of the coalition and panelists. Notably, Rick Dudley is praised for establishing cross-field technical standards, Fatemeh Panazera is recognized as the leading counsel, and Silke is commended for facilitating the Dow Model Law presentation.

The analysis delves into the legal recognition and interaction challenges faced by the decentralized technology space. Obtaining legal recognition is a major hurdle for entities operating in the decentralized space. The Dow Model Law offers a meaningful legal pathway to address these challenges and allows decentralized technology entities to interact with municipal authorities, corporations, and international coalitions. The development of the Dow Model Law took three years, highlighting its importance and thoroughness.

The analysis also explores regulatory challenges and privacy concerns related to Decentralized Autonomous Organizations (DAOs). Governments exhibit major hesitation in interacting with single entities or individuals in the decentralized space, and there are concerns beyond just liability. Additionally, regulatory challenges are likely to arise during the process of recognizing DAOs due to their unique characteristics.

The transparency of DAOs is discussed, with all transactions and payments being visible to participants. However, this transparency undermines privacy, leading to a quest to restore privacy within DAOs. Regulatory authorities lack understanding regarding the extent of transparency provided by DAOs and the tracking capabilities they offer.

Privacy is perceived as being anti-state in the digital space, creating conflicts with state objectives. The analysis emphasizes the importance of reconciling these ideological differences.

Furthermore, the analysis recognizes the significance of coordination and innovative solutions in the field of regulation. The efforts of Koala in developing novel solutions, along with the implementation of the Dow Model Law, are appreciated.

Lastly, the analysis highlights the role of civil societies and coalitions in effecting change in different jurisdictions. The frustration faced in movement and change across various legal systems is acknowledged.

Overall, the analysis provides a comprehensive overview of the Dow Model Law and the challenges faced by decentralized technologies. It emphasizes the importance of legal recognition, addresses regulatory challenges, privacy concerns, and advocates for the reconciliation of ideological differences. The role of civil societies and coalitions in effecting change and innovation is also emphasized.

Silke Noa Elrifai

Decentralized Autonomous Organizations (DAOs) offer a new way of organizing and coordinating global collaborations. They present large-scale coordination opportunities that align with the needs of an increasingly multipolar world. However, DAOs currently face significant legal uncertainties that impede their development. To address this, the proposed Model Law aims to grant DAOs legal personality and capacity, enabling effective interaction with the off-chain world. The Model Law is based on the principles of functional equivalence and regulatory equivalence. While it seeks to provide solutions for taxation issues and legal certainty, the requirement for DAOs to register as global entities poses challenges. Some jurisdictions, such as Utah, have not adopted this approach, hindering the implementation of the Dow Model Law. Efforts are needed to improve the Model Law, especially regarding registration requirements, to make it more feasible for jurisdictions to adopt. Taxation concerns are also an obstacle in the interaction between jurisdictions and DAOs, with jurisdictions emphasizing potential tax benefits. Silke Noa Elrifai suggests an innovative approach to addressing taxation rules for DAOs. Additionally, the transparency of DAOs undermines privacy, and efforts should be made to reintegrate privacy into the model while maintaining transparency for regulatory purposes. The Model Law may not be suitable for all jurisdictions due to its issues, and the default characterization of DAOs as general partnerships or unincorporated associations with joint and several liabilities needs to be addressed. Overall, addressing legal uncertainties, registration requirements, taxation concerns, privacy issues, and the default characterization will support the growth and development of DAOs while respecting legal standards and protecting individual rights.

Rick Dudley

Regulators have faced criticism for a perceived lack of understanding regarding internet communication and cryptographically signed messages. It is argued that regulators misunderstand the unique properties of these mediums, resulting in a negative sentiment towards their treatment. However, proponents argue that existing laws, protections, and regulations can be applied to satisfy the requirements of both the online community and regulators, advocating for a positive approach without the need for special treatment.

There is also a negative sentiment towards compromising privacy due to technical limitations or engineering practicality. Privacy is considered a constitutional guarantee, and individuals are not willing to sacrifice their privacy due to these limitations. The importance of protecting privacy rights and implementing privacy-enhancing measures in technological advancements is emphasized.

Privacy issues related to blockchain are seen as similar to traditional internet privacy concerns, generating a neutral sentiment. The argument is that privacy compromises in blockchain operations, particularly decentralized autonomous organizations (DAOs), are not distinct from the compromises observed in regular surveillance practices. This suggests that similar privacy concerns apply to both traditional internet activities and blockchain technologies.

Rick Dudley, a business owner in the United States, supports the use of Tornado Cash to provide financial privacy to his employees who receive payments through blockchain foundations. This positive sentiment reflects the value he sees in granting financial privacy and the enhanced security it offers. This indicates that privacy-enhancing technologies like Tornado Cash are being recognized as beneficial in the context of blockchain finance.

Privacy pools are considered a technology that restores a basic level of privacy. These pools allow for transaction privacy that can be revealed upon request, and they can demonstrate the legitimacy of funds by ensuring they were never sourced from regulated or restricted entities. The positive sentiment towards privacy pools suggests they are valued as a tool for individuals to regain control over their privacy rights in the digital realm.

There is an argument for regulators needing to educate themselves and gain a better understanding of these technologies, affirming the importance of keeping pace with technological advancements to make informed decisions and regulations.

Regarding regulation, there is a negative sentiment towards creating numerous new laws. Advocates argue that existing laws and regulations can be effectively applied, eliminating the need for extensive legislation. This preference for using and adapting current legal frameworks aims to avoid burdening the industry with unnecessary regulatory complexities.

In summary, regulators face criticism for their perceived lack of understanding of internet communication and cryptographically signed messages. However, proponents support the application of existing laws and regulations to meet the needs of both the online community and regulators. Privacy is considered a fundamental right, and compromising it due to technical limitations is met with a negative sentiment. Blockchain privacy issues are seen as similar to traditional internet privacy concerns, and privacy-enhancing technologies are recognized and valued. Regulators are encouraged to educate themselves, and a preference for using existing laws over creating excessive new regulations is evident.

Fatemeh Fannizadeh

The discussion surrounding the model law for Decentralised Autonomous Organisations (DAOs) covered several important aspects, including legal personality, limited liability, and internal governance. The model law aims to address all the necessary considerations in corporate formations, such as rights, obligations, and the entity’s purpose. It specifically emphasises that there is no implicit fiduciary duty for any one decision-maker. In addition, provisions were made to accommodate the unique nature of blockchain technology, including the possibility of forking.

Various jurisdictions have considered the model law for DAOs, including Australia, the UK, St. Helena, and New Hampshire. However, the state of Utah in the US is the only one that has adapted and implemented the model law thus far. Other jurisdictions, such as Vermont, Wyoming, and the Marshall Islands, have attempted to regulate DAOs through incorporation. Utah’s adaptation of the model law has drawn criticism, particularly regarding the requirement for DAOs to register within the jurisdiction and nominate a registered agent. Critics argue that this requirement deviates from the original model law and is an attempt to exert control over DAO entities.

The discussion also highlighted privacy as a constitutional right. It was emphasised that privacy is not against the state, but rather, it is recognised as a fundamental right in most places. The false dichotomy between protecting privacy and preventing terrorism financing and money laundering was also disputed. It was argued that individuals should not be forced to choose between their privacy and preventing illicit activities, as both can be upheld simultaneously.

When it comes to regulating the DAO Model Law, caution was advised against rushing the process. The technology underlying DAOs is still in its organic growth phase, and it was suggested that hasty regulation could hinder its development. Instead, the establishment of a regulatory sandbox was proposed as a way to allow the technology to mature more effectively. A regulatory sandbox would provide a controlled environment for experimentation and refinement.

The future of the internet was also discussed, with a prediction that it would become more decentralised in the next 20 years. This implies a shift towards a less centralised structure, where power and control are distributed among various entities and individuals. Such a transformation could have implications for internet governance, privacy, and overall functionality.

In conclusion, the discussion on the model law for DAOs covered various important aspects, including legal personality, limited liability, and internal governance. While Utah’s adaptation of the model law has faced criticism for imposing additional requirements on DAOs, other jurisdictions have pursued different approaches, such as incorporation. Privacy was recognised as a constitutional right that should not be compromised. Caution was urged in the regulation of the DAO Model Law, with the suggestion of implementing a regulatory sandbox. The future of the internet was predicted to involve a more decentralised structure, potentially impacting governance and functionality.

Jarrell James:
and like presentations, but we want to also be able to see our notes at the same time so that we don’t just ramble on and waste your guys’ day. So just bear with us real quick, but I can go ahead and introduce the general theme and concept and also the panelists involved. Hello, hi, welcome to the last day of the IGF. We all made it, round of applause for yourselves. I think we’re going to be very brief on technical terms here, but we’re just going to be introducing something called the Dow Model Law and a group coalition called Koala. And Koala is a multidisciplinary research and collaboration firm. It gathers lawyers, academics, computer scientists, and entrepreneurs with a collaborative mindset. We’ll be researching together the challenges and opportunities of decentralized technologies and their impact on specifically law and society and creating actionable steps forward for legal recognition of entities that are known as DOWs, which are called Decentralized Autonomous Organizations. So a little bit about the Koala panelists. I’m not sure I can see everyone that’s online, but assuming that we’re all here. Okay, so online somewhere is my good friend, Rick Dudley, and he’s in New York City, and he is a, honestly, Rick’s pretty freaking cool. He’s got like 20 years of just building the craziest intercommunication technologies and helping design standards across a number of different technical fields. And he is a founder of a project called Laconic and Vulcanize. And he’s just, you know, he’s a really real guy, so it’s gonna be a little bit blunt stuff from him. I’m excited for it. Over there, doing a little coordination, we have Fatemeh Panazera, and she is a badass lawyer and has worked on a number of different decentralized technologies as a general counsel, leading counsel, and is also one of the authors of the paper that we’re gonna be discussing today, the Model Law. This right here, this person is Silke. They’re going to be facilitating the presentation, walking you guys through, as we can, the Dow Model Law, and we’ve scaled it down and made it very applicable to just specifically what we wanna focus on with legality in society. And I believe we have, oh, hey, everybody, how’s it going? Then we have Morshed, and Morshed, actually, now that you’re up here, do you wanna introduce yourselves, Rick and Morshed? I’ll start with you, Morshed.

Morshed Mannan:
Hello, everyone. My name is Morshed, I’m a lawyer and a legal academic. I’m currently based at the European University Institute in Florence, working on the BlockchainGov project. I’m also a member of Koala and had the great pleasure of co-authoring the Dow Model Law with Silke, Fatemeh, Rick, and I think I see Greg as well. Greg, it’s a pleasure to be able to be here today,

Jarrell James:
even if it’s only online. Well, the point of this conference is that the online participation is just as important as in-person participation. So, Rick, do you wanna give a quick and better update about who you are and what you believe and how your life is going, or do you want me to continue to do that? Unmute, unmute. Unmute, Rick. Hi, yeah, I’m Rick. I think the very good intro, thank you. I’ll just sort of add, primarily a mechanism designer

Rick Dudley:
in the blockchain space, and that’s sort of how I ended up working with Koala on the Dow Model Law. And I work with a lot of Dows as well, just as part of my professional capacities. Awesome, and myself, I am Jarell James. I’ll be moderating this panel and hopefully not messing it up.

Jarrell James:
So, I come from a space of decentralized technologies as well, also have a history in computational chemistry. And I am co-founder of a project called Internet Alliance with Fatemeh Fonazadeh over there. And we’re focused on internet resiliency, infrastructure, and different strategies with which to achieve that for various populations, depending on what their needs may be. So, without further ado, which I don’t actually know what that sentence means, let’s just start off with a quick question. Does anyone, I think we already asked, has anyone heard of Dow Model Law? And the answer is no, right? There’s been words, for instance, perhaps the service was paying. I’ve seen some nods. There’s some nods, okay. So, that’s a little bit where we come from in Europe. I think maybe we could just highlight some main points on this. And the Dow Model Law is a lot of work towards, I think, something that’s been frustrating on a good portion of society inside of the hyper-technical space that’s trying to push forward decentralized technologies. You know very well that Europe is one of the. There is overwhelmingly a wall that people run into, which is being recognized as legal entities or finding some kind of meaningful legal pathway to interact with, whether it be municipal authorities, corporations, and international coalitions. So, this is maybe a good way to go into why it took three years and a little bit about what it is from Silke.

Silke Noa Elrifai:
Hi guys. I think most of you have, if you are here in this presentation, you have heard about Dows. They represent a new form of coordination and collaboration that has not consisted until very recently. And it’s an opportunity, especially for people, for global organizations, and many of you are from global organizations, to actually look into this coordination form that goes beyond companies. It’s an opportunity for large-scale coordination and it’s desperately needed, as you can see from the recent geopolitical changes for this increasingly multipolar world. They do face, as Gerald just said, they do face significant legal uncertainties that can be very detrimental to their development. And Rick, if you could just move to the next slide. So, why do we need the model law? It’s, there’s a need for these organizations to have a legal personality and capacity. Just click it through, if you could. So that Dows can actually interact and interface with the off-chain world. Companies do have limited liability and that’s why they are so successful. This is not the case for Dows and to, however they need this to protect the contributors, and you might have seen, there has been quite a few, there has been a lot, not a lot, but some jurisprudence on the topic. And this has been going on for the last three years and we need to continue to look into this. There is a need for legal personality so that Dows actually have standing, for example, to sign contracts or to sue in court. There is also a need to resolve taxation issues because at this moment in time, a lot of those Dows, they’re not registered anywhere. That means they do not pay taxes anywhere. That needs to find a solution. And then there’s also overall generally a need for a legal certainty and predictability. Again, to interface with the off-chain world. People have asked us, and several jurisdictions around the world, what they’ve done, they have actually trying to make their jurisdiction more hospitable to Dows. And they, or people ask us, why do we not just incorporate in a company, in LLC, just a corporation? Shouldn’t that be enough? Why are we actually pushing for something new? And the reason for that is, and Rick, if you just move one further. Next slide, please. We can summarize that, and I’ve just said that already. It’s basically Dows are transnational, pseudo-anonymous, autonomous, and actually they are incorporated and they are incorporated on a blockchain, which is decentralized, secure, and tamper-resistant. And the question then become, why do they need to be incorporated in a company’s register? To address all these points, what we did is, over the last three years, we worked on this model law. And the model law has, we should start with that. Actually, we want to go into problems we have faced since then. But the model law is premised on two concepts, or two principles. The first one is functional equivalence. And Rick, if you move over to the next slide, would be great. It’s functional equivalence and regulatory equivalence. These get mixed up quite a lot. They’re two different concepts, but very similar. So the first one, functional equivalence, is between the tools and the tech, to comply with specific legal rules. So, what are the tools that are available to actually fulfill whatever the tech says? So, for example, you have wet signatures and you have e-signatures. And then, the even more important concept is regulatory equivalence, which is between the means used to achieve a regulatory objective. So, as an example, the deployment of a smart contract on the blockchain with all the relevant data about the DAO might not be functionally equivalent. In fact, it is not functionally equivalent to registration into a corporate register, but its regulatory policy objectives of publicity and certainty are fully achieved, or we at least think that it fully achieved this goal. And based on those principles, we came up with this model law, and Fatemeh is going to continue on this. Hello, yes.

Jarrell James:
Rick, if you can follow up on the next slide, I’m still gonna present on this slideshow. So, what you’re gonna see soon on the slide is, thank you.

Fatemeh Fannizadeh:
So, this is the structure of the model law that we drafted, which is itself like a 50-page document with the commentary. And I’m not gonna really enter into the details of the various chapters, but you can see that it basically tackles all of the points that we traditionally pay attention to in corporate formation. So, it being rights and obligations and the purpose or activity of the entity, the governance requirements that would lead to fulfilling the minimum conditions to have legal personality and limited liability, some exceptions to that, as we also have in the corporate world, some other rules about internal governance. We highlighted the absence of implicit fiduciary duty for any one decision maker within that novel form of organization, because this is one of the big risks that people who are involved with DAOs are concerned about whether or not they will be considered as a fiduciary and then bear the responsibility for whatever the activity of that entity is. But if the DAO has been granted legal personality and limited liability, then there is this absence of fiduciary as well within the scope of that model law. And then we further went on to discuss particular provisions about the nature of the blockchain itself, which if you’re familiar with, like can be, for instance, forked. So, people can move away from a blockchain into another version of it and so on. So, these are very technical possibilities that exist in very different forms in the corporate world. So, we had to tackle these problematics there. And then we have some other provisions and briefly deal with tags, which is something that we couldn’t really satisfyingly cover within the DAO model law because it’s so jurisdiction specific. Rick, please, the next slide. And now, so we wrote this a few years ago, published it, and then what happened since? And usually, this guy moves around and he’s like lost and looks for an answer for where is the adoption. And so, the adoption has to be put in the global context of the fact that when we wrote that model law and published it, it was quite early, even in the technical space, for DAOs to mature and also for legal space, like the jurisdictions, to grasp this novel form of entity and understanding and decide how they want to regulate it if even they want to regulate it. And should they want to regulate it, then whether this should be through, for instance, implementing the model law or just finding other ways. And since the publication of the model law, we’ve seen many developments in various jurisdictions. So, the three first ones that are listed are Vermont, Wyoming, and Marshall Islands, have decided to tackle the question of their relationship or their jurisdiction’s relationship with this novel form of entities through a vision that is not the one of the model law but is very important to pay attention to. So, they, for instance, decided that this DAO, in order to interact with the legal system and other corporations and just the bureaucracy overall, of their jurisdictions, and then globally through their jurisdictions, then they have to, for instance, incorporate an entity there or somehow incorporate their DAO entity within that jurisdiction through some novel form they came up with. Then, this obviously has drawbacks. So, to understand the attempts here is that, I like to give this example that blockchain and DAOs, they speak their own language. It’s a novel form of association between individuals who decide that to pull together some form of treasury or asset and govern it in a global way that is novel in comparison to what we’ve been doing so far, that association is usually amongst people done within a geographical zone, so a country, a jurisdiction, and internet and our hyper-connectivity and whatever opportunities that the blockchain technology offers allows people to interconnect and join within a purpose in a more global scale. And this language is not actually spoken by the language of our legal system yet. So, for these two systems to interact, we need to somehow bridge this interaction and Vermont, Wyoming, and so on, try to do it through this incorporation method. But then, the model law has also been considered by other jurisdictions and implemented, adapted and implemented only in one so far. Here, you can see that Australia has analyzed it, the United Kingdom, it appeared in one of their works. St. Helena is considering it, New Hampshire as well, but the state of Utah in the United States decided to actually adapt. adopt and adapt the model law approach. But it did make some modification to that. And if Rick, you go to the next slide, please. So Utah, what they did is that they took the model law and tried to fit it in within their own jurisdiction and system that is currently existing. And for that, they had to make adaptations, of course. But one of the features of the model law that is very core to the whole exercise that Utah parted with is the one where the model law, we do not require registration of the DAO. So the sole fact that it exists and fulfills the conditions of the model law should suffice for it to be recognized and granted legal personality. While in the state of Utah, they said, yes, but it also need to register within our jurisdiction. Rick, please, the next slide. So here is just like a screenshot of the bill if any of you want to look further and read the bill. Next slide, please. And this is a screenshot of that registration provision where it says that it has to nominate one registered agent within the state of Utah. So I think that what they were attempting to is having a point of connection within the jurisdiction in order to speak to that DAO entity. So I can break here if any of you have questions so far

Jarrell James:
or otherwise we move to. Hello? Yeah, I think we should stop here for a second and maybe help everyone, what did we all just hear? What was this as a full review? So we are talking about decentralized autonomous organizations. These organizations can be collectives of people, but I think maybe more relevantly for the IGF, it could also be coalitions of companies or orgs that are all coming together under a shared mission and that shared mission would require them to have some kind of legal interaction with various bodies around the planet. And I think what you guys have just done really well is explain all of that, but also the issues with where this philosophy tends to run up against a wall and that is the oftentimes these jurisdictions. If anybody does have any thoughts, I would encourage you to start maybe thinking about your own governments and maybe your own jurisdictional issues that you’ve considered. And yeah, get your questions ready for us for later. But yeah, I think if we wanna move into really explaining the first challenge, might be good. And we can, like the first challenge of the Dow Model Law going forward. And from there, I think we can also take into account audience participation of maybe other challenges that you may think could be propping up in your own places or could pop up in examples you’ve seen in the past. So I’ll hand it over.

Silke Noa Elrifai:
I think one important factor, we have prepared two challenges. The reason we come with this challenge here is because here at IGF, you have a lot of government officials and governments that consider Dow legislation. What we face with Utah is basically, they adopted the Model Law wholesale with a few exceptions but for this registration requirement. But the core of the Model Law is actually not too hard to force a Dow to have to register because they are global entities. We’ve ourselves wondered why this is the case and what we can do to improve the Model Law because we’re working on a version two. The registration requirement, basically what we said, we had earlier the equivalence, the functional equivalence and the regulatory equivalence principles. We feel that the publication on the blockchain, the registration on the blockchain, the publication requirements and all the requirements we put into the Model Law in relation to that is regulatorily equivalent to registration in a jurisdiction but it seems that this is not the case for Utah and also other jurisdictions we have talked to.

Jarrell James:
So actually, I wanna just do a little bit of audience participation on this. It’s like, what would somebody think is one of the biggest hesitations of why they would want to interact with a single person or have someone, a single entity, a single person registered in their jurisdictions? Just raise your hand and answer that question if you want but we have, I think a lot of people tend to tell us it’s because of liability, it’s because of liability, it’s because of liability and I don’t believe that that is exactly where it actually comes from from these governing bodies. That’s not what their concern is.

Silke Noa Elrifai:
I mean, one other issue that usually is the elephant, the white elephant in the room is the taxation like without registration or jurisdictions that currently consider making a hospitable environment for DAOs, this is, I wonder, this is basically because they wanna have tax money, they wanna have a benefit from it and they feel that there might not be a benefit if they do not require the registered agents or general other formation requirement in their own jurisdiction. I’m very much interested to hear your opinion on that because obviously within the model also, this could be dealt with new, different taxation rule on DAOs.

Jarrell James:
Yeah, and I just wanna give quick our participants online a chance to tune in here. Murshad is very well versed on the equivalence issue and I would love to just give you the floor, Murshad and just discuss some of your own insights around these tensions. Thank you. I won’t take up too much time, especially given the very comprehensive and thorough presentation that’s been given as well as the interventions that have already been made.

Morshed Mannan:
But I think in addition to taxation, one of the issues that we found as a challenge when it comes to establishing regulatory equivalence has been what are considered to be like incorporation fees which is, I guess, a type of tax or is a type of levy that a state expects an entity to pay when they’re filing. And we anticipated that the revenue implications would be something that they would take into account but in the transposition process, this was quite a eye-opening aspect of it that this came up again and again as a discussion point. So I think going forward, when we look at different jurisdictions to work with with respect to the model law, the issue of how like regulatory equivalence cannot just take into account trying to meet a policy objective, but has to hands-on take into account these sorts of financial considerations as well and whether some other way of trying to meet these considerations, whether that is having a pool of assets that is kept to pay for these sorts of fees, it could be something that’s done individually, it could be done by unregistered DAOs as a group. There are many creative approaches that can be taken to do this, but basically that just trying to satisfy a policy objective wouldn’t be sufficient. The other point that I want to add is that in addition to this issue of registration, registered agents and so on, there’s also been a discussion about the role of accreditation. So who is going to actually verify that the different points that are mentioned for formation in the Dow Model Law, who gets to actually accredit that this is happening, who gets to audit it and so on? And we found that different jurisdictions have different views about who this should be. Some have said that, okay, a private accreditation body that sort of does this assessment is fine, while others have said, no, we would want to have some entity in our state, something that the state authorities trust to be able to do this so that they know that these formation requirements have been met. And again, so this will be an issue to consider when we try to establish regulatory equivalence in other contexts. And yeah, I’ll hand it over to Rick or anyone else who would like to add to this. Or back to you.

Jarrell James:
I think that was a really solid just overview. And I want to keep us a little bit forward moving forward on this, because I think this regulatory question is just going to come up again in this next little bit. Because I think what we’re not discussing is, yes, while we’re not fulfilling maybe the philosophical background and ideologies of these municipal authorities or these governing bodies, there is also a moment where they’re not fulfilling the actual decentralized ideology and the purpose of having these decentralized organizations be able to collaborate in both a mathematically ledgered way on a blockchain, and also in a way that allows for a number of different stakeholders to combine themselves under one coalition and demand recognition on that basis. And why I wanted to bring up the conflicting philosophies then around this for DAOs is I think a really important part of DAOs is the ideology around that is that people want to be able to make movements in a private and secure environment. And privacy, by its nature, I think we’re learning, is kind of anti-state in some ways. I think that there’s a desire to kind of eradicate true privacy on the digital sphere. And DAOs represent a collective movement that is also trying to maintain the privacy of some of its members and not put them in positions of compromise. So I wanted to hand it over to you to start off on the challenge two and discuss where privacy fits into all of this. Fatemeh. Hello, yes, now it works. Thank you for this.

Fatemeh Fannizadeh:
I was gonna comment actually on the previous challenge just to cite some case laws, but your prompt actually requires a response because you said that privacy is anti-state. And I think this is fundamentally not the case. Actually, privacy and our right to privacy is a constitutional right in most of the places and is actually why it’s very aligned with state mission. So privacy is not anti-state, but this is part of the current narrative that we are hearing more and more that privacy threatens some of our other rights. So privacy needs to be compromised with in order to protect and sustain anti-money laundering rules, for instance. Or privacy should suffer, encryption should suffer in the context of messaging apps, for instance, to protect the rights of other populations against some form of harmful content that can go through these apps and so on. So privacy as a right, I think, is not under question because it cannot be, I think, legitimately questioned. But here there is the question of whether privacy primes over these other rights. I even wonder whether this is an actual legitimate question in itself. Is this a dichotomy between should we protect privacy or should we protect against terrorism financing and money laundering? I think that this is a false dichotomy that forces us to choose one over the other while I believe that we can protect both and we should aim to protect both and fulfill all of our rights without harming one for a certain narrative.

Jarrell James:
Yes, Silke, I wanna hear your response. And then Rick online, who is a deep professional in the privacy design space, I’d love to hear just a couple minutes of thoughts following Silke.

Silke Noa Elrifai:
Just give him a one, two. One thing I wanted to add is obviously right now because DAOs, and we haven’t mentioned this, DAOs are premised on transparency, meaning that everything is transparent right now. And it’s actually, I’m not sure DAOs are actually advancing privacy at all. It’s the opposite. They are not advancing privacy. They have been undermining it and we are trying to get it back. Also, the model as it stands right now actually is based, premised on transparency and how transparent everything is. And that leads to regulatory and functional equivalence. And now we’ve seen several bad results out of that. One is, for example, that DAO workers, their right to have privacy of payment is being undermined because they’re getting paid by the DAO. Everyone can see they are paid like X amount, whereas anyone who works for a company just has this privacy. No one necessarily sees a person’s bank account. So what we’re trying to do is trying to get privacy back into the model law. And that is a challenge because DAOs are usually associated with, I mean, they’re squarely in the cryptocurrency space and there are KYC rules and anti-money laundering rules. And regulators would love DAOs at least to stay transparent while we’re trying to get this back to a certain extent.

Jarrell James:
Yeah, Rick, I think you’re online. I actually really love a bit you were just saying about how DAOs are more transparent than the salaries of CEOs and the salaries of all these different corporate entities and their officers. And that transparency does seem to be lost on regulatory authorities. When you tell them that there’s a ledger and there’s this published transparency, I don’t know that there’s a lot of understanding around that. So yeah, just go respond. And then, yeah, Rick, I’d love to hear your thoughts on the design for these sorts of pieces. Yeah, I think there’s a lot of issues around privacy.

Rick Dudley:
I think there is this sort of fundamental misunderstanding when talking, in my experience, in talking to regulators or sort of hearing the arguments of regulators secondhand, maybe more precisely. They seem to believe that the medium somehow is special and has these special properties that require a special treatment. And I think that that’s very misguided. I think that the medium being internet communication, frankly, and cryptographically signed messages, not even encrypted messages, really shouldn’t, should be a simple enough mechanism that we should be able to educate regulators on how existing laws and existing protections and existing regulations can be applied in a way that both satisfies the requirements of the existing online community, as well as the regulators. And so for me, a lot of these privacy conversations are, to Silke’s point, why are we giving up privacy? There’s a technical limitation. There’s sort of a engineering practicality that’s causing that at the moment, but we shouldn’t expect that. that to persist in perpetuity. And we should be able to, much like Fatima was saying, we should be able to have the privacy that we’re constitutionally guaranteed. And I think that that’s actually maybe the bigger issue is that there is an internal struggle within any government that I’m aware of where they want to know what people are doing in spite of the fact that there is a constitution or some other legal constraint on their ability to do that inspection. And I feel like this is just sort of classic, traditional internet privacy issues. It’s not really distinct. The dial privacy issues aren’t really that distinct from normal surveillance compromises, I guess you could call them, because surveillance still occurs. We can’t really avoid it. I think just touching on that,

Jarrell James:
you were saying that we shouldn’t give this up and there are ways to reconcile this. I fully agree, I think we all do. And I just would like to clarify that I think what is striking to me is that as things move towards a digital space, now we are starting to see this idea or this perpetuation that privacy is anti-state. And that’s kind of where I’m coming from on that. I’d like to just quickly discuss any ideas on how we would reconcile these kinds of differences and what’s going on in model law number two, or version two, and what maybe approaches are being taken around reconciling these mildly ideological differences. That’s an open question to any of the panelists, if you’d like it, but just take it. Yeah. Hello? Yeah.

Silke Noa Elrifai:
The African attempts to recreate the privacy that a normal bank account or like the payment into a bank account by a company would give you. I’m probably not the right person because that was the technical team was developed earlier. There’s actually a blog post about that. But it was just about that one little point. How can the workers get paid without everyone know how much money they get and on what regular basis they get the funds? It was, and you might have seen this if you’re in the space in relation to privacy pools. What it does is you send the funds into, am I the right person to talk about this? Maybe Rick wants to talk about that.

Jarrell James:
Yeah, Rick can talk about the privacy pools. Yeah, I’m capable of talking a little bit about privacy pools. I mean, I understand the underlying technology well enough.

Rick Dudley:
So yeah, I mean, there’s, so in fact, I should probably should mention this earlier. So I run a company. It’s a registered company in the United States. I pay my taxes. We get paid on chain by various blockchain foundations. I put those payments through Tornado Cash, specifically for this reason to add some financial privacy to my employees, frankly, who get paid this way. I thought it was a bit bizarre and invasive that anyone in the world could see what they’re being paid. There’s also a security issue that I’m always sensitive to, physical security issue of people knowing how much you’re getting paid. And so I use Tornado Cash and I’m happy to, I still have all of my notes and what have you. I can prove to any regulator that I was not a terrorist. I paid myself and what have you. But all of the sort of rigmarole and controversy around that, even prior to some of these other claims about funding terrorism that have also come up, again, it’s just a lot of confusion. It’s a lot of regulators sort of applying, trying to hammer in a screw. I think a lot of these problems, so privacy pools are just a technology that is really just trying to get you back to the basic level of privacy that you would have had otherwise. So basically being able to say, I sent this transaction in private to someone else, and now some regulator asks me or somehow requires that only certain types of transactions actually make it onto the payment rail, for example, like the Fiat payment rail. Privacy pools are a technology that allows you to have privacy when you’re transacting, but then reveal it upon request and demonstrate that your funds never were tainted by funds that are otherwise restricted or regulated.

Jarrell James:
All right, thank you. I think in the last few minutes, I wanna ask the panel, and I think it’ll be more fun if we do a little bit of a hypothetical situation. So let’s each person, let’s imagine you’re talking to the lead regulator of, let’s say, a major world power. What is something that you would want to get across to them, and what is the call to action to the legal practitioners of that government around this Dow Model Law that you would just, if you had five minutes in an elevator?

Fatemeh Fannizadeh:
Thanks, I can go first, maybe. I think that it’s not about lead power of the world. Actually, this is a global technology that knows no borders, and it should not be primarily regulated by one so-called lead power. I think that what I would wanna tell all of the regulators and practitioners who are interested in this space is not to rush into regulating or trying to capture through or shape this technology to regulating right now, because the technology itself is still growing organically, and we need to give it space to grow. And I believe that all of the regulation that already exists, whether it is anti-fraud regulation or securities regulation and so on, do grasp some of the activities that may be problematic within the technology, and we do not need new form of regulation right now. What we need is a sandbox. We need to give the possibility for this technology to mature. And what we’ve heard often during the past days here is how will the internet look like in 20 years? And I think that the internet would definitely look different in 20 years, and it would probably, and I think I’ve heard that also often, which was positively surprising, that it will be probably decentralized or have more decentralized components. And for that to materialize in a positive way, I think that we need to care for less capture right now and more sandboxing in order for this regulation to deliver on its promise.

Jarrell James:
Rick and Armashad, just a couple of closing thoughts. Let’s try and keep it to two minutes. Yeah, so just briefly, just to sort of mirror that previous comment, I strongly believe that most of what we’re doing in this space with DAOs fits under existing regulation.

Rick Dudley:
The vast, vast, vast majority, there might be one or two exceptions that I can’t even really think of right now. I feel, frankly, as a taxpayer, I feel it’s the responsibility of the regulators to educate themselves and understand how these technologies work so that they can then apply the law judiciously to new technology, and I’m happy to help them with that. There’s plenty of people who are interested in helping and supporting that, but I don’t think that we need to create a lot of excessive new laws. I think it causes more problems than it fixes. Yeah, that’s basically it.

Morshed Mannan:
Marshad, let’s give you an opportunity here at two minutes. I just wanted to add that we’re starting to see case law emerging, as has been alluded to, that starts looking at DAOs, and in some cases, this isn’t, is basically trying to achieve regulation by enforcement of certain existing laws, and as we started to see, in some cases, this can lead to all manner of unintended consequences, especially if this, let’s say, gets appealed to an appellate court where there is a decision that’s made that creates precedent, and I think issues that we raised in the model law, ranging from whether there should be implicit fiduciary duties or questions of tort, all the way to issues of how to deal with the limited liability or joint and several liability, the risk of this, has to be something that we should also try to proactively shape in the types of regulatory sandboxes that Fatemeh mentioned, hopefully with the idea that judges will eventually also come on board to start interpreting the law in a way that doesn’t end up constraining this space and creating new sorts of harms, because while we wait, or to wait and see, this risk might also emerge.

Silke Noa Elrifai:
My last comment would be to state that even if regulators or jurisdictions do not wanna implement the model law, because of course there are a lot of issues with it too, at least get rid of the default characterization of DAOs as general partnership or unincorporated associations that gives joint and several liabilities to any of the contributors, and this is one of the things we have seen recently which had a very chilling effect, chilling, not chilling, chilling, cold-ringing effect on DAO contributions and how, and the developing of code for DAOs. We’ve seen this in, especially in the UK case in the US recently, this really needs to go away. So even if you think the model law is nothing for you, you need to address this in your jurisdiction, because if you don’t, you’re not gonna have much development in the area anymore.

Jarrell James:
Yeah, I completely echo those sentiments. Code by its own self is not a crime. And I wanna just bring this all together, because I know that legal frameworks and regulation can be very dry in understanding the future and, okay, well, how does this actually apply to the future, and there’s a lot of coordination systems that have existed before DAOs, and this is just another innovation in the concept of coordination systems. And I think what the model law has done and Koala is trying to do is push forward the field of innovative solutions around coordination, and while maintaining a lot of new and exciting technologies such as blockchain, such as decentralized infrastructure and organizations. So for relativity towards this event, there’s a lot of civil societies here, there’s a lot of people that could be coming together and making their own coalitions, and for those online that are watching, I’m sure we’ve all seen a lot of frustration inside of making movements on the planet and trying to make changes inside of different jurisdictions. So I’m really excited to see Dow Model Law version two, and yeah, we’ll be around, and feel free to discuss your governments for us, but you know, send them our way.

Audience

During a discussion on the ethics of cybersecurity, a student from Nepal studying for a master’s degree raised a question regarding the ethical concentration within the field. The specific focus of inquiry was on issues related to hacking and privacy. The student displayed a neutral sentiment, highlighting the need to consider ethical implications in cybersecurity.

Another individual also expressed concern about the ethical aspect of cybersecurity, displaying a positive sentiment. This person emphasized the importance of addressing the ethical dimension within the industry. Both speakers stressed that cybersecurity professionals should be mindful of the ethical considerations associated with hacking and privacy.

The discussion brought attention to the fact that ethical considerations in cybersecurity, particularly pertaining to hacking and privacy, are becoming increasingly important. It highlighted the need for cybersecurity professionals to operate within a framework that not only protects systems and data but also upholds ethical standards. By addressing these concerns, the industry can ensure that security measures are implemented in a responsible and ethical manner.

Overall, the discussion shed light on the growing recognition of the ethical dimension in cybersecurity and the need to address it within the industry. With cybersecurity playing an increasingly crucial role in our digital society, it is essential to prioritize ethical considerations alongside technical expertise to protect and safeguard individuals’ privacy and security.

Nabeih Abdel-Majid

There is a critical need for cybersecurity education, particularly for children and parents, as a significant percentage of students are using social media and the internet without proper knowledge of potential security risks. Many students believe that social media sites are safe and trustworthy, exposing them to potential dangers. This highlights the importance of educating children and parents about cybersecurity to protect their personal information and online presence.

A proposed curriculum has been developed that covers various aspects of cybersecurity, including social network security skills, file backup, password management, and web browsing skills. The curriculum is designed to be interactive and engaging, using videos and interactive screens to provide a comprehensive learning approach. It is not only targeted at children but also includes modules for educators and parents, emphasizing the need for a community-based approach to increase cybersecurity awareness and action.

Dr. Nabeih has been working on this curriculum for seven years, demonstrating his dedication and expertise in the field. Now, his aim is to share this curriculum with educational institutions to ensure that children and their parents receive proper cybersecurity education. The curriculum has been designed to safeguard children and maintain their self-confidence in the digital world.

Parents play a vital role in implementing this curriculum and protecting their children online. As such, they are encouraged to actively participate in the learning process and be aware of potential digital threats. Nabeih Abdel-Majid’s platform for the curriculum includes a survey for assessing the levels of knowledge and offers courses in multiple languages, catering to a wider audience.

However, there may be some challenges in implementing the curriculum. During the presentation, Nabeih faced trouble connecting to Wi-Fi, which highlights the need for reliable internet access to deliver cybersecurity education effectively. Additionally, structured learning sessions are necessary to ensure that students receive proper guidance and support throughout the learning process.

The curriculum also focuses on preserving privacy and emphasizes the importance of controlling personal data. It teaches students how to safeguard their personal accounts on platforms like WhatsApp and Google to prevent unauthorized access.

Furthermore, the curriculum includes review questions for the purpose of understanding rather than examination. This approach aims to reinforce learning and ensure that students fully comprehend the concepts taught.

A new learning program is being piloted, demonstrating a commitment to continuously improving the curriculum and its educational impact. It places a strong emphasis on cooperation between teachers, students, and program creators. The ultimate goal is to create a secure community where individuals are well-equipped with the necessary cybersecurity knowledge and skills.

The curriculum is targeted at children from grade 5 to grade 11, covering different levels suitable for each grade. Parents are recognized as crucial participants in the educational program and are required to attend group sessions along with their children. This collaborative approach ensures the involvement of parents in protecting their children online.

It is important to note that students can still find ways to circumvent digital restrictions despite cybersecurity measures being in place. Therefore, parents must actively watch their children and offer support and guidance against digital threats.

The project has received accreditation from KHD in Dubai and is seeking recommendations from the IGF to expand its implementation to different communities. This indicates the recognition and confidence in the curriculum’s effectiveness.

Overall, there is a clear need for cybersecurity education for children and parents. The proposed curriculum developed by Dr. Nabeih addresses this need comprehensively. With the involvement of parents and educators, a community-based approach can be adopted to increase cybersecurity awareness and action. Challenges such as reliable internet access and structured learning sessions need to be overcome to effectively implement the curriculum. The goal is to create a secure community, empower children with cybersecurity knowledge, and ensure their safety online.

Hala Adly Hussain

Blockchain technology is highly regarded for its ability to safeguard valuable data and assets from cyber criminals. It operates as a decentralised system that upholds principles of security, privacy, and trust. The architecture of blockchain allows for monitoring of ledgers, enabling the identification of any unusual or malicious activity. Furthermore, the implementation of smart contract security on the blockchain ensures that payment processes become more convenient and secure.

There are two prominent types of blockchain: public and private. Public blockchains, such as Bitcoin, operate on an open network, allowing anyone to participate in transactions. These transactions are validated using public key encryption, ensuring transparency and accountability. On the other hand, private blockchains offer more control, as entry to the network is restricted and heavily reliant on identity control through digital certificates.

In order to successfully implement blockchain technology, education and regulation play vital roles. It is necessary to conduct blockchain implementations while adhering to regulatory requirements. This ensures that the technology is utilised in a manner that aligns with legal and ethical standards. Additionally, it is crucial to educate individuals about the potential vulnerabilities of blockchain. By increasing awareness and knowledge, stakeholders can proactively mitigate risks and strengthen the security of the technology.

Moreover, Hala Adly Hussain demonstrates a keen interest in obtaining approval from the Ministry of Education in Jordan for their project. This highlights the significance of seeking validation and involvement from relevant authorities in the implementation of blockchain solutions within the education sector. By having regulatory bodies endorse projects, the credibility and potential impact of initiatives aiming to enhance the quality of education can be maximised.

In conclusion, blockchain technology possesses inherent capabilities that make it a powerful tool for protecting valuable data and assets from cyber threats. Its decentralised nature, coupled with principles of security, privacy, and trust, enhances the integrity and resilience of digital transactions. The availability of public and private blockchains offers flexibility and control over network participation. Education and regulation are instrumental in successful blockchain implementation, ensuring compliance with legal requirements and mitigating potential vulnerabilities. Collaboration with relevant authorities, such as the Ministry of Education, strengthens the credibility and impact of projects within targeted sectors. The power and potential that blockchain technology holds can be harnessed when combined with a comprehensive understanding of its intricacies and a commitment to ethical practices.

Moderator

During the discussion, the importance of integrating an AI Curriculum in education was highlighted. It was emphasized that teachers, parents, and children should all be educated in this curriculum. This is because AI is becoming increasingly prevalent in various fields, and it is essential for individuals to have a solid understanding of AI concepts and applications.

The AI Curriculum was seen as vital, and it was suggested that everyone should actively participate in it. By doing so, individuals can develop the necessary skills and knowledge to effectively utilize AI and stay updated with technological advancements. Moreover, integrating AI Curriculum in education can help bridge the gap between technological advancements and traditional teaching methods, leading to a better educational experience for students.

In addition to AI, the discussion also explored the integration of Blockchain technology into the cybersecurity curriculum. It was suggested that blockchain technology could enhance cybersecurity by countering the efficiency and effectiveness with which cyber criminals apply AI and machine learning in their cybercrimes. Blockchain, being a decentralized system built on principles of security, privacy, and trust, offers benefits such as real-time data delivery, cost-effectiveness, and strong encryption practices.

The importance of protecting children online while maintaining their self-confidence was also emphasized. The AI Curriculum aimed to equip educators, parents, and children with the necessary knowledge and tools to ensure their safety in the digital world. It was deemed crucial for parents to attend sessions and understand how to monitor their children’s online activities discreetly, thus ensuring their safety without compromising their privacy and trust.

Furthermore, a program to enhance community security was launched as a pilot test. This program aimed to support different communities and promote a secure environment through the collaboration of Dr. Ahmed Noura, Dr. Nermin, and other stakeholders. It was acknowledged that cooperation from all members of the community is essential in achieving a truly secure community.

The session also highlighted the significance of different roles with varying privileges in educational programs. By featuring roles such as students, managers, teachers, and site administrators, users can effectively monitor student progress and ensure a well-rounded educational experience.

The importance of monitoring and taking care of students was stressed. It was acknowledged that even in the digital age, where technological advancements can pose risks, it remains crucial to protect students from harm and extortion.

The session also delved into the aspects of privacy control, stopping hacking, and maintaining cybersecurity. Methods for controlling privacy on platforms such as iCloud and Android were discussed, as well as detecting if someone has hacked into personal devices using the camera or microphone. The importance of deleting files to ensure they are not retrievable by others was also highlighted.

Overall, the session concluded with the expression of hope for the implementation of the AI Curriculum in educational institutions. This implementation could effectively protect children and promote safe internet usage. The discussion underscored the need for continuous education and adaptability in the face of technological advancements. By equipping individuals with the necessary skills and knowledge, society can navigate the digital landscape securely and confidently.

Video

The analysis explores various arguments and topics related to cybersecurity, online learning, and digital security. One argument highlights the alarming possibility of devices being hacked without the user’s knowledge. This emphasises the need for taking necessary preventive measures. It is stated that many programmes have the ability to breach and sneak into your device, allowing them to start monitoring you without your knowledge. This raises concerns about privacy and the security of personal information.

Another argument discusses the alarming capability of hacking programmes to remotely control a device’s camera. This invasion of privacy poses significant risks and underscores the importance of safeguarding digital devices from potential breaches. The analysis further suggests implementing measures to ensure digital security and privacy, such as using internet-safe browsing and adopting strong personal digital security habits. The evidence provided includes the capability of hacking software to greatly affect a device if preventive measures are not taken.

Furthermore, the analysis highlights the importance of cybersecurity awareness, particularly in the education sector. It mentions that a teacher emphasises the significance of cybersecurity awareness in their classes. This observation reflects the growing recognition of the need to educate individuals about cybersecurity risks and the measures they can take to protect themselves.

In addition to cybersecurity, the analysis touches upon other topics as well. It mentions the creation of interactive screens and the use of QR codes for testing purposes. Creating interactive screens can enhance user engagement, while QR codes can provide a convenient and efficient way for testing.

The analysis also addresses online learning and its benefits. It highlights how online learning allows students to repeat sessions as much as needed and have personalised access to lessons from home through unique usernames and passwords. This flexibility enables students to learn at their own pace, which is a significant advantage of online learning.

Furthermore, it is noted that online learning sessions are structured and divided into different sub-sessions. This provides a systematic approach to learning and enables students to navigate through the content more effectively.

Regarding online privacy, the video suggests using the WhatsApp application and opening Google accounts through the browser to preserve user privacy in online learning environments. This highlights the importance of implementing measures to maintain privacy and protect personal information in the digital realm.

In conclusion, the analysis sheds light on several important aspects of cybersecurity, digital security, and online learning. It underscores the need for preventive measures to safeguard against hacking, the importance of cybersecurity awareness, and the benefits of online learning. It also highlights the significance of implementing measures to maintain online privacy and personal digital security. Overall, these insights provide valuable information for individuals and institutions in navigating the digital landscape safely and securely.

Moderator:
perhaps. If she can launch it again. Steemed attendees, allow me to welcome you on behalf of the creators union of Arab the consultative status of the economic and social Council of the United Nations, and we are delighted to have H.D.T.C. training center as our strategic partner, which has grandly contributed to spreading awareness about the importance of this curriculum among the A.I. revolution, assuring the need to educate teachers, parents, and most importantly, the children, who are the core of this curriculum. And we extend a welcome to all whom attending our session, even in person or online. Let me extend a welcome to our distinguished speakers in this session. In my right hand, Dr. Ahmed Noor, the president of the creators union of Arab the Arab media union, and on my left hand, Dr. Nabiha, a professor at the colleges of technological science in the United Arab Emirates, who is the intellectual property owner to the digital safety and cyber security circulated, which will be presented in our session today. And we welcome also our speaker from Egypt, Dr. Hala Adly Hussain, the secretary general of I’m pleased to welcome to the session the secretary-general of the Arab League, the secretary-general of the Union of Arab Women Leaders, the member of the state of Arab League. The session will address several key points. The mission of this curriculum is its implementation objectives and its impact on achieving safe Internet usage, and we will discuss the role of the supply chain in the development of the Internet. We will start with a brief outline of the agenda of this session. We will start with the welcoming word by Dr. Ahmed Noor, then the intervention of Dr. Hala Adel Hussain, who will be joining us online, and last but not least, we will share Dr. Nabeeh’s journey with the digital safety and cybersecurity curriculum. We will start with the welcoming word by Dr. not least, welcome to all. Thank you. Thank you, Dr. Ahmed. Now we’ll listen to intervention from Dr. Hala Adli-Hussain. I think she’s joining us online. Dr. Hala, are you here?

Hala Adly Hussain:
Yes, I’m with you. Yes, hello. Good morning. Good morning from Egypt. I don’t know.

Moderator:
Good morning. Here in Japan, we are afternoon. Okay. Please have the floor. Thank you.

Hala Adly Hussain:
Okay. Dear Dr. Ahmed Noor, President of the Creators Union of Arab Media Professionals, member of the United Nations, it’s only for me to be part of this valuable conference to discuss the importance of protecting and securing all the information in the name of digital safety and cyber security curriculum. My session today, I’m going to speak about the role of blockchain and how it will protect our valuable data and our business and our assets. The cyber criminals are increasing the frequency and sophistication of cyber attacks by pooling their knowledge and leveraging new technologies. The use of the artificial intelligence and machine learning help them to prepare a cyber crime more efficiently, causing more profound and widespread damage. So the traditional solutions alone are often insufficient to meet modern cyber security challenges. So we must explore other approaches for improving information security, including the blockchain technology. The blockchain technology, according to IBM, is a shared immutable ledger that facilitates the process of recording transactions and tracking assets in a business network. So it is a system for tracking anything with value, securely, transparently, and cost-efficiency. The name of blockchains come from the fact that each transaction is recorded as a block of data, and this block might record one or more data types, such as the quantity, price, or location. These blocks become a chain as the assets move from one owner to the other owner, and the chain contains the details of each transaction, including their time and sequences. So a blockchain can be advantageous to any use case. The whole benefits from secure, transparent, decentralized network, including healthcare, supply chain management, copyrights, and reality, and reality protection, the IOT, Internet of Things, messaging, voting, charity, even the new innovation for drugs, as I am a pharmacist, so it’s very valuable for me to protect the innovation and the know-how from stealing. The blockchain has two types. One of them is the public type, which we all know is the Bitcoin, which remains the most prominent example of the public blockchain. As anyone can join the public blockchain, and can do so any anonymous. This blockchain ecosystem use Internet connected to computer or mobile to validate the transaction and to provide the agreed upon consensus. The consensus here is achieved via Bitcoin mining, using computer resources to solve the cryptographic puzzle to create the proof of work by which to validate each transaction. This is the public blockchain, does not have many identity and access control. So, authentication and verification are largely carried out through public key encryption. In contrast to a private blockchain, which is more important for our business, for our organization, for our data, the private blockchain relies heavily on identity control, mostly through digital certificates, using them to make the blockchain private, through membership and access privilege. Typically, a private blockchain only allows access to known entities and organizations. So the consensus here is achieved on a private blockchain by selective endorsement. Known users with privileged access and permission to verify transactions and maintain ledgers. Due to this tighter control, a private blockchain can be likely to satisfy an industrial regulatory compliance requirement. Also, as we said before, the innovation of the drugs, all the secure data, so that I think it’s more compatible or to be more benefits for the defense army. So it’s very important for them. So cybersecurity is built into blockchain technology because of its inherent nature of being a decentralized system built on principles of security, privacy, and trust. In addition to transparency and cost efficiency and enhanced security, it is fast. Data on blockchain network is delivered in real time, making it useful to anyone who wants to track assets and see transactions in time, such as payments, orders, accounts, or know-how to our drugs. In addition to transparency, it’s cost-effective. It’s important to note that viewing a transaction or transmission may be innocent but due to encryption and serialization process, each record can be slow to upload compared to typical data network. Blockchain have many advantages like decentralization, also collaborative consensus. As blockchain collaborate consensus, algorithm means that it can monitor the ledgers for unusual or malicious activity. Also, the strong encryption practice and the digital signature effectively using a public key infrastructure for validating configuration, modifications, authenticating devices, securing communication, and infrastructure of asymmetric cryptographic keys and digital signature is often core to blockchain technology, providing verification of data ownership and data integrity. The immutable records, nobody can modify a recording on blockchain ledgers. If a record contain an error, it can only be rectified by making another transaction or another block in which case post-transaction will be legible. Nobody can interfere with the data or change any data on the system. Also, the Internet of Things protection, with increasing the application in various industry, devices are often targeted by cybercriminals due to their inherent vulnerability. So blockchain provide additional protection for those using IoT devices. Also, preventing DDoS attacks, distributed denial of service attack aims to overload A server with requests, it requires a focal point to target typically an intellectual property address or a small group of IP addresses, however, a blockchain-based domain named system DNS can remove that single focal point, neutralizing the cyber threats. Also the data privacy is very important, while the transparency is a prime benefit of using blockchain. With everyone able to see immutable transactions, the blockchain network will allow only the trusted network to view the participant transactions. This can be achieved with minimal governance. Furthermore, blockchain leaks the traditional targets sought by cybercriminals, making it more challenging for them to achieve unauthorized access by targeting a privacy rule. Blockchain will protect our contracts as smart contract security. The smart contract security are sets of rules stored on the blockchain that trigger transactions when the conditions are met. This automation makes payment more convenient, blockchain remains secure because its components are tested for authentication, data security, access control, and business logic validation. From the advantages of blockchain, it’s just an implementation of any business system through risk assessment and subsequent management processes are required to ensure the data protection and safety of business systems. So it is very important in the risk assessment management. And regulatory-focused, heavily regulated industries aim to protect the public and critical infrastructure with clear guidelines. regarding the information security. And any blockchain implementation should be carried out with close eye on regulatory required. Also in the disaster recovery plan, it’s very important that the minimum security requirements for blockchain participant and organization implementing a blockchain solution require detailed policies on identifying verification and access management. This is a critical area for blockchain applications since it is potential source, prints and contributes to firm vulnerability. So from my point of view, blockchain has no single point of failure. Every chain is immutable, so no participant can break a link to insert a block. It’s almost impossible to tamper with one of these cryptographic chains because an agreed consensus mechanism validate the accuracy of every transaction in the chain. However, blockchain also face some limitation and risks such as scalability, interoperability, regulation, governance and education. So it’s very important to share with you as the doctor tackle this point to be a curriculum in the school. It’s very important just for all of our students and our parents to be aware of this. Thanks for your kind listening, Dr. Ahmed, Dr. Mian.

Moderator:
Thank you, Dr. Hala Adli-Hussain. The clarification about the role of blockchain to cybersecurity, it will play a very important role in this matter. I think it’s very important to concentrate of blockchain and using it to achieve the cybersecurity. Thank you, Dr. Hala. Now it’s time for our journey with Dr. Nabi Abdel-Majid, Digital Safety Curriculum Owner as IP, Intellectual Property. Get the floor, doctor.

Nabeih Abdel-Majid:
Thank you very much. Thank you for giving me this opportunity to speak about this curriculum here in one of the distinguished events. I would like first of all to thank Dr. Ahmed Nour, the creator of Union of Arab, and the Arab Media Union. Thank you very much for giving me this opportunity. Thank you for Dr. Nermeen also, the secretary manager of the creator Union of Arab. Creator Union of Arab. And I would like also to thank the Higher College of Technology United Arab Emirates. Thank you very much for all the support that you give me. Today, actually, we are talking about something really critical for everyone, because everyone has a child, and everyone has need to know what happening with my kids. So are they using the devices in a safe mode or not? So what I did first of all, I studied the culture of more than one country, like in the Middle East, the Saudi Arabia, and also I studied the culture of United Arab Emirates, and we have a lot of, I have been talked about the number that I saw. So let me go through all these numbers, this study, and just to show you why it’s very important to take care about our children, and what they do actually when they’re using the internet. Are they playing? Are they thought that they are out of the target of hackers? And then we’ll talk about the solution that I’m providing, the curriculum where the students can know exactly, can teach themselves, we can cooperate to rehabilitate the students in a way that they can know exactly what’s happening when they’re using the social media. So what motivates me actually, what I saw of rapid development of information technology and the existing of diversity, an easy way for information. You know now everyone can reach to whatever you need within a few seconds. So it’s so easy to be connected to the internet. Although we have, as we hear, we have more than 2.6 billion, they don’t have a connection, but I’m talking about the other part of the world that has a connection, that they have a connection, but actually they don’t know exactly how to use it in a safe mode. Most of the people. And you know, there has been a high amount among the students to use the social network. Everyone cannot live without the internet, without the connection. Okay, and unfortunately, I have to say that all of the communities, they don’t, most of the communities, let me say, they don’t rehabilitate themselves. They don’t teach themselves first before they go to start using the internet. So that motivates me actually to stop here and take care. Let me study what’s happening in the market. Let me study what’s happening in between the childs in the schools. And one of the most stricken results for the unconscious turnout is the many misguided security practices, as I told you. And the recent successes of these hackers in presenting users’ privacy and extortion. So let me tell you exactly, first of all, the study samples, and what numbers I have. and then what the solution. This is what I’m going to show you today. So the samples actually identify the turnaround degree of using social sites. So how many hours everyone is using the internet daily and identify the students’ goals of using these sites. And I’ll tell you what I found, actually, and then identify percentage of those who have been hacked between the students in the schools. And I want to show you what is the relation between the level of the knowledge and how you are secured, actually. Imagine these hours is not included the hours of studying. So when I asked the students how many hours you use the devices daily, most of them said that more than six hours daily. And the hours of studying using the tablet is not included. So if you add just the hours of studying in the school or at home for studying, it’s going to be more than 12 hours a day. And that’s actually stopped me. What’s happening during these 12 hours? Do we know that as parents what’s happening with our kids? Look at these numbers. I will not read all of this, but I need you to stop with me on what’s happening, actually. So more than 79% of male and female students have more than one account of these sites. I don’t know why. I was asking some of the students why you need to do this. They’re just playing. And around 90% of the students say that it is very difficult to stop using these sites. So it is type of addiction. So it is type of they don’t stop. And 15.2% of the students are choosing fake names when they’re using sites. And also fake gender. Say somebody told that I’m a woman and I’m a man. So why, when I was asking them, why you need to do this? They just play. and they don’t know exactly what that might affect them. So more than 23% indicated that the person information is not real, where it can stop me also. And around 35% of the students confirmed that they had established false relationship through all these sites. I know, definitely sure that you had a lot of cases similar to these cases. But actually what was stopped me sometime that more than 15% indicated that they are being subjected to extortion continuously. And I think most of them, you know, in the Middle East, we have a culture that the women have a special, you know, I mean, privacy. Of course, the privacy is a special for every word, but the extortion 15% means that every 100 student, female student there has been extorted. 15 student of them has been extorted. That’s a big number. It’s a big number, really. And I’m sure that many other hide at this because they shy to say this. And also 22.2 of the students reported that they have been exposed to penetration during their use of these sites. And also 34 of their password have been stolen. 15.2 of the students have stolen their files and their own pictures. So where we are, and that actually stopped me. Look at these numbers. I’m sorry to read because it’s a very important. I need to read all of these numbers because it’s really, I need to all to cooperate to stop what happening with our kids. So 58.8 of the students, they expressed their acceptance to any friendship requested through these sites. So they trust everyone. And this is actually something where it make me stopped. 38.9 believe that all information presented through all these sites. Yeah, it’s, it’s, it’s we can believe it. And around 70% of the students believe the social network sites are safe and trustworthy. See, these numbers actually stopped me. Okay, I can, I can tell you a lot of numbers in this studying. Okay, and these slides, I hope it’s going to be shared with the, the, the site of United Nation of the, sorry, IGF United Nation. So what about the parents now? And also the parents stopped me. Do you know what’s happening with your kids? Are the, can, can you work with the social media and devices as your, as your kids? And when I study this, I found a huge bound between both of them. So, and there is a parallel relation between your level of education and what actually, how can you help your kids against any cases of, of extortion? And this table can, can show you that if your level of education high, then your fare will be low and the opposite to try it. And this is how many, if you high, how many case you found with your kids and how many cases so you help them. So it’s, it’s around like 70% of the cases, parents can help their kids if they will educate it, how to use the social media. And, and that’s actually make me decide that to solve the problem that is not only for the kids, you should not target only the kids. Actually, you have to target a different part of the community. The first one is kids. The second one is parents and also the educators, okay, in the schools. So if, if we cooperate all of these parts of the community, then we definitely will help the world to be more secure and the people being sure that how we, we’re going to use this social media. So what we need actually, a curriculum, and this curriculum that I created with the fully support of Arabic Creator and HDTC and also high accuracy of technology. A curriculum which is connected with a platform with videos and interactive screens. So we teach the students step by step how we know that this website is fake or not. How we know that this is somebody opening my account or not. And also we targeting the parents to help them to watch their kids in order to know exactly is somebody trying to attack my kids, to extort my kids or not. So we create this curriculum in three different levels. We’re starting from introduction to information security, going to operating system. Why we have to update operating system. Personal account management skills. I have to increase your skills, okay, to build your skills in a way that you can secure yourself. And social network security skills. And then early intrusion detection. So there’s some signs I have to teach the students. If you saw this, then you ought to be attacked. Take care. And then web browsing skills. And then we move to preventing electronic extortion and then external control. This is all for the first level. Of course, more details we have, and I can share it with you. The second level, we’re talking about file backup. How we know that if I delete something, then it is deleted. And no one can retain it back. It’s type of privacy. And how I have a backup and a lot of details about the privacy and control application activities and hide my moving in the Internet so no one can track me. And the last one is how to control. The last level is how to control your account iCloud or Android or any other cloud. So we start by iCloud. Management skills. Because I do believe that. The systems, the tools, has a lot of features, but actually the people doesn’t know all of these. We know how to use this mobile. We know how to start calling somebody, but how to hide my call, how to hide myself, how to be sure that no one observing me, this is the challenge actually to build the knowledge for the community. So these three levels, actually in order to what? We need a comprehensive program from basic to advanced in order to move up all the community and we need to develop a leader in cybersecurity experts. I’m dreaming in one day that we have a student before you go to the university, you secured enough. I know that no one can say that I’m secure 100%, but what we’re trying to do is to decrease the number of hits. So in a way that’s, it’s not easy for the others, for attacker, okay, for criminals to attack the kids. And let’s combine together, starting from fury to read world application and simulation. So what I’m looking for is not, it’s not only me, it’s not only United, sorry, creator United of Herb. It’s a cooperative for our community and that’s why we choose this event, okay? To announce about or to launch this curriculum in order to help all the community. We are trying to help different community in order to be secure by cooperative with all elements of the community. So let’s talk about SDSC, about this introduction about it. I need, I’m happy to show you how we build this curriculum and how it’s easy for the students, okay? Because it’s not only just education, it’s a career, okay, improvements. And it’s a good opportunity to bridge the global skill application. It’s a call for everyone to be at a front of cybersecurity training. So I do believe that the world has a lot of technologies. The only thing we need is to know how to use this technology. And these resources, it will be shared also, the study of different cultures. We call the curriculum SDSC, Student Digital Safety Certification. And by the way, we have a lot of certificates in the same area, like a school, safety schools, and a lot of curriculum. But actually, why it’s not working, okay. Do we have internet? Do we have a connection? Yeah, okay. So this is the curriculum, the website where you can find the Student Digital Safety Certification. And first of all, before we go through the curriculum, we have to start by survey. And actually, we build a three type of surveys. The first survey is for the parents, and the second one for students, and the third one for the educator themself. I think we have a problem with the speed of the interconnected connectivity. What’s wrong here? If you can help me to connect, sorry. So can we choose this one for example? Unfortunately, we are in a place that we should. Excuse me, there’s a problem in connection. There’s no internet connection here? Oh. Okay. Nevermind.

Moderator:
You can explain it, doctor, at the steps of, uh.

Nabeih Abdel-Majid:
Well, I’m very excited to show you the curriculum and videos and interactive screens. Let them discover it on the site. Let me try it. Yeah. Yes. Yes. I’ll try to do this. Yes. Um. Which one is? This one? Um. Which one is? This one? Yes. We are here to make infrastructure for this all. Okay. Okay. Okay.

Moderator:
We are here to discover and visit our site, doctor.

Nabeih Abdel-Majid:
No, you know, this culture is like my kids, you know. Yes, I know. I need to show everyone what I have.

Moderator:
I know.

Nabeih Abdel-Majid:
I’m trying to connect, yeah. Um. Cannot connect to this one. Dr. Nabi, working in this curriculum for seven years ago. Yes. And we get this chance to launch it to all educational institutions to get benefit from this curriculum. Because it’s very important to save our kids and the role of parents. They know how to use this curriculum to protect their kids without let them losing their self-confidence.

Moderator:
This is a very important point that we concentrate on.

Nabeih Abdel-Majid:
I’m sorry, we thought that the Wi-Fi will get online, so sorry. Who is Dinesh here? Can you help us please? Are you Dinesh? Yeah. Can we use your internet? Sure. Your password? I can’t see your name, but your password is here. Well, this is a good example that you should not use this person’s password. Okay, I got it. Connected? Connected? I think so. Let me see. No. Can you request something? Request? Okay. I think there is a connection. How do you get it first? There is no connection. There is no connection. I’m not going to connect. I’m not going to connect. Dinesh? Dinesh? How can I reconnect? Where is he? Where is he? Where is he now? Are you Dinesh? Yeah. Your password? Your password is in here? Yes. Okay. Your password? Your password is in here. Okay. Connected? Connected. Yes. I can’t get that. Can you read? Can you read? Mm-hmm. Can you read? Should be connected. Can I use the PC? It’s working here now. Sorry for this stop now we will start again okay okay I don’t know where was the problem this is the survey we stopped here that we start by giving a survey for everyone like your parents and students and teachers so if your parents we need to check your level or students or a security level I’m sorry in teacher so if you just click on the in the survey and you need just to fill the information and when you finish the the survey because we have a lot of questions okay it’s a multiple choice question and then you will receive an analyzed email that you this is your strong point and this is your weakest point right in actually you go to LMS LMS is where our curriculum and allow me to get access by sorry sorry okay this is our platform as you see here we can we can have more than one course in different languages we have Arabic and English now so what is your your device is it Android or iOS because you know the Android have a different screens okay and I different than iOS so if you busy or device iOS then click on iOS and then start the different the different curriculum here. This is the first level, as I told you, we start from introduction into the internet-safe browsing. And each one of them has a lot of assignments, like a group of assignment and exams. Okay, so you can see here, it’s a complete school, so assignment and assignment two. I need to show you, because the time is consuming, how one of them is working. So if you go to find who’s spying your device, for example, the video will start telling you introduction about the session, and start recording. Where’s the sound? There’s no sound. So it’s sound telling you, yeah. I don’t know, I don’t think. So this is sound? Yeah, it’s okay, it’s okay. Can I, can I, can I, it’s touch screen, sorry.

Video :
Did you know, dear student, that it is possible for your device to be hacked without you even realizing it, and without any change? Did you know, dear student, that it is possible for your device to be hacked without you even realizing it, and without any change in the performance of the device? Yes, this is real. Let’s consider what this means. Many programs have the ability to breach and sneak into your device, and then start monitoring you without your knowledge. These are called hacking programs. Let’s consider various examples of how hacking software can affect your device, if, of course, you do not take the necessary steps to prevent it.

Nabeih Abdel-Majid:
This is all one of the decisions, and teacher can stop whatever he needs to stop, can retain back and go forward, so it’s easy to use for other students. Allow me to take just two minutes from your time, and then we’ll proceed the different parts of the class.

Video :
Let’s start with the first example. What if these hacking programs remotely controlled your device’s camera? This means that a hacking program that infiltrated your device without your knowledge has managed to activate your device’s camera. Thus, the hacker who runs this program will be able to look at you and monitor you all the time, without your knowledge. The attacker is controlling your device’s camera, and may be able to see who is sitting with you as well. Do you agree with this?

Nabeih Abdel-Majid:
And so on. This is the first part of theoretical, I mean, media, okay?

Video :
And then the next, the next step when you finish, the next step, you start exercises, so it’s interactive screens. By WhatsApp program. Using the following two steps. The student has to click start, okay? Go to the WhatsApp web or desktop option in the WhatsApp settings menu. As shown in the following screen.

Nabeih Abdel-Majid:
So step by step we teach the students what to do in order to implement this idea and that idea.

Video :
Go to the web.whatsapp.com website using your laptop.

Nabeih Abdel-Majid:
Okay, click create, it’s not only video, interactive screen as I told you.

Video :
And scan the QR code as shown in the following screens. Go back to WhatsApp web or desktop and see the result of the test. The screen shown indicates that there is no tracking through WhatsApp.

Nabeih Abdel-Majid:
Okay, student can repeat it as much as he needs. At home also he has username and password and he can get access to the website and teach himself. Okay, and also we have next training in the same session. So we have different sessions and we have sub-sessions inside each one of them. Okay, so for the next you will start exercise number two. I need to go to the third part of the class where we have conclusion. So after the sub-sessions inside the session, then we go to conclusion and then we go to some sort of questions for the students.

Video :
Preserve our privacy by making sure that no one is using our personal accounts. The first way is by using the WhatsApp application. And the second is by opening the Google account through the browser. Make sure you can do them properly. Then move on to the next section. Wishing you all the best.

Nabeih Abdel-Majid:
Okay, student next and then we have like sort of three to four questions for each session. Just to be sure between faculty or teacher and student that you were with me or not. And let’s let’s answer this question and let’s review some of this question together. It’s not exam, it’s just reviewing.

Video :
Please answer the following questions.

Nabeih Abdel-Majid:
Yes, start and then start discuss between teacher and this make a real. interactive, or active, let me see, let me say, sorry, active class in the class, sorry. Yeah, so if you just answer, that will tell you wrong or correct. Okay?

Video :
Wrong.

Nabeih Abdel-Majid:
Let me have one right, please.

Video :
Correct answer.

Nabeih Abdel-Majid:
Okay, and then, and then. Please review this lesson, and try again. Yeah, because your score is, and you can review the quiz also. Discuss between the faculty and the teacher. You have to, the faculty, sorry, teacher and the students, you have to answer this one and why. And actually, allow me to tell you that we just implement this program as a pilot. Okay, a test, because we’re planning to launch here. Okay, in this event, by supporting of Dr. Ahmed Noura and Dr. Nermin. So, we launch it for a different community. Next. So, you say exactly where you fold. Okay. In next. Please review this lesson. If you stop it, you return back to the curriculum. Allow me also to tell you that we have a lot of rubbers, a lot of rubbers. Okay, and different privilege for student, different than manager, different than teacher. In a way that you can observe, you can monitor your kids, your students, where he was, or she was, and where he or she is exactly now. So, the survey, we start by survey, and we end by survey also. And we have a lot of rubbers. You can find it here, site administrator. Okay, and you can go to different and different options. Okay. So, we have rubbers here, and it’s also customizing rubbers. So, we gave you opportunity or an ability to create your own rubbers. I do believe, finally, let me say, I do believe. that if we cooperate, all of us, we can help the community to be secure. And this is our message, actually. We need to cooperate, all of us. It’s not only teacher, it’s not only the one who create this program. It’s an effort has to be taken by all different parts of community. So let’s start from this distinguished place to cooperate, because I have five kids. Everyone have kids, okay? And we need to be secure. So let’s cooperate together in order to reach the level of secure community. This is my message, and this is the message of creator of, creator union of Arab, and also the ACT, where I also supported from, and also HDTC. Thank you for everyone. Thank you for attending my session. And it’s yours. Thank you very much.

Moderator:
Thank you, Dr. Nabi. It’s amazing and outstanding, really, program. But I want to ask just how old are the kids that this curriculum targeted? Well, we targeted from grade five. So it’s here. They can use it starting from grade five? Grade five to grade 11.

Nabeih Abdel-Majid:
Yes. Because we have different levels of the. Okay, I think all persons in room, what the role of parents of the kids in this curriculum? Oh, thank you very much for this question, because the parents is one of the main, the main stone, let me say. Yes. Yeah, we have group of sessions also with the same curriculum. So whenever you participate in this program, okay, your parents has to attend like group of sessions just to show them how you, I don’t say, I don’t want to say observe or monitor. But just take care of your kids how you know exactly what happening with you

Moderator:
They should observe and monitor but without knowing of their kids to be safe because we are in open Environment of digital and there is a lot of risks

Nabeih Abdel-Majid:
Yes. Yes, but what I what I need to say that the students can do whatever they need Yes, sure. Even if you close all the doors, they will definitely find another door But actually the best thing is to think how to be Just just watch them watch them. Take care of them. It’s right to help them against any extortion if it’s happens This is my message.

Moderator:
Yes. Thank you. Dr. Nabiha. I think we have let then five minutes if anyone in the room have a question, please Get the floor in the middle of the room

Hala Adly Hussain:
Dr. Nermin, Dr. Ahmed Thank you doctor for this valuable session because it’s very very valuable for me because I’m targeting the education in our project So if this is approved by the education the Ministry of education in Jordan or still not approved

Nabeih Abdel-Majid:
No, we we are accredited from KHD in Dubai so It is it is it is accredited. Yes That’s why we are looking looking for the recommendation from the IGF here to be implemented in a different places in a different community

Hala Adly Hussain:
It’s just implemented in our in Emirates. Dr. Hanna. Dr. Hanna. We have to hope to share this

Moderator:
Curriculum for all over the world. So we are make this point a start for all the students all schools The goals of this session one of the goals of this session dr. Hanna to share this curriculum or with a large number of educational

Hala Adly Hussain:
I think you have to put it in the Arab League. Oh, yeah. Sure. Sure meeting the next meeting. Yes, sure

Moderator:
We are already Talking about this point with the Arab leg you Thank you for this intervention, Dr. Hala. It will be very useful, so thank you, thank you, doctor. Thank you, Dr. Hala. Thank you very much, thank you. Anyone have a question? Okay, I think no one have any question. Yes, please.

Audience:
Thank you for this opportunity. My name is Rohit Prasad, I am from Nepal. And right now I am a student, master degree. So my question is like, what are the ethical concentration in cyber security, especially regarding hacking and privacy? Thank you.

Nabeih Abdel-Majid:
Yeah, thank you very much. I think most of the session is about how to stop hacking the privacy. In the, how to know exactly if somebody attack my PC by watching my cam, my mic, and also how if I delete some of the files, being sure that no one retain it back and take my privacy. This is another session. If somebody attack my iCloud, for example, how would I know? And then how I stop them? Okay, this is another session we have in this curriculum. And also, where exactly you can control the specification of a lot of options in iCloud and Android. Okay, and then let’s teach the students also a lot of sessions in the curriculum, how to control, what is this and what is that, and how would I use this one and that one and control my privacy using my account? Yes, a lot and a lot of, basically, this curriculum build on this. Yes, thank you for your question.

Moderator:
Thank you very much for your question. Thank you, I think we are here because this is a revolution of all kind of technology. And we have a long-term works to achieve what you say. And I hope that we will be able to have a discussion about the cyber security in all categories of usage and users of Internet and the environmental world. So thank you very much for all attendees online and in person. And I hope thank you, Dr. Nabih, for this outstanding presentation. Thank you, Dr. Ahmad Noor, for your expertise for this initiative. Thank you, Dr. Hala, for joining us in your presentation. And thank you to all of you for your participation in this initiative. I hope that this initiative will be implemented by the largest number of educational institutions to protect our children and draw a new map for the safe use of the Internet. Thank you for you all. See you next IGF in Riyadh. Thank you. Thank you, Dr. Ahmad. Thank you, Dr. Nabih. Thank you, Dr. Hala. Thank you, Dr. Hala. Thank you, Dr. Hala.

Udbhav Tiwari

Mozilla Corporation, owned by Mozilla Foundation, is a unique organization in the technology sector. It operates without the typical incentives for profit maximization and prioritizes user welfare and the public interest. While initially having a strong policy against data collection, Mozilla had to make changes due to limitations in product development. They have since explored privacy-preserving ways of collecting information, separating the “who” from the “what” to protect user privacy.

Privacy-preserving technologies have become increasingly feasible with the proliferation of internet availability, bandwidth, and computational power. Privacy has emerged as a key differentiating factor for products, leading to increased investment in privacy-focused solutions.

Mozilla has taken a critical stance on Google’s Chrome Privacy Sandbox set of technologies, acknowledging improvements but asserting the need for technical validation. They are also exploring the use of Privacy-Preserving Technologies (PETs) like Decentralized Ad Delivery (DAP) and Oblivious HTTP (OHTP) for telemetry information collection.

While recognizing the value of advertising to support internet publishers, Mozilla deems the current state of the advertising ecosystem unsustainable. They have introduced features like Firefox’s “Total Cookie Protection” to enhance user privacy while still allowing essential functionality.

Mozilla has raised concerns about Google’s Privacy Sandbox standards potentially becoming the de facto norms, with the potential to impact privacy and competition. They advocate for responsible implementation of PETs to strike a balance between privacy and data collection.

Human involvement in data collection decisions is crucial to consider the risks to user privacy. Mozilla emphasizes the importance of accountability and responsible practices.

In summary, Mozilla Corporation distinguishes itself in the technology sector with its focus on user welfare and the public interest. They actively explore privacy-preserving technologies, criticize Google’s Privacy Sandbox, and advocate for responsible data collection practices. Through their efforts, Mozilla aims to foster a more privacy-protective and user-centered tech industry.

Wojciech Wiewiórowski

The European Data Protection Supervisor (EDPS) plays an essential role in safeguarding privacy within the European Union (EU). Their key priority is the effective implementation of privacy laws through the use of tools. The EDPS serves as a supervisor for EU institutions and offers advice during the legislative process, ensuring that privacy concerns are integrated into decision-making. Their ultimate goal is to promote a safer digital future by advocating for the use of IT architects and a comprehensive privacy engineering approach.

In line with the EDPS’s efforts, Wojciech Wiewiórowski, a prominent figure in the field, acknowledges and supports the work of non-governmental organizations (NGOs) in enforcing privacy policies. He recognizes the vital role that NGOs play and suggests that their work should have been undertaken by data protection commissions much earlier. This recognition highlights the importance of collaboration between regulatory bodies and NGOs in effectively safeguarding individuals’ privacy rights.

Furthermore, Eurostat, the statistical office of the European Union, has developed privacy-preserving tools such as trusted execution environments and trusted smart surveys. These innovative tools aim to ensure privacy while conducting official statistics. The United Nations has included these tools in their guide on privacy enhancing technologies for official statistics, further validating their importance and effectiveness in maintaining data privacy.

Overall, the European Data Protection Supervisor, Wojciech Wiewiórowski, and Eurostat are actively working to uphold privacy rights and create a safer digital environment. Their focus on utilizing tools and collaborating with NGOs demonstrates their commitment to establishing a robust framework for data protection. Embracing these initiatives provides individuals with greater confidence in the privacy of their personal information.

Clara Clark Nevola

Privacy enhancing technologies (PETs) are becoming increasingly important in today’s digital era as they enable data sharing while protecting privacy. The Information Commissioner’s Office (ICO) in the UK has recognised the significance of PETs and has released guidelines that outline how these technologies can support data minimisation, security, and protection.

The ICO’s guidelines highlight the role that PETs play in achieving data minimisation, which refers to the practice of only collecting and retaining the minimum amount of personal data necessary for a specific purpose. By implementing PETs, organisations can ensure that they are processing and sharing data only to the extent required, thereby reducing the risk of potential breaches or misuse.

Furthermore, PETs contribute to data security, addressing concerns about the potential vulnerability of shared data. Different types of PETs, such as homomorphic encryption, secure multi-party computation, and zero-knowledge proofs, offer various solutions for securing data in different sharing scenarios. Homomorphic encryption allows computations to be done on encrypted data without having to decrypt it, while secure multi-party computation enables multiple parties to perform a computation on their data without revealing any sensitive information. Zero-knowledge proofs allow the verification of a claim without revealing the supporting data. These technologies can help protect data integrity while allowing for collaboration and data sharing.

Anonymisation or de-identification is another key aspect of PETs. By applying these techniques, organisations can remove or alter personal identifiers, making it more difficult to link shared data to specific individuals. This helps to protect privacy while still allowing for data analysis and research.

Despite the clear benefits of PETs, challenges remain. Technical standards for PETs need to be developed to ensure interoperability and ease of implementation. Additionally, the costs associated with implementing PETs can be high, posing a barrier to adoption for some organisations. Awareness and understanding of PETs also need to be improved, particularly among lower-tech organisations that could greatly benefit from them.

Data sharing itself poses challenges beyond legal considerations. Organisational and business barriers, such as concerns about reputation and commercial interests, can hinder data sharing efforts. Stakeholders often express reluctance to share their data due to uncertainties about how it will be used or what the outcomes may be.

To overcome these challenges, the ICO advocates for partnerships and collaborations between PET developers, academics, and traditional organisations like local governments and health bodies. By bringing together experts from different fields, these partnerships can elevate awareness and understanding of PETs and facilitate their adoption by traditional organisations.

In conclusion, privacy enhancing technologies are crucial tools for enabling data sharing and protecting privacy in the digital era. The ICO’s guidelines demonstrate how PETs can support data minimisation, security, and protection. While challenges exist in terms of technical standards, costs, and awareness, partnerships between PET developers and traditional organisations can help overcome these obstacles. By promoting the adoption of PETs, organisations can achieve a balance between data sharing and privacy protection, fostering innovation and collaboration while safeguarding individuals’ personal information.

Suchakra Sharma

The speakers in the discussion present different perspectives on privacy in software development. One speaker argues in favour of considering Privacy Enhancement Technologies (PETs) from the software perspective. This involves examining how software handles data, as it can provide insights into developers’ intentions and identify potential privacy violations. The speaker highlights the importance of evaluating the software in order to predict and prevent privacy breaches. As a solution, Privado is developing a tool that can assess how software handles data.

On the other hand, another speaker focuses on the significance of technically verifiable Privacy Impact Assessments (PIAs) in ensuring proactive privacy. They note that during software development, the necessary information for PIAs is already available. By incorporating PIAs into the development process, privacy regulations can be adhered to right from the design phase to deployment. To facilitate this, a tool has been built to perform verifiable PIAs, identifying potential privacy violations in advance. This approach is seen as a guarantee for proactive privacy.

The third speaker explores the possibility of certifying software for privacy compliance. They highlight the importance of evaluating the data processing and handling intentions of software. By doing so, privacy compliance checks can be conducted before the software is deployed. They suggest that regulatory laws such as GDPR and CCPA can be translated into fine-grained checks and tests for compliance. This certification process is considered a potential solution to ensure privacy in software development.

In conclusion, the speakers all emphasize the need to evaluate how software handles data and ensure compliance with privacy regulations throughout the entire software development lifecycle. By considering PETs, performing verifiable PIAs, and certifying software for privacy compliance, proactive measures can be taken to protect privacy. These perspectives highlight the increasing importance of addressing privacy concerns in the software development process.

Maximilian Schrems

NOIP, an organisation, has developed a system that automates the generation and management of complaints about General Data Protection Regulation (GDPR) compliance. This system has proven to be effective in achieving a 42% compliance rate by proactively sending guidelines to companies.

The system operates by performing an auto-scan of websites to identify potential GDPR violations, which is then followed by manual verification. Once a violation is detected, the system auto-generates a complaint, which is then transferred to the violating company for action. Additionally, a platform is used for companies to provide feedback and declare their compliance.

Interestingly, the system has observed a domino effect, wherein even companies that were not directly intervened with have shown improved compliance. This suggests that the awareness and actions taken by some companies have influenced others in the industry to improve their GDPR compliance as well.

Data protection authorities recognise the potential for efficiency that new technologies can bring, but they also express concerns and high levels of interest. They acknowledge that utilising new technologies, such as the automated GDPR compliance system, can increase efficiency by eliminating trivial tasks and increasing the quality of work through the use of well-proven templates.

However, implementing new technology poses certain challenges. The adoption of new technology requires technical infrastructures, such as programmers, to support its implementation. Additionally, a culture shift is necessary for organisations to focus on specific tasks related to the new technology and adapt to the changes it brings.

In conclusion, NOIP’s automated system for GDPR compliance has achieved a significant compliance rate and has demonstrated the potential for technology to enforce and improve GDPR compliance in a more efficient manner. While there are challenges associated with implementing new technology, the benefits of increased efficiency and quality are substantial. It is noteworthy that the system has also influenced compliance improvement among companies that were not directly addressed, highlighting its positive impact on the industry as a whole.

Nicole Stephensen

The analysis explores different perspectives on privacy-enhancing technology and data protection. One argument presented is that privacy-enhancing technology should not replace good decision-making. It is emphasised that governments and organizations have a positive duty to ensure that their information practices accord with relevant privacy and data protection laws and community expectations. This suggests that while privacy-enhancing technology can be beneficial, it should not be solely relied upon to make ethical and responsible decisions regarding data privacy.

Another argument highlighted is the struggle faced by organizations in identifying and mitigating risks, particularly when dealing with large volumes of data or complex vendor relationships. Data leakage is mentioned as a common occurrence that often happens without the organization’s awareness, and it qualifies as a personal data breach. This indicates that organizations may face challenges in effectively managing and protecting data, especially in situations involving extensive data sets or intricate vendor arrangements.

However, the analysis also acknowledges the utility of privacy-enhancing technologies in controlling data leakage. Specifically, the example of Q-Privacy is provided as a tool that allows organizations to audit for data leakage and enforce rules about data usage. This suggests that privacy-enhancing technologies, particularly those focused on data accountability, can play a valuable role in preventing and controlling data leakage incidents.

Furthermore, the importance of prioritizing purpose specification and collection minimization in data protection practices is highlighted. The argument put forward states that these are the building blocks for a culture that limits the use and disclosure of personal data as much as possible. This implies that organizations should be cautious in collecting only necessary data and clearly defining the purposes for which it will be used. By doing so, they can actively contribute to a privacy-conscious environment.

Lastly, the analysis identifies several barriers to the implementation of privacy-enhancing technologies. These include the privacy maturity of the technology suppliers, their geographical location, and the budget of the organization. Additionally, it is noted that decision makers in the privacy domain tend to be more in the legal space and have a less technical focus, which could also be a barrier for adoption. This suggests that a multifaceted approach is necessary to address these barriers and promote the effective adoption and integration of privacy-enhancing technologies.

In conclusion, the analysis provides an overview of various perspectives on privacy-enhancing technology and data protection. It emphasizes the importance of good decision-making, compliance with privacy laws and community expectations, risk identification and mitigation, data accountability tools, purpose specification, and collection minimization in ensuring effective data protection practices. Moreover, the analysis sheds light on the challenges and barriers associated with the implementation of privacy-enhancing technologies, highlighting the need for a comprehensive approach to overcome these obstacles.

Christian Reimsbach Kounatze

In the realm of technology and privacy, it has been established that these two areas can provide scalable solutions to effectively address problems. Maximilian Schrems, a prominent figure in this field, emphasizes the advantages of implementing efficient systems that can eliminate trivial work and enhance the overall quality of work. By using proven templates and carefully selecting cases to work on, these systems greatly improve efficiency and productivity.

Privacy tools, in particular, are seen as indispensable in supporting the work of agencies involved in data protection. These tools enable agencies to effectively navigate the complex landscape of privacy management. However, barriers hinder the widespread adoption of privacy-enhancing technologies. Factors such as low budgets, a lack of technical focus in decision-making teams, and the prioritization of larger organizations impede the adoption and implementation of these technologies. Addressing these issues is crucial to fully benefitting from the advantages offered by privacy-enhancing technologies.

Automation is widely regarded as a crucial component in privacy management. It allows for scaling efforts and addressing the challenges posed by the ever-increasing scale of privacy concerns. However, human involvement should not be replaced entirely. Speakers agree that a balance must be struck between automation and human decision-making. While automation can streamline processes, human oversight and decision-making play an integral role in ensuring ethical and responsible practices. Striking this balance is key to realizing the full potential of automation in privacy management.

In conclusion, the speakers at the event highlighted the significant role that technology, privacy tools, and human involvement play in addressing problems and supporting the work of agencies in the realm of privacy and data protection. Scalable solutions, efficient systems, and the adoption of privacy-enhancing technologies are essential in tackling the challenges at hand. While automation is critical, it should not replace the human touch. By acknowledging these factors and working towards effective implementation, privacy can be ensured in an increasingly digital world.

Christian Reimsbach Kounatze :
Okay, I would say our speaker has arrived, so we can actually start the session. So welcome everyone to this session, IGF session, on emerging privacy-enhancing technologies, but also a little bit more. So maybe as a short introduction, my name is Christian Reimsburg. I’m a member of the OECD Secretariat in charge of privacy and data governance. And today we have a good, interesting set of different speakers that will talk to us about the role, essentially the role of technologies for enhancing privacy and data governance with trust. We will not only talk about classic privacy-enhancing technologies such as, let’s pick one, homomorphic encryption, or federated learning, which has been discussed in the past a lot. But we actually will have a broader discussion about what is the role of digital technologies for not only being, for going beyond to be the problem when it comes to privacy, but also to become a solution or to be used as a solution, and what are the challenges related to that. So we have different speakers that will make an intervention. We will start, indeed, with the role of privacy-enhancing technologies, but then we will move to broader discussions. And without further ado, I would like to invite our very first speaker from the UK’s Data Protection Authority to make her intervention. And maybe I would let each of you briefly introduce yourself, because maybe that’s a little bit quicker instead of going through each of you individually. I would say let’s start with the very first presentation and Clara the floor is yours But maybe very briefly if I may say so so the idea in terms of the run-up show is to have a series of interventions by our speakers They have roughly seven minutes and after that we will have a first Set of questions and discussions and we will then open the floor roughly 30 minutes before the end open the floor to the audience And we may have also a second round after that So be prepared and Clara the floor is is yours if you may introduce yourself very briefly Also talk a little bit about the ICO if you want and then go ahead with with a subject matter. Thank you Thank you. And can I just check other slides showing while on your side? It’s showing pretty well. Yes. Okay, great

Clara Clark Nevola:
So, my name is Clara Clark Nevella and I’m joining you from the UK this morning. Well my morning I guess your afternoon and and thanks very much for having me and I’m sorry. I can’t be there in person so My bit will be to talk about the privacy enhancing technologies aspect and in doing so I’ll also kind of introduce my role and maybe the role of the information commissioner and So the way that and the ICO regard privacy enhancing technologies is basically as a tool to enable data sharing If you’re not familiar with the information commissioners office where the UK’s independent data protection authority We regulate data protection and wider information rights and where as other data protection authorities we are Independent of government but publicly funded and We produce guidance. We take enforcement action. We provide advice and support for organizations members of the public and and we also engage with governments and other stakeholders on Advancing policy positions in this area. So within this within a technology policy team. And our role is to anticipate and understand and shape how emerging technologies and innovation impact people in society. And that’s very much how I’ve approached privacy enhancing technologies. So maybe the first question would be, well, what are privacy enhancing technologies? But actually I’m not going to start from there because I think, although it’s interesting to understand how they work and what they do, it’s, I think, more interesting to approach what does a privacy enhancing technology actually do? So this is quite a vague term, it covers multiple disparate techniques and I see it more as a sort of toolbox that each one of toolbox can do a different thing. And instead of explaining, you know, what is a hammer? It’s more interesting to see, well, what can a hammer do for you? So if you have some furniture that you need to assemble, how can you put this furniture together? So not so much like how do you make a screwdriver or the technical components of a screwdriver, but the screwdriver allows you to screw in two pieces together. And with that optic is how I’d invite you to approach privacy enhancing technologies. So instead of focusing straight away on the tools, I’ll start with explaining what the problem is. So what is this furniture that we’re trying to assemble? And broadly, the furniture we’re trying to assemble, the problem statement that we have is that data sharing is difficult. There’s lots of different scenarios in which data sharing has challenges. And these challenges are sometimes data protection law, but in many cases, they’re much broader. So they will be reputational, commercial, organizational barriers. So typical scenarios of data sharing involve two or more organizations who are trying to share data between each other. So for example, a hospital and the local government might want to. to share data to see what the overlap of patients or social services is. And we have a scenario, another very common scenario is publication of data. So this is no longer reciprocal sharing, but outputting of data to an audience or to the public at large. Then we have sort of putting multiple databases into one. So one organization ingests data from multiple sources. So you might think of a local government wanting to make road layout improvements and they need to take in data from the police and maybe from hospital, maybe citizen feedback, site campaign data, and they need to bring it all together. And another typical scenario is just the need to keep that secure. So for example, if a government uses an external provider to host data, they may need to be sure that it’s particularly secure. So these are the sort of problem statements we have with various tasks to be done. And now I’ll move on to explain what tools might be the best to use for this. And this is kind of where the privacy-enhancing technology bit fits in. So what are they, what do we do? So in the first scenario where you need to share data between multiple parties, I’ve clumped together the types of privacy-enhancing technologies that would be useful in that scenario. So I won’t dwell on them in detail. Given the time constraint, I’m happy to go back to them later if anyone has questions, but I’ll just give a brief overview. And homomorphic encryption, the kind of underlying concept is that it allows computations to be performed on encrypted data without the data first being decrypted, which keeps the data much more secure and minimizes the access that you can have to it. Secure multi-party computation is a relatively similar protocol, but more suitable for large groups. And zero-knowledge groups are a bit different. They refer to a protocol where one person needs to prove something to somebody else. we could say typically whether you’re above a certain age, so you’re eligible to do a certain activity, drive a car, purchase alcohol. And instead of revealing the underlying data, so maybe data birth, you can just prove that you’re over whatever the threshold is. So it minimizes data that’s shared. For publication and ingestion, two techniques are both applicable. So differential privacy is a way to prevent information about specific individuals being revealed or inferences about them being made. So it adds noise, adds records and measures how much information about a certain person is revealed. Well, synthetic data is essentially artificial data, which replicates the patterns or statistical properties of the real data. So you would have a real data set generate a synthetic data set that maintains its same properties, but is not the real underlying data. So either anonymizes or significantly de-identifies the data depending on which route you go down. And then finally, trusted execution, not finally, but I’ll say federated learning first. Federated learning is very useful for ingesting data from multiple sources. So typically you would need to move all the data across to a central hub. So imagine you are developing a tool for medical imaging. You need to collect all the medical images from a whole group of hospitals to have a large enough data set to train the model that you’re then going to use to detect these images. With federated learning, you avoid the need to move the data across and you instead train a model locally and then bring together centrally the improvements in that model. So it really reduces the need to share data. And then finally, trusted execution environments are essentially a security application that sort of makes… hardware and software that allows data to be isolated within a system. So that’s a whistle-stop tool. And I’ll move on to talk a little bit about our involvement in this area as the ICO. So this year, in June this year, we published Guidance on Privacy Enhancing Technologies. So if you’d like to know more detail about anything that I’ve talked about, I would highly recommend you read the guidance. And we focused on the link between these technologies and the benefits they bring to data protection law. So how privacy enhancing technologies can support data minimization, data security, and data protection by design and by default. And we’ve provided explanations for all the technologies, people who are not familiar with them, and also that mapping between the use of the tool and the compliance with the law to help both decision makers in organizations and developers technologies. And that’s a flavor of what the guidance contains. This kind of one-to-one mapping with, OK, you’re using a tool. How should you use a tool and how will it help? And we’ve also provided examples of scenarios in which pets could be appropriate. And I’m sure we’ll come back to talking a bit more about the risks and benefits. But I think it’s important to note that privacy enhancing technologies really, really help with data sharing and data reuse. But they’re still a relatively emerging field. And there’s some very, there’s some great examples of them being used already in practice. So they’re not an academic concept, but they’re still relatively new. So this issue still with maturity and expertise. I’m just, I can see Christian’s looking at me. So I’m going to finish up, which is that there’s still a few challenges to solve. mentioned. So, you know, they’re a great screwdriver but they’re maybe not yet an electric screwdriver and there’s still issues to understand how we can match up well the users of privacy enhancing technologies with the developers. So, how do you bring the expertise to the people who need them and how can technical standards develop in this area and how can costs be brought down. So, that’s my introduction to privacy enhancing technologies and I’ll hand back to Christian.

Christian Reimsbach Kounatze :
Thank you very much, Clara. And maybe before we move on to the next presenter, I just want to provide a little bit of context why we started with Clara’s presentation because I realized that I missed maybe to clarify that point. And the reason is because privacy enhancing technologies have been traditionally been looked at as the, this has been essentially the first kind of approaches and tools if you want. When you ask, if you ask people think about the role of digital technologies and how we can protect privacy, people would traditionally or typically point to privacy enhancing technologies. And as Clara’s presentation has highlighted, this has evolved definitely. So, there are now new types of privacy enhancing technologies that she addressed. And maybe one, if I may, Clara, ask you one question because it actually also opens up a little bit for latest discussion. Why has the ICO decided to look into this and to publish the guidance? If you could elaborate that a little bit before we then move to our next

Clara Clark Nevola:
presenter who is sitting next to me. Of course. So, we’ve long been advocates for kind of responsible data sharing and it’s something that stakeholders frequently tell us that data sharing is really hard, that even no matter how much we say data protection is not a barrier to data sharing, there are always challenges. And a lot of the challenges we’re seeing were not so much legal. but they were more organizational and business wise in the sense of you would have a data set and you would not want to share it because you don’t know what’s going to happen to it afterwards which is a legitimate concern and with privacy enhancing technology you can massively reduce that risk so I was talking about homomorphic encryption if you hand over a data set to a third party you don’t know what they’re going to do with that you know you have a contract to say how they can use it but you don’t have ultimate visibility over it while if you implement homomorphic encryption there’s a technical limit to the queries that you can put in so you have a guarantee that the data is only being queried for a pre-approved set of things so we thought it’s exciting and useful to develop data sharing yeah thank you I think now it’s a good time to move to our next speaker I will also ask you to introduce yourself but maybe as a as a kind of a

Christian Reimsbach Kounatze :
context why you are next essentially we thought that everybody probably knows the Mozilla Foundation and they are obviously also user using privacy enhancing technologies and we will hear about that so essentially it is a good illustration about not only the potential of privacy enhancing technologies but also an example where every one of us is potentially interacting with this kind of technology so again I will please introduce yourself maybe you want to talk about the

Udbhav Tiwari:
Mozilla Foundation eventually and yes thank you so hi I’m Udbhav Tiwari I work with the Mozilla’s public policy team where I’m the head of global product policy my job is to work with internal technical experts and external regulators and lawmakers to help them understand the consequences of regulation as well as ways in which that regulation could be improved to further Mozilla’s mission and Mozilla is a unique organization because we’re of course known most for our browser but we’re actually a corporation that’s owned by a foundation so the Mozilla Corporation has a single share that’s owned by the Mozilla Foundation and that means that most of the typical incentives that apply in the technology sector don’t necessarily apply to us shareholder pressure the driver or pressure for profits and which at some level we believe are responsible for some of the more egregious practices when it comes to data collection in the space. And the reason that context, I think, is particularly important for this session is Mozilla as an organization, when we started the Firefox browser now almost 25 years ago, for the first maybe 10 to 15 years, had a very strong policy of simply not collecting any data at all. And usually, when organizations say that, they’re actually talking about user data. So for example, even today, Mozilla’s browsing history is end-to-end encrypted, which means that if you have history, say, on your desktop and you’re accessing it on your phone, the only two places where that history exists in an unencrypted format are those two devices. Mozilla does not have access to that. But 15 years ago, we didn’t even collect any telemetry. And obviously, both it came from our very strong privacy credentials and the idea that we would not collect any data at all, even if it’s not directly about our users or their practices. But ultimately, we realized, as we became a more popular browser, that for a product that people used to access hundreds of millions, in fact, billions of websites around the internet, not having access to any telemetry would mean that we would never be able to make a product that would actually serve our users. Because that telemetry was used to detect which websites were breaking and which websites were throwing compatibility errors so that we could then go investigate those websites and speak directly to developers in a manner that we could resolve that and make changes in our products to help make sure that they don’t happen again. And that’s the period when we started exposing privacy-preserving ways of collecting this information, which within Mozilla essentially means separating the who from the what. And that separation for us has been quite a long journey. And that journey specifically, I think, over the last three to four years has crystallized around maybe three issues. And I think those are the three kind of maybe samples that I will be talking about to both explore Mozilla’s thinking, but also to react to developments that are taking place in the external world. The first is there’s definitely been a recognition that the proliferation of internet availability, bandwidth, and connectivity, along with computational power, has enabled certain kinds of privacy-preserving technologies today that were not available or not as feasible a few years ago. The second is that privacy post-2014 has definitely, both because of laws like the GDPR, but also because of reputational concerns, actively started to become a differentiator between products. And people are choosing products because of privacy. So the net investment that is coming into the space in these technologies has increased. And finally, and this is both related to Mozilla, but something that we don’t do ourselves, is the developments that are taking place in the advertising ecosystem. Specifically, Google’s Chrome Privacy Sandbox set of technologies, which have garnered a lot of attention over the last couple of years, for attempting to do all of the parts of the advertising ecosystem, targeting, attribution, remarketing, in a more privacy-preserving manner. And Mozilla has arguably been one of the biggest and most vocal critics of some of these technologies. Because we think, while they are better than the current practices that are enabled by the third party ecosystem, the technical validation of many of the claims that they make still requires some work. And those are the three things that I’m actually going to talk about. On the first piece, which is Mozilla’s own practices, there are, I would say, two standards that people at Mozilla have been integrally involved in, that are now almost done at the IETF. One of them is actually done. One of them is oblivious HTTP.

Christian Reimsbach Kounatze :
And the other is DAP, which is the Distributed Aggregation Protocol. Both of these standards essentially

Udbhav Tiwari:
work by, firstly, sending data in a manner where there is an intermediary or a proxy in between that separates where the data is coming from from what the actual substance of that data is. For the individuals in the room and on the session, if you use Apple’s private relay service, which is available on iOS, it works in a very similar manner in order to set it so that even Apple does not know either your DNS lookups or your browsing history, because it’s first sent to a proxy, where the proxy strips the information about where it’s coming from. And then it’s sent to the destination. ultimately. Mozilla is actively exploring ways in which we could use these technologies in order to collect telemetry information. And we expect to make some announcements on this regard in the coming weeks and months. There’s been a lot of progress. But one of the things that has actually held us back, I would say, is that the number of players in the ecosystem that are willing to engage with these technologies is still actually quite limited, both from the demand side, which is how many players actually want to collect technologies with these privacy-preserving manners and in this manner. And as you can imagine, the more suppliers they are, the more customers they are, the more competition is, the cheaper they will be, has definitely not happened yet, despite the fact that in comparison to some of the more complicated and possibly more promising technologies like homomorphic encryption, these are much, much cheaper. And it’s not actually technology that is holding the deployment of DAP or the deployment of oblivious HTTP back. It’s the fact that there are actually very few service providers that provide the infrastructure to be able to utilize these technologies, which are, relatively speaking, much easier to implement than differential privacy or homomorphic encryption. On the second point, which is Mozilla’s own thinking with regard to the developments in this space, I would say that when it comes to the evolution around targeted advertising that’s taken place, it’s almost certain now that the only browser in the market that still collects or has not disabled third-party cookies yet by default is Google Chrome. And the pressure that Google has been subject to by privacy advocates, by regulators on this has been quite high. So what Google has done is now proposed a set of technologies called the Privacy Sandbox Technologies that attempt to do what the current advertising ecosystem does in a more privacy-preserving manner. What Mozilla has said on this more broadly is that we support the idea. We support the concept of why the idea exists, because Mozilla, for example, does not block ads by default in Mozilla Firefox. We do believe that advertising is a valid way to support. publishers on the internet. However, we do think that the current state of the advertising ecosystem is absolutely unsustainable. And that’s the reason we block trackers, that’s the reason we block fingerprinters, and all of the underlying infrastructure that may enable the advertising ecosystem, including third-party cookies, are actively harmful to user privacy and security. And we’ve done a lot of technical work in the last couple of years in order to implement that. The biggest one there is TCP, or Total Cookie Protection, which actually creates jars of information in which people can, when websites, when you visit a website, say the newyorktimes.com, and there’s a button on the newyorktimes.com that lets you like a Facebook, like it on Facebook or share it on Facebook, Facebook actually gets the ability to drop a cookie onto your computer that will then also note the fact that you’ve been to newyorktimes.com, you’ve been to instagram.com, you’ve been to washingtonpost.com, which may also have that button. And what Firefox does is it creates jars where each time a website is accessed, there’s a separate jar in which the cookie for that website and many other identifiers are dropped, and these jars cannot talk to each other. So that’s a way of limiting the harm of the ecosystem by still giving users the ability to gain from the benefits of third-party cookies, because we also use heuristics in order to determine is this an advertising third-party cookie or is it a third-party cookie that’s actually enabling single sign-on, which is essentially when you click on sign in with Google or sign in with Apple on different websites as well. And as we develop these technologies, the one thing that we realize is firstly, it’s actually possible to give users a good balanced experience between those two things, which is not having tracking, but still allowing them to support publishers if they choose to do so, and giving them the option to say, go to the Mozilla add-on store and download an ad blocker if that’s what they want to do. So we think that that choice has been very valuable. And finally, because I know I’m at time as well, is on the Google Privacy Sandbox piece, what we have said is that right now, there’s a very serious. risk that the standards and technologies under Google Privacy Sandbox will become the de facto way in which large parts of these activities are carried out on the internet and we think that that’s both a privacy concern but also more importantly a competition concern because it’s that interplay between privacy and competition where traditional advertisers who are not Google don’t like those technologies because they say that that will mean Google’s own technology and first-party motive data will become more valuable and people like us and privacy advocates don’t like those technologies because they don’t go far enough right so it’s definitely a scenario where everyone is like quite unhappy with the state of play but what Mozilla thinks is that if these standards are going to be deployed and they are Google has announced that they will stop third-party cookies by the end of next year we think that they should happen at standards bodies because there is a process in standards bodies like the W3C and like the IETF that vets and validates these standards for both their technical capabilities as well as for their potential for interoperability with other ecosystems in a world where more than 60% of the individuals who use the internet are running on a variant of Chrome which is the chromium browser engine these technologies have a very strong ability to shape what the future of the internet and advertising and tracking may look like and while they are privacy enhancing technologies if privacy enhancing technologies like them are adopted at the scale at which they will be adopted they need a lot more scrutiny than they have received so far and which is why we’ve advocated a lot with the Competition and Markets Authority in the UK and we’ve also had engaged with many other regulators around the world both privacy and competition advocating for why processes need to be better than some of them have included conversations with Google as well so with that I’ll end and happy to answer any questions. Thank you, thank you very much, I think you raised quite a

Christian Reimsbach Kounatze :
number of points that will that we will definitely need to come back to during our discussion and one of the points if I may because it actually also opens up a little bit with the door for the next intervention to some extent. But let’s say more broadly for all of us, it’s a question about the difficulties related to the validating the technical claims, and what is actually that means for the selection and also for policy makers and the regulators that are trying to promote the adoption of privacy enhancing technologies, but also the issue of interoperability. I think this is maybe a topic that I also would like us to discuss about. But what I also find interesting was that you were talking about the current state of the ecosystem, of the advertisement ecosystem, and highlighting that there are obviously some challenges. And I think our next speakers, starting with Max and then Stefan, will address exactly that state. But what is more interesting, and this is really why I look also forward to date presentation is because they are essentially talking now about a different role of the technologies for supporting privacy, which is the enforcement side. So because interestingly, you talked about that a lot of those technologies have played, gained a higher adoption because or thanks to the GDPR. So we have a legal regime in place, but apparently we will hear what is happening with cookies and how they’re being used. And so without further ado, I will give you the floor, Max. And I understand you will co-present with Stefan. So I’ll let you manage that between the two of you. The floor is yours. And if you may introduce yourself and what your NGO does. Thanks a lot.

Maximilian Schrems:
Thanks for the invitation and early morning from Vienna. Stefan is on the second one for practicality reasons. I’m just gonna do the presentation myself. Stefan is the developer that actually works on a lot of these things. So if to get it maybe also out of the policy only discussion and maybe some hands-on discussion, that is especially what Stefan would be here for. So I’m just going to run through our presentation, trying to be as quick as possible. So fundamentally, we at NOIP do different enforcement projects. We have deep dives if there’s really a big legal issue, but we also see that there’s just mass violations. So violations where the GDPR is just violated, just like I usually compare it to speeding, where it’s not a big complicated legal case. It’s not a big overly dramatic situation, but we just see mass violations where people just basically do that and violate the law in masses. Typically in the privacy or in the even digital community, we’re still working on most of that in a rather analog way. Typically when lawyers work on digital issues, it gets as digital as word usually, and that’s about it. So the idea was if we have these hundreds and hundreds of violations, we have to speed up, especially we’re a small organization with being based mainly on donations. So you have to be efficient in what you’re doing as well, which is a similar issue for governments as well, I guess. What we thought about on how to approach all of that is a bit like a speeding camera. I can tell you from an Austrian perspective, if you speed in Austria, typically your license plate is automatically read by the speeding camera. The speed is absolutely automatically calculated and it’s automatically transferred into a ticket that you would get mailed to you and you basically get a code to pay to find. There is no human intervention in any of these legal procedures anymore. They’re fully automated, and that’s basically for these standard violations, what we do in other areas of the law as well, because it’s just inefficient to have people for that. Now, we thought to kind of take that thinking and apply it to especially web technologies right now in future plans that could also be used for mobile technologies, for example. And the idea was basically to come up with a multi-step system that allows us to generate complaints automatically, manage them automatically, and also settle. cases with the companies automatically without the need to send hundreds of emails back and forth. This all is in background basically a big MongoDB, now a PostgresDB in the file system where all of that lands for the tech geeks. I’m just going to go very roughly through the steps of how all of this works to make it a bit practical. What we started with is OneTrust. It’s the biggest provider for cookie banners, so it’s kind of the standard cookie banners you at least see in the European Union. They’re typically done by four or five big tech bigger service providers. Websites usually don’t have their own cookie banner, they usually use one of these services. That also allowed us to scale up because we know thousands of websites are using exactly the same software to do this cookie banner and OneTrust actually has a JSON configuration file where most of the configurations of the cookie are stored so we can actually or the computer can read it quite well because for example this is like the banner show reject all button false so it basically doesn’t show you reject button on the first layer and you can take it right from the JSON file to know that that is there or not there. Same thing for many other of the configurations of a cookie banner. In the background OneTrust provides a interface where the admin can change that so we also took screenshots to explain to the companies which button they would have to fix to make sure that they comply with the GDPR and that was kind of like the systems basically the back end and the technology like the technological way of saving these settings and that we could basically auto collect. We did a first kind of code search there’s a website for example called public www where you can search like you can search on google on this you can search for code in the website so to see which software a website is using and thereby you get a list of all the websites that use in this case the OneTrust cookie banner and that already allows us to only focus on the websites that actually have it used and not have to scrape the whole web for random pages that actually use OneTrust. What we then have is that we actually first auto-scan the website to see if there’s any violations, and then we actually have a manual scan where an individual really goes to the website and checks it. We did have a two-screen setup usually where there’s a test environment on one side which was a virtual machine. We’re right now changing that and then you have basically a management interface where you can manage the case yourself. We need to do that also because under the law, we need to have a data subject to someone that is directly concerned to actually bring a case. All of that basically gives you a big fancy list where you can filter all the cases and then take a case and do your assessment. We only filed if the human and the computer basically decided that it’s a violation. So we have this two people have to agree system to make sure that there’s a low error rate. Once you’ve done that, we basically auto-generated a complaint, which is text blocks that generate the PDF, where you have certain elements that are filled automatically, certain elements that turn on and off, depending on which violations you found on the website, basically fed from the JSON file and what you found in that. We typically then send that to the individual company first. That was one of the biggest issues because we had to make sure that they don’t think it’s them, because if you get like there’s a legal procedure against you, most people will just throw it away. We even tried to use some of the systems that the companies use. They typically use, for example, A-B testing to figure out which type of interaction works the best. So we A-B tested that as well and saw for different types of e-mails, we sent to the company, we get a better or lower compliance rate. So we thought if they can manipulate the users into clicking the Yes button with A-B testing, we can probably manipulate them into compliance with the law. By doing A-B testing, that was the approach there. As I said, we even have a full guideline on how to be fully compliant. So it was served on a silver spoon, on a silver plate to actually have that done. If companies actually decided to comply with that, they could go to a platform where they could log in with case number with a password and then were able to actually let us know that they have fully complied and that they have fixed the problem. We then automatically were able to scan that and prove that. And also from a lawyer’s perspective, we were able to get all the feedback from the companies in an automated format. So we didn’t have hundreds of emails with some law firms that send you endless text. We basically got that in a structured way, the feedback as well. Now what’s super interesting is if you look at that from a statistical point of view. We were doing the first version and that’s pretty much what I showed to you in more of a duct tape technology version. We just did a first test and saw how well it worked. And what was interesting was two things. First of all, we had a 42% compliance rate just by sending the companies an email with a specific instruction of what’s legal, what’s not legal, and that there would be further action taken if they’re not compliant. And that was already a huge number. That’s better than what we get from the data protection authorities if we’re doing cases there. So that was really interesting that we had a very good compliance rate here. The second thing that was interesting, that’s kind of dependent on the violation. I don’t go into that, but it’s different per violation on how good the compliance was. There was only, and that’s a side note, there was only about 18% that fully complied because we typically had six or seven violations and they fixed some of them. So the 40% is the overall number of violations. But the really interesting part was the domino effect that came out of it. Typically in law, we do not go after every person and go after everybody that’s speeding. We intervene often enough that people feel, oh, speeding can actually be a problem. And what we saw is we scanned about 5,000 pages and then actually only sent an email to about 500. When we continued with the rest, we suddenly saw that hundreds of the other websites have all fixed their cookie banner, even though we’ve never intervened with them. So what happened? In the background, companies understood, oh, there is actually no enforcement action going on. I heard that from a colleague. I heard that from software provider that also sent emails around. And suddenly we saw a huge number of compliance without even intervening. And that’s exactly this idea of general deterrent. that we usually have in other areas of the law that work well once you can speed it up and be a credible threat or a credible interference. Now, just to wrap it up, we also upgrade this now to actually become like a long-term project, which is Stefan’s main job right now to get all of that in a very structured and very nice way of using it. We also do that in a way that the authorities could use it in the future, ideally. What we added is basically a bigger admin panel where you can manage all of these cases and make it all much more modular. So you basically can go between the steps back and forth when it used to be like more linear. That adds a lot of the options to manage cases better and also attribute cases better and filter cases better. So we can, for example, say we only bring certain cases in anymore. The other thing that we basically do here is that we upgrade a lot of the individual functionality that we can actually, the first version wasn’t cookie banners, but you can use that tomorrow for tracking pixels, for some other web technology, some script, anything else. And these modular parts, you can basically plug into the software and take it back out. That is fundamentally what this is gonna make a lot different. The rest is mainly really making the interfaces usable for an average lawyer so that we don’t need a tech person every time you need to change something in a PDF. That is the elements that we’re working on right now. For us, that was really one of the most useful projects I think we’ve done, especially considering like input-output ratios and really moving enforcement forward. So on that side, I think it’s a very interesting approach in the sense that we’re kind of working in a digital sphere, but still do kind of pretty analog procedures. And we could probably learn from a lot of areas on how we can do that better. So thanks for that. And I hope if there’s questions, especially technical questions, that Stefan can jump in on all of these. Okay, thank you.

Christian Reimsbach Kounatze :
Thank you very much, Max. I think I have probably one brief question if you could elaborate on that because it will actually. also be a good transition for the next speaker, which is I think you mentioned that you had talked to data protection authorities. Could you briefly say what the feedbacks were that you received on that and how high is the interest among those data protection authorities to implement this kind of tool in their processes? So I think on a very personal level,

Maximilian Schrems:
if I may say, I think the answer was a mix of fear because too much, never seen that different world and high interest in the sense of really how can we be efficient in our work and also, let’s say, get rid of useless work for employees in the sense of like a lot of these tiny things are just very trivial. You don’t need a lawyer for a lot of that. Usually, I think one element that I forgot to mention, the quality usually gets better because if you have a one-time template that was proven well by the more senior people, you know that what you’re doing here is going to produce good results while if you have some, let’s say, more junior person that has to do that the first time, you have a very good chance that something is going to go wrong or that something gets forgotten. So it’s also, I think, efficiency plus quality that you can get through systems that work well. However, the big problem in reality is you need to implement that, you need to have programmers, you need to have people that really understand that, and you need to have the management skills for it in the sense of to really find the right cases because this doesn’t work for every case. A big thing also with us was to not get entangled into details anymore, to really tell the lawyers, we’re only doing these two things. There may be 10 other violations on the website, which we just ignore them for now because that doesn’t scale. That is a bit of a, let’s say, culture change that you need as well, even with annoyed to say, okay, that is really a thing where we just go for this one topic, we do that well and quick, and the next time we do the next topic, which is a very different approach in procedures where we usually do everything.

Christian Reimsbach Kounatze :
Cool. I think just as to highlight, and I’ve noted that because it’s a good topic for the later discussion because you just mentioned the word scale. And I think this is definitely one of the common themes when it comes to using technologies for addressing privacy problems that we have a potential, let’s say solution, or let’s say a support of a solution or part of the solution that basically helps us scale with the scale of the problem, so to speak. But we will get to that point, hopefully. Now it’s my pleasure to give the floor to the European Data Protection Supervisor. And I guess, obviously, one particular question given, Wojciech, that you are following Mark’s presentation is the question, to what extent are these tools are relevant for your agency, but also for basically your colleagues’ agencies? And maybe also talk about the role of privacy, or technologies more broadly, for supporting your work and your cause. So the floor is yours. Thank you very much.

Wojciech Wiewiórowski:
Thank you for having me there. Thank you for being able to talk with you, even in such an early morning here in Brussels. So all the best from Brussels. First few words on the institution itself, the European Data Protection Supervisor. I guess most of you are familiar with it, but for those who first time hear about the very complicated system of the governance of privacy in Europe, the European Data Protection Supervisor is the supervisor of the EU, European Union institutions, bodies, and agencies. So I’m not the super data protection commissioner for all Europe, but I’m the commissioner for the EU bodies and EU institutions. At the same time, we have 27 member states jurisdictions and 27 data protection commissioners in each of the member state. Some of them have an even more complicated structure. Anyway, what is rather more important for today’s discussion is not our supervisory role towards the EU institutions, but the fact that we are advisors in the legislative process in the European Union, and also the fact that we are the providers of the Secretariat for the European Data Protection Board, which is consisting of all these data protection authorities. So I’m not speaking in the name of all these authorities, but I can somehow provide you with the approach that we have among the European data protection authorities. Well, that’s a good idea to put me just after Max, because I can somehow react to what he said about the resonance that his work makes among the data protection authorities and in the market. That’s true that there are a lot of data protection authorities who are interested in the practical deployment of the solutions similar to the ones that NOIBS does. That’s also true that for some data protection authorities, it’s strange that the NGO, the civic society movement, can do the things which are called enforcement. Actually, it is enforcement. That is the way to make the thing running. And I’m saying that also as the person who always said that what Max did in his life was the thing that the data protection commissioners should do 10 years before. And they never asked the right questions. Anyway, coming back to the main point of discussion, that’s true that these very tools that are prepared by NOIBS, including also the information retrieval systems which are connected with it, are the things that should exist in most of the data protection authorities, especially those that are… that have really independent IT structure from the other institutions. We rather try, as data protection authorities, we rather try to deal with the legal and guidelines way of doing the things. But it’s true that some of the data protection authorities do have their laboratories and do have their IT teams that are preparing the tools as well. We try to do it as the European Data Protection Supervisor as well, because we still remember that there is a kind of limit for the legislative actions that we can do. Making more law does not necessarily help. What actually, the point on which we are in the European Union is that we have the law, and the law is not bad. The thing is that we have to operationalize it also by promoting the role of the IT architects and promotion of the comprehensive privacy engineering approach. So that is something which lies in the roots of our strategy as the EDPS. And for this mandate strategy, shaping the safer digital future, a new strategy for the new decade, we, as one of the pillars, put the tools. The tools, so we are going to use the tools and we are going to develop the new ones. Of course, as I said, it’s not that easy for all the data protection authorities to create the laboratory where these tools are really produced. But the authorities like ICO, like KNIL, like Canadian authority, like some of the German authorities are ready to do it and are ready to prepare their own tools. What we do as EDPS, apart from the very small… things connected with the remote control and the remote audits, we try to organize the society. We have the IPAN, which is Internet Privacy Engineering Network, which is a platform for engineers that are preparing the best solutions to discuss on them and also to disseminate information about different solutions which are done by different organizations. But we also try to make use of the fact that the European Union is, European Union institutions, that’s 70 institutions which have their own achievements in this field. And let me here just give two examples of such solutions, which are both coming from the Eurostat, which is the statistical office and the agency which is dealing with statistics in the European Union. And they are both also giving us examples in the current guide on privacy enhancing technologies for official statistics, which have been produced by the United Nations. So the first one is the processing of longitudinal mobile network operators data, where Eurostat has developed the proof concept solution with a technology provider with the main goal of this project is to explore the feasibility of secure private computing solutions for privacy preserving processing of mobile network operator data. The technology itself is, for the project was a trusted execution environment with the hardware isolation, which has been delivered by the market. So this is not only the Eurostat who… preparing that, Eurostat is deploying it and let’s say localizing it, but the business is involved in it. And the second one, also from Eurostat, is developing of trusted smart surveys. And once again, that’s the situation in which Eurostat is trying to localize on the IT infrastructure for the EU institutions the solution which is prepared for the market. So these are the things that we develop, these are the things that we try to promote, and this is a kind of culture which we try to deploy among the clerks of the quite byzantic institution as the European Union administration is. Thank you very much, Wojciech. Just a question, because I think

Christian Reimsbach Kounatze :
what I liked about the examples that you pointed out was that you are essentially directing, or your speech was basically directing us towards a solution how to promote the use of those different technologies, and you gave also examples of, let’s say, data protection authorities that were kind of leading the way. I was wondering also if you could talk a little bit about the importance of guidance in that particular role, given that, or maybe we can talk about that when we later on, when we talk about solutions, how to promote that, because obviously this is where the UK ICO guidance plays a role. So let’s put that on the side because I just realized that time is running and we need to move on, sorry, to our next speaker. And here obviously I would say start and give you the floor, Shushokra, to maybe introduce yourself and introduce your organization and what it does and how it relates actually to the discussion about technology and the role of technology for privacy protection. I think one of the key elements, at least from my understanding, is that what you are doing is helping us scale with the problem and help us address some of the issues related to privacy. But I let you talk and introduce yourself. So I’ll just share my screen as well so

Suchakra Sharma:
everybody can see and then we can talk. So I am Shushokra. I am chief scientist of this upstart, nice little upstart called Privado. And what we are trying to do is to look at PETs from a very different perspective. The way PETs have been developed right now is that the solution providers are using it or the way privacy itself generally is looked at is from the perspective of user. But what we are thinking is that data is not floating in the ether everywhere. It is moving from one system to another system by software. So why not just look at the software itself which is handling the data. It can give you an interesting perspective of what was the intention of the developer when they were developing the software. And then you can track what is happening. So essentially we are trying to catch privacy violations before even they manifest inside the system. So even before you release software you can actually understand how it’s going to handle data. And if you do it at all the points in the chain of where the software is handling the data that that’s where it would be. So you know like as Max was pointing out you know automating everything a ticketing system. So that ticketing system is using a software. When it takes a photo of a car, it captures some information, that’s private information, and then it translates into ticket, which goes through five, six systems behind. Those are all points where data is flowing. How about we understand that whole system itself, and then we can predict what’s going to happen to the data. So that’s the perspective. So I’m Suchak Rai, I’m the Chief Scientist here. I have a PhD in Computer Engineering, have been working in cybersecurity for six years, something now, and almost two years now in privacy. I’m going to implement all the learnings that I have from the cybersecurity industry in this environment now. Okay, so visiting a doctor, this is how you do it these days. You fill up a form, you have a lot of private information there, PHI information, doctor looks at it, keeps it safe for some time, and then it gets shredded, hopefully. But now we have something new in this millennium. We have a software, and the software is now handling your data. So things have not changed much, but now with the advent of the software, what has happened is that this data gets exchanged through multiple hands, goes through logs, gets to an advertiser. You don’t even know what that software is doing. You just trust it. You go to a doctor’s office, you fill in the details, you just trust it. But what’s happening behind, and this is true because we have observed software, we have analyzed it, we know that it’s using a lot of technologies that proliferate this data. So essentially what happens is at the development time of the software, you have no data. You just have the intention of what to do with the data. But as the software gets deployed, some of the data gets put into an analytic service, some goes to a third party, and then databases everywhere, the data expands, you know? So it’s nice. if we try to look at the software itself, because that’s where the intention of what to do with the data is, and you can actually do it. So what happens to your data is actually defined in software. So at the time when the software is built or it’s getting deployed in those locations, we can get information about data inventory, doctor’s name, patient’s name, etc. We can get a map of the data. The intention of the software is to take the patient’s name and put it to this analytic service based on where the data is going to be stored. For example, the data that it’s taken and it’s going to be put in a data center in US East, you can actually get the location of where the data will be. Again, there’s no data that is being processed. It’s just the intention of what to do with the data. Our third-party transfers. So if that doctor software has some weird connection which goes to some other connection, goes to another piece of software, and that is using advertising, you can actually track it all the way. This gives us something which I would like to call as technically verifiable PIAs. So every organization tries to do PIAs, Privacy Impact Assessments. But that cycle is too long. There are documents that have to be filled and then you go back to the engineers, you go back to the developers, and then the lawyers also get involved. They want to see the document in a specific format. But what if you have all this information very early on in the game? So if you try to do it at that stage, it’s easy, it’s early, and it’s proactive privacy. If you try to do it at later stages, try to understand where the data went and use 10 other technologies, it’s a little bit late at that time. So this is one PET that we would like to say. It’s like expansion of PETs by actually making the software itself secure, making the software itself not leak your private information in many places. So one example is, In Canada, I’m in Toronto right now, it’s pretty late, and there is a directive which is released by the government on privacy impact assessments. And we see that all the organizations have to actually fill in this BIAs, go through a process. And Canada had this dental benefit last year, and they created a summary. And there’s a small text which fulfills one of the points which says individuals submit their personal information on the CRH, the Canadian Revenue Agency website. It’s using HTTPS and et cetera, et cetera. That’s about it. And to get this kind of assessment, they would have been going through multiple places, looking at previous assessments, looking at software. But software changes so rapidly. The moment you introduce a new kind of dental benefit or a vaccination plan, this is rapid. So the software gets developed rapidly, and you never know what went inside it. But you have all this information, we discussed that. This is already there because when the software was developed, we know what is supposed to happen to the data. So what if you can, so imagine, before even making that kind of a service public, what if you could find whether it’s collecting your PII, PHI, and it’s transmitting it to some other weird service that you never imagined. These days it can be open LLMs. And you can actually do it. And we have built a tool, which is also open source, you should check it out, which allows you to really identify that if a developer decided to collect address inside the software, it can say new data element found. This is at this exact place. If it’s a violation, if it’s a privacy violation, fix it very early on. You don’t have to wait for a big assessment and then going back. You can immediately know that, yeah. And today, this developer sat down and they decided to. collect address information. You have this information right there in itself. You can then see the flow, where it went. You can actually analyze the software. Just like a human is writing, our tool tries to analyze that software to see the intention of the human. You can see that that will eventually go to OpenAI, it will go to MongoDB database somewhere, or it gets leaked to a console, which again is a privacy issue. People don’t understand, but it is a very big privacy issue. You can get this deeper understanding just by looking at code, because code has the intention of what the developer wanted to do with the data. That’s essentially what it is, and having these technically verifiable PIA opens a new door. You get a chain of trust, so this accountability perspective also comes into picture here. You get a chain of trust because you have a record of modifications right from the design to development and to deployment. You have an opportunity to certify software now. You can have privacy-certified applications because you know that this application is handling private data in a more secure manner. They have not integrated these weird advertising things inside them. You can try and translate privacy intentions of legal directives that we were seeing, big documents, into very fine-grained checks, which are followed. This can open doors to actually understand high-level laws like GDPR, CCPA, and the nuances in them, and convert them to really fine checks that can be run on software to say that, yeah, this is compliant with it, and this is even before it gets deployed, so kind of like automating what Max is trying to do in a manner, but doing it very, very early, even before the software gets developed. And then it again opens a paradigm for privacy engineers. They can now proactively help build privacy-respecting apps because privacy engineering gets involved. It’s a new role. that should be there, it’s very important, and they can help build privacy respecting app. But what we have also observed is, it cannot replace human processes. They are absolutely essential. So what if there’s no policy to share the document? You can do as much nice things as possible on the software side, but that’s essentially what it is. Yeah, that’s about it. Questions?

Christian Reimsbach Kounatze :
Thank you very much, Susharkar. I was actually, and I also thank you very much for making the connection to the previous presentation by Max. And obviously one of the question that I was wondering is, this is also an approach that theoretically NGOs could use to, or privacy advocates could use to kind of, yeah, enforce a privacy law or even, and obviously also data protection authorities could use when they are doing in-house screening to our impact assessment and the likes. But obviously we also have a set of professions that are operating within the firms. And I would say this is a good link to our next speaker, Nicole. So if you could introduce yourself and how your work and your experience relates to what the previous speakers have said. The floor is yours.

Nicole Stephensen:
Thank you so much. Hello, everyone. I feel really honored and delighted to be following such a wonderful group of presenters. Thank you so much for having me today. My name is Nicole Stevenson and I’m a partner at IIS Partners, which is an Australian privacy and data protection consultancy. And we’re in our 20th year of operation. You’ll also hear from my accent that I am a Canadian, which means I’m both a Canadian and an Australian citizen, but I’ve been living here in Australia for 20 years now. I lead our privacy services functions at IIS Partners, where my specialism is in privacy program management and culture building. So you can just… can sort of picture how I’m potentially going to wrap up today’s session. And I’d like to really start with the essence of my interventions in mind and put to the group that privacy-enhancing technology should not replace good decision-making at the outset. So our governments and organizations still have a positive duty to ensure that their information practices accord with relevant privacy and data protection laws and community expectations. Now, in my work, there is a large focus on strategic privacy risk management, which is natural, right? Because the work of a privacy consultant often relates to identifying and mitigating risk around decisions that have already been taken. So for example, organizational information policy or practice projects or programs, and then, of course, technology deployments. And sometimes I find that our governments and organizations can be educated on what their risks are. But particularly where there are large volumes of personal data or complex vendor relationships involved, they might struggle to solve for these using conventional methods. So as an example, where there’s a risk of unauthorized disclosure of personal data into those vendor processing environments, such as through vendor APIs or single sign-on digital handshakes, it can be quite difficult for organizations to test whether a risk exists only in the realm of possibility, right? And we often see those types of risks borne out in privacy impact assessments, right? Consultants like me say, oh, you might have a risk of unauthorized disclosure here. But is that only in the realm of possibility, or is it actually playing out in reality? Now, unauthorized disclosures to vendors that are processing personal data on an organization’s behalf often happen without any real awareness of the organization. And we refer to this, or we often refer to this as data leakage. But this is also. really highly likely to qualify as a personal data breach, depending on the jurisdiction that you’re in. And although I’m a huge proponent of administrative controls like contracts, data leakage isn’t something that a contract with a vendor is going to eliminate properly, or even control for sufficiently at the outset. All of you know, when we are remediating data breaches, this is actually a backward looking exercise. This is where I think privacy enhancing technologies do have a deep potential utility. Now, in the context of controlling for data leakage, so let’s use this as our sort of example space. Privacy enhancing technologies are probably gonna take the form of data accountability tools. And this is more of a gray area category for pets, right? As compared with some of the technologies that have been discussed already here today, where technology can assist an organization to enforce rules about what should or should not happen to personal data. And the rules are gonna be found in things like our data protection laws that are applicable to the organization. Or they might be set out and or they might be set out as commitments to the community in the context of an organization’s privacy policy, or they might be expressed as contractual provisions between the organization and its various vendors or service providers. Now, all of this said though, the implementation of privacy enhancing technologies doesn’t remove from our governments or organizations those initial accountabilities that are associated with things like purpose specification. Why do we need the data in the first place? Do we have a fit and proper purpose for collecting and using it? And then of course that collection minimization, are we only collecting the personal data that we need to fill that proper purpose? Because these are those vital building blocks, right? For enforcing a climate or a culture that limits use and disclosure of personal data to the greatest extent possible with or without the involvement of privacy enhancing technologies. Now, all of that said, right? And in my experience. the business case for implementing privacy-enhancing technologies, at least as I’ve seen here in Australia, can be complicated by a number of factors, including whether the pet supplier is a small business or startup, because they themselves might lack the necessary privacy or cyber maturity. I’m not saying that’s in all cases, but it can certainly be in many cases, particularly where there’s not that bucket of vendor capital sitting behind the small business or startup. Second is the geographical location of the pet supplier. There are many associated legal requirements or barriers that might impact an organization or government’s ability to engage that pet supplier. There might also be some socio-political biases depending on where that supplier is. If we look at privacy in the Western conceptualization of privacy, if we’re looking at a potential pet supplier that’s based somewhere that doesn’t have those same socio-political norms or ideals, that might be a barrier. Finally, budget of the government agency or organization. One thing that we’re noticing is that where privacy-enhancing technologies are dealing with large volumes of data, if they are being priced based on units of data or volume of data, sometimes the budget can blow out and really remove from the government agency or organization the ability to use that technology at all. Now, I wanted to share with you that IIS Partners recently established a subsidiary company, and it’s called TrustWorks 360. That’s because we think privacy-enhancing technologies are a thing and are an important thing in Australia and in the wider global market. TrustWorks 360 is working to bring privacy-enhancing technologies and other privacy and security management solutions to the ANZ and Asia-Pac market, which is where we play. The feedback so far has been that it’s a real challenge. I approached actually one of our privacy-enhancing technology partners when I was considering the comments that I would bring to the group today. They are called Q-Privacy, and they deploy tools that both allow organizations to audit for data leakage, so remembering that context, that example I gave you before, and then also establish and enforce rules that ensure only the personal data specified for a processing purpose is able to be pulled into those vendor environments. Now, I think that this type of data accountability tool is exciting for the global privacy marketplace, and I think it’s got great utility for organizations that deal with large volumes of data that can’t possibly be monitored by a person, right? And in these cases, and with my consulting hat on, I would say that automated solutions are much more ideal than relying on, say, the privacy officer or the DPO in an organization to try to get a handle on this. But there are barriers to uptake, and when I asked Q-Privacy to share what, in their experience, those barriers are, they gave me a couple of points to share with the room. The first is that there seems to be a low priority for uptake of pets in, you know, sort of your small to medium organizations or your smaller governments because there’s such a focus on big tech from a regulatory perspective, and if everybody’s eyes are on big tech, it means that no one sees what we’re doing over here, right? So we’re sort of risk managing our decisions in relation to privacy, possibly waiting for a data breach before we take action on anything. Second is that there tends to be an avoidance for zero-trust approaches to personal information or personal data management of the likes that Q-Privacy is deploying, and low budgets. And so there tends to be more of a focus on those third-party risk assessment tools and using standard legal contracts and treating those as sufficient. And finally, the most decision makers in the domain of privacy tend to be more in that legal space, right? So we tend to see legal teams or potentially corporate services teams dealing with privacy issues for the government or their organizations, and they have a less technical focus. So, you know, the barrier, the lack of privacy engineers or folks that understand how privacy enhancing technologies is a barrier for uptake. And with that, because I know we want to have at least 15 minutes for questions, I will end my discussion here. And again, thank you to all of you and to the room for attending

Christian Reimsbach Kounatze :
today. Thank you. Thank you very much, Nicole. And I think you pointed out a number of questions that I would like us to discuss. Just wanted to invite the audience in the room, but as well online to feel free to raise questions. But given, I mean, I have a couple of them, so I will take my privilege as a moderator maybe to ask a few of them. And I mean, one is definitely the question about adoption that was raised. If we all agree that all those technologies are great, why is it that not everyone is using it? I mean, some of these technologies have been around for a long time. So how comes that it still seems to be something exotic that needs to be discussed at the IGF? So this would be my number one question. And another one, if I may, and then because that’s actually the one that strikes me out of the discussion, kind of everyone has agreed, seems to agree that automation is great. It’s needed to scale with the problem clearly. But at the same time, everyone seems to be saying, or at least I heard this multiple times, humans should not be replaced. There should be a role for humans to be kept in the process. So if you could elaborate on that. because I think that’s maybe something that may, some people may, yeah, for different reasons try to forget or ignore. So I let you maybe intervene. We start maybe with Clara and we keep the orders of intervention. If you could address some of these points, put the emphasis where you wish to do. So Clara, if you could start. And maybe, sorry, before you do, I just wanted to acknowledge and express my appreciation that you are joining, some of you at least, are joining from very early in the morning. In particular, you, Shukra, from Canada. So this is very much appreciated.

Clara Clark Nevola:
Well, it’s starting to get light, you can see in the background. Nearly normal morning now. I think I’ll take your first one about like why do we not see it ingrained yet. It’s something that we’re working on at the ICO. It’s our next step after the Privacy Enhancing Technologies Guidance. And I think basically our explanation for this is that the organisations who would most benefit from Privacy Enhancing Technologies do not yet know that they exist. So there’s a real interest in them in community. And that’s where the use case is. Is my sound OK? Your sound is OK. The video is freezing a little bit, but we can hear you well. OK, thank you. So basically the kind of lower tech organisations are not yet aware of these technologies. And one of the things that we’re working on is how can we bring people who are more experts in pets, so pets developers, academics, organisations who are more technically minded, who have already implemented them, together with more traditional organisations, local government, health bodies, to really understand like why would you use a pet? So that’s my explanation for question one, and I’ll hand over.

Udbhav Tiwari:
Okay. So. I think that on the point of question two and why humans are important, and it’s not just a question of automation. There is a very real risk that we also often discuss within Mozilla, that privacy enhancing technologies may make it so that people just start collecting even more data than they already do because it’s so easy to collect it, and a lot of the risks that are associated with it no longer exist. Independent of the technology that is being deployed or whether you’re using a tool to check code or whether you’re trying to make sure that data leaks don’t take place, I think it’s really important for organizations to first question, should this kind of data be collected in the first place? Is there a real use for it? What use will it be put for? Is it worth the risk of what may happen if this data ends up leaking? As much as they invest in resources and tools in order to protect that information. For me at least, that’s the primary reason why human beings are important, because the decisions of what to collect are obviously made by human beings. If you are collecting more information than you need and it ends up leaking, rather than investing in the tooling around preventing that from happening, maybe you should reconsider whether that data should have been collected in the first place or not. I think that it’s been a very enlightening conversation also because there are two parts. One is privacy enhancing technologies once the data exists within an organization, but there is also the piece of privacy enhancing technologies that allow you to collect data without the parts that actually sometimes even make it private, which are identifiable information. So for example, both of the things that I had mentioned, Oblivious HTTP and DAP, allow you to collect information in a manner that is aggregated, equally useful, but with almost zero consequence to what happens if that entire piece ends up being in the real world. Because it’s been collected in a manner where the unique identifiers no longer correspond to the people who would actually operate them. So I think that’s also an interesting point to keep in mind for the first one. Thank you. Max, if you’d like to say a few words.

Nicole Stephensen:
It’s like privacy enhancing technology to be quite impenetrable for organizations and governments. Folks who are not technical, who are not engineers, who may not even be policy people, right, with an awareness of what privacy enhancing technologies do. Finding a way to capture what they are in plain language, almost like a sales pamphlet. You know, these are the types of privacy enhancing technologies that are out there. This is what they look like and this is how they can be deployed within an organization or government. That type of stepped approach, I think, would be really, really useful, particularly in jurisdictions like this one.

Christian Reimsbach Kounatze :
Thank you very much to all of you for being here in person, online, to incredible hours. I took note of the different suggestions and what is also great is that I think with this event we have been able also to extend the understanding of what PETS or what the role of digital technologies could be beyond just those almost today traditional technologies to something that is much, much broader. And with that, thank you very much and we look forward to definitely continue the conversation. Thank you. Bye. Thank you. Thank you. It was a good discussion. Yes, definitely. Some of the other, especially the Privido presentation was stuff that I’d heard about, but I didn’t know that it had advanced to some of the things that they are attempting to do. I mean, for me, if I were to deploy that software in a company, I would probably say that is such a huge privacy risk, just the software, because it actually has to have access to everything. Yes, that’s an interesting point. Let’s say, I had a separate conversation with him about that and obviously one of the challenges that this cannot be run by a third party, except obviously you would have to really put in place trust mechanisms because not only the problem of privacy is one. I could imagine that being the least, the smallest problem in the company. Tristan, your mic is still live, just to let you know. Thank you. Thank you. Thank you. Thank you. you you you you you

Giacomo Persi Paoli

The Open-Ended Working Group (OEWG) was established to ensure greater visibility and active participation in discussions dealing with international cybersecurity. It has had six iterations, with each iteration involving approximately 20 countries, including the permanent members of the Security Council. The OEWG is seen as more transparent, as everything is open to the public. Furthermore, if consensus isn’t reached on a report, the chair has the authority to publish a summary.

The OEWG has focused on the protection of critical infrastructure, which has been a prevalent subject of discussion. As part of the framework for responsible state behaviour in cyberspace, critical infrastructure is a focal point of multiple norms. States are called to protect their own critical infrastructure and are encouraged not to target the critical infrastructure of others. International assistance is also encouraged for states whose critical infrastructure is targeted by cyber attacks.

However, the OEWG may not be the right forum for detailed discussions on how general norms apply to specific sectors or types of infrastructure. It is viewed as more suitable for discussions on evolving threats, norm implementation, and international impact. There is a need for a dedicated forum to discuss the implementation of general purpose norms for cyber nuclear security. Discussions within the OEWG have covered various aspects of critical infrastructure, such as medical infrastructure, energy, and financial sectors. However, the limited time available has made it challenging for states to deeply explore any of these topics.

Concerns regarding threats to civilian nuclear infrastructure by cyber operations are growing, as states have flagged their increasing concerns over cyber threats to the Secretary General. Cyber attacks have also been on the rise during the pandemic, affecting all sectors of society, including critical infrastructure.

The private sector can play a significant role in helping states develop cyber resilience. The private sector has capacities and capabilities that can contribute to enhancing cyber resilience efforts. Public-private partnerships have been suggested as a tool to increase cyber resilience and have been flagged as a way forward.

In conclusion, the OEWG serves to enhance visibility and participation in discussions on international cybersecurity. It has addressed the crucial issue of critical infrastructure protection. However, it may not be the ideal platform for discussing specific sectors or types of infrastructure. The need for a dedicated forum for discussing the implementation of general purpose norms for cyber nuclear security has emerged. Concerns about threats to civilian nuclear infrastructure by cyber operations are growing, and the involvement of the private sector in developing cyber resilience is seen as significant. Public-private partnerships are also being considered to increase cyber resilience.

Rowan Wilkison

Concerns have been raised regarding the security failures within the IT networks of nuclear plants. These concerns arise from the potential harm and disastrous outcomes that could result from such failures. It is imperative to address these shortcomings and take measures to prevent any adverse consequences.

The modernization of cybersecurity and civilian nuclear infrastructure is seen as a high priority in mitigating the risks associated with these security failures. This would involve implementing advanced and robust security measures to safeguard the IT networks of nuclear plants. By prioritising the improvement of cybersecurity, the likelihood of breaches and potential threats can be significantly reduced.

Furthermore, gaining a better understanding of the threat landscape is crucial. This entails identifying potential vulnerabilities and weak points within the IT systems of nuclear plants and staying updated on the latest cyber threats. By doing so, appropriate measures can be taken to prevent any breaches or malicious activities.

It is worth noting that these issues align with various Sustainable Development Goals (SDGs). Specifically, they relate to SDG 9 – Industry, Innovation and Infrastructure, as the modernisation of cybersecurity and civilian nuclear infrastructure falls within the scope of enhancing industry and infrastructure. Additionally, these concerns also relate to SDG 13 – Climate Action, as the disastrous outcomes of security failures within nuclear plants can have severe environmental implications due to the link to radiation.

Moreover, the issues raised have implications for SDG 16 – Peace, Justice, and Strong Institutions. By addressing the security failures in nuclear plant networks, stronger justice systems and institutions can be established to ensure the safety and security of critical infrastructure. This, in turn, contributes to promoting peace and stability.

In conclusion, the concerns surrounding security failures in IT networks of nuclear plants highlight the need for immediate action. Modernizing cybersecurity and civilian nuclear infrastructure is crucial not only for the industry but also for addressing environmental concerns and maintaining peace and justice. By prioritising these areas and adopting proactive measures, the risks posed by security failures can be effectively mitigated.

Priya Urs

The analysis examines the issue of cyber operations targeting civilian nuclear infrastructure within the framework of international law. The first argument highlights the absence of specific rules in international law that directly address cyber operations on civilian nuclear infrastructure. While states recognize the importance of protecting civilian nuclear infrastructure as critical infrastructure against cyber operations, there is a lack of concrete legal protections.

The second speaker argues that while general rules of international law, including treaties and customary international law, may potentially apply to this context, their specific application presents challenges. These general rules encompass aspects such as the use of force by states, the prohibition of intervention in another state’s affairs, respect for state sovereignty, and the due diligence obligations of states. However, it is important to note that these rules were not designed with cyber operations in mind.

The third and fourth arguments focus on the prohibition of intervention, a principle agreed upon by states, but with variations in the definition of activities that constitute intervention. The generally accepted requirements for intervention to be deemed unlawful are that it must address the internal or external affairs of a state and that it should coerce the targeted state. However, there are disagreements among states regarding the specific activities that fall under this prohibition.

The fifth speaker emphasizes that a cyber operation that disrupts the production of nuclear energy can be seen as coercive and may therefore constitute unlawful intervention. This reflects the belief that if a state adopts a policy regarding the generation of nuclear energy, a cyber operation that disrupts its production would be deemed coercive and thus unlawful.

On the other hand, the sixth speaker argues that cyber operations such as surveillance or data breaches may not be perceived as coercive since they do not directly hinder a state’s policy implementation. These types of operations, which do not interrupt the implementation of a state’s policy, may not be considered unlawful intervention.

The analysis also highlights the importance of preventative measures in cybersecurity and the need for legal accountability. It emphasizes the significance of addressing the cybersecurity problem from multiple angles, including proactive measures and holding accountable those responsible for incidents.

In conclusion, the analysis underscores the lack of specific rules in international law regarding cyber operations on civilian nuclear infrastructure. While general rules of international law may have some relevance, applying them in the context of cyber operations poses challenges. The debate surrounding the definition and scope of intervention further complicates the issue. The analysis also emphasizes the complexity of distinguishing between coercive and non-coercive cyber operations. Finally, it underscores the necessity of comprehensive cybersecurity measures and legal accountability in addressing this complex issue.

Talita Dias

Increased cyber and nuclear risks present a significant threat to national security and global stability. Cyber operations are targeting critical sectors such as healthcare and energy, as well as civilian and military nuclear systems worldwide. It is urgently necessary to develop international technical standards, rules, principles, and non-binding norms to ensure the cybersecurity of civilian nuclear infrastructure. This is particularly crucial given the growing use of small modular reactors and artificial intelligence, which could expand the potential targets for cyber operations.

The International Atomic Energy Agency (IAEA) plays a vital role in this area by providing guidance and recommendations for computer security measures. They also conduct ongoing security audits and assessments to detect vulnerabilities and offer training sessions for nuclear facility operators. However, there is some debate surrounding the binding nature of the IAEA’s recommendations.

To enhance cyber resilience, it is essential to foster multi-stakeholderism and public-private partnerships. The private sector’s involvement in assisting states in building their cybersecurity capacities is recognised, and public-private partnerships are seen as a robust strategy for enhancing the cyber resilience of member states.

One area of contention involves determining what constitutes intervention in the cyber landscape regarding civilian nuclear infrastructure. Understanding the threat landscape in both the cyber and nuclear sectors is critical, as accidents within the nuclear sector can have significant consequences.

Improved dialogue between the cyber and nuclear sectors is necessary to effectively address these risks. Through dialogue, stakeholders can exchange knowledge and best practices, identify potential gaps in cybersecurity measures, and collaborate on developing effective strategies to mitigate cyber threats.

The need for specific cyber nuclear norms, rules, or best practices is currently being debated. The current feedback on this issue indicates a score of 6.4, highlighting the ongoing discussions and varying perspectives on the necessity of such measures.

In conclusion, the increasing cyber and nuclear risks pose significant threats to national security and global stability. Developing international technical standards, rules, principles, and non-binding norms is crucial to safeguarding the cybersecurity of civilian nuclear infrastructure. Collaboration between stakeholders, including public-private partnerships, is necessary to enhance cyber resilience. Clarifying the prohibition on intervention in the cyber landscape and understanding the threat landscape in both the cyber and nuclear sectors are key areas of focus. The necessity of cyber nuclear specific norms, rules, or best practices is subject to ongoing debate and discussions.

Tomohiro Mikanagi

The interpretation of sovereignty in relation to cyber attacks varies among different countries. The UK does not see any standalone obligation arising from sovereignty apart from the non-intervention rules, while France views any cyber operation causing an effect within its borders as a violation of sovereignty. The US, Germany, and Japan believe a certain level of harmful effect needs to be caused in their territory for it to be considered a violation of sovereignty.

In terms of cyber attacks targeting nuclear facilities, it is argued that they could have severe effects and are likely to be considered unlawful under international law. Mikanagi believes that there needs to be a consensus on what constitutes a harmful effect in a cyber attack in order to determine if a violation of sovereignty has occurred. Additionally, the due diligence obligation in international law is not clearly defined, leading to uncertainty among states as to whether this obligation applies to cyber operations.

Furthermore, there is no clear application for the territorial state’s due diligence obligation in the area of nuclear security, and discussions on this matter are ongoing.

The existing Convention on the Physical Protection of Nuclear Materials could potentially cover sabotage through cyber attacks, despite not explicitly mentioning cybersecurity. Given this, it may be more feasible to discuss cyber security issues related to nuclear facilities within the context of established conventions such as this one.

Overall, the varying interpretations of sovereignty and the lack of consensus, clarity, and application of international laws and conventions contribute to the complexity of addressing cyber security issues effectively.

Michael Karimian

The tech sector plays a central role in providing digital solutions for safety, security, and everyday processes, including nuclear systems. It provides ICT infrastructure that is crucial for these purposes. However, the tech sector’s involvement also increases the risk of cyber threats due to the many entry points into its IT systems. Therefore, it is essential for the tech sector to prioritize cybersecurity by design.

One of the main arguments is the ever-evolving threat landscape. The continuous advancements in technology result in a constantly changing and sophisticated threat landscape. Thus, the tech sector must prioritize cybersecurity measures to effectively combat these threats.

Continuous innovation and transparency in threat sharing are also considered crucial. Actively researching and sharing threat intelligence is essential to stay ahead of cyber threats. By engaging in innovation and sharing information, the tech sector can contribute to creating a safer online environment.

Education and training in cybersecurity are also highlighted. Tech companies can provide guidance on cybersecurity best practices, contributing to the education of individuals and organizations in protecting themselves against cyber threats. This emphasizes the importance of quality education and training for ensuring cybersecurity.

The significance of multi-stakeholder engagement and collaboration in addressing cybersecurity challenges is underscored. Collaboration between the tech sector, governments, civil society, and other companies is seen as essential to effectively tackle cybersecurity issues. By working together and sharing knowledge and resources, it becomes easier to address the complex nature of cyber threats.

Microsoft’s stance is mentioned, as they believe in proactively taking steps to address cybersecurity risks. As part of their commitment, they are involved in initiatives like the Cyber Security Tech Accord, which aims to improve cybersecurity across the industry. Microsoft’s active involvement showcases the importance of industry leaders taking responsibility and actively addressing cybersecurity challenges.

Basic cyber hygiene practices are also highlighted. It is mentioned that good yet basic cyber hygiene can significantly reduce the risk of cyber threats. This includes practices such as protecting user identities, applying updates as soon as possible, using advanced anti-malware, enabling auditing resources, and preparing incident response plans. Following these practices allows individuals and organizations to mitigate many cybersecurity risks.

In terms of technology solutions, cloud-based systems are recommended over on-premises systems for better cyber protection. Cloud-based systems offer holistic, adaptive, and global cyber protection, which is facilitated better compared to on-premises systems.

Lastly, the summary emphasizes the importance of adherence to general guidance for cybersecurity across all sectors, including the nuclear sector. Protecting user identities, applying updates as soon as possible, using advanced anti-malware, enabling auditing resources, and preparing incident response plans are considered essential for all sectors. The International Atomic Energy Agency’s guidelines align with this general guidance, further emphasizing the importance of adherence to cybersecurity measures across sectors.

Overall, the summary highlights the tech sector’s importance in providing digital solutions for safety, security, and everyday processes. It emphasizes the need for prioritizing cybersecurity by design, continuous innovation and transparency in threat sharing, education and training, multi-stakeholder engagement and collaboration, adherence to basic cyber hygiene practices, and the use of cloud-based systems. These measures are crucial to mitigating cyber threats and creating a secure online environment.

Marion Messmer

The analysis explores the topic of cybersecurity risks in nuclear facilities and their potential impact. It highlights that cyber attacks can target civilian nuclear facilities either due to their specific role in nuclear systems or their importance to a country’s power supply. Given that nuclear power plants are a crucial part of a nation’s energy infrastructure, any disruption or compromise can have significant consequences.

The analysis notes that awareness of these risks has evolved over time, indicating a need for improved security measures. It mentions that older nuclear power plants initially believed they were safe from cyber threats due to their bespoke IT infrastructure. However, as plants updated and integrated off-the-shelf IT systems, they also had to incorporate cybersecurity measures. Consequently, new regulations and training procedures were required to address these emerging risks.

Moreover, the addition of cybersecurity concerns to the nuclear energy sector, where physical safety has always been of utmost importance, has changed the game. This realization of cyber threats has caused worry among many individuals and organizations involved in the nuclear energy sector.

The analysis also highlights the risks and opportunities presented by new developments in the nuclear sector, such as small modular reactors and microreactors. While these developments can provide a stable power supply to remote regions, they also increase the risk due to the presence of more reactors. The diversification and length of the supply chain in these systems can introduce cybersecurity vulnerabilities. However, the analysis emphasizes that newer reactors are designed with a focus on safety, and awareness of cybersecurity in these systems is more advanced than before. Advancements in design and operator training contribute to reducing the potential risks associated with these developments.

Notably, the war in Ukraine has brought new risks to civilian nuclear infrastructure. The analysis mentions the Saporizha power plant in Ukraine, which has been directly affected by the conflict. Regular physical and cyber attacks on the power plant underline the vulnerability of such infrastructure during times of conflict. The analysis also notes that managing these risks requires particular attention to potential disruptions to the cooling system for the reactors. A disconnection from the grid, for example, could interfere with the cooling system, leading to a reactor meltdown. Backup generators have been put in place at the Saporizha power plant to ensure that cooling can still occur.

The International Atomic Energy Agency (IAEA) has had a positive impact by actively supporting the personnel operating the power plant. Their monitoring and actions have played a crucial role in mitigating risks. It is evident that their involvement is essential in maintaining the security and safety of nuclear facilities.

Additionally, the analysis emphasizes the importance of addressing environmental, health, reputational, and equipment risks associated with nuclear energy. While it may be challenging to determine the exact likelihood of these risks, the potential severe outcomes warrant preventive measures.

Marion Messmer, a noteworthy figure referenced in the analysis, offers insights into the topic. Messmer finds reassurance in the current safety operations and mitigating actions being taken, particularly in the case of the Saporizha power plant. This implies that efforts are being made to address the risks involved in nuclear facilities caught in conflicts. Furthermore, Messmer highlights the significance of reactor design in reducing the likelihood of a Chernobyl-like incident.

It is essential to consider potential scenarios as nuclear energy becomes more prevalent due to the energy transition. Conflicts involving power plants could increase, necessitating effective management strategies for such situations.

Lastly, the analysis raises concerns about putting reactors underwater, as even small modular reactors can pose severe consequences for the environment in the event of a radiological incident. While the idea of hiding reactors underwater may seem appealing, the potential spread of radiation due to water mixing remains a significant risk.

In conclusion, the analysis provides a comprehensive overview of cybersecurity risks in nuclear facilities. The increasing awareness of these risks has led to improved security measures and regulations. New developments in the nuclear sector offer both opportunities and risks, which are being addressed through advancements in design and operator training. The war in Ukraine and the associated risks to civilian nuclear infrastructure highlight the need for managing potential disruptions to cooling systems. The involvement of organizations such as the IAEA has proven valuable in mitigating these risks. Additionally, the analysis emphasizes the significance of preventive measures to address environmental, health, reputational, and equipment risks in the nuclear energy sector. Marion Messmer’s insights further contribute to the discussion, emphasizing the importance of safety operations, reactor design, and effective management strategies.

Tariq Rauf

The International Atomic Energy Agency (IAEA) has issued more than 30 documents providing guidance and recommendations on nuclear security. These documents primarily focus on the integrity of the control systems, containment and control of nuclear materials, and ensuring the safety of nuclear facilities. The IAEA plays a significant role in promoting nuclear security.

However, the primary responsibility for nuclear security lies with states and operators. While international conventions like the Convention on the Physical Protection of Nuclear Material do exist, states and operators are responsible for ensuring the security of their nuclear facilities. The Convention primarily focuses on nuclear security and aims to protect nuclear material during international transport.

Cybersecurity is a crucial aspect of nuclear security and safety. A malicious cyber attack can lead to serious consequences, including the compromise of the cooling system of a nuclear facility. There have been incidents suspected to be caused by cyber attacks that have resulted in leaks in the cooling system of operating nuclear facilities. It is crucial to implement robust cybersecurity measures to prevent, respond to, and recover from such attacks.

Small modular reactors (SMRs) and sealed reactor units are seen as more secure options compared to larger nuclear power plants. SMRs are compact and have sealed reactor units that do not require frequent refueling. This enhances their security and reduces the risk of accidents or material misuse.

The IAEA plays a pivotal role in providing IT security guidance to nuclear facilities. It collaborates with its member states to produce comprehensive cybersecurity measures, which include defense in depth approaches, risk assessment, security policies and procedures, access controls, network security, and incident detection and response protocols.

Capacity building and international cooperation are essential elements in improving nuclear security. The IAEA facilitates capacity building by conducting training sessions at various locations to enhance the skills of nuclear facility operators. It also encourages participation in security audits and assessments to discover new vulnerabilities.

While the Convention on the Physical Protection of Nuclear Material (CPPNM) is an important international instrument for nuclear security, it is not universally binding. Only countries that have acceded to the CPPNM are subject to its provisions. However, the CPPNM amendment in 2005 extended its scope to cover nuclear materials in peaceful uses, domestic storage, and transport.

There is significant concern regarding the potential risks associated with cyber attacks on nuclear facilities. Fukushima and Chernobyl disasters have highlighted the transboundary effects of nuclear accidents. The release of radiation resulting from cyberattacks on nuclear facilities is a major concern. Balancing the protection of national sovereignty and the prevention of widespread radiation is a challenging task.

It is argued that every nation, especially those with nuclear power plants, should accede to the CPPNM to promote international safety. Iran, for example, operates a nuclear power plant but has not yet acceded to the convention. After the Fukushima accident, there were efforts to make the CPPNM mandatory for all 31 states that operate nuclear facilities.

The involvement of the private sector in nuclear security is increasing. International organizations like the IAEA are interacting more with industry, which provides expertise and technology solutions to enhance overall nuclear security efforts.

However, international organizations like the IAEA face the risk of system penetration by state actors. The IAEA deals with highly classified information about the nuclear activities of more than 180 states. State-originated cyber attacks like Stuxnet and Olympic Games on Iran’s enrichment facilities have underscored the need to address this challenge.

Building trust and cooperation with industry is crucial for the IAEA. While the organization has purchased commercial products for managing big data, its IT experts may not match the expertise and capabilities of states. Strengthening cooperation with industry can help overcome suspicion and further enhance nuclear security efforts.

The conclusion drawn from the analysis suggests that the IAEA should have the authority to regulate nuclear security and cybersecurity. An international, legally binding framework for cybersecurity in nuclear facilities is necessary to address the current reliance on national responsibility. Conventions for liability also need to consider damage resulting from cyber incidents at nuclear facilities.

Overall, the summary highlights the importance of nuclear security, the role of the IAEA and international conventions, the need for robust cybersecurity measures, and the challenges posed by cyber attacks. It emphasizes the significance of trust, cooperation, and capacity building to enhance nuclear security and promote international safety.

Talita Dias:
Today, this afternoon, entitled Cybersecurity of Civilian Nuclear Infrastructure. This session is being co-hosted by Chatham House, as well as Microsoft, and the University of Oxford. It’s a real pleasure to be with you all today, both in person and online. Special thanks to all those of you who are joining us from different time zones, especially six or seven hours behind, especially our online speakers. Thanks so much for joining us, for being with us today. What I’m going to do in two and a half minutes is really go through our run of show, to take you through what we’re going to cover today, and introduce our brilliant, our stellar line-up of speakers for this afternoon. My name is Talita Diaz. I am the Senior Research Fellow on the International Programme at Chatham House. This session is being co-hosted with my brilliant colleague, Rowan Wilkinson, who is sitting by my side, who is the Programme Assistant at Chatham House’s Digital Society Initiative, and the International Law Programme, who is an expert in tech policy. What I want to do now is talk a little bit about this topic, to give you a little bit of an overview, to set the scene, and to really speak to the importance of why we are here today. This session is really about the convergence of cyber and nuclear risks. We have, on the one hand, an increasing number of malicious cyber operations of all kinds. all shapes and forms, targeting all types of infrastructure, including critical infrastructure, like the healthcare sector, the energy sector. And at the same time, we have long-standing nuclear risks that have been around since nuclear energy has been around. And so when the two come together, that poses a significant threat to national security, as well as to global stability. And cyber attacks against civilian and military nuclear systems, though our focus is on civilian infrastructure, they have been reported in different parts of the world, both developing and developed countries. So we all heard about what happened in Iran with Stuxnet or Olympic Games. That was probably the most widely reported cyber attack against a nuclear facility. But there were also different kinds of cyber attacks against different kinds of nuclear facilities in India, North and South Korea, Norway, Germany, the United States, and now Ukraine. And even the International Atomic Energy Agency has been the target of malicious cyber operations. And the actual and the potential risks of these attacks, they include the extraction of sensitive information about nuclear capabilities, malfunctioning of equipment, as was the case with Stuxnet in Ukraine, disruption of energy supplies or of places that are supplied by nuclear energy, increased radiation levels, which is very concerning, and potentially disastrous consequences of nuclear accidents for human lives, for health, and for the environment. These risks have now been amplified with the push for green energy, with the spread of what we call modular or small modular reactors and micro reactors, the use of nuclear energy, including these small reactors, to power AI, as well as the use of AI to automate and diversify the different types of cyber operations against different targets, including critical infrastructure and potentially nuclear infrastructure. So we’re going to talk about this in more detail during this session, I hope so. But these operations, they include disruptive cyber operations that might affect the operation of software and hardware. They include data surveillance or data gathering operations, as well as information operations like misinformation and disinformation. Now, for many of you, the film Oppenheimer might have sort of resurrected some of those fears of nuclear threats and nuclear holocaust. For me personally, being in Japan and having had the opportunity to visit Hiroshima has been a real life changing moment and just highlights for me the importance of what we are discussing today and the kinds of threats that we are facing, that humanity is facing. So Chatham-Howes is worried about these risks, so is Microsoft, so is the University of Oxford. And so Chatham-Howes has done work in the past from an international security perspective on the risks, the cybersecurity risks against civilian and both and military nuclear infrastructure. We are at the moment carrying out a project on this topic, on this exact topic, focusing on international law and norms. And so this session will explore in more detail these issues, including in particular international technical standards, rules and principles of international law, and non-binding norms of responsible state behavior that protect the cybersecurity of civilian nuclear infrastructure. So the session will be divided into three parts, or we’ll have three segments. The first one will be an in-conversation session with Marian Messmer, who is speaking online from London. She’s a senior research fellow on the International Security Program at Chatham-Howes. She’s an expert in arms control and nuclear weapons policy issues. We’re going to talk about cyber security risks and the consequences facing civilian nuclear facilities. Then in the second part of our session, we’re going to have a discussion with Tarek Raouf, who was head of nuclear verification and security policy coordination at the International Atomic Energy Agency, IAEA, with years of experience in nuclear disarmament, nonproliferation and arms control, as well as Giacomo Persi-Paoli, also joining us online from Geneva, who is head of the security and technology program of UNIDIR, the UN Institute for Disarmament Research, and he’s an expert on the implications of emergency technologies for security and defense. And we’ll also be joined by Michael Karimian, who is here in person with us, who is director for digital diplomacy at Microsoft in the Asia-Pacific region, with extensive expertise in human rights policy. We’re going to talk about technical and policy approaches to protect civilian nuclear infrastructure from cyber operations. And then we’ll have a final section of our discussion, which will look at the legal and normative aspects of the issue. And for that, we’ll have a chat with Tomohiro Mikanagi, also in person here today, who is legal advisor of the Japanese Ministry of Foreign Affairs, and a partner fellow of the Lorapak Center for International Law at Cambridge University, who has written extensively on cyber and international law. And also joining us online for this discussion is Priya Erse, junior research fellow in law at St. John’s College, Oxford, whose expertise spans across public international law, including cyber operations targeting critical infrastructure. Michael will also join us for this segment of the program. I’m going to turn to Rowan for a few housekeeping announcements. Rowan, over to you.

Rowan Wilkison:
Yeah, so hello. Good morning, afternoon, evening, wherever you are. Thank you so much for coming. So yeah, just some brief housekeeping things. We’re going to be running an interactive survey on Menti alongside this session. So we urge all people online and also in the room to scan the QR code when it comes up and please take part as we go along because we’d love to hear your thoughts. And then at the end of the session, we’re going to be having the usual Q&A. So for those in the room, we have the mics. So if you line up behind, if you have a question and those online, please just use the chat function. So to kick us off with the first question.

Talita Dias:
Yeah, so I actually wanted to show a video first, Rowan. So technical team, would you mind putting up our slides so we can actually show a video that Chatham House has produced on this issue just to give people an idea of what we’re talking about today? to heat water that turns into steam. The steam then drives a turbine to provide electricity that goes into the national grid. An advantage of nuclear energy is that it can reduce the reliance on fossil fuels and can help fight climate change. The energy that is produced by nuclear reactors is controlled for output and safety by sophisticated computers. But cyber attacks can interfere with these network computers, potentially shutting down power plants or causing other safety issues. A cyber attack using a computer worm called Stuxnet. was used to disrupt Iran’s nuclear enrichment program by interfering with the control systems for the centrifuges. So we need to put measures in place to protect nuclear plants against cyber attacks. Great, thanks. So I’m going to turn over to Rowan who will kick us off with our survey, actually to give a little bit of background to the topic and also get your views on what worries you the most when it comes to cyber security of a civilian nuclear infrastructure. Rowan?

Rowan Wilkison:
Yeah, so you can see on the screen, I’m just going to put up the first question that we have for you all, which is when you think about nuclear cyber security, what risks come to mind? So yeah, please feel free to scan the QR code or you can enter the code to join the room and we’ll see what you all have to say. I’ll give about a minute and a half or so just for people to answer.

Talita Dias:
So really, what do you think about when we talk about this issue? And we really want to get your views on what is most concerning for you, because sometimes it’s not obvious when we talk about… It can be a very technical or sometimes an intimidatingly technical topic. So we want to get your views on what worries you the most when you think about cyber and nuclear. Should we have a look at the responses that we’ve had so far? Cool. Okay. Wow. Okay. So we’ve got radiation, radiation, environmental disaster, significant loss of life in long term radiological fallout.

Rowan Wilkison:
We’ve also got reputational harm to institutions, environmental destruction. We’ve got security failures in IT networks of the nuclear plants, which leads to disastrous outcomes, which I suppose links a bit to the one before about radiation.

Talita Dias:
So yeah, a wide range of harms, as you can see here. So to discuss or to delve deeper into those harms, we’ll have a chat with Marion online, joining us from London. So Marion, let’s talk about cybersecurity risks and consequences facing civilian nuclear facilities. So welcome.

Marion Messmer:
Hi, everyone. Good to be here. Great. Thanks, Marion, for joining us so early for you. So first question I have for you, Marion, is what types of cyber operations have targeted or can target civilian nuclear systems? So broadly speaking, I think it’s really important to remember that there isn’t just one type of cyber operation or cyber harm that could target civilian nuclear facilities. Because as you already mentioned in your introduction, they could become targets for different reasons. So they could be targeted because they are specifically part of a nuclear system or nuclear network. And so perhaps the theft of specific nuclear related information is the goal. of the attack, or they could be targeted because they produce energy and they are an important backbone of the national grid or of a country’s power supply. So, you know, you could imagine a whole range of scenarios in which they are targeted either purposefully or where they actually become collateral damage of some sort of other attack. You already mentioned some of the examples that we’ve seen where nuclear power plants or other aspects of civilian nuclear infrastructure were targeted. And I think what’s really interesting about this conversation about cybersecurity and nuclear infrastructure is that when we first began to worry about cybersecurity, because a lot of existing operating nuclear power plants are older or perhaps have very bespoke, very purpose designed IT infrastructure, people originally thought that maybe this was a risk that they didn’t have to worry about so much. So there was this idea that maybe nuclear operators would be safe because the IT infrastructure that they’re using is so specific or is so unique. Whereas what we’ve seen over time is that as nuclear power plants have had to evolve, have had to update their systems or as new nuclear power plants have come online, a lot more of the IT infrastructure is also off the shelf or is the same as that of other systems. And then you are in an environment where nuclear operators all of a sudden also have to think about cybersecurity and the aspects of IT security that they previously didn’t have to worry about so much. So there was a bit of a catch up that had to take place in the nuclear energy sector where operators had to think about new regulations, new training procedures. And that’s really interesting to me because it’s of course the sector where. have physical safety and security has been so paramount for a long time. So now that we also need to think about cyber security, that can change the game a bit. And I think that worried a few people quite a lot when that first emerged as a possible risk.

Talita Dias:
Thank you, Marion. And there are also the risks to hardware rights, to physical components of what we call cyberspace. Right. So it’s not just software risks, say a hacker hacking into the system, but also like there’s human failure that might lead to, say, a breach in the hardware system of a power plant. So that’s exactly what happened or allegedly what happened with Stuxnet, for example. So great. So my second question to you is, to what extent have new developments in the nuclear sector or in particular in the nuclear energy sector, such as the spread of small modular reactors and microreactors, which I’ve mentioned earlier, to what extent have these developments increased those risks that you have just discussed?

Marion Messmer:
Yeah, so I think these developments pose both a risk and an opportunity. So, you know, if I had to say it simply, then having more systems increases the risk just by virtue of the fact that there are more reactors out there. That’s that’s one aspect where the risk is coming from. Small modular reactors and microreactors are specifically designed to be more accessible. And the hope is that they will be able to help, you know, bring a more stable power supply to perhaps regions of the world where that’s currently not possible or very remote areas or areas where it’s really difficult to have to have a stable infrastructure network for other reasons, perhaps because of remoteness, perhaps because of geography. So so that’s, of course, a huge chance. But at the same time, that also. means that if you multiply the number of reactors that exist around the world, you of course also increase the risk of something going wrong. The other concern about some of these reactors is that because they are developed by many different commercial actors, when I was preparing for this, I tried to figure out what the most accurate number is at the moment. And the IAEA estimates that at the moment, around 80 different reactor designs or small modular reactor designs are being considered by different kinds of commercial actors. There are concerns about the supply chain security. So you of course have a situation where different components for the reactor or the steering modules or whatever you need in order to put this together, are being developed by lots of different commercial entities. And, and in order to ensure the highest standards of cybersecurity, you also need to have quite a good understanding of that supply chain, and where some of those, where some of those security risks might come in. So that’s, that’s another concern that just because of the length of the supply chain, the diversity of the supply chain, and the numbers of different actors involved, it might be hard in the end to trace where some of those risks might come in. And then the other component, I think, where it introduces some newer risks, or might actually highlight risks that already exist, but just multiply them, is that, as I mentioned, when I spoke about the use cases, a lot of these use cases can be in quite difficult operating environments, or they can be perhaps in regions that are already less well off, and therefore perhaps have less money to spend on cybersecurity. So that’s, of course, a risk that, you know, systems in that region would already be facing, but you then just combine that with the additional risk of, of nuclear energy. So And then generally speaking, what I mentioned earlier about this tension between sometimes a really bespoke or unique system also being just a tad more secure, because perhaps it has fewer vulnerabilities or the existing vulnerabilities will be less enticing to exploit. These small modular reactors and micro reactors will, of course, have completely up to date software solutions and in many cases off the shelf software solutions. So if there are any vulnerabilities that we’re not aware of, then they would, of course, be there as well. But for the advantages, opportunities, these newer reactors are designed differently. So in some cases they are already like the nuclear aspect is already safer by design than it would have been in some older power plants. So that’s, of course, one advantage. And the same also goes for the cybersecurity considerations. So because the awareness of cybersecurity in those systems is much more advanced now than it was even five years ago, or certainly 10 years ago, 15 years ago, there are already much more considerations about cybersecurity in the design and then in the training of potential operators. So, of course, we need to be vigilant and, you know, in part by having this panel because the cybersecurity conversation for nuclear civilian infrastructure needs to go farther. But at the same time, I think we shouldn’t let that forget us about the opportunities that come with some of these new developments as well.

Talita Dias:
Great. Thanks, Mayor. So there are both challenges and there are opportunities. And one issue that we will touch on in this panel later is the question of regulation. Right. And you’ve mentioned the spread of these reactors in different parts of the world. But, of course, we don’t know how, you know, different states regulate the acquisition and the operation of these small modular reactors. So that’s probably also a risk that we need to be aware of. Now, pivoting to from peacetime to wartime, and I know that the war in Ukraine is on everyone’s minds at the moment, it should be, not just the situation in Gaza. Hopefully we haven’t forgotten about that. So I want to talk about the new and existing risks against civilian nuclear infrastructure that have resurfaced in the context of the war. Are there any particular risks that we need to be worried about because of the war, Marion?

Marion Messmer:
I mean, what we’ve seen happen around the Saporizha power plant in Ukraine has, of course, been horrendous. And I think one of the really new things there, or maybe not new, but rare occurrences is of a nuclear power plant being caught directly in war and directly being on the front line. So the combination of physical and cyber attacks taking place at the same time is something that I suppose we were worried about, but that luckily doesn’t happen all that often. So the personnel at the Saporizha plant has been incredibly dedicated. Many of them have stayed in place despite the risks to their own lives, but the power plant has had to operate with reduced personnel on site who are, of course, now working under much more stressful conditions and much more uncertain conditions. And so I think the combination of there being physical attacks that are very regular over a prolonged period of time, at certain points in time being quite constant, and then also having to worry about cyber attacks at the same time, which, of course, have taken place all over Ukraine with regularity, has created a particularly difficult-to-manage environment. The results of that could be. We’ve not seen that so far, of course. and the IAEA has also done its best to support the personnel operating the power plant to ensure that everyone can stay safe and that the running or the management of the power plant, I should say, can continue safely. So while I would say that some of the biggest risks probably were in place early on in the conflict, when the reactors at Sapariza were still running, they have now all been in some type of shutdown for the past several months. So that, of course, mitigates the risk significantly. One of the things about nuclear reactors is that you can’t turn them completely on or off immediately because some of the nuclear reaction continues on, which is why I’m talking about different types of shutdown. But five of the six reactors have been in cold shutdown for several months now. And then there is a sixth reactor which has been in hot shutdown because they’ve had to use some aspects of the reactor for safety operations. But the IAEA has monitored all of that and has tried to support the personnel at the power plant. So what we have been worried about, specifically with Sapariza and specifically early on in the war, is that a potential loss of power or disconnection from the grid could interfere with the cooling system for the reactor. So that’s when you could get into a reactor meltdown situation, which could, of course, have devastating consequences. So, yeah, there were various mitigating steps taken to make sure that those risks were managed a little better, such as ensuring that there were plenty of backup generators on site so that cooling could still take place.

Talita Dias:
Thanks. Thanks, Marion. So I’ll pause the chat with Marion for a second because we want to hear your views on this. And so, Rowan, over to you.

Rowan Wilkison:
Yeah, so we have the next question on the Menti. So bearing in mind what you’ve just heard, thinking about both stable and context of instability, why should we be worried about cyber operations targeting civilian nuclear infrastructure? And for those of you that have just joined the session, please feel free to take part in the polls that we’re running, because we’d love to hear your views on this topic. Sorry, we seem to be having a problem with that one. So I think we’ll leave that one for today. Yeah, or maybe go back to it later. Okay, so Marion, back to you.

Talita Dias:
Now, since we’re talking about risks and what we should be worried about, what is the actual likelihood of all these risks that we have been discussing on the environment, on lives of individuals, on health, on reputational harm of international institutions, equipment malfunctioning? What is the actual likelihood of these risks materializing? And a related question is, what would be the consequences? You know, concretely, what would be the consequences? Do you agree with the responses that have been provided in the previous question about the consequences of those risks materializing, for example, health, environment, and the international system?

Marion Messmer:
Yeah, I mean, it’s really hard to say how likely it is that those… risks might materialize. I think what’s important is that the consequences could be severe. And so we have to take the risks seriously and we have to do our best to mitigate those risks. As I already mentioned a little in my previous answer, in the Sapariza case especially, while of course there is still a risk there, for the time being, I’m a little reassured by the accident safety operations that are taking place there. And also by some of the other mitigating steps that have been taken. The other thing I would also say in that regard is that we heard a lot, especially early on in the war, that Sapariza could lead to the next Chernobyl. And that there is a significant difference in how the reactors are designed at Sapariza versus at Chernobyl, that would actually make that outcome less likely. So I’m not trying to say people should be complacent. These risks are very severe. And if something was to happen, then that would have really grave consequences. So we need to be vigilant. But in terms of people being overly worried or seeing another Chernobyl type situation on the horizon, I think there are reasons why that is less likely than people might have feared. And the other thing I would say is that, you know, as you mentioned in your introduction, we’re hoping that nuclear energy can play a really important role in the energy transition, in moving towards net zero, and in ensuring that we’ve got a more stable energy supply while we are trying to figure out, you know, sustainable and renewable types of energy, so that we can hopefully slow or halt climate change. And what really worries me in that regard is that what we have seen in Ukraine, this combination of nuclear power plants being caught in conflict could actually happen. more frequently around the globe, because if more countries end up using nuclear energy as an important part of their energy supply, and you also mentioned the increasing frequency of cyber attacks, then I think this unique combination of a power plant or other types of energy infrastructure being caught in conflict might become a much more frequent occurrence. So if we can think about now what we can do to manage that situation for the future, then that’s going to leave all of us much better off.

Talita Dias:
Thank you, Marion. Now, to summarise or to get your views on what we just discussed in this segment of our panel, we will go back to Menti with a survey. This time, hopefully it will work. Rowan?

Rowan Wilkison:
Yeah, fingers crossed. I think we’ve fixed it now. So this one is about the risks that we’ve just heard. So we’re wondering which of these risks worries you the most. So we have some five different options here for you to choose from. So picking your kind of priority option, we’ve got disruptive cyber operations.

Talita Dias:
For example, ransomware attacks, distributed denial of service attacks. We’ve got information operations like disinformation, propaganda, misinformation revolving around nuclear energy, which have occurred in the context of Ukraine, for example. We’ve also got data gathering or surveillance operations. So basically, solar winds, for example, operations that try and get access to sensitive nuclear data. We’ve got physical effects of these operations, for example, as what happened with Stuxnet in Ukraine. So lots of centrifuges stopped working. And as Marion said, there is a risk of a new Chernobyl, of a cyber-generated Chernobyl, even though that risk might be more remote now. and we’ve got non-physical effects that we have discussed already such as effects on the reputation of the international system and also going back to physical effects we can’t forget about health and the environment so just just vote there we want to we want to see what you what you think and as Michael just reminded me there’s also the psychological effects of information operations well the fear of nuclear holocaust and war as well that’s a good one yeah ready okay so let’s see what you voted on see the results of this okay so everyone so most people are worried the most about physical effects that’s what I answered which which makes sense given that at the beginning a lot of people mentioned radiation yeah yeah disruptive cyber operations I think that’s because they carry the most risk of you know of interrupting the energy supply for example or destroying power plants for example information operations comes in third place day at the gathering operations and fourth and the non-physical effects come in in the fifth place that’s interesting go keep that in mind so moving on to the second and thank you Marion so much again for joining us so early for you it was great so let’s move to the second part of our panel which is about technical and policy approaches to protect civilian nuclear infrastructure from cyber operations For that, we have a conversation with Tarek Rauf, former IEAE. We’ve got Giacomo Paoli at UNIDIR, and we’ve got Michael Karimian at Microsoft here. So I’m going to start with a question for Tarek. Tarek, do we have any international technical standards on how to mitigate those risks and consequences that we have been talking about?

Tariq Rauf:
Well, yes, at the International Atomic Energy Agency, cybersecurity, which is usually referred to here as computer security of nuclear facilities and nuclear materials, is considered being a subset of nuclear security. And nuclear security is the responsibility of the state and the operator. And while there are international conventions, such as the Convention on the Physical Protection of Nuclear Material, as amended, the primary responsibility still remains with the state and the operator. And the IAEA has issued more than 30 documents on guidance, recommendations, and fundamentals of nuclear security, and there is a parallel sub-series of guidance and recommendations on enhancing cybersecurity or computer security. And in the discussions here, cybersecurity or computer security also has implications for nuclear safety. So there are two aspects to it, not only the security of the facility and the material and the integrity of the instrument control system, but also the safety of the nuclear facility, because as we discussed a little bit in the first session, we are dealing with radioactive materials and containment of reactivity or release of radioactivity from an operating or a shutdown nuclear facility. is one of the highest objectives of nuclear safety. There’s also consideration of ensuring that the heat removal and the cooling system of a nuclear reactor, whether in operating status or shutdown is not compromised. And then also there is the confinement and control of nuclear materials, whether in spent fuel bundles in cooling ponds or nuclear fuel bundles stored inside the reactor that are cooling down, and then also the fuel in a reactor itself. One important element here is to ensure that there is no loss of coolant. There has been at least one incident where it is suspected that because of a malicious cyber attack, some coolant was leaked from an operating nuclear facility, but the control room managed to detect it early on and they shut off the pump that was discharging water from the cooling system. Later on, I can give you more details about specific IAEA documentation and guidance.

Talita Dias:
Great, thanks, Derek. I can see that there are some comments or questions in the chat, and I want this to be as interactive as possible. So maybe we should take the questions now. So apologies for mispronouncing the name in advance. So Tumi is saying, he thinks that the reuse of old submarines and add SMRs, I’m not sure what that means, but maybe, okay, small modular reactors, okay, great, to generate electricity permanently under the sea, we’ll be able to isolate ourselves from problems on land, and then Tyrell says it’s a great idea. What do you think, Tarek, or maybe Marion, do you wanna? I know it’s bringing the Q&A to the session.

Tariq Rauf:
So we do have a floating reactor that is operating in the Russian north. This is actually a modified reactor from a nuclear propulsion unit of icebreaker. There are nuclear powered submarines, but at the moment there is no consideration of using submerged small and medium-sized reactors for power generation. All of the designs that were referred to, there are about 80 designs currently under discussion of which about three are close to maturity for testing, first of a kind, but these are all land-based. Now one advantage of SMRs and MMRs is that these are sealed reactor units as compared to large nuclear power plants which need to be refueled partially or completely every year or every few years. So that is one inherent in-built safety consideration for SMRs and MMRs. But nonetheless, one needs to ensure that the integrity of the instrument control system and regulation of the reactor itself is not compromised. The instances that have occurred of compromise usually have been through back doors, either left open by contractors so that they could do the servicing sitting at home or from their office, or inadvertent back doors that were created through the use of USB sticks that were inserted into some part of the computer system in the facility, although this is strictly prohibited not to bring in any outside USB sticks or other data-carrying devices and to insert them into the computer systems of nuclear facilities.

Talita Dias:
At least in theory. Okay, Marion, do you want to comment on that or should we move on?

Marion Messmer:
I can just add one bit, because what I wanted to say is that, you know, even if it seems tempting to, for example, put small modular reactors or other types of reactors underwater to have them away from land, you have to remember that, of course, the ocean is also part of our ecosystem. So even if there was to be a radiological incident underwater, that would still have pretty severe consequences for that environment. And the water will, of course, mix, so the radiation would still spread. So while it wouldn’t be the same kind of fallout that we would get if it was in air, it’s not like it’s just out of sight, out of mind in that sense, because it’sYeah, we also drink some of the water that comes from the sea.

Talita Dias:
So that’s a very important point, Marion. So I want to go back to Tarek, and I want you, Tarek, if you can, to take us a little bit through the IT security guidance for nuclear facilities that the IAEA has produced for member states that have operational nuclear power plants or nuclear fuel cycle facilities. Can you talk to us a little bit more about these documents, these over 30 documents that the agency has issued?

Tariq Rauf:
So the way the IAEA is approaching this, and this is in cooperation with IAEA member states. So this is not just the bureaucracy of the International Atomic Energy Agency that is producing this guidance or recommendation. They do it in concert with technical experts from the IAEA’s 176 member states, those that are interested, and this is an interactive process between the technical experts of member states and the experts of the IAEA Secretariat. and jointly they draft and produce these documents, which then once they are approved, become the guidance recommendations or fundamentals. So computer security measures in the context of cybersecurity for nuclear facilities as discussed and considered at the IAEA are to prevent, detect, delay and respond to criminal or other intentional or unauthorized attacks. Then to mitigate the consequences of such attacks and to recover from the consequences of such attacks. So computer security measures can be assigned to one of three categories, technical control measures, facility control measures or administrative control measures. So the agency has been actively involved in developing these and they’ve come up with a taxonomy, which is number one defense in depth. This is having a defense in depth approach to cybersecurity with multiple layers of security controls and measures to protect nuclear facilities, including physical security, network security, access controls and monitoring. Also risk assessment that nuclear facilities should conduct a comprehensive cybersecurity risk assessment to identify potential vulnerabilities and threats. And then this assessment forms the basis for developing appropriate security measures. To institute, this is number three, to institute security policies and procedures, which is to establish and implement cybersecurity policies and procedures tailored to the specific needs of specific nuclear facilities. This is called design basis threat. Designing security policies and measures specific to a particular nuclear facility, its technological peculiarities and the risks that that particular facility might face. Then of course, there are obvious things such as access controls, network security, patch management. Incident detection and response, this is a increasingly important element. As you mentioned in your introduction, the IAEA is subjected to daily cyber attacks on its system from different sources. Some are trying to access the highly confidential safeguard information, some are just opportunistic attack. My colleagues at the IAEA in the IT sector, this is their biggest challenge, is to make sure that there is no intrusion into the IAEA’s computer security system. They are very proud that they have managed to detect and to counter any of these potential attacks on the system. But we say nuclear security is not an end, it’s a journey. Cybersecurity is also the same as the threats are evolving, the responses also need to evolve, so to speak. Then there’s also, of course, encryption, physical security. An important element is also to do security audits and assessments on a continuous basis, to see if there are new vulnerabilities that have come in, supply chain vulnerabilities. Other important issues are information sharing, international cooperation, training and awareness, and then capacity building. This is one of the IAEA’s biggest activities. Every year, the IAEA holds hundreds of sessions, both at headquarters here in Vienna and in different cities to build capacity to strengthen the capacity and the training of nuclear facility operators. Sorry, Tarek, is there anything else that you want to comment about the guidance? You sent me some questions, so I will come back when you get to the next question where I can cite. some of the specific IAEA documentation, which is all available freely on the internet. It’s not password control and people can download the PDFs. A lot of this is quite technical, but it’s all up there.

Talita Dias:
Great, thanks. So you’ve mentioned a lot of guidance, a comprehensive range of best practices from every step of the way of nuclear cybersecurity, from design to implementation to risk mitigation and so on and so forth. But all of those guidances, as the name suggests, they are non-binding guidances. They are documents that are not mandatory for states, right? But I wanna ask you if any of those measures that have been proposed or recommended by the IAEA have been adopted by the Convention on the Physical Protection of Nuclear Material, which is a binding document under international law.

Tariq Rauf:
Well, this unfortunately is the situation when we are dealing with sovereign states. So the Convention on the Physical Protection of Nuclear Material, as amended, is only binding on those states that have acceded to it, unfortunately. It’s not universal international law that if a country has nuclear material and nuclear facilities, it must be a party to the CPPNM. So the way around it is that those countries that have signed onto it, for them it is internationally legally binding. Now, the amendment to the CPPNM, which took place in 2005, was more to extend the scope of the CPPNM to cover nuclear material in peaceful uses, in domestic storage, and in international transport. But unfortunately, state parties were not able to. agree on the application of the CPP-NM to military nuclear material. And as you know, we have had five nuclear security summits. People only remember four of them, the ones that started in 2010 in Washington, but the very first one was in 1996. So 83% of the world’s dangerous nuclear material that is highly enriched uranium and plutonium is in the custody of the nine countries with nuclear weapons, and it is completely outside of any international accountability or monitoring. Only 17% of the material is under International Atomic Energy Agency safeguards, and as part of the safeguards agreement of a state with the IAEA, physical security and safety is obligatory. And then, as we just mentioned, cybersecurity being a subset of nuclear security is also something that the state needs to implement. So even after the Fukushima accident, there were attempts to make the CPP-NM mandatory and compulsory for all of the 31 states that operate nuclear facilities. At the moment, only Iran remains outside, a country that has an operating nuclear power plant that has not yet succeeded to the CPP-NM as amended, and also not to the Convention on Nuclear Safety. So this again is the stessel between protection of national sovereignty, and on the other hand, protecting against cyber and other malicious attacks, because the effects of those will be transboundary. They will not be limited to the territory of the affected or the accident state. As Chernobyl showed, as Fukushima showed, we have transboundary transport of radiation, and that is… the biggest concern as regards a disruptive cyber attack on a nuclear facility that results in the release of radioactivity.

Talita Dias:
Thanks Derek, and it affects that stretch in time as well, because even this year we’ve had issues about the disposal of water from Fukushima. Thanks for clarifying the scope of the convention, and I guess what you said just highlights the importance of international law and strengthening international law, and discussions that might lead to new norms and rules on this issue. I’m going to turn over to Rowan just for another question for everyone here in the audience and online. So based on what we have just heard from Tariq, in your opinion, should there be enhanced

Rowan Wilkison:
interaction and cooperation on cyber security between agencies like the IAEA and also the tech industry? We’ll give a little bit of time just as people come into it. So I guess that’s a clear unanimity here on yes, right?

Talita Dias:
And Michael will come back to this point about cooperation or the role of the tech industry to tackle all of these issues that we’ve been discussing. But now on, so Tariq mentioned state sovereignty. He also talked a little bit about international law, the role of the Convention on Physical Protection of Nuclear Material, and I’ve mentioned the need for states to be discussing this issue more often. So I want to turn to Giacomo, who is joining us from Geneva. Hi, Giacomo. Hi, good morning. And I want to ask you, how has the protection of critical infrastructure been discussed in the context of the open-ended working group on the security of information and communications technologies, also known as the UNOEWG? Thank you.

Giacomo Persi Paoli:
Thank you, Tarita, for the question, and thank you also for inviting me. It’s great to be able to participate in this great panel. So let me give you like a 30-second summary of 25 years of history before I get specifically into the question. But I think this summary is useful particularly to those in the audience that may not be too familiar with the various UN processes and the jargon that is associated with them. So states have been discussing about international cybersecurity. I would say actually this year is the 25th anniversary since the first draft resolution on this topic was put on the table at a time by the Russian Federation in 1998. Since then, we had six iterations of a process called the Group of Governmental Experts. Now, this is a closed-door process that on average involves about 20 countries, of which five are always the P5 and the five permanent members of the Security Council, and then others are invited to join. The specificity about this process is that the only public thing that exists, public trace, is the mandate that sets up the process and the report at the end of it, which means that there isn’t really a lot of visibility as to what the discussions actually are. And if states do not agree on a consensus report at the end of it, the report that we have at the end of the deliberations, it’s a very procedural one that says, you know, We came, we met, we didn’t agree, move on. Now, the situation started to change in 2019, where in parallel with the last, at least to date, group of governmental experts, another process was set up, the Open-Ended Working Group. Now, the Open-Ended Working Group is open to all membership of the UN. It has a multi-stakeholder component to it, as well. But most importantly, it’s all public. So, all statements that are made can be consulted online. All sessions can be followed on UN TV. And the chair has the opportunity, even if there isn’t a consensus report, to publish its own summary. So, there is definitely more visibility in the actual workings of the process. Coming to your question, I think it’s important to realize that one of the most significant achievements that states collectively had is data since 2015, when a framework for responsible state behavior in cyberspace was adopted. And as part of this framework, there are 11 norms. The topic of critical infrastructure is probably the topic that features the most, either directly or indirectly. Three of these 11 norms focus on the topic of critical infrastructure, whether it is to basically call states to protect their critical infrastructure, whether it is calling states to not target critical infrastructure of others. And then there is a dedicated norm that focuses on ensuring that international assistance is provided to those states whose critical infrastructure is being targeted by cyber attacks. Now, these three norms have an explicit reference to critical infrastructure. And there are a whole set of others which are more indirect related. particularly related to vulnerability disclosure or the supply chain security, you can see how some of these topics may be indirectly relevant to critical infrastructure protection as well. I’m probably bridging to the next question here, but by design, these norms, and until very recently, I didn’t really go too much into the detail of which type of critical infrastructure. The OEWG is probably not the correct forum to have in-depth discussion as to how each of these general purpose norms applies to specific sectors or specific type of infrastructure. However, it is definitely a topic that has been discussed quite extensively, both in relation to how the threats are evolving, in relation to how norms can be implemented, as well as what could be some of the consequences from an international perspective.

Talita Dias:
Thanks, Giacomo. So in your opinion, it’s not the best forum to discuss specific risks to particular types of critical infrastructure, but to your mind, and you’ve been deeply involved in this process as part of UNIDIR, and does it come to mind that any state has specifically raised the issue of cyber nuclear risks within the OEWG, or perhaps other UN forums? Can you remember if any state has ever raised this issue?

Giacomo Persi Paoli:
So it’s a very interesting question, because if you look at the consensus reports, we couldn’t really find any explicit reference to nuclear itself in the consensus reports. However… The discussion is evolving states individually in their national submissions to the Secretary General that then compiles all of these submissions and releases a report, big flag, the nuclear security issue, characterized in different ways, whether it is more, again, expressing growing concern over the threats that cyber capabilities and cyber operations can pose to civilian nuclear infrastructure, so more on the threat side, or to highlight some of the efforts that they’ve put in place at the national level to protect their nuclear infrastructure as part of wider interventions. Some states have dedicated national cybersecurity strategies that have been designed and dedicated specifically to protect their nuclear infrastructure. So there is definitely a lot more that is going on at the national level that is flagged in the context of the OEWG, but if you look at how the OEWG discussions have been evolving, they went from being very general, then in 2021, also as a result of the pandemic and the sheer increase of cyber attacks that have characterized all sectors of society, including critical infrastructure, the report of the OEWG that concluded in 2021 did mention things explicitly, critical infrastructure types, such as medical infrastructure, or energy, or financial, et cetera. So we are going down the path of discussing these topics more broadly, but my personal opinion, my personal sense is that as long as there isn’t a dedicated forum for states to discuss implementation more than a kind of normative framework, but actually the implementation of these. quite general purpose norms that have been designed, it’s gonna be difficult for states to really go deep into any of these topics, simply also because of matter of time that they have available. However, I think it is important to acknowledge that the topic has been, despite not necessarily being captured in consensus reports, it is being flagged by an increasing number of states in their national capacity when they make their interventions.

Talita Dias:
So maybe just a question of some of those states trying to bring the issue to the general fora that the UN offers for these discussions, and maybe we should take up your idea of having a sort of like a more concrete implementation-focused forum for these discussions. Thanks, Giacomo, for your thoughts and for your input. I’m now gonna turn over to Michael, and perhaps maybe Giacomo and Tarek want to comment on this point, which is about the role of the tech industry in addressing those risks. So Michael, what is the role of the tech industry? You work for Microsoft, so what does Microsoft have to say about this?

Michael Karimian:
Thank you, Talita, not just for being our moderator, but of course to yourself and the team at Chatham House for being essential partners in this session and brought a project in the same to Priya from the University of Oxford. I’d like to underscore a couple of topics or key points, I guess, in this regard. One is that, of course, the tech sector broadly, and as Marion mentioned, there are many companies who supply ICT infrastructure to this industry that we’re looking at. Of course, the tech sector plays a central role in providing the digital solutions that underpin quite a broad range of operations, safety and security of nuclear systems, but also, to be frank, just mundane, everyday processes. applications like payroll or accounts receivable. And so because of that, there are many entry points into the IT systems. And so the risks are quite broad, and as Marion mentioned, the supply chains are very deep. As we’ve been discussing, of course, there is this convergence of cyber and nuclear risks, which poses a quite serious threat to national security and global stability. So with that in mind, I think it’s important to recognize that as a provider of these systems, we have quite serious responsibilities accordingly. And so to address these risks effectively, the tech sector can and should, more broadly, take a number of proactive steps, including but not limited to, of course, cybersecurity by design. So prioritizing the cybersecurity of systems from the very inception of their products and services and embedding security into the design, development, and deployment of processes. And by doing so, that will go a long way to reducing vulnerabilities and strengthen the overall resilience of nuclear systems. Continuous innovation is very important. As we’ve been discussing, the threat landscape is ever-evolving. And therefore, continuously innovating to stay ahead of cyber adversaries is essential. That requires actively researching, but also sharing threat intelligence to detect and respond to emerging risks. And doing that with governments, international organizations, and other stakeholders. So a degree of transparency and threat sharing from the tech sector is also very important. Equally, education and training plays quite an important role. Tech companies can be pivotal in educating and training end users and administrators of their technologies. So providing guidance on cybersecurity best practices is essential too. And of course, multi-stakeholder engagement has already come up as a topic in this session so far. But collaboration is key to addressing the complex challenges that we’re discussing here today. The tech sector, big and small, should be quite actively engaging with governments, civil society, and other companies to jointly tackle the cybersecurity issues that we’re talking about. We already do see initiatives that are doing that broadly, like the Cyber Security Tech Accord, which promotes collaboration and protection of critical infrastructure. That’s a prime example of these efforts, and we can delve into them more in this session.

Talita Dias:
Thanks, Michael. Giacomo and Tarek, do you have any thoughts or comments or reactions to what Michael just said about the role of the private sector in addressing those risks? Yep, would I comment on that? Absolutely.

Tariq Rauf:
I completely agree with what Michael just said. Again, this is the issue of state sovereignty. So international organizations like the IAEA are based on interactions with states and not with other actors such as industry. However, this pattern is changing and more and more industry is being brought in to provide its expertise and experience in providing technological solutions. To these new problems, but a main challenge for an international organization like the International Atomic Energy Agency that is dealing with highly classified information about the nuclear activities of over 180 states is the risk of penetration into the system by state actors, not so much non-state actors, given the high politics involved. And Talita, you in your introduction mentioned the cyber attacks on Iran’s enrichment facilities, Stuxnet and Olympic Games. So those were state-originated threats, and those are still continuing because of high politics here. So I don’t want to name states, but there are no innocent parties, so to speak. Anyone can be a threat for the IAEA’s computer security system at the agency here in Vienna. And then the IAEA has to buy commercial products. So one product that the IEA bought some time back was Palantir, which is to manage big data. Palantir was originally developed for the intelligence agency. So an international organization’s IT experts will never be able to match the expertise and the capabilities of offensive IT capabilities of states if they choose to deploy them against the IEA. So there’s this in-built suspicion, which is one potential roadblock for the IEA interaction with the industry beyond a certain level. And I think we need to overcome this and build more trust and build more patterns of cooperation and interactivity.

Talita Dias:
Thanks, Tarek.

Giacomo Persi Paoli:
Giacomo, one or two thoughts very quickly. Yes, conscious of the time, very quickly. I can only agree with both Michael and Tarek here. I think it’s important that even in relation to what we’re discussing with the AWG, the AWG covers state behavior. It’s discussed by states to regulate or guide their own behavior. It doesn’t deal with threats coming from non-state actors, which can be significant. But I think the private sector here can play a significant role in helping in states develop capacities, providing capabilities. Public-private partnerships have been almost at every single session flagged as a way forward that really needs to be investigated as a general purpose tool to really increase cyber resilience of member states. And this includes also the energy sector and in particular, the nuclear one. So absolutely, it is key that we bring the private sector along in the journey.

Talita Dias:
Great, so multi-stakeholderism is a recurring theme in this Internet Governance Forum, and we also need it to protect civilian nuclear facilities from cyber security threats. So that’s the main lesson, that’s the main takeaway from this discussion so far. So Michael, back to you.

Michael Karimian:
What best practices or recommendations have been developed by the tech sector, the tech industry operating in the civilian nuclear sector, including Microsoft itself? So I’ll speak on behalf of Microsoft and say that actually we haven’t developed specific guidance to the tech, for the nuclear sector. The reason being, although the outcomes of the risks are differentiated, the underlying cyber security risks are almost universal. We see these same risks applying to all sectors across the board. And it’s surprising that the sort of gaps that are out there, so 80% of incidents can be traced to missing security practices, which can be solved by quite basic modern approaches. Over 90% of accounts which have been compromised by password-based attacks did not have multi-factor authentication or any strong authentication in place. According to a study, 78% of devices are not patched within nine months of a critical patch being released, and the number of users who use multi-factor authentication is actually only around 26%, it’s pretty low. But what’s interesting here is that attacks by nation-state actors can be technically sophisticated, however many of these actors use relatively low-tech means, such as spear phishing and other efforts to deliver quite sophisticated malware into the systems. And actually, we mentioned the case in Germany, the case was mentioned about a USB stick. The case in Germany, as was publicly reported, was the entry point there was a user brought in a USB stick and then the rest is history, so to speak. So a lot of these issues can be mitigated by good, yet basic, cyber hygiene practices, and that’s meant to be holistic, adaptive, and global in nature, and a lot of that can happen better in the cloud than on-premises. So, the general guidance which would apply to all sectors, and include in this sector, is to protect the identity of users, apply updates as soon as possible, use extended detection and response anti-malware and endpoint detection solutions, and also to enable the auditing of key resources, and quite importantly, prepare incident response plans. That’s actually very much aligned with the IAEA guidelines, which really speaks to the strength of the guidelines that they have produced.

Talita Dias:
Thank you, Michael. The question of putting all of this together, you know, what the IAEA has already put out, what the private sector has advised operators to do, and also what states have also agreed to do or are willing to agree in this sector. So, I want to pivot to the third part, or the third segment of our panel today, of our workshop today, which is about international law and norms. And we have, for this segment, Priya Ers from Oxford joining us online, and Tomohiro Mikanagi from the Japanese Ministry of Foreign Affairs, and Michael will also join us for this discussion. I’ve noticed that there are a couple of questions about international law, international regimes, agreements, so I’m going to take those questions later from the chat and ask to our panellists in this segment. But I want to start with Priya and Tomohiro with a question, a very general question about the applicability of international law to all of those issues that we have been tackling today. So, to what extent can a cyber operation that targets civilian nuclear infrastructure breach existing rules of international law? I don’t know who wants to start, but maybe Priya, because you’re online and it’s very early for you. Do you want to kick off?

Priya Urs:
Absolutely. Thank you so much. And it’s been a fascinating discussion so far. I think what’s tough when discussing international law… on this context is that unlike the technical and policy guidance we’ve been talking about so far, international law doesn’t yet have specific rules that prohibit or otherwise address cyber operations. And so even while states are increasingly recognizing, as we see, civilian nuclear infrastructure as part of what they call their critical infrastructure, which states suggest should be protected against cyber operations, this hasn’t really translated into specific legal protections. And so what we’re left with, at least for now, is more general rules of international law that could be applicable in this context. And this includes not just treaties, such as one we’ve already discussed with Tariq, but also rules of customary international law, including rules governing the use of force by states, the rule prohibiting intervention by one state in the affairs of another state, any other conduct that could also be prohibited as a consequence of a state’s sovereignty over its territory. And also, on the other hand, due diligence obligations for states. And so maybe I’ll just say for now that although none of these rules was actually designed with cyber operations in mind, and certainly not thinking of civilian nuclear infrastructure, they can in principle be applicable to this context. But of course, the particular application could raise some challenges. So I’ll leave it there for now. Thanks.

Talita Dias:
So Tommy, do you want to address this question about international law in general, but also a more specific question that I have for you on sovereignty. So I know you’ve written a lot about cyber and international law. So on top of the general sort of like landscape of international law applicable to this phenomenon, can you talk to us a little bit about the threshold for a violation of sovereignty by a cyber operation affecting critical infrastructure in general? And if that threshold for critical infrastructure in general differs for nuclear infrastructure? Thanks.

Tomohiro Mikanagi:
Thank you. Thank you for inviting me to this wonderful panel. This is a good experience for me to think about, you know, connection between cyber security and nuclear security. Actually, in my brain, these two issues have not well connected before, but this is a great opportunity to think in depth on these issues. Sovereignty issue is really difficult issue among international lawyers because of different positions taken by different countries. It is already very famous that the United Kingdom takes rather specific position that they don’t think there’s any stand-alone obligation arising from the sovereignty apart from the non-intervention rule into internal or external affairs of states. That is not supported by many states, I must say, but that is a very strong position expressed by United Kingdom. The other extremes are probably position is taken by France. France is saying that any effect caused by cyber operation in the territory of the country would amount to violation of sovereignty. In between, there are several other countries like U.S., Germany, and maybe Japan is also a part of this group, which set certain level of harmful effect caused in the territory that would amount to the violation of sovereignty or territorial integrity of the state. There’s no consensus, but I think there’s a general tendency of agreement, I must say, that the more serious the effect of the cyber operation, the more likely for states to accept that it is unlawful under the rule of law. So, I think, you know, nuclear, you know, cyber operations targeting nuclear facilities are more likely to cause more harmful effect. If that is the case, the states should be able to agree on the unlawfulness of that kind of particular kind of cyber operations to be unlawful. But this does not necessarily mean there’s a lower threshold for nuclear cyber attack against nuclear facilities. Rather, nuclear facilities are more vulnerable and more, I think, likely to cause severe, serious physical and other effects. So they should, I think, secure more support for states. When they are talking about application of the rules of sovereignty.

Talita Dias:
So it’s more a question of fact than law, right? So the law would apply a bit differently to the fact of an attack against a civilian nuclear infrastructure than other types of critical infrastructure because of the severity of harms. And because of that factual difference, then maybe states will be driven to agree on the applicability of sovereignty in this space. Thanks Tomo. So I’m now going to go back to Priya and talk a little bit about another important principle of international law that plays out in this context, which is the principle of non-intervention. So what is the relevance of the principle in this context? And in particular, could a cross-border cyber operation against a civilian nuclear infrastructure constitute an unlawful intervention, breaching the principle of non-intervention? Priya?

Priya Urs:
Thank you. I think this is an interesting question alongside the sovereignty discussions that Tomo was discussing. And the prohibition on intervention is interesting because states widely agree that such intervention is prohibited, but there is a serious lack of disagreement as to what kinds of activities are actually prohibited under the rule. And there are essentially two requirements for intervention to be unlawful, which will equally apply in the context of cyber operations, targeting civilian nuclear infrastructure. The first requirement is that the intervention has to do with or has to address the internal or external affairs of a state. And when we think about civilian nuclear infrastructure, which is responsible for generating energy, I think it’s quite easy, I would say, to satisfy this requirement and to make the case that the intervention does address a matter falling within a state’s internal affairs. The second requirement for unlawful intervention is somewhat more tricky because the intervention needs to coerce the targeted state or be coercive in order for it to be unlawful. And there seems to be quite a lot of disagreement still as to what actually amounts to coercion. And the general view that’s taken is that conduct is coercive when it deprives the targeted state of the ability to make a choice or to decide freely with respect to such matters. And I think there’s also now an emerging view, which could be relevant here, which suggests that if a state deprives another state of its control over the implementation of a policy falling within its internal affairs, then that could also be coercive. And I think this is relevant here because if a state adopts a policy with respect to the generation of nuclear energy, I think a cyber operation that actually disrupts the production of such energy could be coercive and therefore unlawful. But on the other hand, what this implies is that other kinds of cyber operations that involve surveillance or data breaches may not be coercive and therefore may not constitute unlawful intervention. because they’re not actually interrupting the implementation of a state’s policy. So, of course, just to conclude, there’s still a lot of clarity that’s needed in the context of the prohibition on intervention, but I think tentatively looking at these requirements, it could be that this rule is implicated in the context that we’re discussing.

Talita Dias:
Thanks, Priyan. I think most would agree that deciding on nuclear policy is part of a state’s internal affairs, and so far as a cyber operation can be seen or deemed as coercive, then the principle would be violated. Now, bearing in mind, and there’s a question here in the chat, so someone other than the attacker is to blame, all of these rules that we are discussing presume that the cyber operation in question can be attributed to a state. So we’re talking about state responsibility as opposed to the responsibility of individuals. Now, maybe I should just jump into that question of individual involvement in cyber operations because it has come up in the chat, and maybe, Tom, you can talk to us a little bit about the rule of due diligence, or the principle of due diligence, which precisely addresses this question. When we have a non-state actor that is involved in a cyber operation and the cyber operation cannot be linked to a state, and then what are the obligations of states? What does international law have to say when that’s the case, when the operation comes from a non-state actor? Tomo.

Tomohiro Mikanagi:
Thank you. Yeah, due diligence, the name of due diligence obligation is probably not really defined by international law, but when we talk about due diligence obligation, we often think about something which was announced by the International Court of Justice in the 1949 Kof Channel case. It was between UK and Albania. In that judgment, the court mentioned obligation not to allow knowingly the territory to be used for acts contrary to the rights of other states. So this obligation is interesting because it talks about territorial states obligation to prevent or mitigate the acts done by the non-state actors inside the territory. But because this unique structure or feature of the obligation, there is not a clear consensus among states whether this obligation or principle applies to cyber operations emanating from the territory. And again, UK is probably the most skeptical state in this regard, again. And the US is also a little bit skeptical about the application of this rule to cyber operations. Japan, Germany, and India are more flexible. But how this principle should apply, that is not clear yet. In the area of environment law, there is more discussion, advanced discussion going on. Like International Law Commission, UN International Law Commission adopted a document called draft articles on the prevention of transboundary harm from hazardous activities in 2002, I think. And this draft article is not binding. And it does not specifically talk about cyber operation. But I think when there is a transboundary harm to the environment, especially, there is more agreement among states that there should be a due diligence obligation applied to the territorial state. So I think here, again, there is no lower threshold for. due diligence obligation in the area of nuclear security. But I think it is likelier for a state to accept the existence of due diligence obligation in the area of transboundary harm, especially close to environment, I think.

Talita Dias:
Thank you, Tomo. And I can see some questions about negligence of the operator. And I can also see questions about accidents. And the principle that Tomo has been referring to, which is called as a no harm principle, which addresses transboundary harm, also covers non-intentional operations or incidents. So I hope that answers your questions. There’s also a question here in the chat, which is very interesting, from Rohana. Is it better to develop generic cybersecurity best practices for nuclear plant operators and employees and aware them is a must? Is there such a global initiative about cybersecurity best practices for nuclear plant operators? So does anyone want to answer that question? Maybe Tarek. And there’s also an interesting question about prospects for a multilateral agreement on cybersecurity of nuclear facilities. So what do our panelists think? And anyone, feel free to jump in. Tomo?

Tomohiro Mikanagi:
May I respond to the latter question? Since I was given this question about the relationship between nuclear security and cybersecurity, I studied some conventions. And Tarek mentioned the Convention on the Physical Protection of Nuclear Materials, which was amended in 2005 and covers nuclear facilities as well. In 2005, we didn’t discuss cybersecurity issue in a specific manner. But conceptually, the sabotage, the definition of sabotage in this treaty convention could theoretically cover sabotage through cyber attack. So I was wondering which path we should take, OEWG and the UNO spaces, where states are discussing general norms. Can we agree on the existing customary international law rules under OEWG? Or should we discuss this under IAEA or spaces, especially with reference to this convention, to apply or interpret this convention to the cybersecurity issues relating to the nuclear facility? So there are several paths, but I think this latter path, connected to the existing convention, might be easier from my personal point of view.

Tariq Rauf:
Could I comment on that? Yes, absolutely. Tariq. So I would suggest that since the IAEA is the internationally designated competent authority to provide regulations for nuclear safety and security and for safeguards, this discussion at one level properly belongs at the IAEA. And I will just list, in response to the previous question, some of the guidance that the IAEA has produced that is available to all member states. And as I mentioned, nuclear security, cybersecurity is considered by states to be a national responsibility still, and they are not willing to have an internationally applicable legal framework which is mandatory. And this is, I think, this thinking needs to change. For example, the IAEA has computer security techniques for nuclear facilities guidance, security of information technology for nuclear facilities, implementing guides for security of information technology, also computer security of instrumentation and testing. control systems, and approaches to reduce cyber risks in the nuclear supply chain, plus computer security aspects for design of more instrumentation and control systems at nuclear power plants, also for incident response planning at nuclear facilities, and also for assistance and so on. So there is a lot of… There’s a big body of literature and guidance, but it’s up to states and the operators. So nuclear facilities have to be licensed. Most nuclear facilities are state-owned, but some are also privately owned. So in order to have an operating nuclear reactor or a nuclear facility, the regulator of the state provides a license, which is usually valid for one to three years, and has to be renewed constantly, otherwise the regulator can shut down operations at the nuclear facility. So there is a robust system there, but we need to develop it further to encompass these new and evolving threats from cybersecurity. And my final comment here is there are also liability conventions, the Paris Convention and the Vienna Convention for Liability. Although this is covering an accident, but one could also envision that if an operator has been negligent and their facility suffers a cyber-related incident, which causes either nuclear damage or civil damage, who is liable and who provides compensation to the affected parties? Great.

Talita Dias:
Thanks. That’s a good question for states to take up in their negotiations about future conventions on the topic. Then, Priya, I know you wanted to comment on that as well, and then we were running out of time, so we only have three to four minutes, and then I want to end the session with a survey for everyone. Priya?

Priya Urs:
Thanks. Yeah, I’ll be quite brief, but I just wanted to highlight the importance, I think, of getting at the problem from different angles. And I think Tomo put it quite well too. You know, on the one hand, we need to take certain preventative measures of cybersecurity, which Michael mentioned as well. But we also, when incidents occur, need to be able to address them and address questions of legal accountability as well. And I think it probably remains to be seen how useful it will be to apply general rules of international law in this context and also to admit where those general rules might not apply and where there may be a need for some sort of further regulation. And whether that actually happens is, as Tariq mentioned, up to states at the end of the day to decide that they want to implement certain measures or not. So I’ll just, yeah, end it there, thanks.

Talita Dias:
Thanks, Priya. So to end the session, and thanks once again to our brilliant panelists, we have a question for you in the audience online and in person. So in light of everything that we have just discussed, the risks, the initiatives, the approaches that have been developed, Rowan?

Rowan Wilkison:
Yeah, we wanted to ask you, so what else should states, private companies, and all the other stakeholders that we’ve discussed today be doing to address the cyber nuclear risks? So we’ll give just a couple of minutes.

Talita Dias:
Okay. Okay, so let’s see what you have responded to this survey. What do you think? we should be doing next. Okay, so I think everyone, I think that the highest priority here Rowan is. Yeah, we’ve got better, oh we’ve got modernized

Rowan Wilkison:
cybersecurity and civilian nuclear infrastructure that scored a, oh moving, it’s still moving, 9.1. I guess, yeah and then coming in at second we’ve got to better understand the threat landscape. Currently 8.6. Yeah, so I guess that’s what Marion sort of like spoke to us about at the beginning.

Talita Dias:
We need, we need to better understand the threats, both the cyber attacks that are out there and the types of cyber attacks that are out there, accidents that might happen as well, but also the consequences of those, those harms and we also need to hear improved dialogue between the cyber and nuclear sectors. I think that’s an important step forward. Now on law, do we need cyber specific, cyber nuclear specific norms, rules or best practices? That got a 6.4, so maybe we should stick to what we already have. Okay everyone, thanks so much for joining us today for this panel. Thanks to our speakers, thanks to your involvement, thanks to your answers to the survey. It was a real pleasure to be with you today. If you want to know more about our work, just go on our website. We also post things regularly on Twitter. Just follow our work, the work of our panelists and yes, we will keep you informed about future developments that we are doing in this space. Thanks everyone again and bye. Greetings from from Kyoto. Bye. you

Rowan Wilkison:
. . . . . .

Uta Meier-Hahn

The analysis explores the topic of internet connectivity and considers various arguments and supporting facts related to its significance for development. It suggests that regions with better internet connectivity tend to progress more rapidly compared to those with limited or no connectivity. This supports the claim that internet connectivity acts as a catalyst for development.

Another important point raised in the analysis is the growing digital divide. As time passes, the gap between regions with adequate connectivity and those without expands further. This emphasizes the urgency to address the issue and find effective solutions to bridge the digital divide.

One potential solution that is highlighted in the analysis is the use of Low Earth Orbit (LEO) satellites. It is argued that LEO satellites require minimal terrestrial infrastructure and can complement the development of fibre and mobile infrastructure. This suggests that LEO satellites have the potential to bridge the digital divide faster than other connectivity solutions.

Furthermore, LEO satellite internet is seen as a valuable resource during times of conflict or natural disasters, when traditional communication networks may become unavailable. This underscores the importance of having alternative means of communication that can remain functional in such challenging circumstances.

The analysis also discusses the benefits of connectivity alternatives. It suggests that offering a range of connectivity solutions can lead to an enlargement of the market and stimulate competition. This variety allows end-users to have more choices, potentially leading to improved services and affordability.

An interesting point made in the analysis is the global nature of the governance of LEO satellite internet. It asserts that all global citizens are stakeholders due to the shared risks associated with the technology, such as potential space debris and environmental costs. This highlights the need for collaboration and cooperation among stakeholders to address these issues effectively.

The analysis concludes by suggesting several recommendations for further action. Countries are encouraged to document and share best practices and explore opportunities to align their interests with providers. This can help in authorizing and licensing LEO systems in a timely manner. Additionally, engaging with financing and investment opportunities is seen as crucial to support the advancement of satellite internet.

Other noteworthy observations from the analysis include the importance of transparency and multi-stakeholder input, as well as the need for research and twinning programmes to further understand and advance satellite internet. The analysis also stresses the significance of quick onboarding and activation of services, and the need for coalition building to foster consumer interest.

Overall, the analysis highlights the positive impact of internet connectivity on development and the potential of LEO satellites in bridging the digital divide. It provides valuable insights and recommendations for countries, stakeholders, and providers to collaborate and work towards achieving better connectivity outcomes.

Akcali Gur Berna

Satellite connectivity and data governance have geopolitical dimensions, especially in Ukraine and Iran. During the Russian invasion of Ukraine, Starlink satellite internet service proved crucial in providing communication support to the war-torn country. However, in Iran, requests for internet restoration were limited due to US restrictions and authorization issues with the Iranian government.

Concerns surrounding data privacy and monopolization have sparked discussions on the need for international treaties to address these issues in the context of satellite broadband. A survey conducted for the ISAAC Foundation-funded research revealed that respondents had concerns about data privacy and suggested an international treaty approach to combat data monopolization. This indicates that global recognition is growing regarding the concerns associated with the data value chain in satellite broadband, and international treaties on data flows and standardization may provide potential solutions.

Certain European Union countries and the UK have licensed Starlink to provide services, but under the condition of compliance with domestic data governance regimes. This shows that countries can employ regulatory measures to address data governance concerns in the use of satellite broadband services. Additionally, major space-faring nations like China and the EU are embarking on their own satellite constellations, citing data governance issues as one of the justifications for these projects.

It is crucial for satellite broadband technology to operate within existing rules and regulations, respecting the importance of the rule of law. This ensures that the deployment and use of satellite broadband services adhere to legal boundaries and prevent potential conflicts. International legal boundaries may restrict broadcasting capabilities in certain countries, and approval is necessary for landing rights and spectrum usage. Turning on satellite services without approval in particular countries would attract international pressure and potentially cause political conflicts.

In terms of domestic regulations, developing countries are advised to reevaluate and update their regulations related to licensing and authorizing satellite broadband services. By reassessing their regulations, these countries can create an environment that promotes the growth and accessibility of satellite broadband while also addressing governance concerns.

In addition, countries are recommended to form regional alliances to enhance the achievement of local policy goals. This collaboration can foster cooperation in addressing common challenges and advancing the benefits of satellite broadband in the region.

Active participation in ITU (International Telecommunication Union) consultations is also encouraged. By engaging in these consultations, countries can contribute to the development of international standards and policies that govern satellite connectivity and data governance.

Countries should also reassess their commitments under trade treaties, ensuring that their satellite broadband initiatives align with international trade agreements and obligations.

Moreover, it is essential for countries to familiarize themselves with space law. Having a comprehensive understanding of space law will ensure that satellite activities are conducted legally and in accordance with international norms.

Finally, a holistic approach is necessary to ensure that satellite broadband initiatives align with sustainable development goals. By considering the environmental, social, and economic impacts of satellite connectivity, countries can maximize the benefits of satellite broadband while minimizing potential negative effects.

In conclusion, the geopolitical dimensions of satellite connectivity and data governance are prominent, particularly in Ukraine and Iran. Addressing data governance concerns through international treaties, regulatory measures, and domestic regulations is crucial for the responsible and effective use of satellite broadband services. Collaboration, active engagement, and adherence to legal frameworks are essential in optimizing the benefits of satellite connectivity and data governance while working towards sustainable development goals.

Dan York

The analysis explores the different aspects of satellite connectivity, specifically focusing on Low Earth Orbit (LEO) satellites and their potential impact on internet accessibility. LEO satellites are seen as a promising solution for providing high-speed and low-latency connectivity, which is crucial for efficient internet access. In comparison, geostationary satellites, which have been providing internet access for many years, have high latency, making them unsuitable for fast connectivity.

The potential of LEO satellites for revolutionizing internet connectivity is highlighted, particularly in terms of their ability to deliver faster and more efficient connections due to their closer proximity to Earth compared to geostationary satellites. Additionally, LEO satellites can be mass-produced and launched in bulk using cost-effective methods, such as reusable rockets, resulting in significantly reduced expenses. However, it is important to note that LEO satellites have a shorter lifespan of around 5 years, requiring continuous deployment to maintain uninterrupted connectivity.

Despite the advantages, there are concerns regarding the implementation of LEO satellite networks. One significant concern is the economic, societal, and environmental implications associated with these systems. Affordability and capacity remain major challenges, and the lack of established standards and privacy concerns pose potential issues for future LEO systems. Additionally, there are concerns about data handling through the required infrastructure and the generation of space debris, which can have potential environmental impacts.

The analysis also addresses the issue of regulatory and legal restrictions, which act as significant barriers to the global implementation of satellite internet. Providers must secure landing rights and obtain spectrum approval in each country they seek to operate in. Operating without proper authorization can lead to international pressure and attention, underscoring the need for adherence to legal and regulatory frameworks.

Moreover, the control of satellite internet by a limited number of billionaires, such as Elon Musk and Jeff Bezos, raises concerns about unequal access and power dynamics. The high cost of launching satellites prevents smaller players or community networks from entering the field, potentially exacerbating inequalities in internet access.

The analysis also raises concerns about the potential risks associated with satellite internet, particularly in terms of two-way communication. This vulnerability could make users, especially those in conflict zones, susceptible to targeting or surveillance.

The importance of healthy competition within a regulatory framework is advocated to address potential issues and failures in the LEO sector, as witnessed in the 1990s. Furthermore, the need for regulation is emphasized to ensure equitable access and prevent regulatory capture, which may impede progress or lead to unfavorable outcomes.

While advancements in satellite technology, including mass production capabilities and improved launch capacities, have greatly improved over the past few decades, uncertainties remain regarding the viability and success of proposed systems. Careful evaluation and addressing of these uncertainties are essential to ensure the effectiveness and sustainability of satellite communication networks.

Alternative solutions, such as optical connectivity, are also discussed. Optical connectivity provides a direct and unshared connection, but its infrastructure is still in the early stages of development.

Finally, the analysis highlights the critical role of satellite communication in disaster management, as evidenced by the deployment of communication resources in disaster-stricken areas to provide Wi-Fi connectivity for first responders. Additionally, the potential use cases of LEO satellites are emphasized, and the need for increased conversations and attention towards the International Telecommunication Union-Radio (ITU-R) is suggested to address the challenges and opportunities presented by LEO satellites.

In conclusion, the analysis provides a comprehensive exploration of the various dimensions of satellite connectivity, with particular emphasis on LEO satellites. While LEO satellites offer promising high-speed and low-latency connectivity, there are concerns regarding environmental impact, data handling, affordability, regulatory restrictions, and broadband inequality. The importance of healthy competition, regulation, and planning ahead to address potential challenges is stressed. Caution and further evaluation are needed before implementing proposed systems, given the uncertainties that exist. Overall, satellite communication, including LEO satellites, holds great potential for improving internet accessibility, and leveraging it effectively requires careful consideration of various factors.

Peter Micek

The analysis examines several significant concerns surrounding the low-Earth-orbit satellite sector. A major apprehension is the potential regulatory risks posed by Starlink, the sector’s first mover. The consolidated control that Starlink holds over the industry raises concerns, particularly due to its dominance and associated risks.

Another worrisome aspect is the heavy reliance of Ukraine on Starlink and its controller. This dependence on a single company creates vulnerability, as any disruption or manipulation of Starlink’s services could have severe consequences for the country.

The analysis also highlights potential security vulnerabilities in low-Earth-orbit satellites. It presents evidence from a live hacking competition at the DEF CON conference, where teams were able to hack into a satellite’s camera and capture pictures of specific locations on Earth. This finding underscores the need for robust security measures to protect these satellites from malicious activities.

Furthermore, the analysis points out the significant dependence of civil society on government in the space sector. The report underscores the substantial funding and procurement efforts made by governments, particularly in defense industries and spending. This heavy reliance on government support poses challenges for civil society to have equal say or influence in shaping sector policies.

Additionally, the analysis identifies an asymmetrical disadvantage in influencing public policy in the space sector. Despite efforts to engage with public policy directors, calls often go unanswered. This lack of responsiveness hampers the ability of concerned parties to have a meaningful impact on policy and regulation development.

On a positive note, the analysis suggests promoting higher standards in government procurement and support for new and emerging technologies. Initiatives like the donor principles on human rights in the digital age launched by the Freedom Online Coalition aim to harmonise and raise standards, addressing challenges in the sector.

Overall, the analysis highlights the need for careful consideration of regulatory risks, security vulnerabilities, and power dynamics in the low-Earth-orbit satellite sector. It emphasizes the importance of inclusivity, human rights, and data protection in policy and regulation development. Promoting higher standards and fostering partnerships in government procurement and emerging technologies are seen as promising approaches going forward.

Larry Press

The analysis explores the topic of optical laser communication between space and the ground, highlighting its potential impact on sustainable development. It is noted that this type of communication is related to SDG 9: Industry, Innovation, and Infrastructure. The technology has gained attention and investment from various smart individuals and organizations.

Optical communication offers several advantages, including faster speed, significant data capacity, wide directional angle, and license-free operation. However, it also faces challenges related to atmospheric conditions, such as clouds and rain, which can distort or weaken the optical signals. Despite these challenges, the overall sentiment towards optical communication is neutral, acknowledging its potential but also recognizing the obstacles it faces.

The involvement of noteworthy organizations, such as NASA and universities, in experimenting with optical communication is highlighted in the analysis. NASA has been working on this technology since 2013 and has achieved transmission rates of up to 200 gigabits per second. The Federal Technical University in Switzerland achieved even higher transmission rates, reaching 0.94 terabits per second using optical communication. This evidence shows that there is active research and development ongoing in this field.

However, there is some skepticism regarding the success of optical to low Earth orbit communication. The president and CEO of KSAT, an established optical ground station company, doubts the viability of this type of communication. The analysis suggests that additional investments and research are needed to overcome the challenges associated with this technology.

In addition to the topic of optical communication, the analysis also examines the criticism directed towards Elon Musk for his political posts on Twitter. Larry Press expresses disappointment and fear towards Elon Musk’s political content. This negative sentiment is further supported by Larry Press’s mention of following Elon Musk on Twitter and disliking the political content.

Another area of discussion revolves around the failures in the past attempts at providing internet connectivity through satellites. The analysis cites the example of Teledesic, a project funded by Bill Gates and a Saudi prince, which failed in the 90s due to technological limitations. It is noted that at that time, the technology and economics did not support internet connectivity via satellites. The limitations in technology made it economically unviable as the internet was primarily text-oriented and had limited technological capacity.

The analysis also includes Larry Press’s viewpoint that connectivity should be affordable based on what people can afford. He argues that if people in an area or nation cannot afford connectivity to services like SpaceX, it implies they have excess capacity. Therefore, he suggests that adjusting prices according to an area’s available capacity would be more feasible.

Furthermore, Larry Press criticizes Elon Musk’s initial pricing structure for SpaceX, stating that it was unrealistic. He points out that Musk initially stated he would charge the same price everywhere, but different rates are now used in different countries. This observation highlights a disparity between the initial intentions and the current pricing policies.

In conclusion, the analysis provides an in-depth exploration of optical laser communication, its advantages and challenges, ongoing research and development, as well as potential skepticism towards its success. It also examines the criticism directed towards Elon Musk for his political posts on Twitter and highlights the failures in past attempts at internet connectivity through satellites. Additionally, it presents Larry Press’s viewpoint on affordability and pricing, emphasizing the importance of adjusting prices according to capacity and income levels. These insights contribute to a comprehensive understanding of the subject matter.

Kulesza Joanna

The panel discussion will delve into the intricacies of data governance in broadband satellite services, with a specific focus on satellite infrastructures and internet connectivity. Comprising seasoned experts in the field, the panel boasts a wealth of experience in both low Earth orbit satellites and internet connectivity. They will shed light on the technological aspects of these systems while also examining the regulatory constraints that come into play, including those imposed by SpaceX.

In addition to exploring the technical and regulatory dimensions, the panel will address the impact of regulations within different jurisdictions. Recognising that various countries may have differing approaches to governing satellite connectivity and internet access, this discussion aims to shed light on the potential consequences of these divergent regulatory frameworks. Civil society feedback, often instrumental in shaping policies and regulations, will also be taken into consideration.

One of the speakers, Kulesza, brings a unique perspective to the table. Working on an ISAC foundation project, she is deeply involved in comprehending the legal framework underpinning low Earth orbit satellites and internet connectivity. To emphasise the significance of this understanding, Kulesza stresses the need to discuss the regulatory impacts that governments attempt to enforce across different jurisdictions. By examining these impacts with a critical lens, the panel hopes to foster a more comprehensive understanding of the legal dimensions surrounding satellite infrastructures and internet connectivity.

Furthermore, the panel recognises the importance of community engagement in these discussions. To facilitate a fruitful exchange of ideas, the audience will be encouraged to participate by posing questions or sharing comments through the chat function. Alternatively, they can wait until the dedicated Q&A session to provide their feedback. This commitment to fostering dialogue and incorporating diverse perspectives aligns with the broader goal of partnership for the goals, as outlined in SDG 17.

In conclusion, the panel discussion on data governance in broadband satellite services promises to offer valuable insights into the technological, regulatory, and legal aspects of satellite infrastructures and internet connectivity. Through the expertise of the panelists and active audience participation, this discussion seeks to advance our understanding of the challenges and opportunities in this rapidly evolving field.

Kulesza Joanna:
ready and I do not hear an objection, I would be glad to start this off. Welcome to session 307. This time we encourage you to join us to discuss data governance in broadband satellite services. That’s the theme we have chosen for this panel. The group of presenters we have managed to to complete for this panel has been working on satellite connectivity and internet access for a while. We will go through the introductions in due course and for this specific session we have decided to focus on data. These new technologies that support internet connectivity all rely on what has been referenced as the new oil so we are very much looking forward to discussing that specific aspect of internet connectivity and satellite infrastructures. My name is Joanna Kulesza. I work as an assistant professor of international law at the University of London in Poland and for the past year and a half together with my co-lead on an ISAC foundation project we have been working to better understand the legal framework behind low earth orbit satellites and internet connectivity and Berna Akcalikor is one of the panellists on this project as well. We have managed to connect to put together a panel of excellent speakers whom I’m going to kindly ask to introduce themselves in due course for the purpose of time and our scoping questions for this session do include both the technological aspect of low earth orbit satellites and internet connectivity and that is a kind request to our first two speakers to shed some light on that specific theme. We will then move forward to better understand and what are their regulatory constraints behind using technologies like SpaceX, but I’m certain our speakers will emphasize that that is by far not the only company that is offering satellite infrastructures for internet connectivity. And then we will look at regulatory impacts that the governments are trying to cause within different jurisdictions, as well as the civil society feedback to the possibility of deploying these new infrastructures and regulating, managing, processing the data that flows through them. I have kindly asked our panelists to present for seven to 10 minutes. As already said, we have quite a rich agenda. So without further ado, I am going to ask them to take the floor and then we will move directly into the Q&A. So if our audience members do have questions or comments, they are more than welcome to either post them in the chat. I will be monitoring the chat or simply wait until the Q&A session. It will be moderated in the room by Bernhard Salibor and we will give you ample time to share your feedback. With this, I hand the floor over to Dan New York, who has been leading a dedicated project within the Internet Society on Low Earth Orbit Satellites, completed with an insightful report. I am certain that we will be provided with a link to that report in due course. Dan has been working for ISOC as the Director for Internet Technology. So we could ask for no better speaker than Dan to give us an introduction into satellite infrastructures and internet connectivity. Dan, thank you so much for joining us. The floor is yours.

Dan York:
Thank you very much, Joanna, and thank you for everybody who’s coming in. attending this session, whether you’re in the room there in Kyoto or online, wherever you may be. And this is a fascinating topic around data governance. And I could go off on any topics, but I’ve been asked to kind of focus on the technology side and set the stage to make sure we’re all using the same terms, working in the same kind of space, and working with that. So to begin with, I work for the Internet Society. I’ve been there for 12 years. I am currently the Director of Internet Technology. I have a focus around one of the aspects is connecting the unconnected, and how do we do that using low-Earth orbit satellites, among other technologies. Let me go and talk a little bit. It’s all focused on the internet for everyone, and how do we bring those people together. To begin any conversation on satellites, we need to talk about orbits. And this is the critical part to understand what’s going on right now and why there’s so much energy and excitement. We’ve had satellites that have been providing internet access for decades now. Almost all of those have been out at what is called geostationary or geosynchronous orbit out at around 36,000 kilometers away from the Earth. These are large satellites, typically the size of a large bus or something bigger. They cost millions of dollars, many millions of dollars sometimes. They take a long time to get out there. But they provide service for sometimes 15, 20 years or more. They can provide decent bandwidth. The challenge that they have is they are so far out that the amount of time it takes for a packet to go from the Earth out to the satellite and get back can be 600 milliseconds, 800, 900 a second, or even more. And the challenge that has is that in today’s world, when we want to have video conversations like this one, you need something with a much smaller amount of what we call latency or lag. And this is where we start to look at the other areas. There is a medium Earth orbit, which is between 2,000 and 36,000. And there’s a range of things that are in there. there is a provider, SES, which has the O3b satellites that do exist out in that kind of range. They are a little bit closer, have a little bit better latency, but the energy, the excitement is all down in this space below 2000 kilometers, which is the low earth orbit or LEO, as we say here, or LEO, however you want to call it. This is where the space stations are. This is where so many of our satellites are, imaging, sensing, everything else. All of this is happening in this space. Now, part of what goes on and why we’re getting into this is that the farther away you are, the more, the bigger the range of the earth that you can cover. So you can go and without it, the geosynchronous area, you can have three satellites and you can be able to cover basically the entire earth by positioning them in different areas. If you’re in the middle earth orbit, some of the systems there can do maybe 20 or so. They’re orbiting, they go faster, et cetera. When you get down into the LEO area, you need a lot of satellites because they’re moving constantly in motion around there. OneWeb, which is now Eutelsat OneWeb, is around 1200 kilometers away from the earth and they have about 600 satellites. SpaceX with their Starlink and Amazon Project Kuiper and others who are in this play are a little bit lower. They’re about 500, 500, 600 kilometers away from the earth and they need about 3000 satellites to go and cover it. So it’s a different scale that you see here going on. These are this world of LEOs or low earth orbit satellites that we see around here. What’s happened that’s driving this interest in LEOs is that this need for this high speed, low latency connectivity. We wanna have connections like this. We wanna be in gaming, we want virtual worlds, we want e-sports, we want fast connectivity to be able to communicate and connect with people. And the challenge is that just hasn’t worked in the past with GEO, but the thing that’s driving it is this massive reduction in cost. These LEO satellites might be the size of a car or even smaller in some cases, they can be mass produced and rolling off production lines, they can be sent up in rockets with 50 of them at a time. And those rockets can be reusable now, as we’ve seen with SpaceX. So there’s this massive change in the way that we’re able to go and deploy rockets and things that are out there. Three parts to any of these systems. One is this constellation of satellites. Okay, that’s the thing we all think about when it goes up there. Each of them are launched at different altitudes, there’s different what they call orbital shells that are around, that there are different ways. There’s also the user terminal is the language used in satellite speak, the ground terminal or something. Normal, I mean, people just out there often just call it an antenna, or a dish or, you know, that kind of thing. But that’s the piece of that’s the hardware that you use. The big difference that’s happened is that you need a fancier antenna. With a geostationary satellite, you can just put an antenna on the side of your house or top of the house, you point it at the satellite, and it’s done because that satellite is fixed over a certain part of the Earth as it rotates. And so you can just put the dish up there. And that’s what you see in all over the world. Well, that doesn’t work when your satellites are moving at a high pace, and they might only be over the Earth in view for five or 10 minutes. So you need these new antennas that are electronically steerable phased array, lots of different words for them and gets in there. But basically, they’re the things that you see if you’ve seen anything with Starlink there, they look like a pizza box or something. Amazon Kuiper has similar ones. OneWeb has some similar kinds of ideas. The companies that are selling direct to consumer often accompany that with a Wi Fi router or something else. And then there’s also ground stations. And these are the receiving end of where that signal goes up to a satellite comes down to a ground station connects out to the internet. Now, these are different for each of the providers. OneWeb’s ground station is different than SpaceX’s, which will be different than Amazon Kuiper’s, which is different from ones used by Intelsat or one of the other geo providers. They’re all their own separate space in there, but they need that ground station to connect to. Now this is something, and Larry’s gonna talk a little bit more about this in a bit, but this is something that’s changed a bit. Historically, you needed to have a ground station in each country for legal reasons and things, but also within a certain range. The satellite had to be able to look down and see the ground station. So you had to have them maybe every 900 kilometers, something, you had to have them spaced out around the earth. And this is why, because you would have this user terminal, the dish, connect up to a satellite, bounce down to a ground station, and go out to the internet. Of course, in the Leo space, it might look a little bit more like this. Some of your packets would go to one satellite, the other ones would come back there. One of the big changes or revolutions in this space is what if you’re not in range to a local ground station? This is what Larry’s gonna talk a little about is this idea around what are called inter-satellite lasers, which allow you to go and connect up to the satellite, bounce across the mesh, and then drop down to a ground station, and then connect out there. Now, SpaceX has demonstrated this already when you look at things such as, they did some experiments in Antarctica with Starlink dishes there that connected up to the Starlink mesh. The constellation went across the constellation and dropped down to a ground station somewhere else. There are no ground stations for this in Antarctica. It was connecting up and across. It was also demonstrated in the Iran protests when the US government and others asked Starlink to turn on Starlink access in the country of Iran, and they did. There aren’t any legal ground stations in Iran. They were taking that data up into the satellite constellation. and then dropping it down somewhere into some other ground stations there. There’s a range of different kinds of data flow tech issues we could talk about here, about where does the data get dropped down to? Who’s in control of that? A lot of different topics around that that I’m not going to get into, but we’ll talk more about that. Just quickly, some of the concerns or things that we have to think about are affordability. Can these systems really be affordable for the people who need them the most? There’s a bunch of different business models that are being brought in here. Will they have the capacity to support all that we need? Certainly, we’ve seen in some areas they provide tremendous capacity for everything you need. When you get in the more densely populated areas, actually, you wind up with having challenges in some of this. Will there be competition? What are the business models? Right now, one of the biggest challenges is simply deployment. There’s a limited number of providers, really only SpaceX right now, who is able to go and launch satellites up into space at the pace that you need to launch because you’ve got to get thousands of satellites up in the low Earth orbit. Because they only have a five-year lifespan, you need to keep replacing. We’re in a weird spot where a lot of the other launch providers, Arianespace, United Launch Alliance, Jeff Bezos’ new Blue Origin, they’re in between launch vehicles, like the Ariane 5, there’s no more rockets, and the Ariane 6 hasn’t been deployed yet. There’s other pieces like that. We’re in a weird spot. One of the big challenges is just getting the satellites up there in the first place. There are other concerns, security, privacy, standards, what standards are being used. Now, if you use a Starlink connection, it works with all the typical internet standards. Those are all open. It works across there. How they’re routing inside their infrastructure is right now primarily proprietary. There’s issues around space debris, lots of things that come into these kinds of spaces. We don’t fully understand the sustainable business models. There’s questions around the environmental impact of all of this. What will it be? The impact on astronomy. There’s a lot of open questions. And that’s really one of the reasons why we need to have sessions like this at the IGF and other places, is because this is an industry that is still in its infancy. Need to understand a bit of this. I will put a point on the urgency around this. The next several years are going to be very critical because there’s a lot of people launching these systems. Starlink has already launched much of its generation one, its first phase, which will ultimately be about 4,400 satellites. They’re in the process of launching the first part of their second generation, which will be 7,500 satellites, growing to around 30,000 satellites. OneWeb has completed their first phase of around 600, but they’re going to be launching more. They’re on the books to do that. Amazon, just last week, launched its first two demonstration satellites, but it’s on the track to go and launch another 3,200 over the next couple of years. China is proposing their own constellation, which will rival Starlink’s in about 13,000 satellites. The European Union is looking to develop its own Iris constellation. If you look at the numbers that are filed with the ITU in terms of satellites, it’s conceivable that over the next four to five years, we could have 40, 50, 60, maybe even 90,000 satellites orbiting the earth. And this is just the internet access ones, not even thinking about imaging or sensor networks or other stuff. So it’s a very crowded space up there. Data flows are going to be a big part of thinking about through how all this works. And with that, I will just say, Joanna’s right, we did have a report that we issued last year. We’re still working on that. You can get it at internetsite.org slash leo is where we talk and frame a lot of these kinds of issues. And with that, I’m going to turn it to. Larry to dive in the lasers a little bit more.

Larry Press:
All right. OK, can you guys see me and hear me? We can hear you and see you. Can see me, OK. Let me, let’s see, I’ve got to figure out how to share my screen and get some slides going too. All right, can you guys see my slides? We do. OK, all right. Yeah, what I’m going to talk about, as Dan said, he gave a great overview. I’m going to be very focused in kind of a narrow niche, which is optical laser communication between space and the ground, not even just that one slide on the inter-satellite links. And the reason I’m doing it is because I think it may have a significant impact on this sustainable development goal, number nine in particular. So you can see the picture on the right. It depicts a few satellites in the sky in the space. And the kind of narrow lines between them are inter-satellite links that Dan talked about. And then those thicker lines depict laser links communicating with ground stations or gateways on the ground. And I’m going to focus my talk on the links to the ground stations. And I’m going to have one slide. Let’s see. Here you go. One slide. One slide on the inter-satellite links. Dan said SpaceX was the first. They now have about 8,000 optical terminals in orbit. And they’ve recently begun launching their second generation, which go faster. They go up to 100 gigabits per second. As you can see, each satellite has three terminals. Two of them point forward and backward in the same orbital plane as the satellite is going. The third one can go left or right. And I’m not sure, who knows, but I think it can perhaps go down, point to the ground. And that’s what we’re gonna talk about now. Satellite communication between the satellite and the ground. Why are we concerned with, or excited about optical, what optical communication? Right now, it’s radio frequency communication to those ground stations. And optical has many, many advantages. I’ve listed them there on the left. I’m not gonna read them to you. Maybe the most interesting is license-free. There’s no problem with getting, with interference with spectrum that there is with the radio frequency. It’s like a laser pointer. And RF is more like a flashlight that kind of spreads out the signal that gets diffused. And there are even some little side signals that completely don’t go to the right place. What’s not to like? It’s the atmosphere. Things like clouds and rain and stuff get in the way of optical signals. They can distort them and cut back their power. So the payoff would be really great, as was just illustrated. And for that reason, many really smart… people and business people are working on. I’m going to run through really quickly five groups. I’m not going to say much about any of them, but I will have links, a lot of links, that you can follow up on all of these. OK, NASA has been doing it since 2013. They’ve got many projects, many experiments with space-to-ground communication optical. I’ll just say this one is 200 gigabits per second from a little CubeSat from space to the ground. That is way fast. That’s 1,000 times faster than we’re used to. And that’s the kind of payoff that will come from this stuff if it works. All right, universities are doing a lot of experiments and research. This one’s interesting. It’s from the Federal Technical University in Switzerland. They have got a deal where they’ve got a terminal up here on top of a mountain, and they’ve got a terminal down here at their institute. The whole distance depicted there is about 53 kilometers. And you can see that it’s going through some of this stuff, like turbulent air, and it’s over a lake with water vapor, the kind of stuff that screws up laser transmission in the atmosphere. And with adaptive optics, they have a little tiny chip with 97 tiny adjustable mirrors that can make adjustments 15,000 times a second. Things like that are inconceivable, but they exist. And they’re also working on modulation schemes, a way to encode the 1’s and 0’s into the signal. And so they’ve been able to achieve 94 terabits per second, 0.94, almost a terabit per second transmission rates. They say they’re working on new modulation schemes. new software, to encode things and make it go faster. And it can be scaled up to 40 channels. So that would be an incredible amount of data coming in from space. And the second university one has to do not with the data transmission rate, but with being able to track the satellites, like Dan says, as they move across the sky. And so what these guys have done is put up a drone. And it goes back and forth at 65 kilometers per hour. But that simulates the sort of one degree per second that a satellite in low Earth orbit would transcend. And in fact, they have no trouble tracking it and transferring data from it. The military, no surprise, is really interested in this stuff. One really interesting thing is the Space Development Agency. It’s part of the Space Force. They have what they call the Transport Layer Constellation. It’s going to have between 300 and more than 500. They haven’t really decided yet satellites. And these will have laser links between the satellites and also space to ground laser links. And a key thing is this. They have a real philosophy of working with commercial suppliers. So that’s really an interesting one to watch. Speaking of commercial suppliers, I think the most interesting one is a company called Elyria. It’s a startup. They acquired their intellectual property for two products from Google. It’s really a bunch of guys that used to work at Google. The products are called Space Time and Tight Beam. And Tight Beam is an optical communication technology. And space time is sort of a network management system. Let me tell you about TightBeam because that’s what we’re talking about. Like the guys in Switzerland, they are working on a hybrid approach and it sounds real similar. They have adjustable mirrors and clever software. And they say they are getting now, they also do tests from a mountain near their headquarters and they’re getting tests that are going at 400 megabits per second. And so if you have four of those, that’s one point. Oh yeah, you can put channels together which gives you 1.6 terabits per second. And the reason I wanna kind of bring them up in this context is on the right-hand side, you see a couple of slides from a demonstration that they’ve done to put together this. I’ll tell you a little bit more about it in the next slide. But one of the things that demonstration or the software takes cognizance of is the surface temperatures on the earth and atmospheric conditions. And that enables space time, which is their other product, which does the routing and whatnot to route around the kind of bad atmospheric conditions that I spoke of before. Let’s look at space time. These are again from the same demo. You can see the scope of this thing. This is a demo of a hypothetical network that reaches from the moon to earth. And if you zoom in, you can see it’s also working on ships at sea and airplanes in the air and of course, satellites in orbit. So it’s a very comprehensive kind of a network operating system for controlling both fixed and mobile assets and the links between them on the earth and wherever they are, outer space, deep space. They definitely have deep space in their planning. The guy sent me a… I had a little exchange on Twitter yesterday about, yeah, they’re heading for Mars, not just the moon. This project is super comprehensive, but it’s reminiscent to me of the ARPANET back in the old days. And I list some of the reasons here. The software is open source. They’re trying to do standards. Networks can federate and access each other’s assets. It really sounds both ambitious and like the ARPANET, but 1,000 times more ambitious. But I would strongly advise you to watch the demo and these slides came out of. OK, another commercial thing. Oh, it says university. It should say commercial. I’m sorry. Another commercial company that’s worth paying a little attention to is IntelSat. They’re one of the traditional geostationary satellite operators that Dan talked about. But they are doing interesting partnership products. They are working with SpaceX to test space to ground optical communication with one web on airline connectivity. And they are going to use the ALERIA operating system. So keep an eye on them. OK, I mentioned that China. You have to talk about China these days. Dan mentioned Guolong. That’s really something. But they’re going to have a hard time launching all those satellites before Elon Musk is sitting on Mars. But at any rate, China is behind. It seems to be behind in this optical communication between space and the Earth. I can only find these two projects just kind of looking around for this talk. I talked to a friend of mine who’s a colleague who’s in China and knows everything about the Chinese internet and space business. And he couldn’t add to this, so they don’t seem to have much going at the present. Okay, and there’s bad news though. That was a lot of good news and a lot of people, smart people, putting a lot of energy into this. The bad news is there are no optical ground stations anywhere, and so that’s gonna take a bunch of investment. One approach is, or some of it can be done by augmenting the existing RF, some of the RF gateways that are already existing. If they’re in good geographic locations, that might make sense because they already have the real estate around the ground station, they have power coming in, most important, they all have high-speed internet connectivity at their locations. If you look at this map, these are the green pinpoints of the SpaceX gateways, excuse me, and in North America, there’s 75 of them. And you can see though, that some of these gateways are in Southwest United States, some are in Northern Mexico, some are in Arizona, in Arizona, in Australia, places that might make suitable locations for a optical gateway. The other thing though, that won’t be enough, you’ll have to construct new gateways. One would try to put them in arid regions, at locations near centers of demand, at locations that have already high-speed internet, terrestrial connectivity. Observatories come to mind as likely places to have them, they have a lot of those characteristics, but it’s gonna take a lot of money, careful analysis to build that infrastructure out if this stuff takes off. Yeah, to come back to the development goal, sustainable development goal number nine, I just wanna talk for a second. to about Africa. Right now in Africa there are only two gateways to the SpaceX. SpaceX has only two publicly known gateways and so they could use some connectivity. They have an advantage in that they’re the brown, the sort of arid spots on this map tend to be in the north and the south and I know there are others and that is an advantage because the satellites have inclined orbits. They don’t just go around the equator but they kind of go north and south. Some of them are almost go over the poles and what that means is these inter-satellite links are going to be more efficient for them for north-south links than they are for going east and west. So that’s looking good for Africa. You can imagine some gateways in the north and some gateways in the south. The other thing is seasonal variation. Obviously in the northern hemisphere it’s different than in the southern hemisphere and by having this kind of north and south having these two areas that are in the same longitude gives them another advantage. They will have good weather at least somewhere or maybe in both places at all times. Now I’m giving you kind of a really fast positive view of the whole thing. Here’s a reality check. This quote personally I don’t think optical to low earth orbit is really going to go. The guy that said it is the president and CEO of KSAT which is a Norwegian company. It’s an established optical ground station company. And they tried optical ground station in Greece in 2020 and it failed commercially. So this is not a slam dunk. There are tons of investments needed and there’s tons of research and development that needs to be done. Okay, that’s about what I was gonna say. I’ve got, you can see here my email address and a place where I talk about this stuff a lot. And if you’d like to see a copy of those slides which have tons of links, just send me a link or send me a request. Oh yeah, here’s a frequency terminology cheat sheet for those who would like it. And that is the end.

Kulesza Joanna:
Thank you, thank you so much, Larry. That was a lot of information and we particularly appreciate the developing countries focus. That is one of the themes we have been exploring throughout both of the projects, the one that Dan mentioned and the one that our next speaker and myself have been working on. So it’s most appreciated that you have provided us with this very broad technological overview and my sincerest thanks to Dan for his lasting support and yet another great intervention. With that, without further ado, I’m glad to hand the floor over to Professor Berna Akhtarigoura from Queen Mary University in London who’s a convener in outer space law, which brings us to the regulatory component of this panel. Again, with a kind request to our speakers to try and limit their intervention to seven to 10 minutes, I hand the floor over to Berna with a kind request for a brief review of whether all of these wonderful novel technologies are actually regulated. And if so, if there is a data regulation component that we might wish to focus on. Verna, the floor is yours.

Akcali Gur Berna:
Thank you, Johanna. I have PowerPoint. Well, I’m delighted to be here today to discuss data governance in broadband satellite services. I am joined by an esteemed panel of experts who bring a wealth of knowledge and experience on this topic. And, as you said, my task is to delve into the regulatory aspects of satellite connectivity and hopefully provide you all with some insight. So, the mega-satellite constellations attracted wide-scale global attention on 26 February 2022, two days after the Russian invasion of Ukraine started. Elon Musk, SpaceX founder and CEO, responded to a request from the Ukrainian Deputy Prime Minister confirming on Twitter that Starlink satellite internet service has become active in Ukraine. This news came after the cyber-attack by Russia on another satellite system owned by Viasat. The primary target of the cyber-attack is believed to have been the communication lines of the Ukrainian military, as it was just one hour before Russia launched this major invasion of Ukraine. But the impact was more extensive. It affected thousands of internet users and internet-connected devices, including the wind farms in Central Europe. It is unclear whether the spillover was unintentional. Well, the solution for the disruption was another satellite system, Starlink, a new mega-constellation then. Well, until this time, the provision of broadband internet had been considered an experimental alternative to undersea and on the ground telecommunication services, but suddenly it became the communication lifeline for a war-torn country. As expected, this received a lot of press coverage. The celebrity status of the company owner also contributed to this. Around this time, we saw it being used in disaster zones such as the flooding in northern New South Wales and remote villages in Tonga after volcanic eruption and tsunami. Well, soon after they launched services in Ukraine, an uprising in Iran started. The government applied restrictions on Internet access, so the protesters called Mr. Musk to help restore their Internet connectivity. This time, he wasn’t able to help at first, and he was but achieved limited reach. And it wasn’t because Starlink services did not have coverage over Iran technically, but primarily for legal reasons. There were U.S. restrictions for providing services to Iran, and Iranian government had not authorized Starlink to provide services within their borders. So in both of these examples, the company acted in a manner that reflected the preferences of its home state. So in the first year that this company started providing services, it didn’t really shy away from making political choices. And as we all know, the concerns regarding cross-border data transfers and data governance have a geopolitical dimension as well. In that sense, relying on this infrastructure for transferring, storing, or processing data is very much perceived as relying on a U.S. infrastructure for connectivity and data transfers. As one would expect, in the current state of affairs, Russia and China have already declared that they will not allow the provision of satellite broadband by a U.S. service provider and cited cybersecurity as the main concern. OK, so it’s not… OK, sorry. OK. Confirming the prevalence of data governance concerns, in a survey Joanna and I conducted for our ISAAC Foundation-funded research on the global governance of satellite broadband, the respondents chose data privacy as one of their primary concerns. And in another question, they chose an international treaty on data flaws and standards development approach as the best way to tackle concerns regarding global data value chain being monopolized by a small number of real broadband companies. This survey was more than a year ago. We are still in the early stages of this technology, so we’ll see what the future brings and how the data governance regulations take shape. Now, so far I have established two things. There’s a geopolitical dimension to the use of satellite broadband, and data governance has started to be associated with its use. So what sort of measures can countries employ to address their concerns? I’ll go back to this, yes. Well, some EU countries and the UK have already licensed Starlink to provide services, although they have or plan to have their own satellite systems. The plan is to create a competitive market, but all licensed service providers are expected to comply with the domestic data governance regimes. On the PowerPoint, you see Starlink’s commitment on its website to comply with the GDPR for its customers in the EU. Major space-faring nations have also embarked on projects that will give them their own satellite constellations. A good example is China and the EU. The justification of these ventures… goes beyond data governance, but it is a significant factor. So what is the exact contours of domestic jurisdiction over satellite services? Let me go back. Yes. So while the provision of satellite services in a particular country is subject to that country’s laws and regulations, and the framework covers much more than data governance, the satellite companies need to comply with all to be able to provide services in a particular jurisdiction. The ground station. For that, the companies will need authorization from each relevant jurisdiction. Even if they do not need to establish one technically, they may be required to. They will also need to obtain a license to use the frequency spectrum. The frequency spectrum is coordinated at the international level by the ITU. However, at the domestic level, it is a national regulatory agency that assigns them. Of course, in compliance with what is agreed at the ITU. If the companies provide their services directly to consumers, they will also likely need an internet service provider license, which will include a license for the use of terminals by consumers. The importation of their user terminals will also be subject to the import requirements of the national authorities. The states will want to check the conformity of their new measures with their commitments in their trade treaties. While satellite connectivity is not new, and the fact that it is being provided via megaconstellations does not mean existing regulations do not apply. Regulators are updating the provisions to address the unique challenges of megaconstellations, but essentially, the existing regulatory framework is applicable. I hope this brief explanation gives you an overall idea. Okay. I couldn’t find that website. If you would like to read more on the topic, please check our website. I’ll provide the link in the chat where you can find a detailed report on the subject and shorter policy papers for governments and civil society organizations. Thank you.

Kulesza Joanna:
Thank you, Berna. Wonderful. Thank you very much indeed. There seems to be a lot of regulation on both telecommunications and data. Yet when we look at these new advancements in infrastructure, the question is whether these are sufficient, whether they are relevant, whether we are back to national laws and national regulations, and whether the multi-stakeholder model still matters with regard to internet connectivity. And with that question in terms of how developmental help should be provided to countries who are still deciding on how to expand internet connectivity in their jurisdictions, I turn the floor to our next speaker, Dr. Uta Meier-Hahn, who is the advisor for digital technologies at the Deutsche Gesellschaft für Internationale Zusammenarbeit. And I’m very much looking forward to Uta discussing the developmental context of new technologies supporting internet connectivity, and Leos in particular. I know you have been working on these topics, so I’m very curious to hear your perspective. Uta, thank you for being here. The floor is yours.

Uta Meier-Hahn:
Thank you so much. So my name is Uta Meier-Hahn and I’m with GIZ, which is a public benefit federal enterprise. So we support the German government and a host of public and private sector clients in achieving their objectives in international cooperation. GIZ, some may know this or not, but we work in around 120 countries around the globe on a wide variety of areas, and that also includes So, why do we, as an organization, in the field of international cooperation, work on the US satellite or satellite internet in general? Isn’t that this expensive niche technology with limited capacity that will never, ever be the internet for you and me? These arguments I keep hearing, and they may sound and be valid, so I feel like we need to do some clarification about what we can and what we cannot expect from new satellite internet. And here I would like to make four points. The first point is about time, which we don’t have, because internet connectivity is widely recognized as a catalyst for development. This means that regions with access to better internet connectivity are progressing at a relatively rapid pace compared to those without. And this means, again, in other words, that the digital divide or divides grow larger with time. Therefore, it’s important to not only increase meaningful connectivity overall, but to do so quickly. This is where Leo Satellite or broadband from space may come in. It requires minimal terrestrial infrastructure, as we still do today. Minimal terrestrial infrastructure, as we’ve just heard, which is heavily under development. And because of that very feature, it could bridge digital divides faster than other connectivity solutions. So this, to my mind, is not a discussion about either or. It’s not about either fiber and mobile infrastructure development. We must continue this, obviously. But we can complement those efforts with broadband from space to make speedy advancements in connecting the unconnected. So I find that there’s the sense of urgency in the discussion about connectivity that sometimes gets lost in this discussion. My second point is about robustness. Leo Satellite internet, broadband from space, can provide communications when traditional local networks are not available. may have gone down, as was just mentioned by Berna, due to conflict, due to natural disasters, due to man-made disasters. And having this type of connectivity from space in place can be like a safety net for critical infrastructures. I wish it was not the attack on the Ukraine that would serve as an example over and over for the criticality of satellite internet for governmental communication in conflict. My third point is about the market, the market for internet connectivity solutions. And that point is very simple. Alternatives for connectivity enlarge the market, and depending on the business models of the providers, which vary, as we have heard, choice may arise for end-users. That again can stimulate competition, and if some other factors about the local connectivity situation and the ecosystem on the ground are given as well, the affordability of internet access can increase, not only for the users of broadband from space. This is a thesis. I encourage us to monitor the pricing level development in regard to this empirically. My fourth point goes more directly to the global dimension of the governance of LEO satellite internet. It has been alluded to in the previous talks. All global citizens can be viewed as stakeholders in broadband from space, because they share the risks that are associated with this technology, like the serious damage that could occur from space debris, the environmental cost of launching rockets and others. And at the same time, there is, and probably will be, only a handful of space-faring nations who host industries that are actually operating, or are at the verge of operating, their own satellite constellations for broadband from space. And what does this mean? It means that for the foreseeable future, the shared fate of most countries will be that they will remain customers. of only a few providers of broadband from space in a very concentrated market. Also due to the limits of natural resources, such as space, such as frequencies, as long as the advancements with the, what Larry Press was talking about, are not reality yet. So these countries may ask themselves if the connectivity that the providers of broadband from space deliver together as well as individually, comes at acceptable conditions for them. Think of the digital policy quality of that type of connectivity. What do I mean by that? For one, every provider can be expected to comply with the rules of their own jurisdiction of origin when it comes to how they treat the traffic, the data that they transmit. Think of varying provisions for data protection, cybersecurity regulation, or frankly surveillance. And then of course, in addition, everything that Berna has just mentioned with regard to the national regulation. But also the jurisdiction of origin matters. And second, how can countries make sure that their connectivity is not terminated involuntarily? For instance, because a provider goes bankrupt as we have seen in that first wave of industry development. Or because of political leanings, as Berna has just pointed out. So I encourage us to think about the qualities of those policy underpinnings for Leo satellite connectivity, and that they matter. Another aspect of this is the ability to switch providers easily, because being dependent on one company or one man puts customers in a difficult position, especially when broadband from space shall safeguard critical infrastructures. That is an issue of global internet governance, because the limited resources in orbital space and frequencies prohibit unlimited growth of this industry. So there’s not better policy qualities by growth. There’s a privileged position of a few. And that may give rise to a different notion of responsibility for these providers as well. So far, all providers offer their own proprietary hardware, as we’ve heard, for base stations and other equipment. So working towards standardization and interoperability of equipment could go a long way towards preventing log-in effects. From what we hear at this moment, the European Union constellation, IOS Square, might be the first one to go into that direction of at least standardizing such hardware. We will see about the degrees of openness. Let me close with a few empirical observations so we don’t only speak on this high level. Because in order for Leo Satellite Internet to operate in a given country, as we’ve just heard, certain regulatory and institutional setup is favorable. However, this can be a major undertaking, specifically as the industry is developing so quickly, to put such a framework in place. And that is why it appears beneficial for non-spacefaring nations to, on the one hand, document and share best practices, in order to, on the second, possibly identify opportunities to align their interests vis-a-vis providers. To get an initial idea of where we are standing, we have looked at emerging policy environments in 10 of the partner countries, initially on the African continent, really just to get a very rough idea. And I don’t have time to go into much detail, so I will keep it very brief. But we found that countries are moving relatively quickly to authorize and license Leo systems. So there is demand. Just to give you some examples, Ghana, Kenya, Mozambique, Nigeria, and Rwanda currently all have commercial Leo services deployed in their countries. Tunisia is considering trialing Leo connectivity. And others are actively deciding what path to take, or what regulatory approach towards making requirements for businesses, etc. These countries are Senegal, South Africa, Tanzania, and Uganda. One thing that will be important to note is also that we found that all of these countries already participate in international satellite organizations. They are all WTO members. They have experience in negotiating issues at the relevant ITU conferences for world radio communication. And they also have experience from previous satellite developments in introducing other satellite systems into their connectivity ecosystem. And what comes on top of that with regard to the topic of our session about data governance is that they are all members of the African Union, which is actively examining issues related to data localization and cross-border data flows, and just has recently put in a framework that will serve to develop local policies around this. So, these experiences will have provided most regulators and policy makers in those countries with years of experience, with skills to handle broadband from space, and I suggest that we build on this to fast-track participation by others. So, to sum up, if asked why Leo Satellite Internet is important for development, I would answer Leo Satellite Internet broadband from space can contribute quickly to closing the digital divide or divides. It can serve to increase robustness of Internet connectivity. It enlarges the market for Internet provision. It is not going to go away for the foreseeable future. And so, there’s a lot of room for dialogue, for coordination, and for mutual capacity building, particularly, not only, but particularly among non-space-faring nations to shape Satellite Internet to the benefit of all. Thank you.

Kulesza Joanna:
Wonderful. Thank you very much. That is exactly the intervention we were looking for with the targeted approach to developing countries and possibly recommendations to governments who are looking into deploying LeoS into their jurisdictions. I will save follow-up questions for the Q&A, and I’m certain there will be questions from the room. But thank you very much for highlighting that specific aspect of new technologies rapidly developing. And last but not least, please let me turn the floor over to Peter Mietek, who’s the General Counsel and UN Policy Manager within AXIS now, an NGO that needs no introduction. But I am certain that in his intervention, Peter will tell us more why AXIS now might have an interest in data governance through low-Earth-orbit satellites. Peter, thank you so much for joining us. The floor is yours.

Peter Micek:
Well, thank you. And yeah, I thank the other panelists for well-laying out, I think, the facts as they stand now, and then some of the potential and current regulatory risks and opportunities. I will come in with our perspective as a human rights organization. AXIS now always needs an introduction. We’re a global organization that defends and extends the digital rights of people and communities at risk. And our team members in more than 35 countries are encountering the emerging low-Earth-orbit satellite sector in a number of different ways, and that is what I hope to present a bit of. So I suppose I could start with some of the risks that we see as a human rights organization. We are very concerned about the consolidated control over this sector as it stands now. Speakers have mentioned Starlink is the first mover. They have that advantage here, but it is up to the whims of the founder and controller of that firm, which constitutes the industry right now of available retail services. And our partners in Ukraine are very concerned that the entire nation, its military, civilians, and civil society are dependent on this one company and its egotistic owner who seems to want to decide the outcome of the war. And there’s really little that we can do about it. So civil society, again, you know, desperate for connectivity, eager to reach the sustainable development goals and, you know, access and exercise our fundamental rights like freedom of expression. And of course we’ll reach for any opportunities we can. Access Now runs, coordinates the hashtag keep it on coalition against Internet shutdowns. This is a global coalition of more than 300 civil society organizations fighting intentional disruptions of connectivity. And inevitably, especially during longer term shutdowns as we see in Sudan and Kashmir and Myanmar, people look to the skies with hope. With hope that they can find a connection that will let them tell their story to the world, release the evidence that they’ve collected on human rights abuses and atrocities, tell loved ones that they’re still alive or that they need electronic money transfers. All the things that we rely on for connectivity become compounded and pressurized in situations of armed conflict and desperation. And of course people are going to look to satellites. And unfortunately, though, as I said, this leaves us in, you know, the hands of very few, you know, Western companies again. So I think it’s It’s worth noting that, you know, the user terminals themselves do put people at risk. So another risk here is that, you know, this consolidated control creates single points of vulnerability. And I know we don’t want to get too much into cybersecurity, but it was really exciting to see this summer at the DEF CON conference a live competition where teams actually hacked into a satellite, a low earth orbit satellite orbiting the earth in real time. And that was, I believe, the first ever such competition where a satellite was hacked in real time for prizes. It was a Leo satellite launched on June 5th. And if someone could put in the chat, it’s HackASat is the website that they used. I’ll put it there. And, you know, a few things were learned from this competition. I think one was it was really interesting to see the satellite went dark for four hours as it crossed over Antarctica, I think it was. And so the teams didn’t know if their hacks were successful. They had to wait until the satellite came back within reach to both deliver their payloads and extract the data. And the winning team was able to hack into the camera on the satellite, which was about this big, and take pictures of specific points on earth, which was pretty cool to see. But underscores that there is active interest in attacking the cybersecurity of these. And so to the extent that we’re dependent on them, you know, with incredibly sensitive data, if we’re talking about places where people are vulnerable and at risk, which, you know, probably overlaps a bit with those spaces that are currently not covered by terrestrial connectivity, then, you know, that highlights. and exacerbates the risks. Same goes for these humanitarian contexts. Many operators are looking at ways to, operators of aid organizations, providers of humanitarian assistance, are looking to more efficiently deploy after natural disasters or human disasters, and are certainly looking at these solutions. But again, what kind of, are we sending them into a trap, you know, where there’s actually increased vulnerability and dependency on these systems that can be, you know, turned off or, you know, deprecated through commercial phase-outs at a moment’s notice. And, yeah, the last point I kind of want to get at was this pixelated regulatory picture, right? We’ve seen the number of different potential frameworks that apply. I’ve mentioned international humanitarian law. There’s, of course, space law. Out here in the Convention Center Expo, there’s actually a high-altitude platform system, a giant wing that’s being demonstrated this week. That’s not a low-Earth-orbit satellite, but it is meant to fly for six months at a time on solar power at about 62,000 feet. Maybe somebody can do the metric conversion. But it’s really exciting to see, right? People are excited about these. But that, you know, would bring in yet another, you know, I think aviation law would apply there. Telecoms law, you know, I think in various ways, these firms are more akin to, you know, the telecoms that we know. In other ways, they’re more akin to fly-by-night, you know, top-of-the-stack application and session-layer web startups. And it’s interesting to see how, you know, these different analogies and different bodies of law might apply. and regulation might apply or might not be adaptable. But as civil society, again, in this pixelated regulatory picture, we don’t know where to engage. We don’t know how to engage. We don’t have access to the International Telecommunication Union, as many companies and governments do. And we are not adept at a space law forum. I don’t know where the intricacies of space law are open to civil society input. I do want to finish by talking about the data protection and privacy at issue. And the positive is that human rights are universal. So these rights that are interdependent, indivisible, they’ve got laser links between all the human rights already set up. This is a framework that we can depend on and that we should utilize. And it’s no different for the fundamental right of data protection. The fundamental right in here is in the individual where they are, where they reside. And to the extent a processor of this data touches and concerns the EU, then the GDPR will apply to any personal data that’s flowing. And we can assume that it will. And so I think it behooves this sector to put a foot forward and to engage in civil society organizations like Access Now, like EDRI in Europe, but across Africa, where data protection, the Malibu Convention is growing steam. Convention 108 already has a footprint. There is a basis for global protection of our fundamental rights to data protection. There’s a growing system of regulators to enforce and apply that right. And we are going to be looking to do so. One caveat, sorry, I’ll finish on this, is that with respect to your presentation, these companies do not need to comply with these various laws and regulations. They are currently operating in Iran and in many other places where they are not welcome. They are not in compliance, but they are delivering services to people, including people at risk on the ground who need the services. And so I think in that sense, it may be more akin to the top layers of the stack in that they may decide not to establish offices in local countries and submit themselves to various jurisdiction if they find it in the interests of the companies. And I will assert that users at risk in Myanmar are very keen on gaining access to these tools in a way that probably will not ever comply with the local jurisdiction regulations. So I’ll leave it there. Thank you.

Kulesza Joanna:
Thank you. Thank you very much, Peter. There is nothing more comforting to a moderator than speakers who have differing opinions that is a discussion ready-made. But just to keep us on track, and I do note that our panelists likely do have direct feedback to the further interventions. And I would like to turn the floor over to Berna and kindly request her assistance with the Q&A. There might be questions in the room which I’m not able to assess moderating remotely. If there are questions in the chat or from our remote participants, do feel free to raise your virtual hand and you will be granted the floor. Berna, if you could support us here with the Q&A, that would be most appreciated. Thank you. So if any of our guests on the floor, if you have any questions, you may come to the microphone.

Akcali Gur Berna:
At the moment, we do not seem to have any questions. So maybe, Joanna, you can. start off with your question and give time to our guests to think about theirs.

Kulesza Joanna:
Great, thank you. I do note that Dan would like to directly respond. Dan, do feel free to take the

Dan York:
floor. Sure, I know it’s great to hear what Berna said and Uta and Peter. I think, Peter, I’m with you on sort of when I got involved with the Internet Society Projects back at the beginning in late 2021, I sort of naively had this idea because I had no exposure to satellite information. So I had this naive idea that, for instance, in Sudan, you know, we could somehow get a terminal into Sudan somehow and be able to provide it to people so they could be able to have internet access and share information, all this kind of stuff. And my naivete lasted until I got talking to people like Berna and Joanna about ITU and space law and the regulations around that. And you’re absolutely right, Peter’s absolutely right, that there is no technical reason why this cannot happen. You know, Starlink can be turned on for every country in the world at some point. And on a technical level, that can go on. And it’s what we see happening in Iran. The challenge, of course, is the legal side and the reality that it is bounded on the borders based on this fact that, as Berna talked about, you know, they have to go into each and every country and get approval for the landing rights, for the spectrum to be able to go for down and up. They have to get a consumer approval. They have to go and do all of that for each and every country. And so it is a case where, and if they, you know, I think you can get away with it and doing it in Iran, because quite honestly, the rest of the international world is not really going to be too concerned. And in fact, they would probably prefer it to be turned on there. However, you turn it on for other countries and other spaces, you start to get into, you know, very lots of international pressure, attention, things like that. It’s just, it’s not something you can go and do. You have some countries such as China that have been very clear that if it gets turned on in China, they might take actual activity. they’ve done war gaming scenarios around what it would take to go and shoot down satellites. I mean, there’s lots of different pieces that sort of keep that in check at the moment, which to be honest, I was disappointed about because I was hoping it could be that, you know, get that freedom, get it out there and everywhere. You also raised the other good point, which is that unlike a passive, like a geostationary dish for broadcast TV that’s pointed up at a geostationary satellite, it’s a one-way downlink. It’s just receiving the signals. It’s just passively getting that. But once you do this for internet access, you’re doing two-way communication and you do, to Peter’s point, you can expose, you’re exposing that transmitter. You know, in the Ukraine, I know that there’ve been some of the groups that are there that are making sure that they only turn the transmitters on at certain times, that they put them away. You see pictures of groups of people putting them at a distance away from where the people are in case the signal intelligence hones in on where it is and targets it with a weapon or something. So you are exposing yourself because it is two-way communication. And that is a critical difference in what we’re talking about here. And I also join you, Peter, and others in that concern about, you know, the control of billionaires. It is right now, it’s primarily, you are seeing, you know, SpaceX with Elon Musk. You see Project Kuiper, which ultimately is Jeff Bezos. You know, you see those kinds of solutions up there. OneWeb has now been purchased by Eutelsat. So it’s now a corporate entity under, and Eutelsat is a French corporate, you know, different things around that. But it’s all these bigger players. We don’t have what we had in the early days of the internet, for instance, in the terrestrial-based, where you had university networks, hobbyist networks. A large challenge is just the sheer cost of launching all of this in some certain way. But lots to be, lots to be going on in there. I’ll defer to others.

Akcali Gur Berna:
I would also like to make a short note. So as lawyers, we tend to to explain what the law is, how the regulations apply. And so that doesn’t always represent how we personally think about the matter, yes. So if you ask me a question about the human rights law approach, then my answer would have had a different perspective on the matters that we have just discussed. So I think, as always, we tend to believe that rule of law is important, and that if you are going to breach the rules, then you are damaging the system as a whole. So taking these into consideration, my talk was more about explaining how the rules and regulations apply to the satellite broadband technology as it is. So of course, the civil society approach would be different, the human rights law approach would be different, but that wasn’t my, I didn’t include that in my speech. So I just wanted to make a little note of that, yeah.

Kulesza Joanna:
Thank you very much, Berna. I have a sense that our other panelists might also have something they would like to add. So I’m going to check first if Peter, Uta, or Larry have anything to immediately respond, for example, to Dan’s comments.

Larry Press:
Now, all kinds of stuff has been kind of thought-provoking. I guess I am really, I’ll be upfront. I am disappointed and kind of frightened by Elon Musk. He did amazing things, but he’s getting, if you follow him on Twitter and stuff that he’s starting to post now, it’s very political, and it’s political in a way that I don’t like. So I guess maybe that’s, do the rest of you guys have concern about that guy?

Kulesza Joanna:
Now I can see our other speakers, Peter, Uta, please do feel free to take the floor.

Dan York:
Yes. Okay. Yeah. I mean, you know, let’s get to a place where there is, you know, meaningful competition, but within a regulatory framework. I mean, you know, we appreciate innovation. And Larry, I was thinking of your presentation, because you didn’t talk about the 90s, right? Which my understanding is when there was a ton of interest in the Low Earth Orbit sector and a lot of failures. And so I was, you know, wondering, yeah, if you could…

Larry Press:
There was the one you’re probably thinking of is Telesat. And Telesat. Not Telesat. Tell us. What was it called? It was, well, I mean, Iridium GlobalSat, Global… No, no, no, no, no, no, no. Before that. Tell us. Teladesic. Teladesic. Teladesic. Yeah. Okay. Yeah. But they… It was Bill Gates and a Saudi prince and a guy who had, at the time, recently sold a mobile company. They did a… They attempted to do this in the 90s, but the technology just wasn’t there. I think it’s the main reason it failed.

Dan York:
And the other point is it was focused on telecom. It was not necessarily fully focused on providing internet access at the kind of scale. And it was really… Which is what… I mean, Iridium is still up there. And actually, they’re looking at launching a new range of satellites to provide data services and pieces like that. But it was a… But, you know, and we don’t know. A lot of the systems that are being proposed right now may fail in a similar way. You have to figure out, do you have the business product that’s there? And the other part is now, 20 years later… almost, you know, 30 years later, I guess, in some ways, in some of that you have this enormous change in the capacity of launch systems and mass production of satellites. That’s a lot of what’s

Larry Press:
changed today. I think Teledesic was, they weren’t going, they were in fact going for, you know, internet connectivity. Internet was different in those days. It was mostly text, for me it was text-oriented, only uppercase because I had a teletype at home. But they, there were, the technology was not up for it and it just wasn’t economically viable. The satellite technology, the launch technology, it just, it couldn’t have been at the time. It was, yeah.

Kulesza Joanna:
Great. Thank you so much. We do have a question from Mike before I hand the floor over to Uta. Please just let me read out the question. It just might be that you would like to reference that question as well. The question from Mike reads, radio spectrum access is regulated to prevent interference and allow coordinated usage. However, in the optical domain, there is effectively no interference that would warrant regulation. What tensions could we see from governments trying to extract fees from the optical spectrum? If you wish to address that question directly, Uta, do feel free to do so. Do take the floor and then I will ask our other panelists if they wish to address Mike’s question directly. Uta, please, the floor is yours.

Uta Meier-Hahn:
Thank you. I very much appreciate the question. And at the same time, I find it very far reaching and at this moment, a little bit beyond the level of discussion at the moment of, at this stage of development, but also it’s something that I would want to think about, frankly. But I have also been asked, so what are possible avenues if we acknowledge, or if we all establish together that there is an importance of some kind of multi-stakeholder input into the development, the further development of this industry, and possibly policy options? And what could be things that we could be doing? And I just wanted to throw a couple of things in the room, so maybe those can be picked up by people who listen here. So for one, of course, there’s an option to hold listening sessions by all the providers and future providers of these systems. This, of course, includes the EU, but maybe also the other providers could be interested. It would certainly go a long way towards providing some transparency into their system, which, as this session exemplifies, could be demanded. And it would give the public an opportunity to have their views heard. Another important thing could be to also talk to financing and investment opportunities and see what the ways of support, having, for instance, blended finance impact investors come in to support satellite internet from space in the countries that currently cannot or have not afforded it so far. We should and could document the best practices in terms of regulatory approaches, also with regard to how do these companies that do exist and the countries that do want to be customers, how can they do a quick onboarding and how can they activate the services quickly? There’s another aspect of really doing research, financing research about this, because as we’ve probably all seen in our preparation for the session, there is not so much empirical evidence with regard to many of the important questions of this topic. There may be an opportunity for some countries to think about it. about twinning programs to sort of move together forward on this topic, and specifically with regard to Iris Square, I feel like it’s worth throwing in the room that, depending on the views that are being held from the finances of this constellation and the populations that stand behind them, there may be an opportunity to also think about connectivity from space as an in-kind sort of development service, if you will. So not only providing countries with the capacity building they need to set up their institutions, etc., but also to really directly just provide that connectivity. I’m not sure if that’s being done much before, but it could certainly be an avenue. And then certainly there’s coalition building in general, just to foster the interest of this very large common consumer group. Thank you.

Kulesza Joanna:
Wonderful, thank you very much. I’m curious if any of our speakers might have an answer for Mike as well. That seems a really interesting question. I do agree it is an early stage of development for the optical spectrum infrastructure to governmental. Yes, Dan, please go ahead.

Dan York:
I think it’s a good question. I mean, the basic point is that if you’re doing optical connectivity, it’s a direct connection, you’re not in the, yeah, it’s not shared as Mike said. I think it’s really early. I think we have to see where these things get proved out. Larry provided a great overview of a lot of the different work that’s happening in this space to ground connectivity and what’s going on in that. But I think we’ve still got a bit to go. To Mike’s point, it’s probably good to be thinking about that in advance so that these things don’t get trapped into regulatory capture or wind up with great impediments to doing that. But I think we’re still early.

Kulesza Joanna:
Mike, turn it up a bit. You know, just make sure

Larry Press:
Yeah, I just, I feel like if we just have a kind of a bull session here, actually, I should turn on my. There you go. You know, with respect to kind of having how to subsidize it and whatnot, to some extent, I think that takes care of itself. If the people in an area, people in a nation, can’t afford connectivity to say SpaceX or to one of these little things, to the extent that that will mean they have excess capacity over that nation. And to some extent, I remember when Elon Musk first did, he came out and said, hey, we’re going to charge the same price everywhere. And that was crazy, because it makes no sense. You want to charge a price that’ll kind of keep your up to ease up your entire available capacity. So to some extent, just the economics of it take care of kind of different income levels of different countries in different regions. Make sense? I mean, it’s coming to pass, he definitely charges different rates in different countries.

Kulesza Joanna:
Great. Thank you very much, Larry. I’m just going to quickly check if any of our panelists would like to add anything to the session we are about to wrap up. And before I do so, just going to check if anyone would like to add anything we might have missed, or if there’s any direct feedback from the room. Berna, please go ahead.

Akcali Gur Berna:
Just to add to Uta’s points, well, we overlap. But, you know, what would we advise to the developing countries? So I want to refer back to our policy paper and quickly list what we had recommended them to effectively use this technology. So we recommended them to re-evaluate and update the domestic regulations related to licensing and and authorizing satellite broadband services to consider the different business models and the impact on their autonomy when deciding on gateways, for example. And we recommended forming regional alliances to enhance achievement of their local policy goals. And we also recommended them to participate actively in the ITU consultations, especially in the ITUR, which manages frequency spectrum and orbital resources. And again, if this is done through regional alliances as they are doing now, it will enhance their chances of achieving their desired outcomes. And also they should reassess their commitments under trade treaties. They are not set in stone. They could be renegotiated and these should be considered with their renewed interests and priorities associated with this technology. And also familiarize themselves with space law, which hasn’t been of interest to many non-space-faring nations. I think awareness of rules is essential to make informed decisions. And holistic concentrations of these actions, I think is necessary to ensure that their initiatives align with their sustainable development goals.

Kulesza Joanna:
Great, thank you very much. And Dan, please go ahead.

Dan York:
Sure, I would just, one thing I wanna say about the panel was I just wanna say to Uta that I loved her points that she had because I think you very succinctly summarized really some of the key issues and points around here. I would add a point, the robustness, the resiliency is something that we’ve seen as a critical part. I’m a volunteer here in the United States for an organization called the ITDRC, which is the IT Disaster Resources. And they have been deploying into places like Florida when there was Hurricane Ian, and also into the wildfires that are going on out in the Western part of the United States. And they can take a satellite dish on a pickup truck, for instance, and be able to bring it in and provide wifi connectivity for the first responders and the other people who are in the incident command area. It’s a kind of ubiquitous connectivity that we have never had access to before. It’s just mind blowing and what it can do and the kind of spaces around that. So I think it’s important to, for all the challenges, there’s an amazing amount that it can do in the right ways. And I think we need to figure out how to get it right. I think it really is. I would also point what Bernard just mentioned. A lot of us in the internet space, if we interact with the ITU, we primarily interact with the ITU-T, the telecommunication sector, or the ITU-D around development. We don’t do as much historically with the ITU-R, the radio telecommunication side. But that’s where all of this happens in satellites because of the spectrum. And people should pay attention to the World Radio Congress coming up later this, in the next November here, so November, December, because that will be the, every four years, the gathering of people to talk about this. And while LEOs aren’t directly on the agenda, there’s side conversations, there’s other places, there’s things that will be paying. So I would encourage people to pay attention to that. And my final point would just be, we need to have more of these conversations because this is this new emerging field. There’s a lot of satellites gonna be launched over the next while that’s happening. And we need to collectively make sure that we can get it right to the degree that we can from a societal point of view. So I encourage everybody to read Berna’s document that was in there, read our LEOs document, read other documents and share this, get people talking about it because we have to be talking about these questions.

Kulesza Joanna:
Great, thank you. Peter, do go ahead.

Peter Micek:
Quickly, thanks. Yeah, to sort of piggyback and reinforce Dan’s comments, we need to have more conversations, but as civil society, we are heavily dependent on governments in this space. Governments are… I think putting forward a lot of the funding necessary, they’re going to be doing a lot of the procurement, including through their defense industries and defense spending. And presumably, they’re the ones talking to these companies. I’m a very privileged person, white male in the US. I know the public policy director for SpaceX, and I can’t get any of my calls returned. And so I think just to underscore what an asymmetrical disadvantage we’re at when we’re trying to influence public policy in this space, that we are heavily dependent. And governments, it seemed to be a lot of competition over this sector. But I’m buoyed by things like yesterday, the Freedom Online Coalition launched these so-called donor principles on human rights in the digital age. And I think those are getting at ways to harmonize and raise standards around government procurement and support for new and emerging technologies and should urgently be applied to this space. Thanks.

Kulesza Joanna:
Great. Thank you very much, Peter. I could do nothing more but to strongly support all the points that have just been made. We do need to have more of these conversations. And I do welcome a relatively significant presence of Leo’s on the agenda of the IGF. It is a theme that the multi-stakeholder community should pay attention to before it’s too late, as our speakers have emphasized during this panel. We are out of time, so I will refrain from summarizing the panel more thoroughly. Thank you very much for joining us. Sincere thanks to our speakers. Thank you for all the points that you guys have made. Thank you for being here, both virtually and in person. And to those of you who are in the room or online joining us, do feel free to reach out to the speakers directly and share your feedback because this is the time to do Leo’s policy that serves the broader internet community. Thank you, everyone. With this, the session is adjourned. more. Thank you, Joanna. Yeah, I wish we could keep the bull session going. Thank you, Joanna, for leading us. Thanks a lot. Thank you. It’s always a pleasure. Thank you, gentlemen. Have a good afternoon. Thank you. Bye. Bye, everyone.

Pablo Castro

Chile’s new national cybersecurity policy places a strong emphasis on promoting international norms and applying international law in cyberspace. This commitment is vital for achieving the goals outlined in SDG 9 (Industry, Innovation and Infrastructure) and SDG 16 (Peace and Justice). The policy reflects Chile’s dedication to upholding principles that respect human rights and international law in cybersecurity operations. Chile began working on cybersecurity in 2017 and released its cyberdefense policy in 2018, which stated that cyber operations would be conducted with respect for international law and human rights. The upcoming national cybersecurity policy reaffirms Chile’s commitment to promoting international norms and law in cyberspace.

In Latin America, there is a need for further discussion on attribution in cyber attacks. Unlike other regions, there is little dialogue about responsibility for cyber attacks. Governments in Latin America must decide whether publicly attributing an attack to a foreign power is beneficial. This highlights the need for comprehensive conversations and analysis on attribution in the region.

Capacity building and international cooperation are crucial for cybersecurity in Latin America. A lack of national cybersecurity agencies is often seen, with governance falling under committees. However, training courses offered by countries such as the US, Canada, Estonia, and the UK are helping enhance capacity building efforts. These courses focus on applying international law in cybersecurity and play a critical role in equipping Latin American countries with the necessary skills and knowledge to combat cyber threats effectively.

It is stressed that Chile needs to develop a national position on international law in cyberspace. The new cybersecurity policy mandates the establishment of this position. Defining Chile’s stance and approach towards international law in cyberspace is essential to ensure consistency and effectiveness in its cybersecurity efforts.

Regarding cyber attack response, a collective approach in the region is recommended as an effective way to express condemnation without attributing the attack directly to a specific actor. This approach allows for a unified stance against cyber attacks, maintaining diplomatic relations and avoiding unnecessary conflicts.

Pablo Castro, an expert in cybersecurity and related areas, supports discussions taking place in United Nations working groups on emerging threats and technologies such as artificial intelligence and cyber mercenaries. His previous experience in dealing with these issues, particularly in the field of cyber mercenaries, further underscores the importance of these discussions. However, caution is expressed regarding potential difficulties and disagreements in reaching a consensus within the working group. Maintaining a good working relationship among members is prioritised to ensure the effectiveness of the discussions.

In conclusion, Chile’s new national cybersecurity policy highlights the importance of promoting international norms and applying international law in cyberspace. This commitment aligns with the goals of SDG 9 and SDG 16, aiming to foster innovation, ensure infrastructure security, and promote peace and justice. Latin America faces challenges in attributing cyber attacks and requires further discussion. Capacity building and international cooperation are crucial for the region, with training opportunities provided by the US, Canada, Estonia, and the UK. Chile is encouraged to develop a national position on international law in cyberspace to enhance consistency and effectiveness. Furthermore, a collective response to cyber attacks in the region is recommended to express condemnation without directly attributing the attack to a specific actor. Discussions in the United Nations working groups, supported by Pablo Castro, are of vital importance in addressing emerging threats and technologies, while maintaining a good working relationship within the group.

John Hering

The Cybersecurity Tech Accord is a coalition of 168 tech companies from around the world committed to upholding foundational cybersecurity principles. It was established in 2018 with 34 companies and has grown quickly in size and influence. The primary objective of the accord is to give the tech industry a voice on matters of peace and security in the online realm.

One of the driving forces behind the growing interest in joining the Cybersecurity Tech Accord is the pressure from customers, as cyberspace has become an emerging domain of conflict. Companies feel the need to clarify their stance on not weaponising their products and services. This pressure compels companies to actively participate in initiatives like the accord to demonstrate their commitment to cybersecurity principles.

However, a challenge for the accord is getting companies with different capacities on the same page. While some are large multinational corporations with significant resources, others may not have the same level of resources. Bridging this gap is an ongoing challenge.

The accord advocates for coordinated vulnerability disclosure policies. It encourages companies to have these policies in place to address and disclose potential vulnerabilities in a timely and responsible manner. Over 100 coordinated vulnerability disclosure policies from the accord’s signatory base can be reviewed online.

Microsoft, a prominent member of the accord, has played a significant role in the context of the war in Ukraine. The company has prioritised strengthening security for its customers in the region and has responded to multiple generations of wiper malware used in operations targeting Ukrainian data. Microsoft also actively reports its findings in the context of the conflict, providing insights into the activities of broad threat actor groups aligned with military campaigns.

The importance of a robust multi-stakeholder coalition is highlighted, particularly in the context of hybrid warfare. The accord, which includes both private sector companies and public agencies, can provide asymmetric benefits to defenders as hybrid warfare becomes a domain of conflict. The collaborative efforts of the Ukrainian CERT, which had the necessary authorisations and coordinated efforts effectively, have been crucial in thwarting cyber operations in the Ukraine conflict.

Policymakers are urged to carefully consider the impact of their regulations on the security research community. John Hering, a cybersecurity expert, raises concerns about potential negative consequences if regulations do not prioritise fixing vulnerabilities and ensuring customer and user security. Poorly considered policies may inadvertently compromise product security and data safety by creating a race to the bottom.

On a positive note, accountability in cybersecurity is improving. Governments are taking steps to include norms violations in public attribution statements, and the International Criminal Court (ICC) has declared its intention to investigate potential cyber-enabled war crimes. These developments demonstrate progress in holding actors accountable for their actions in the cyber realm.

Overall, the Cybersecurity Tech Accord has garnered significant support and interest from tech companies worldwide. Its commitment to foundational cybersecurity principles and efforts to give the industry a voice in online peace and security are noteworthy. Challenges remain in bringing companies with different capacities together, but the focus on coordinated vulnerability disclosure policies and the active role of Microsoft in securing customer data in the Ukraine conflict show the practical impact of such collaborative initiatives. Policymakers must be cautious in crafting regulations that consider the impact on the security research community. Nevertheless, positive strides in accountability in cybersecurity, with government actions and ICC involvement, indicate progress in creating a safer and more secure online environment.

Koichiro Komiyama

The analysis reveals several important points regarding cybersecurity incident reporting and vulnerability information sharing. In Japan’s case, it is highlighted that sharing information with JP CERT (Japan Computer Emergency Response Team) or the National Cybersecurity Centre is crucial for effective incident handling. On the other hand, the US Securities and Exchange Commission has introduced a new regulation that requires financial institutions to disclose any cybersecurity incidents they experience.

However, it is noted that the role of CSERT has slightly changed. The specific details of this change are not provided, but it suggests that there may be some adjustments or updates in the way CSERT operates in handling cybersecurity incidents.

JP CERT, being a key player in incident reporting and response in Japan, receives around 20,000 incidents per year. This indicates the scale of the cybersecurity challenges faced by the country. Furthermore, JP CERT predominantly communicates with entities in the United States and China, indicating the importance of international cooperation in dealing with cybersecurity issues.

One of the supporting facts provided highlights a negative incident involving a Chinese security researcher. After identifying a vulnerability issue, the researcher promptly shared the information with Log4j developers. However, the researcher was subsequently summoned by Chinese authorities. This incident raises concerns about the potential hindrance to global information sharing and collaboration on cybersecurity matters.

The analysis also suggests that cyberspace is not as global as imagined, with over 80% of JP CERT’s incident engagements involving the US and China. This indicates that despite the interconnected nature of the internet, there are still significant gaps in global information sharing and cooperation in the realm of cybersecurity.

Another significant point raised is the localization of data and vulnerability information. This localization hinders global information sharing and collaboration, resulting in a chilling effect among Chinese security researchers. The introduction of regulations in China has had an impact on the willingness of researchers to share valuable vulnerability information due to potential legal repercussions.

The speakers argue that regulations should not hinder international information sharing and that vulnerability information should not be localized. They emphasize the importance of global cooperation and partnership in addressing cybersecurity challenges effectively. By overcoming barriers to information sharing and collaboration, the international community can collectively work towards a more secure cyberspace.

In conclusion, the analysis highlights the need for effective incident reporting and vulnerability information sharing in cybersecurity. It underscores the significance of international cooperation and the potential implications of regulations on global information sharing. The argument is made for regulations that foster collaboration rather than hinder it, ensuring that vulnerability information is not localized and that the global community can work together to address cybersecurity threats.

Charlotte Lindsey

The Cyber Peace Institute is an organisation dedicated to studying the impact and harms caused by cyber attacks. They recognise the importance of having evidence and data-driven understandings of the harm inflicted by these attacks. They emphasise the need for a context-aware approach to accurately calculate the harms and impacts.

One of the main concerns highlighted by the institute is the increasing targeting of vulnerable communities, specifically humanitarian, human rights, and development organisations, by cyber attacks. To help these organisations respond and enhance their capabilities, the institute has established a humanitarian cybersecurity centre and a cyber peace builders programme. This initiative aims to support these organisations in preventing and responding to cyber attacks effectively.

Understanding the impacts of cyber attacks on vulnerable communities is crucial for policy-makers. The institute believes that lessons learned from data analysis can be injected into policy discussions to develop efficient strategies and measures to address the issue.

During the height of the pandemic, attacks on healthcare infrastructure became a significant concern. Critical healthcare infrastructure experienced an alarming increase in cyber attacks. In response, the Cyber Peace Institute collaborated with the government of the Czech Republic and Microsoft to develop a compendium of best practices aimed at protecting the healthcare sector from cyber harm. This initiative provides guidance and recommendations for safeguarding healthcare facilities and systems from cyber threats and vulnerabilities.

The institute also stresses the need for clear accountability for breaching cybersecurity laws and norms. They are actively monitoring 112 different threat actors related to the Ukraine and Russian conflict. By holding these actors accountable, the institute aims to deter future cyber attacks and ensure a safer cyber environment.

In conclusion, the Cyber Peace Institute’s work revolves around deepening the understanding of cyber attack impacts and harms. They actively support vulnerable communities through their humanitarian cybersecurity centre and cyber peace builders programme. Their collaboration with the government and industry partners highlights the importance of protecting critical healthcare infrastructure from cyber threats. Additionally, the institute advocates for clear accountability to prevent future breaches of cybersecurity laws and norms. Overall, their efforts contribute to creating a more secure and peaceful digital space.

Regine Grienberger

Germany is actively taking steps to strengthen the normative framework for cyber behaviour. They are dedicated to implementing, monitoring, capacitating, and attributing cyber incidents. To protect critical infrastructure, Germany is developing national legislation in alignment with the EU directive. This signifies their commitment to safeguard essential systems and services from cyber threats.

In order to promote transparency and the sharing of best practices, Germany intends to document its progress in implementing cyber norms. By doing so, they hope to contribute to an international dialogue on cybersecurity and encourage other nations to adopt similar measures.

Germany has also established a national attribution procedure, which is coordinated by the Foreign Ministry. This procedure involves conducting comprehensive analyses and making informed political judgments regarding cyber incidents. By attributing cyber attacks, Germany aims to hold perpetrators accountable and deter future malicious activities.

Moreover, Germany recognises the importance of attributing cyber incidents as an essential practice. They believe that it is both achievable and necessary to respond effectively. Germany’s attribution procedure involves extensive analysis and political judgment, demonstrating their commitment to accurately identify and assign responsibility for cyber attacks.

Furthermore, within the context of the European Union diplomatic toolbox, sanctions are considered an instrument for responding to cyber incidents. This highlights Germany’s support for using sanctions as a means to deter and punish those responsible for cyber attacks. By leveraging sanctions, the EU aims to send a strong message that cyber aggression will not be tolerated.

In conclusion, Germany is actively working towards strengthening the normative framework of cyber behaviour through various means. Their efforts include developing national legislation, establishing a national attribution procedure, documenting progress in implementing cyber norms, and supporting the use of sanctions as a response to cyber incidents. These initiatives showcase Germany’s commitment to promoting cybersecurity, accountability, and international cooperation in tackling cyber threats.

Eugene EG Tan

This comprehensive analysis examines the viewpoints presented by Eugene EG Tan on various aspects of cybersecurity research and responsible behavior. Eugene expresses genuine excitement about a project that takes a broad perspective on cybersecurity, inclusive of diverse stakeholders such as states, industry, civil society, and academia. He believes that the project’s wide consultation and intersectionality greatly contribute to the richness of insights generated.

In terms of academic research in cybersecurity, Eugene argues that it has historically been limited to documenting state actions on an individual or regional level. He identifies a critical need for the development of universal measures of responsibility that can be applied across different contexts. Eugene suggests that this lack of common measurement has impeded progress in defining responsibility in the field of cybersecurity.

Furthermore, Eugene advocates for a collaborative and region-interactive approach within the academic community to enrich cybersecurity research. He highlights that academics often tend to focus on individual contexts or specific topics, but funding opportunities are now emerging, enabling cross-regional interactions. By broadening the conversation and understanding different contexts, this inclusive approach can greatly enhance the overall quality of cybersecurity research.

Controlling for cultural and contextual variables across different regions and states in a global study proves to be a significant challenge. Eugene acknowledges the difficulty in establishing a baseline definition of responsible behavior when conducting research on such a broad scale.

To address this challenge, Eugene suggests that it would be reasonable to identify common aspects of responsible behavior while also acknowledging deviations from the norm. This approach would help establish a baseline definition of responsible behavior and provide valuable insights into how the concept of responsibility varies across different states or businesses.

Eugene also emphasizes the crucial importance of implementing additional measures to ensure responsible behavior in cybersecurity. He believes that it is of utmost importance to determine how these measures can be effectively implemented to mitigate irresponsible behavior, subsequently benefiting the entire cybersecurity community.

Accountability and transparency are highlighted as key concerns in the use of commercial spyware. Eugene points out the lack of transparency surrounding the utilization of such tools and the pressing demand for a systematic focus on providing redress for victims. He argues for a coordinated response that effectively shapes the political and normative environment related to spyware. Furthermore, the ability to attribute responsibility becomes crucial in holding individuals accountable for their actions.

Eugene also supports the notion of state responsibility in protecting human rights and holding violators accountable. He emphasizes that states have a legal obligation to protect and promote human rights. Eugene fervently advocates for individual and collective action by states in bringing perpetrators of abuses, such as abusive surveillance technology, to account. He emphasizes the importance of relying on legal avenues, such as formal investigations and subsequent legal cases against the financiers and commissioners of abusive surveillance technology.

In conclusion, Eugene EG Tan highlights the need for a comprehensive perspective in cybersecurity research, the development of universal measures of responsibility, and a collaborative approach within the academic community. He emphasizes the challenges of controlling cultural and contextual variables in global studies, the critical importance of implementing additional measures to ensure responsible behavior, and the urgent need for accountability and transparency in the use of commercial spyware. Furthermore, Eugene supports state responsibility in protecting human rights and holding violators accountable.

Louise Marie Hurel

The analysis explores various perspectives on responsible cyber behavior and the challenges associated with its implementation. It highlights the importance of understanding different interpretations of responsibility in cyberspace, especially in different contexts. The global partnership, which involves over 70 scholars, aims to map practical understandings of responsible cyber behavior and how it is interpreted by different stakeholders. It emphasizes the need to give a voice to less dominant countries, as their interpretations of responsibility are often overshadowed by larger powers.

In promoting responsible state behavior, capacity building and proper implementation of cyber norms are seen as crucial. Germany, for example, has established a national attribution procedure to hold malicious actors accountable, while Regine Grienberger emphasizes the importance of monitoring and sharing information on the implementation process. However, it is also noted that attribution should be a political decision based on effect-based and responsible analysis, rather than an automatic step towards sanctions. There is a growing desire for sanctions in response to malicious behavior, with the EU having the instrument of sanctions in its diplomatic toolkit.

The analysis also stresses the involvement of other actors, such as the private sector, academia, and civil society, in promoting responsible cyber behavior. Louise Marie Hurel argues for more space to be given to less dominant countries in the debate, including private sector companies like Microsoft. She also highlights the role of academia and research in the global cybersecurity landscape, emphasizing the need to connect researchers with the realities on the ground. Hurel acknowledges the multifaceted aspect of cybersecurity, which encompasses statecraft, private sector involvement in conflict situations, and civil society engagement.

Trust-building and better interregional channels are also deemed essential for advancing responsible cyber behavior. Hurel mentions the Point of Contact directory within the Confidence Building Measures at the Organization of American States as an area for development. Furthermore, the analysis highlights the importance of creating a common understanding of responsible behavior in different states and regions, as well as identifying deviating elements in norms across different states to better understand variations in perceptions of responsibility.

The analysis also explores the nuanced implications of state regulations on cybersecurity. While regulations are necessary to ensure vulnerability disclosures and establish necessary procedures, there are concerns about whether these regulations hinder communication channels that are already established. Hurel advocates for careful contemplation and assessment when developing regulations to ensure effective communication channels and feasible job roles.

In conclusion, the analysis underscores the need for understanding different interpretations of responsibility in cyberspace, providing a voice to less dominant countries, capacity building, proper implementation of cyber norms, the role of sanctions and attribution in promoting responsible state behavior, the involvement of the private sector, academia, and civil society, trust-building and interregional communication, and the nuanced implications of state regulations on cybersecurity. It highlights the multifaceted aspect of cybersecurity and the importance of research and academia in connecting with real-world issues. The significance of creating a common understanding of responsible behavior and identifying variations in norms across different states is also emphasized.

Louise Marie Hurel:
Thank you so much for being here. We’re starting the session just in case you’re checking the room is building a global partnership for responsible cyber behavior. My name is Louise Marie Rell, I am a research fellow over at the Royal United Services Institute, which is a think tank based in London. So we work with security and defense and we have a cyber security program over there. And I’m leading a project that’s on responsible cyber behavior. And today I’m very happy to welcome you all to what is the regional launch of initiative as part of this project, which is called the global partnership for responsible cyber behavior. So what is then the global partnership and why is this important before I turn to our great speakers both here and online. So the focus of the global partnership is really to map practical understandings of what responsible cyber behavior means, how it’s interpreted by different stakeholders. And for this first year, we’re looking specifically at how states see responsibility in practice, what are the regional nuances, what are the contextual and cultural elements that shape the understanding of responsibility. And we have, as part of this global partnership, we have a structure. So we have an advisory board and I see that Chris is over here in the room representing the advisory board. Thank you, Chris. We also have members. So the global partnership consists mostly of researchers and research institutions from across different regions. So we have over 70 scholars and researchers involved. And the idea is that we have working streams for each of the regions and we’ll be producing regional papers out of that, which will be a global compendium on responsible cyber behavior throughout this next year. So it’s quite exciting. Stay tuned. But as part of thinking about the global partnership, I think there’s a bigger question of why is this important, why is this relevant and why now. So for those that have been following closely the UN negotiations, the open-ended working group, there are increasing tensions and there are things and tough questions that sometimes it’s very hard to deal from, let’s say, a diplomacy or a geopolitical kind of standpoint. But as a research community, this is something that we can do. We can ask tough questions. We can come together and look at our differences and our commonalities as researchers from across different regions. And I think there are other some challenges that are, let’s say, in the background of this conversation. So first, there’s a lot of understanding or, let’s say, even publication around big powers that often dominate the debate, and that’s fine, I mean, but that leaves little space for other regions and other countries to kind of vocalize their own kind of like understandings and interpretations. So I think it’s important to think about, you know, how do we think the research agenda around that. Second is that international peace and security discussions are the highest level of conversation that one can have when it comes to, let’s say, responsibility in cyberspace, right? And obviously, in the context of the UN, we’re talking about negotiating a document, right? So it’s a place where you actually have an output, which is a consensus document, and you don’t necessarily see the regional nuances in those particular documents. And perhaps you’re just focusing on the highest political angle. So responsibility is potentially not just that. There are other layers that we need to consider. And finally, that there is, you know, of course, a need for a greater, let’s say, contextual or cultural understanding of where the values that come into each country’s way of seeing and perceiving responsibility, in addition to these norms that have been agreed at the international level. So to think about that and to reflect, I think there’s nothing better to do this over at the IGF where we can actually have a multi-stakeholder perspective. So that’s the objective of our conversation here today, is to bring stakeholders from each stakeholder group to reflect on how they see responsibility in cyberspace in practice, to have their views. So we’re going to pick a bit. So it’s a snapshot of each of them because we only have an hour, but definitely and hopefully this is a trigger for food for thought and for future, let’s say, conversations that we can have around each of these topics. So today with me, we have two people online, but I’ll present all of them right now. So we have Regine Greenberger, which is joining us online. She was here. Some of you might have seen her, but she unfortunately had to leave, but she’s very kindly agreed to join us and committed to being online. So thanks, Regine. Regine is the Cyber Ambassador at the German Federal Foreign Office. We also have Pablo Castro over here on my side. He’s the Cybersecurity Coordinator at the Chilean MFA. And you have a crowd cheering for you over there as well. We have on my other side, John Herring, which is the Senior Government Affairs Manager at Microsoft. We also have Charlotte Lindsey, which is joining us online. She is the Chief Public Policy Officer at the Cyber Peace Institute. And we also have Eugene Tan. He is an Associate Research Fellow at the Nanjaratnam School of International Studies. And hopefully I pronounced that correctly, which is the shorthand for ISIS. And we also have Koichi Rokomiyama, which is the Director of Global Coordination Division at JPCert. So as you see, we have a lineup of government representatives, private sector, academia, and technical community here. But I’ll stop talking now because I think the most interesting bit is for us to have this kind of back and forth. And Regine, I hope you’re here with us in cyberspace and we can see you at any point. Is she online? Can you confirm with… Is she online, Regine? Yes? Wonderful. So Regine… I am. I am. Hi. Wonderful. Hi, Regine. Thanks for joining us. So Regine, the idea of this conver… Is really to be a conversation, right? So it’s supposed to be dynamic. Regine, I wanted to start with you for us to unpack some of the layers when it comes to what responsible cyber behavior means in practice, right? So while the discussion at the UN has really provided this framework for responsible state behavior, there’s still many nuances that we are kind of exploring, right? For some states, for example, responsibility might be seen as calling out bad behavior or irresponsible behavior through public attribution, right? Or sanctions, let’s say. So how has Germany been positioning itself with regards to that? Could you elaborate a bit?

Regine Grienberger:
Thank you, Louise. First of all, congratulations on the creation of this global platform. I think both the past OEWG and the current OEWG and also the attack committee negotiations on cybercrime show that the era when cyber norms were only negotiated by few capable states is definitely over. We have now the whole UN member states, the members involved in these negotiations. And also a lot more of non-governmental stakeholders, which is a good sign. But still, we need more smart people to sort out the complex issues that we have here. So I’m really grateful that you established this platform. Now for your question, I wouldn’t start with attribution. The first thing that I would like to mention, how states can strengthen the normative framework is, of course, implemented. It sounds a little bit trivial, but it is not. I mean, we in Germany have no problem with the negative norms. So refrain from, we would never attack critical infrastructure. But the positive norms, so like protect critical infrastructure, are much more difficult to implement. We have, for example, at the moment, negotiations about a national law that is going to implement a new directive on the European level. It’s the NIS directive, which is a legislation to protect critical infrastructure. It sets benchmarks and standards for entities of critical infrastructure. And it will request a lot more of cybersecurity experts to actually do this. I mean, to do all the jobs that are mentioned in this legislation. So where do we find them? So this is very difficult to implement. The second thing that states can do is, of course, monitor their own implementation and share it with others. In the last OEWG, we had discussions about a national survey. I think it was a Mexican proposal. And I think it’s a very good thing to document also what you are going or what you are doing in order to implement cyber norms. It’s also a way to share best practices and get others on board. And as we all know, it’s a cross-border endeavor to implement the cyber norms. So this is also a possibility to define the interfaces between national jurisdictions. Then the third element I would like to mention, still before attribution, is capacity building. And this has been defined in the last negotiation round as a two-way street. We had a very nice panel also during IGF describing the challenges to coordination for cyber capacity building measures. And I think we all have to do a lot more work to get this really going. It’s not only a question of money. It’s also a question of, again, human resources that have to be invested, but also coordination to get the right things done. And then the last thing is attribution. Attribution is holding malicious actors accountable. It’s very difficult in practice, but it’s doable. We reject this notion that you cannot properly attribute. I think we can. We have technical possibilities, and we have to use, of course, also political judgment to put this in the international, the observations that we do on a technical level to put these into an international context. So, we have established in Germany a national attribution procedure. The foreign ministry is the penholder of this procedure, and it works together with other ministries and agencies and intelligence services who might have intelligence or other effects to contribute to this procedure. And we do it in a very thorough, responsible way, so that when we go out with an attribution decision, you can be sure that we have the necessary background information collected and that this is something that is not done. It’s a political attribution because it’s a political decision, but in the basis, there is a really effect-based and responsible analysis of what has happened. So, sanctions still is something else. It doesn’t require attribution, and attribution doesn’t require automatically sanctions, but in the European Union, within the diplomatic toolbox, we have also the instrument of sanctions to use it together. And this is something that we will probably see more often in the future. There’s a lot of appetite for sanctions out there because malicious behavior is really increasing from different sides. So, I’ll leave it with that.

Louise Marie Hurel:
Thank you. Wonderful. Thank you. Thank you very much, Regine. And I think what we see from your, let’s say, points is that there are positive levers to thinking about responsibility, right? So, a positive understanding of responsibility where you build capacities, where you think about the development of national laws and how do you connect that with the regional level when it comes to the EU, right? I mean, implementing things like the NIS Directive, and also monitoring implementation. But there are also, let’s say, negative, not in the sense of a judgment call on it, but negative in the sense of what it proposes, right? There are also levers such as attribution and then sanctions that are within, let’s say, the statecraft toolbox to think about responsibility as something that’s external, right? So, there’s the internal responsibility of the state to necessarily have the capabilities and the capacities to be held accountable when it comes to its own citizens, but there’s also the external responsibility over there when thinking about if another state is acting or a non-state actor that’s within another state and vice versa that applies that vision of responsibility externally. So, Regine, thanks a lot. Given our time, I’m going to try to do a first round of questions, and if we have time, I’ll do the second round of questions just because I’m mindful of that. So, Pablo, so passing over to you, I know that over in Chile there’s a lot of discussions about the development of national policy right now, and also a national law, right? I mean, focusing on cyber security. How does it work then, and I know that one of the components is trying to connect, let’s say, the domestic institutions development, the principles with, let’s say, the framework for responsible state behavior and the implementation of international law in cyberspace. So, how, can you explain a little bit more and give us a little bit of an insight into that process because, as I know, it’s still underway, right?

Pablo Castro:
Thank you, Luis, with the timing to be very on time. Well, thanks very much for this invitation. It’s a very important, fascinating topic, and also congratulations on the global partnership. Well, it’s still a challenge because, basically, in Chile we started back in 2017 when we released our first national cybersecurity policy, and that policy, well, we tried to cover many things in cybers, you know, but we set up, I mean, five goals, and one of them was related with foreign policy, which is very important because, for the first time, the Minister of Foreign Affairs was really engaged in this process. And we basically, what we did was, okay, our foreign policy has a lot of, you know, principles, and we basically said those principles also apply to cyberspace, you know, respect of international law, promotion of human rights, you know, restraining multilateralism, and so on. So, we said those principles are there, part of the foreign policy, and also a part of our view and policy in cyberspace. That’s very important for us because it was quite easy at that moment to start, I mean, this work. There’s still, I think, and then our cyberdefense policy was released back in 2018, was also very important because it was, I think, one of the first times with the, we basically set a statement like the, for example, cyber operation will be conducted under the respect of international law, IHLs, and international human rights, and it was actually initiatives coming from the Ministry of Defense, part of the whole this process, you know. But even before that, the Ministry of Foreign Affairs started, I mean, to make those sort of statements. So, of course, in coordination with the Ministry of Foreign Affairs, unfortunately, maybe this policy is not, maybe too well known because it was released, I think, one week before the new administration was coming in 2018, but it is in English, so if everyone wants a copy of it, I’m really happy to share it with you. And I think it’s still a lot of challenge that we would like to address in the new national cybersecurity policy, which is the text is ready. It was approved by Inter-Ministerial Committee on Cybersecurity in May this year, and with respect to it, it can be released, you know, during 2023. The new policy is actually, I mean, a commitment to promoting, you know, international norms, the application of the international law in cyberspace, CBS, which is a very important component in our foreign policy. There’s been a lot of work we’re doing at the level of the U.S. with the establishment of 11 CBMs in cyberspace. And also, we will have a commitment to work in international cooperation strategy, you know, in cyberspace, and also on a national position, international law in cyberspace. I mean, it doesn’t mean we are not trying, I mean, to work on this, but now it’s going to be part of the mandate of the new policy, and I think this is going to be very important because it’s basically a commitment, you know, it’s coming from the president, and so we have a mandate, and so we have to be composed to work on this. But I think this is still a challenge when it comes to responsible state behavior in our regions, because, I mean, Regime 1’s measure of attribution, there’s not going to be too much discussion about attribution right now in our regions to see, I mean, what other states think about it. In my own experience, it’s sometimes been complicated when you speak and talk with your authorities, say, we were maybe under attack for some foreign power or something, and the question is, what is the benefit of making this attribution? I mean, is it something necessary to do, or made a press release? But I think there are some benefits, and it’s something we still need to discuss more internally at the level of the government, other ministries. As you know, in Latin America, you have this problem of governance of cybersecurity, where you don’t have, sometimes, national cybersecurity agencies are in charge of this. You have committees, et cetera. So that discussion is something we still need to improve more, and exchange view with other states, you know. We’ve been trying, I mean, to promote this sort of dialogue, I mean, what other states think about the application to national law. What is your experience on implementing the 11-0s law? I would like to mention what Serene said about capacity building, which is now a region that’s critical. It’s very important. The U.S. has been playing a very important role with a lot of training courses regarding application of international law. Because basically, if you want to take some important decision on this, and just develop a national position, you need people that could really understand what we’re talking about. So I think that could be, I mean, the only, I think, lawyer we have right now, Mr. Ford, which is really good, and it’s thanks to the training that we have, thanks to the U.S. And I want to actually, in that case, highlight the, I mean, outstanding work that’s been done for some states, like Canada, the United States, Estonia, the U.K., that have been actually helping to access these training courses. I cannot also mention the Global Emerging Leaders Program on cybersecurity. Thanks to that program right now on the Internet Global Forum, because basically, one of the main focus is to promote responsible state behavior. So I think it’s something that’s quite important in terms to promote this sort of dialogue. And I think global partnerships can play a very good role in our regions to try to, you know, create a sort of space for a state and come together, exchange point of view. But as I said before, it’s still a challenge. There’s a lot of things we can do. My aim is the next time there could be an attack to one state in our region, as Costa Rica, we can maybe come together and make a collective response to say we’re really condemning this attack. Not maybe necessarily to say who was behind it, but as the leaks have showed, it’s sort of condemnation. And I think it’s something that can be done, you know. Thank you. No, thank you very much. And I think it’s interesting to have two government representatives kind of in this panel, because then you have kind of two ways of thinking about, right, or the nuances already of thinking about that internal dimension.

Louise Marie Hurel:
And Pablo, you mentioned, you know, the whole development and the history of how Chile arrived where it is right now and what it needs to kind of like, it’s important to have the policy right now, because then the whole conversation of how to better connect the, you know, the domestic side of things and how the policies have been developed with the international kind of law and how to advance and to have that mandate, as you said, to be able to do that, which is quite important. And we know that in terms of policymaking. in the region, it’s really always about that. And I think your point and attribution is also quite interesting, right? It’s not necessarily that there’s a political interest in NME and shaming, but that on the other hand, this external responsibility is something that, you know, there needs to be a further trust building within the region to think about what are the channels, how can we make the POC directory within the CBMs at the OAS kind of advance in that way and be more implementable. So now I wanted to shift to you, John, because we talked a lot about states, but I think, you know, a huge part of the whole conversation about responsible cyber behavior goes through the private sector, right? It’s thinking specifically like big companies like Microsoft, right, as we’ve been seeing its engagement. So I wanted to do a very, very quick kind of question, and I think I’ll do a sandwich already with the second question that I was gonna ask you because I’m quite excited about that one. So the first one is really kind of, so as I said, responsible cyber behavior is broader than just thinking about state behavior. So what are the main lessons learned and perhaps the challenges of bringing together the private sector within the tech accord? I mean, many people, I imagine some might be familiar, but others might not. So do you wanna just do like a quick reply on that, and then I’ll just go for my second question because I’m very excited about it. Sure, yeah, thank you so much for having us and thanks to IGF for putting on this session.

John Hering:
For those who are unfamiliar, the Cybersecurity Tech Accord is a coalition of now 167, 168 technology companies from around the globe committed to some foundational cybersecurity principles, but really what it is is trying to be the industry organization that gives the industry a voice on matters of peace and security online. And the group’s been around for five and a half years now, and I’ll tell you what has not been a challenge is getting folks on the same page on that. It’s sort of been remarkable how much there’s been a lot of interest in joining the group. We kicked off in 2018 with just 34 companies and then pushing 170 now, and I think that reflects a lot of pressure that companies feel across the industry from our customers as cyberspace continues to emerge as a domain of conflict to make clear where do we stand, what is our role as the folks who are developing the products and services that are so often weaponized by various actors, but including increasingly governments. So it’s been easy to sort of get folks on board to say, hey, we have commitments to good security, protecting our customers, we are not interested in weaponizing our products and services to undermine peaceful security or peaceful technology. One of the challenges though is just sort of, I think, getting companies that have just such widely different capacities on the same page. Some companies, like you said, are very large multinational firms and have the resources to dedicate to some of these challenges, and for many of the companies that have joined the Cyber Security Tech Accord beforehand, familiarity with UN processes on peace and security online were very, very foreign. And so it’s been interesting to sort of bring a broader swath of the industry into the conversation. And we’ve also seen, I think, some real meaningful progress taken across the industry by virtue of the work of the Tech Accord, maybe most notably, starting a few years ago, we started encouraging companies to have coordinated vulnerability disclosure policies in place as a matter of just sort of baseline expectation. When we started calling on companies to do that within the group, there were, I think, maybe a dozen or so CVD policies that we could find easily online. And today you can find over 100 coordinated vulnerability disclosure policies from across that Tech Accord signatory base that are reviewable online and can serve as a proof point, I think, for action for that group, but then also a point of reference for other companies seeking to think about, well, what would a CVD policy look like in our particular context? So that’s just one example, and yes, you debrief, so I’m gonna cut there. No, that’s fine, and I said I was gonna do one round,

Louise Marie Hurel:
but I’m gonna squeeze in, just because of our time, the second question over here to you, John, which is, you talked about the Tech Accord, and I think it’s a really interesting kind of like endeavor to kind of bring folks together from industry and across, as you said, like different levels, you know, not necessarily just strictly tech companies, right, I mean, in that case. But when we think about Microsoft’s role specifically, and I mean, that doesn’t apply just to Microsoft, but maybe other companies that have been engaging, like in context of conflict, crisis scenarios, right, I mean, the war, the Russian-Ukrainian war. So what is the role, then, of the private sector in those contexts, right? What is the responsibility of the private sector in engaging in conflict situations, as we’ve been seeing right now in Ukraine? So what would you say about that?

John Hering:
So a lot of that question, I don’t think, is my place or Microsoft’s place to answer in terms of what is the proper role of industry as it relates to armed conflict. I will say it’s something that’s been thrust to the fore, though, in the past year and a half since the war in Ukraine started, and certainly Microsoft has played a very forward-leaning role here. I should say that the Tech Accord early on in the conflict also did come out with a statement on industry responsibilities in times of armed conflict. But in particular, for Microsoft, I think we focus on doing three things as it relates to the conflict in Ukraine. The first is hardening security for our customers that are in the region. If you’re gonna be exposed to particularly sophisticated threat actors, making sure we’re providing the best security that we can. We did a lot of work to migrate Ukrainian data into secure cloud environments, which made data centers in Ukraine redundant targets. We also did a lot of work, then, on the active defense side. It’s the second thing we’ve done. We’ve responded to now, I think, upwards of 10 different generations of wiper malware in the context of the operations targeting Ukrainian data. And then the third, and this has been, I think, something we’ve leaned into more over the past year in particular, is regular reporting on what we’re seeing in the context of the war in Ukraine. We’ve redoubled, I think, a lot of our efforts around threat context analysis in particular, so not just talking about what one cyber event was, but painting a picture about the activities of a broad threat actor group, how they’re aligned, then, and oftentimes with a military campaign. We’ve seen, often, missile strikes either immediately preceding or taking place right after cyber operations, often against the same targets or same geographies. Microsoft obviously can’t know the level of coordination and where that takes place within government agencies, but the correlation would seem to suggest that. And then the other, but Microsoft certainly hasn’t been alone in this. There have been a lot of private sector companies that have been leaning forward in similar ways, and then, obviously, a lot of the success of those efforts to thwart cyber operations in the context of that conflict are attributable to the work of the Ukrainian CERT, which was so prepared to readily provide necessary authorizations, to move quickly, to coordinate the efforts of a broad multi-stakeholder coalition. This is sort of the first example we’ve ever seen of large-scale hybrid warfare. It certainly won’t be the last, but I think one silver lining and encouraging element here is that it looks like a robust multi-stakeholder coalition that is well-coordinated and determined can at least ensure that as this emerges as a domain of conflict, there can be asymmetric benefits to defenders.

Louise Marie Hurel:
Wonderful. I think that gives us a lot of food for thought. I mean, of course, there are various types of companies engaged, right? I mean, tech companies, threat intelligence companies, and you can go more and more kind of nuanced in the classification of companies involved in conflict. Right, I mean, they’re evolving questions of whether they are combatants or not, on whether the private sector has an extra responsibility because they’re infrastructure providers. But anyway, I wanted to pass over to Charlotte because since we’re talking about conflict situations, I wanted to also talk about the more, let’s say, human element and the organizations that sometimes are the primary target, or let’s say the ones that suffer the spillover of a lot of that geostrategic competition. So Charlotte, I don’t know if you can hear us. I just wanted to check. Yes, I can hear you. Can you hear me? Lovely. Thanks so much, Charlotte. It must be so early over there. So thanks so much for joining us. So Charlotte, I know that Cyber Peace Institute has been doing a really great work in trying to measure the impact of the harms that cyber incidents have to civilians and to civil society organizations. And normally, individuals in civil society organizations and the third sector are left by themselves to actually know how to best respond or to protect themselves and their infrastructure. So could you share a little bit more what can be done better to support these groups? Thank you, and good afternoon.

Charlotte Lindsey:
I’m really sorry I can’t be there in person, but thank you for inviting me today. So yes, the Cyber Peace Institute has been working to understand the impact and harms of cyber attacks. And I think firstly, it’s important to build evidence and data-driven understandings of the harm inflicted by cyber attacks. There’s always a lot of hypotheses, but I think what we’ve been trying to do is really foster more context-aware approaches so of the harms and impacts, so that we can also look at then what’s the best way to support and engage in capacity building and building resilience for particularly vulnerable communities. And so I think that’s a very good starting point, understanding the evidence and data-driven impact and harms. What we’ve been looking at, for example, a particular vulnerable group who’ve become more and more impacted and targeted by cyber attacks are humanitarian and human rights and development organizations that are working to support victims of armed conflict and vulnerable populations in crisis situations. And what we have done there is really built both a humanitarian cybersecurity center, but also a very specific cyber peace builders program where we match the needs of individual organizations to cyber resilience and capacity building support that can be provided free to those organizations to help them respond and build their capabilities to prevent or to respond to attacks. And I think that’s a very important point, but then also on the policy side, it’s really important to take the understanding and lessons learned from that and inject that understanding into policy discussions, for example, at the Open-Ended Working Group or the Ad Hoc Committee on the Cybercrime Convention in order to be able to say, look, this is what is happening and this is what needs to be done to prevent that. Another particularly vulnerable community we saw during the pandemic was the healthcare community. And we saw also during the pandemic, particularly the heightened two years of the pandemic, we saw increasing attacks against very critical infrastructure, the healthcare infrastructure linked to the response to the pandemic. One of the things that we did with our partners there, which is the government of the Czech Republic, Microsoft and the Cyber Peace Institute, we built a multi-stakeholder compendium on best practices on protecting the healthcare sector from cyber harm, which was looking at really practical recommendations that could improve the resilience and protection of the healthcare sector. So another concrete way is looking at the data, what it’s telling us about what the harms are, putting together those people who are impacted from the healthcare sector in this case, looking at practical recommendations of what’s worked and then building that into resilience programs. And then just lastly, we’ve been working over the last two years on the cyber attacks in times of conflict, particularly related to the Ukraine and Russian conflict. And there we are monitoring currently at the moment, 112 different threat actors who are very loud and proud about the attacks that they’ve been carrying out. They have been self-attributing. So obviously that there still needs to be more technical, policy, legal attribution behind that. But I think that speaks to what Regina and Pablo were talking about at the beginning, about being very clear about the responsibility of states, also to make sure that attacks don’t happen from their territory or to then potentially hold persons accountable for that. And I think that will be very important steps going forward, looking at how those who’ve breached the laws and norms are going to be held accountable.

Louise Marie Hurel:
Thank you so much, Charlotte. And I think that starts to paint to us like a, let’s say a gradient of understandings of responsibility that are complimentary, right? We discuss the national, like the domestic and the external notion of responsibility when we’re talking about statecraft and what that means when it comes to applicability of the norms. We talked about the private sector and the evolving understanding of what it means to engage in conflict situations, being a company, not that private sector has not been involved in Lincoln conflict. I mean, when we look at other, let’s say, contexts, it’s not new. But I think when we’re talking about the tech sector engaging in protecting and providing support and assistance, then maybe we’re talking about new dimensions of responsibility over there. And now, looking at the third sector, looking at civil society organizations and what the Cyber Peace Institute has been doing, I think there’s extra layer of responsibility there, which is thinking about how the civil society organizations can feed back into government and say, these are the harms, be very thorough about the data that we collect and be able to hold them accountable for the actions and the spillovers of many of these activities, right? And Charlotte, I will get back to you on the second question, definitely. So I will now pass it over to Eugene. So Eugene, now we’re in the sweet spot because as a person that comes from academia, you know, my heart goes out to you as well as a fellow person from the same sector. So I was wondering, at the heart of the global partnership really lies this commitment to foster research-led dialogue with different views from different countries and regions on the topic. Are we doing enough as a research community to really connect to those realities or are we really in our own silo? So how does RSIS kind of done and worked through those different silos? Thanks, Louise.

Eugene EG Tan:
So let me first say that it’s an honor and a privilege for RSIS to be involved in this project. And I think this project represents a wonderful opportunity for us to shape and build what responsible behavior in cyberspace looks like from a global multi-stakeholder perspective through dialogue and research. So for the longest time, I think academic research has been done on a very individual regional case study basis where actions by states are documented and on the actions and commitments made by states. And it’s from this where we draw what we think is best practice and also maybe implement it in a arbitrary manner. So what I think has been lacking in research is this common measurement of what responsibility actually is, which is what makes this project so exciting. What makes this project doubly exciting is how wide the consultation is and the intersectionality that each individual on this panel or online or even in this room here brings to the whole project. This means the discussions, the findings come from a group of people and not just a snapshot from a specific region or from an academic perspective, but rather one which considers a wider context of responsibility with states, industry, civil society, academic view coming together on a very global scale. So bringing back to your question about having the need to connect different realities when doing comparative studies among the region. So I think as an academic community, we haven’t necessarily done enough talking across regions and academics tend to focus more on our individual contexts when talking about cybersecurity. This can be area studies, these can be specific topics that you’re interested in. But I think that has been changing, especially when funding is starting to come online where academics like myself can actually interface with different regions. I mean, I met you first in Mexico. What’s an ASEAN person meeting someone who is based in Europe doing in Mexico, right? So doing so helps us build that bridge, helps us understand the different contexts that we actually reside in. And I think this broadens the richness in conversation, broadens the conversations that we have. And I think we’re all richer for that, yeah.

Louise Marie Hurel:
Wonderful, and I wanted to follow up on that, actually, Eugene. And yeah, it’s quite interesting that the need to connect to the global, let’s say, research community around this, and definitely it’s at the heart of what the GPRCB, the Global Partnership for Responsible Cyber Behavior, seeks to do. But Eugene, what can we do better? I mean, you started alluding to some points over there, but what can we do better to develop a research agenda that’s more attentive to the cultural, contextual kind of elements that might play into defining responsible cyber behavior? So you’re asking a fellow academic how to do research design. Yes, absolutely, because I mean, this is part of what we can do, right? Yeah, so personally, I think, because this is a global study,

Eugene EG Tan:
it’s gonna be really difficult to control for all the cultural and contextual elements across the regions and different states. So what would be reasonable would be to pull out the common strands of what constitute responsible behavior and note these deviations from the norm. This would enable us to put out a document which potentially defines responsible behavior as a baseline rather than building on existing research, which is to provide a case study on how states think or how businesses think, how they’re being responsible, because it’s such a nebulous concept of responsibility. There is no one measurement, like I was speaking about earlier, because there’s no one measurement. Everyone thinks they’re responsible, right? So it’s how we draw out these extra measures, how we could actually inform the whole community as a whole, how these extra measures can be actually implemented that will bring value to the whole ecosystem.

Louise Marie Hurel:
Absolutely, and I think, if what I’m hearing potentially is painting a spectrum of responsibility. So we already have the norms, right? They are at the international level. How they’re interpreted, we have the area studies, of course, but I think your point on understanding the deviation element is quite fundamental, right? And how do we access those, let’s say, practices to be able to draw that. So that is part of what we’ll be doing like in the next year so that’s quite exciting. I wanted now to turn to Koichiro. So Koichiro, you know, you have been engaged in so many different bits and pieces of the of the technical community, right, as JPCert, being part of FIRST’s advisory board and so on and so forth. So I wanted to speak to you particularly about, you know, the certs have a really important role. So at the UN, you know, the norms, there’s a norm to protect certs against being targets and they have a fundamental role in maintaining the security of networks and systems and for many years now. But many countries have now establishing, have established reporting requirements, right, and we already discussed that a bit, for incidents. Is it realistic to expect organizations to report incidents within a short time frame sometimes or to have governments require that some vulnerabilities and incidents be first reported to them? So I see that there’s a responsibility from the side of the cert community, right, but is it realistic to expect some certain things from, especially when it comes to vulnerability reporting and reporting requirements, is it realistic to expect that given your experience in the field? Thank you, Ruiz. Hello everyone, my name is Koichiro

Koichiro Komiyama:
Sparky Komiyama from Japan Computer Emergency Response Team. Well, you know, I’m glad that Ruiz mentioned the role of CSERT or cert to protect the global Internet and my contribution is to explain the role of CSERT has been changed slightly since last few years. I have three points. First, of course, we see more rules or regulation or local registration for anyone to report the vulnerability and incidents to authorities, which also, which includes, for example, India’s case, reporting cybersecurity incident to CERT India, the Indian CERT, within a few hours of occurrence or since I spent a week in IGF meeting room this week, I just learned Sri Lanka will have a similar regulation in a few months and I also like to note certain, you know, there are many other authority or government agencies who to receive the security incident reports. For our case, Japan, if there’s a cybersecurity incident, they share information with JP CERT or National Cybersecurity Center, but if it is, if the case is associated with personal information leak, then they have another government-led commission, which they are mandated to report up. And just recently, US Securities and Exchange Commission also introduced a new regulation for incident disclosure to US financial institutions. Now, my second point is, you may be not familiar with what we are receiving. For example, JP CERT, we receive 20,000 cases or incidents per year and about half of the cases or half of the incidents, we need to engage or we need to communicate with someone in United States, the ISPs, platformers, researchers in United States. Then, that’s a half of our received report. Another 30 to 40 percent, we need to reach out to China. So US-China combined is more than 80 percent and from this fact, I like to suggest to you, cyberspace may not be as global as you imagine. What’s crucial on the internet is not this part, not very, not very distributed, but rather concentrated in a few places on earth. And the other thing is, you know, often regulator misunderstood. If they got more information, they can make more accurate decision or assessment. To us, like among 20,000 incident cases, what we like to see is less than 1%. Only, you know, less than 100 cases can be used or can be very beneficial for us to analyze what type of APT attack is happening, which specific Japanese critical infrastructure is compromised already, and others. The rest is not a garbage, but it’s not something, you know, it’s not very informative or actionable, at least for us. Now, I’d like to conclude my last point. The worst-case scenario is the local registration hinder or undermine the international or global information sharing, which we have been, we have been doing for us 10 or 20 years. Log4j is a very good example. There’s a common software library widely used everywhere, and this vulnerability was first identified by a Chinese researcher working for Alibaba’s subsidiary. They made a great job to identify the issue, and then also sharing it with Log4j developers immediately. But far from being praised or get a reward, you know, they are summoned by Chinese authority, and since then, there’s a chilling effect among Chinese security researcher community. I do not expect they can be, you know, they can share vulnerability information with, for example, JPSET or other government agencies in the future. So, like we see data being localized, we also see vulnerability information being localized, and we’re in the middle of the process, and I don’t have, yeah, and I like to, you know, together with you, I’d like to explore how we can fix this issue and, you know, make sure vulnerability information being shared among stakeholders who should be, or who should know. Thank you. Thank you. Thank you very much,

Louise Marie Hurel:
Koichiro. I think then we see a double entendre over there, because it’s, on the one hand, you know, the state, and we go back to, like, Regine and Pablo over here, where they were talking about, you know, as a state, we need to actually kind of develop, like, regulations and develop national policies that we make sure that we have, you know, vulnerability disclosure, that we have kind of, like, procedures in place, and then, on the other hand, it’s kind of like, let’s think more carefully about, you know, what the procedures are and, you know, whether that actually hinders our communication channels that have been established, right? And I think, you know, we could see that is not just the case of, let’s say, Log4J, but we could talk about, like, the NIS directive. When all of these regulations come first, right, there’s always this process of adjusting in many ways, like, is the timing correct for expecting certs to report? Is it responsible? I mean, it’s an understanding of what certs are responsible to do, like, what’s their responsibility, but at the end, I mean, is it feasible or not? And I think we’re always trying to figure that out in one way or another. We have 10 minutes left, which I think it’s, like, thanks so much to my panelists for really sticking to the time, and I wanted to open the floor to all of you, whomever has any questions to the panelists. I definitely have lots of questions, and I imagine, hope you have also questions to each other, but I wanted to open up the conversation. Are there any questions from the audience or any kind of comments or anything, if we have government representatives in the room that would like to share also their views, that would be great,

John Hering:
or are we just very tired because it’s the last day? Absolutely, go ahead. I think co-signing a lot of the same concerns and would advise a lot of policymakers to start thinking about what the impact, especially to the security research community, is going to be of any policies you’re pursuing, because it’s not just some of the ones you were citing, but also, you know, the current negotiations around the Cyber Resilience Act in Europe, which would mandate reporting of, you know, non-exploited vulnerabilities to, you know, central government agencies, which are not in a position necessarily, then, to take action to fix that, and making sure that we’re reporting in a way that is prioritizing getting a fix and keeping customers and users secure, and also, just emphasizing your point that there’s then people who want to replicate that policy. You kind of create a race to the bottom where you have different imitators who are all sort of creating similar vulnerability reporting requirements, which may not be in the interest of actually the best product security and keeping the most sensitive data secure. Great. Any other points from the audience? No. Everyone’s very tired. It’s the

Louise Marie Hurel:
last day of the IGF. I get you. It’s overwhelming. I wanted to go back to Charlotte. Charlotte, if you’re still online, hopefully. Are you there? Yes, I’m here. Lovely. Charlotte, I wanted to follow up on, let’s say, this dimension of civil society organizations, right? I think it’s undeniable when we’re talking about, you know, state responsibility, when we’re talking about private sector responsibility, there’s an interesting spot, which is definitely the development of commercial hacking tools or spyware, which is often a very tricky topic, both for democracies and, let’s say, those in the spectrum and even authoritarian regimes. So, what kinds of accountability measures do we need to be setting in place to protect citizens from

Eugene EG Tan:
the misuse of those kinds of technologies? Thank you. It’s a great question, and there’s probably a very long answer, but I will try to keep it short in view of the time. Firstly, I think, so the use of commercial spyware surveillance tools, the associated lack of transparency, the consequences of its use and abuse on human rights and respect of laws. So, we see this as a growing and very lucrative market, and I think the issue of accountability, first, we have to look at as being a responsibility of all actors. Particularly, we also have to look at the focus on how do we get redress for victims? So, if their governments are able to hold accountable those who cause the violations of human rights, what’s the redress to victims? But if we look at some of the measures that need to be taken, and we’ve talked about this before on here, public attribution. So, you have to be able to identify the actor and build on and complement and reinforce findings of any technical analysis to achieve accountability. You have to be able to hold somebody accountable. So, attribution is going to be a very important aspect of this. Then, looking at legal action, we’ve seen some countries who have taken legal action now. So, formal investigations, and then if those investigations build enough evidence and cases to then be able to bring legal cases, which will then focus attention on who commissions, who’s financing and sanctioning such abusive use of surveillance technology, and that can support driving accountability. I think that we do, I think it’s important to look at, you know, states have a legal obligation to protect and promote human rights and hold those who violate them to account. So, you know, looking at state responsibility and how states are taking up this responsibility is important. And then, also looking at how do you operationalize accountability at the international level? And I think this is going, this is very important. So, collectively, governments have to shape the political and normative environment related to spyware, and particularly where spyware is now being carried out as a service to and abusing human rights. So, that needs to have a coordinated response to ensure responsible state behavior at the international level and to promote accountability between states because, obviously, there’s a lot of cross-border issues that are critical here. So, states will have to act on their responsibilities in order to engage individually and collectively to bring perpetrators to and hold them accountable. But accountability also requires transparency, and I think that’s one of the very difficult things about this use of offensive surveillance software or spyware. And that’s something that has, there has to be a willingness to be much more transparent about what is today a very opaque market about the supply and the demand and the use. So, transparency is a really important step. And then, yes, as I say, I think there are a number of laws, norms that can be brought to, that can be invoked. And I think that’s going to be very important to look at where human rights of individuals have been breached, holding them to account that can be under something like the International Covenant on Civil and Political Rights, the Covenant on Economic, Social, and Cultural Rights. So, there are a number of ways forward. I would just like to conclude by saying there is actually between a collaboration ongoing to a number of civil society organizations at the moment, and co-chaired by the Paris Call and the Cyber Peace Institute, where we’re working on a multi-stakeholder agreement for transparency around this spyware and cyber mercenaries market. And this, the first iteration of this will be brought to the Paris Peace Forum in November. Wonderful. I see that you want to

Louise Marie Hurel:
chip in. Yeah, just two quick points also on accountability, because I saw a colleague earlier today who, on the other side of IGF, she was saying, oh my goodness, we’re having the exact same conversation on cybersecurity that we were having when I left cybersecurity five years ago.

John Hering:
But I, like, want to assure folks that things are moving forward, and especially as it relates to accountability, you know, first on accountability via attribution statements. One thing that’s been really exciting over the past year, year and a half, has been to see government start to, really for the first time, include norms violations explicitly in attribution statements that they’ve released publicly, which has been sort of the first innovation in a public attribution statement that I’ve seen in a while. And my jaw dropped it when I saw it, so I hope yours can now too. And then the second piece has to do with the sort of, again, that innovation of the use of cyber operations in the context of an armed conflict. And we did see just probably six weeks ago now, the ICC prosecutor come out and say publicly that his office has a mandate to, and will be, investigating the potential of cyber-enabled war crimes for the first time, which when you think about what it would mean to uphold expectations for responsible behavior, both in the context of peacetime, but then really importantly in the context of warfare, that’s a really important innovation or, you know, evolution as well. So just one more thing to add. Absolutely. Any of the other panelists would like to chime in or have a tweet of a last remark? No? I’ll trigger then Regine and Pablo very quickly

Louise Marie Hurel:
if they want to respond to this. So I think in terms of the last point on thinking about transparency measures and accountability, over at the OEWG, there has been a lot of discussions as well as to whether include the actors like, you know, cyber mercenaries or include, you know, SPIRA as something that’s more explicitly defined or made recognizable in the emerging threats kind of discussion there. How can we evolve that particular kind of discussion? Is it ripe for inclusion or is it ripe for further kind of elaboration or discussion on, let’s say, these kinds of emerging threats right now over there? Because I know this was one of, let’s say, a key point of contention. So I don’t know if, like, again, a tweet from either Regine, if you’re still online, if you can hear us, or you, Pablo, putting in the last spot over there.

Pablo Castro:
So, Regine? No? Okay. It’s a good question. I think in my point of view, just maybe a personal point of view, when it comes to in our conversation and how to move on at the working group, you know, in different, you know, sections, it’s sometimes we have to be very careful about what exactly we want to put there because, you know, we have to agree by consensus. So that’s the point, you know, how you can start a conversation, discussion, and things with definitely things that could be important, you know, there. But the other point is, if we start some conversation, things are probably going to create maybe not the consensus we want. It’s going to make our conversation more difficult in the very end. So it’s a difficult balance. Now, it is true that, especially in the threats, you know, we were including, for example, artificial intelligence and new techniques, but I still want to be sometimes a little bit careful because we, especially in AI, for example, that we just start to maybe other conversations, other discussion, and I think it’s probably one of the challenges we have in emerging technologies, you know, where exactly we have to discuss one of the things or another. But it’s still up to the state, you know, to, in a way, to try to see how we can address this point. The cyber mercenary can be something really challenging. I used to be in charge of mercenary years ago. It’s a concept that I’ve never seen before, but I think it’s something that, in a way, it is reflected, you know, the concern of some state. In that case, of course, it’s legitimate to discuss this in that forum because that is the place that we have right now to have this conversation. So, in a way, we cannot stop it, but, again, how can you see if we cannot not create this problem at the very end, especially at the end of Friday in the United Nations when everyone wants to really, I mean, go back home, let’s try to get this consensus. Thank you. Thank you, and thanks

Louise Marie Hurel:
for taking that last kind of, like, curveball over there. Well, I just wanted to thank you all for sticking over here. I think having a, you know, a slightly kind of full room at the end of the IGF is not trivial at all. I hope you can stay in touch. The Global Partnership for Responsible Cyber Behavior has its website where you can access more information on our members, our institutional partners, and please do get in touch if you want to get involved in doing research, and I’d like to thank my panelists, Regine and Charlotte, that are online. Thanks a lot, and thanks to all of you, and keep in touch.

Audience

Upon analysing the statements presented by the speakers, several key points emerge regarding internet governance and youth engagement. Firstly, mentorship is highlighted as a crucial factor for newcomers in the field. A speaker mentions being mentored by a veteran from Brazil, named Davi, who had a significant impact on their career and understanding of internet governance. The role of mentorship in shaping one’s understanding and participation in internet governance is cited as a crucial factor.

Additionally, there is an advocacy for improved communication strategies to engage more people, particularly youths, in internet governance. The speaker acknowledges the relevance of studying communications in relation to internet governance. They also praise the Youth Atlas initiative as an example of successful attempts to engage youths from diverse backgrounds in internet governance.

Furthermore, the significant participation of young people at recent events is emphasised. Youth involvement, especially at the Latin American Caribbean IGF, was notable, as large numbers of sessions were proposed by youths and their voices were heard, demonstrating their active involvement in the field.

In terms of inclusion, the importance of including more voices from indigenous people, people with disabilities, and other minorities is stressed. The need for diversity and representation within the field of internet governance is emphasised, indicating the desire for a more inclusive and equitable environment.

Moreover, the speakers highlight the significance of speaking out, even in the face of adversity. They encourage individuals to persevere, even if they are nervous or make mistakes in English pronunciation, emphasising the importance of having the confidence to voice opinions and engage in discussions.

The value of youth participation in the tech space is also recognised. The speaker, who was once a newcomer but has now become a veteran with numerous connections in the tech industry, explores youth involvement in the policy network concerning internet fragmentation, which was presented in the main session.

The aspect of learning and development in the tech space is emphasised, with the speaker emphasising that support is readily available and there is always a learning curve present. The journey of development is acknowledged, with appreciation extended to everyone involved in the process.

Moreover, youth participation programs at internet governance events are considered valuable. The speaker’s own career trajectory serves as an example, highlighting the positive impact of such programs on career development and networking opportunities.

Persistence and dedication are identified as essential qualities for personal growth. The speaker shares their own journey of progress and growth, attributing it to persistence in pursuing their goals and aspirations.

Furthermore, the growing relevance of issues such as privacy and AI within the field of internet governance is acknowledged. The importance of these issues is substantiated by the observation that there is an increase in investment and attention directed towards them over time.

In conclusion, the analysis of the statements reveals the importance of mentorship for newcomers in the internet governance field, as well as the need for improved communication strategies to engage more people, especially young people. The substantial participation of young people at recent events underscores the importance of youth involvement. Inclusion, diversity, and representation are highlighted as crucial elements for a more equitable environment. The significance of speaking out, youth participation in the tech space, and support for learning and development are recognized. The growing relevance of issues like privacy and AI indicates the evolving landscape of internet governance.

Juliana Novaes

The Youth Atlas is a comprehensive documentation of the experiences and journeys of young individuals in the internet governance ecosystem, specifically those who have participated in IGF fellowship programs. The idea for this initiative stemmed from discussions about measuring the impact of these programs on young participants. The inaugural edition of the Youth Atlas was launched in 2019 at the IGF Berlin, marking an important milestone for this resource.

Despite progress in youth representation within the IGF, challenges persist within the internet governance sphere. These challenges, although less prominent now, continue to hinder the full engagement of young people. Difficulties in obtaining approval for IGF sessions and securing funding to attend events are some of the barriers they face.

Notably, youth initiatives in internet governance heavily rely on volunteer work and personal time dedicated by individuals. The inaugural edition of the Youth Atlas was completed in under three months by a team of volunteers, who have all been acknowledged and credited in the book. This highlights the importance of individual passion and commitment in promoting youth involvement.

Greater youth involvement is essential for fostering a healthier and more collaborative culture within internet governance. The Youth Atlas serves as a source of pride and inspiration for young individuals in the field, aiming to encourage more initiatives that empower and support their participation. By amplifying their voices and experiences, the Youth Atlas strives to create a platform for youth-centric initiatives that contribute to inclusive and progressive internet governance.

In conclusion, the Youth Atlas is a valuable record documenting the journeys of young individuals in the internet governance ecosystem, particularly those involved in IGF fellowship programs. While challenges persist, efforts are being made to address them, recognizing the significant role of youth initiatives in shaping the future of internet governance. By promoting youth involvement and providing inspiration and resources, the Youth Atlas aims to contribute to a more inclusive and collaborative internet governance landscape.

Veronica Piccolo

The meeting introduced the second edition of the Youth Atlas, which focuses on tracking the pathways and impact of young people in internet governance. It serves as a comprehensive tool for understanding and highlighting the role of young people in this field.

During the meeting, a key emphasis was placed on clear communication. Participants were encouraged to speak clearly and at a reasonable pace to ensure effective communication. The Q&A session also encouraged questions from both on-site and online participants, promoting an environment of open dialogue and information sharing.

In addition, maintaining a respectful and inclusive environment was highlighted. Participants were requested to uphold respect and inclusivity both in the physical meeting space and in online interactions. This focus on inclusivity is aligned with the Sustainable Development Goals of Gender Equality (SDG 5) and Reduced Inequalities (SDG 10), aiming to create an environment that fosters equal participation for all.

The Youth Atlas is divided into four sessions, each addressing a specific aspect of youth engagement in internet governance. The first session focuses on data and statistics, providing an overview of the development of youth engagement over the past two or three years. The second session entails interviews with individuals who have been engaging in internet governance for three or more years, offering insights from experienced participants. The third session is dedicated to newcomers, providing them with relevant information and resources to get started in the field. Finally, the fourth session focuses on youth programs, highlighting their significance and impact in the internet governance landscape.

Despite the challenges faced during the creation of the Youth Atlas, such as a tight timeframe of less than three months, the process demonstrated dedication and international cooperation. Volunteers from diverse countries contributed to the project, showcasing the importance of youth engagement in internet governance.

The Youth Atlas aims to inspire, empower, and promote personal growth among young people in the internet governance sector. It highlights the contributions and achievements of young people, validating their roles within the internet governance ecosystem. This aligns with the Sustainable Development Goals of Industry, Innovation, and Infrastructure (SDG 9), Gender Equality (SDG 5), Reduced Inequalities (SDG 10), and Quality Education (SDG 4).

The meeting also acknowledged and appreciated youth participation and initiatives. Anja Gengo was specifically recognized for empowering youth and encouraging their participation in IGF initiatives. The positive influence that young people can have on senior stakeholders was also acknowledged, with Veronica Piccolo and Emilia working together to set up a youth IGF in Ethiopia.

Veronica expressed excitement and admiration for Pyrate Ruby Passell, who became the youngest person in the IGF youth track at the age of 14. Pyrate’s extensive involvement in the internet governance environment since joining a year ago was also commended. Veronica showed curiosity and interest in understanding Pyrate’s experience as a younger member in the IGF.

Veronica also expressed interest in Pyrate’s activities within the Teen Dynamic Coalition, highlighting their contribution as one of the highlights in the Youth Atlas. The book features both a printed version and a digital edition, with the digital edition including interactive content such as QR codes linking to video interviews and a Spotify playlist curated by Pyrate.

Overall, the meeting emphasized youth empowerment, career and skill development, and the importance of youth engagement within the European community. The Youth Atlas publication was highly recommended, with young participants invited to obtain a copy. The progress made in youth engagement and initiatives since the first edition of the Atlas in 2019 was acknowledged, reflecting global youth engagement in internet governance.

Anja Gengo

The Youth IGF initiatives have seen significant growth in youth engagement through the organization of webinars and summits in various parts of the world. These events have successfully attracted thousands of young people from all over the globe, demonstrating the increasing interest and involvement of youth in important global issues. By providing a platform for dialogue and capacity development, such as the Youth Summit held in Poland, these initiatives have created spaces for both senior and junior leaders to come together and exchange ideas. This intergenerational dialogue is crucial in fostering leadership and partnership for the achievement of the Sustainable Development Goals (SDGs).

The IGF Secretariat has been actively working towards simplifying the process and channels for youth engagement. They have organized capacity development workshops in regional IGFs to enhance the skills and knowledge of young participants. These efforts aim to provide easier access and avenues for youth to contribute to discussions on topics such as quality education and industry innovation and infrastructure, which are central to the SDGs.

The IGF meetings, held in Finland, Colombia, Australia, and Nigeria, have played a vital role in taking youth engagement to a global level. These meetings, organized by different youth IGFs, have provided opportunities for young people to participate and contribute on an international scale. This has expanded the reach and impact of youth engagement, moving beyond the conference level and facilitating meaningful involvement in global conversations.

Despite the challenges faced, the enthusiasm and energy demonstrated by young people in these initiatives give confidence for a bright digital future. Many young participants are digital natives, equipped with the necessary skills and knowledge to navigate the digital world. Their involvement in global initiatives contributes to the promotion of decent work and economic growth. It also highlights the importance of embracing digital advancements in shaping a promising future.

The 18th IGF meeting was considered a success from the youth perspective due to the commitment and dedication demonstrated by young participants. Their active involvement and contributions have made a significant impact on the meeting’s outcomes and discussions. This success further facilitates the recognition and value of youth engagement in shaping policies and partnerships for the SDGs.

Anja, an important figure in the Youth IGF initiatives, expressed appreciation for the engagement of young people and expressed commitment to supporting their continued connection and exchange. Anja also extended an open invitation for organizations to invite her to their IGFs, highlighting the enthusiasm for attending and learning from other initiatives and events.

In conclusion, the Youth IGF initiatives have experienced significant growth in youth engagement through various activities such as webinars, summits, and regional IGFs. These initiatives have provided platforms for dialogue, capacity development, and have successfully taken youth engagement from local to global levels. The dedication and commitment of young participants have played a crucial role in the success achieved so far. The enthusiasm and energy exhibited by young people indicate a positive outlook for a bright digital future. Anja’s appreciation for youth engagement and her willingness to engage with other initiatives further emphasizes the importance of youth involvement in global conversations.

Jenna Fung

During the analysis, several key points emerged from the speakers’ arguments. One prominent theme was the positive sentiment towards youth participation in ongoing matters. The speakers highlighted examples of individuals like Nadia and Jenna, who have made significant contributions to various platforms and initiatives. These examples served to demonstrate the value and impact of youth involvement in addressing important issues.

Another argument put forth was the necessity of giving youth a place in decision-making processes. The speakers argued that youth participation can help to reduce inequalities and contribute to decent work and economic growth. By involving young people in decision-making at all levels, it was believed that more inclusive and effective solutions could be achieved. Jenna’s experience in the Asia Pacific Youth Internet Governance Forum was cited as a compelling example of how youth participation in decision-making can lead to positive outcomes.

Furthermore, the importance of youth initiatives was emphasized. The speakers acknowledged the energy and passion demonstrated by newcomers in the field of youth initiatives. They also mentioned that although there are many acronyms related to youth initiatives, not everyone may be aware of platforms like the Global Youth Summit. This highlights the need for increased awareness and support for such initiatives to ensure their continued success and impact.

The analysis also revealed a strong emphasis on the need for ongoing efforts for youth development. A colleague’s quote emphasizing the importance of continuous efforts and future planning beyond a single session highlighted the belief that sustained commitment is necessary to bring about long-term positive change for young people. This sentiment underscored the idea that youth development requires continuous investment and attention.

Finally, the analysis emphasized the significance of youth involvement in policy-making. The speakers put forward the viewpoint that “nothing for youth without youth,” indicating the importance of ensuring that young people have a voice in decisions that affect them. Jenna’s perspective on the significance of young people’s voices in decision-making further reinforced the argument for greater inclusion of young people in policy-making processes.

Overall, the analysis revealed a positive sentiment towards youth participation and highlighted the benefits of involving young people in decision-making, supporting youth initiatives, and making ongoing efforts for youth development. These insights underscore the importance of recognizing and empowering the youth population as key contributors to achieving sustainable development goals.

Nadia Tjahja

According to the analysis, there is a growing consensus that youth should have a more significant role in Internet Governance Forums (IGFs). This is because young people have the potential to provide concise, clear, and visible ideas that can greatly contribute to the content and structure of these events. It is believed that involving the youth in IGFs can lead to fresh perspectives, innovative approaches, and effective solutions.

Furthermore, meaningful participation in IGFs requires more than just being present. It involves being well-informed, engaging in consultation, and assuming leadership roles. This concept of meaningful participation is seen as a process that contributes to the constant change in the IGF ecosystem. It is viewed as a way to strengthen the decision-making processes and ensure that all stakeholders, including the youth, have a voice in shaping the Internet governance landscape.

To support the youth in their involvement with IGFs, it is suggested that the IGF should create opportunities that foster their growth and leadership. This can be achieved by working in partnership with the youth to create specific structures and spaces that cater to their needs and interests. Additionally, young people should be given the chance to take on positions as session organizers or collaborate with the IGF Secretariat. These actions would not only enhance youth participation but also contribute to the achievement of the Sustainable Development Goals related to decent work and economic growth, along with reduced inequalities.

Overall, there is a positive sentiment towards youth involvement and meaningful participation in IGFs. The analysis highlights the potential benefits that can arise from including the youth and emphasizes the need to create an environment that encourages their active engagement and contribution. By embracing the ideas and voices of the youth, IGFs can truly become more inclusive, dynamic, and representative of the diverse perspectives and needs within the Internet governance space.

Pyrate Ruby Passell

Pyrate Ruby, a 14-year-old attendee, is thrilled and proud to be the youngest participant on the IGF youth track. This marks her first time attending the IGF, and she expresses her excitement and pride in being able to contribute at such a young age. She strongly supports the idea of encouraging younger participants in the IGF and similar conventions, highlighting the importance of engaging the youth in discussions about important global issues. Her stance aligns with the goals of SDG 4: Quality Education and SDG 10: Reduced Inequalities.

Having been involved in the IGF environment for over a year, Pyrate finds the experience incredibly gratifying. She has actively participated in the IGF youth track and attended the youth summit, where she has been involved in meaningful work. The opportunity to engage with experts and other young individuals passionate about addressing global challenges has further motivated her.

However, Pyrate does find one aspect of participating in the IGF challenging – the time zone differences. As a result, she often has to stay up late, which she finds amusing but also highlights the dedication and commitment she has towards her involvement in the IGF.

Despite the challenges, Pyrate is delighted to be working with her team. She values the opportunities for collaboration and the shared sense of purpose that comes with working towards a common goal. The sense of camaraderie and teamwork contribute to her positive experience within the IGF environment.

In addition to her involvement in the IGF, Pyrate mentions a newly-formed organization called the Dynamic Teen Coalition. Although limited information is provided, it can be inferred that this organization is relevant to Pyrate’s interests and potentially connected to her work within the IGF environment.

In conclusion, Pyrate Ruby, at just 14 years old, is an enthusiastic and dedicated attendee of the IGF. She not only takes pride in being the youngest participant on the IGF youth track but also advocates for greater youth involvement in such conventions. Through her participation, she finds great fulfillment and enjoys the opportunities for collaboration and teamwork. Furthermore, her positive experience is not limited to the IGF, as she mentions the newly formed Dynamic Teen Coalition, suggesting her involvement in various initiatives aimed at empowering teenage voices.

Veronica Piccolo:
we are going to officially present the second edition of the Youth Atlas. Welcome once again, I’m Veronica Piccolo and I will be the online moderator for this session. Mohamed Ali will be the on-site moderator for this session, Mohamed Ali will be the online moderator for this session and Humud Pararu-Velasquez will be our rapporteur. With me on site I have Anja Gengo from the IGF Secretariat and Nadia Tjahja from EURODIG and online I can see Juliana Novaes. Hello. Juliana is the head of editorial of the Youth Atlas and we will start very soon for this presentation, but just a reminder I would like to request all the speakers and audience who may ask questions during the open floor to please speak clearly at a reasonable pace. I would also like to request everyone participating to maintain a respectful and inclusive environment in the room or in the chat. You can ask questions during the Q&A. If you are on site please approach the microphone, if you are online please raise your hand so that you can be unmuted by the tech and if you have any further questions or comments or would like the moderator to read out your question or comment, please type in the Zoom chat. Without further ado I would like to start the presentation of this book. Some of you might already know this. This book is the second edition of the Youth Atlas and it follows the first edition which was published in 2019 and it collects all the stories of young people actively engaging or working into the internet governance ecosystem. We have been honoured by a forward by Vint Cerf and the preface of Anja Django and this book particularly is divided in four sessions. The first which contains data and statistics about the development of youth engagement over these two or three years. Then we have a first session which we call the veterans with all the interviews of people engaging in internet governance for three or more years. Then we have the section for newcomers and in the end we also have a section dedicated to all youth programs. In this regard I would like to quickly give the floor to Juliana to explain us a little bit about the content and findings of the book. Thank you.

Juliana Novaes:
Thank you so much Veronica. First of all thank you very much for coming to this session today. Unfortunately I’m not in Japan this time. It’s around 6 a.m here but I can feel the energy in the room and I’m happy to be with you in spirit if not in person. I would also like to thank the Youth SIG from ISOC for having me as a collaborator of this project again of the second edition of the Youth Atlas and especially for Veronica for all the effort that she put into this project. So thank you so much for this. So about the Youth Atlas, Veronica rightly mentioned this is the second edition of first book that we launched back in 2019 as part of the Youth ICG from ISOC and the idea came from a conversation that we were having with some people that had previously participated in fellowship programs to attend the IGF such as the ISOC fellowship program, the Brazilian fellowship program and other ones and we were always saying how there were always moments in which the organizations that fund these kind of programs wonder exactly what are the results that come from these initiatives. So basically what happens to the young people after they join the IGF and they participate in these kind of events. So essentially what’s the outcome of the investment that they are doing in these young people and we all know as former participants that there are many success stories out there. We all know people who first joined an IGF and then got a position at some organization or started their PhD on the topic or then started working for the government or some kind of multilateral entity. So we all know these success stories but we didn’t have at the time any kind of documentation or formal record of the young people who had previously participated in this program so it was very hard to measure the impact of them in the lives of young people after they joined the IGF. So this is how the idea of the first edition of the first Youth Atlas started. So we decided it was time to record the results of the young people and their trajectories after they joined their IGF and show the importance that these fellowship programs had in their lives and the importance of maintaining them, maintaining these young people in the IGF ecosystem. Also to show some of the difficulties that they faced as young people joining internet governance for the first time and continuing their trajectory in this field as well because I mean a lot of improvement has been made in terms of youth representation in the IGF in the past years but it hasn’t always been that inclusive. So it was hard in the past to get sessions approved at the IGF if you were part of a youth organization. It was always hard to get funding to attend the IGF as well. It still is but it was way harder back then than it is now so it was also a project to show how some of these difficulties remain in our ecosystem for young people. So then we made the first edition of this book and we had very limited budget at the time and also very limited time. We put the whole book together in less than three months and launched it at the IGF Berlin 2019 and now I’m so happy to see that this second edition which now shows not only the trajectories of people that had been previously in the IGF ecosystem but also the newcomers so we can see a contrast between the people who have been joining these events for over three years and the people who are just joining now. So what are the differences in their hopes and their expectations in the challenges that they face and I mean without going much further into this I also think it’s important to mention that this book has only been made possible with the hands of several people. A lot of volunteers who have worked hard in editing text, doing interviews and putting their own free time into this initiative as it often happens with youth initiatives. We often work on a volunteer basis using our free time to do this so I just wanted to show my appreciation for all the volunteers that have collaborated with us and also to the people that actually participated in our surveys and interviews entering our questionnaire. A lot of things in our IG ecosystem are the product of volunteer work so we’re also very proud to say that every single person that has contributed to this project has been credited there so I would just like to personally thank them so much for making this possible. And of course this is a book which aims to give visibility to you as a young person and to me as a young person as well and give us credit for all the work we have done since we started participating in the IG ecosystem. We want to build a healthier culture and internet governance, a more collaborative culture in which people have more freedom to to participate in initiatives and we have the power to do this as young people and we hope that this book is a source of pride and is a source of inspiration for young people either joining the internet governance ecosystem now or who have been here for a long time now and we hope that this helps foster more initiatives such as this and it helps to empower more young people in our field. And in saying this I would like to thank you all again and I hope you’re all enjoying the IGF in Japan.

Veronica Piccolo:
Thank you Giuliana. I’m particularly sensitive in this moment. This was a very hard work and as Giuliana pointed out it was mainly on a volunteering basis and we put our time into this book, our free time into this book and it might not be perfect so you might also come across some mistakes, some typos and errors but I think that this is the token of cooperation, of international cooperation. We had people working on this from Brazil, from Africa, from Europe and we had an amazing support from our friends from Japan because this book is the product of the work of many hands and I’m very proud to present this at the IGF but this also was printed in Japan so it was also very representative of our global meeting here and what this IGF is meant for us. But I know that this book has attracted a lot of attention. Maybe online you don’t know this but I already have some copies reserved from people who came to me asking to have a copy of this and at the end of this session we will distribute, we will have a picture with all people featured in this book who are also here at the IGF and we will distribute these copies to them and also to the people attending but I would also give the possibility to Anja to come in and first of all I would like to thank you for the time you took also to write your preface for our book and from you I would like to know since 2019 when the first edition was published how the work of the IGF secretariat evolved to support young people because most of the people also present here they were not even able to know how the youth summit was even created so thank you.

Anja Gengo:
I hope you can hear me. Thanks to precisely a wonderful methodology of our host country we hosted together with young people from around the world webinars that had thousands and thousands of young people from different parts of the world joining. That was really a game changer for the youth track and in general for the youth engagement. In Poland we hosted the youth summit it was I think the well second edition within the youth track but certainly it was there were other editions organized by different youth IGFs at the annual IGF meetings so the youth summit was in Poland good opportunity to create space for a dialogue between senior experts and leaders with of the current generation and then the next generation of experts and leaders and we follow that practice. Of course we work on polishing the format making sure that we are creating just simpler easier entry points channels for young people that can decide to just jump on our train and then ride with us toward hopefully a safer digital future. In Ethiopia last year we continued the practice we the secretariat was satisfied with the level of engagement with young people this certainly the process there went further from organizing a couple of sessions to ensuring that we have a robust mechanism throughout the year so we worked very closely with the regional IGFs to organize capacity development workshops and to ensure that we have our presence not just at one annual meeting given the fact that we are limited in time we are challenged by time zones and so on but that we have presence at the regional IGFs to maximize our inclusion opportunities. Grateful to the regional IGFs to the youth regional IGFs for being our great partners to work on organizing and implementing capacity development workshops there. This year for example we managed to tour the globe in just a couple of months span from Finland Tampere we went to Cartagena in Colombia then to Brisbane in Australia then to Abuja in Nigeria all thanks to EuroDIG thanks to Asia Pacific IGF thanks to LAC IGF the youth LAC IGF the African IGF and the youth associated IGF and then finally after so many discussions conclusions agreements but I’ll say also disagreements great ideas shared we met here in Kyoto and you know that on Sunday I think all of you have seen that I’ve seen you there we held a very successful IGF 2023 global youth summit organized by all youth IGFs and many other initiatives which are youth centered and that work closely with with all of us it’s a result of year-long preparations so nothing is an instant result it really is a product of hard work and I have to admit a wonderful energy I have a pleasure to work with colleagues coming from the youth IGFs not an easy work for sure but you always regardless of how much time you spend how much just intellectual effort you invest how much physical effort it takes these are time-consuming processes you’re challenged with time zones so sometimes you’re sleep deprived but it’s such a wonderful energy that exists among the youth IGF coordinators that you just don’t feel the fatigue and you just feel that enthusiasm that regardless of the environment that is surrounding us now geopolitical tensions you’ll see wars around us you see people losing lives you see the dark side of the internet victims of online frauds many online abuses and still working with young people most of a lot of them digital natives people growing up with technologies just understanding them because they don’t have other choice it really gives not just hope it gives confidence that our future analog or digital is very much bright as long as we have you empowered to lead us toward it and the IGF secretariat is committed to continue working with all of you we will definitely add this wonderful Quo Vadis youth second edition of the youth atlas to our library and I’m sure it will be consulted so many times many of the faces here that you see are our dear colleagues and friends but many are new so I’m looking forward to meet you all here toward the closing of the 18th annual IGF meeting in Kyoto but also of course online we’re lucky to be connected through the means of the internet and let’s please use it and finally to conclude I want to thank all of you for being here at the 18th annual IGF meeting I can I think we can say that from the youth perspective from the way you channeled your voices and from the way it was heard it was a great success and it wouldn’t be a success if it wasn’t for your commitment for your dedication to allocate time efforts and ideas to these processes the IGF secretariat is truly grateful to all of you for that and thank you very much for inviting me

Veronica Piccolo:
thank you Anja I think a lot has been done so far since we have been we have gone a long way since 2019 we have experienced firsthand that a lot of youth IGF initiative have been set up in the last year we have here Emilia as well as trained one has helped set up the youth IGF in Ethiopia after Addis Ababa last year so we could actually work on this initiative ourself and I think that the global engagement of young people to empower them each other it’s it’s a great example to go to to give to senior stakeholders I know that you have to go I would like to take a picture with you This is a gift from all of us. Thank you for your support. Thank you so much. It’s such a great honor. Thank you. This is my signed version. It was a signed version.

Anja Gengo:
And just colleagues, I really have to apologize. I would wish that I could stay here because I know there will be a wonderful discussion. But as you know, the Secretariat needs to wrap up this meeting and prepare for the closing. All the reports need to be on the website in the next half an hour. Some of them are on my computer. So I have to deliver on that. But thank you so much. Let us please connect. And after the closing ceremony, I will be around. So I would really appreciate if you could approach, if you have a couple of minutes just to chat and exchange contacts and to understand how you found this year’s IGF and when is your IGF so we can come there. It’s always easier to be at someone else’s IGF and just enjoy the discussions. Thank you so much. If you have a copy of the Atlas that is signed, please do give it back to me. I think that’s my version. Thank you so much.

Veronica Piccolo:
Let’s move forward because we also have another guest. Talking about IGF attendance and the first-comer, Pirate Ruby is 14 years old, is a teenager who last year attended for the first time his first IGF. And being the only teenager, she was wondering, there are a lot of young people, but not everyone is actually real young. So I would like to give the floor to Pirate. Pirate, are you online? Yes, I am. Hello. Let me just get my camera on.

Pyrate Ruby Passell:
Hello. It’s nice to meet you all today. I’m so happy and so proud I’m able to attend this today. It has been such an honor working as the youngest person in the IGF youth track at 14, and it’s so exciting.

Veronica Piccolo:
Thank you, Pirate, for being here. And thank you for borrowing your face and your experience to this book. Your experience, your interview is also contained in our book. But my question to you is, how is it to be a teenager in the IGF environment? And you joined the IGF one year ago, attending the youth summit for the first time. And since then, I know that you have worked a lot in this environment. Give me one highlight of the work that you have done so far.

Pyrate Ruby Passell:
Well, I think it’s personally been great. But one of the things that I’ve noticed is that due to the time zones, I always have to be up a bit late, which is not a problem. But I think it’s a bit funny. Anyways, I’m so happy to be working with all of you. To be honest, all of this is a highlight for me, and I’m so happy and proud to be working with all of you. Thank you.

Veronica Piccolo:
What is the main, let’s say, activity that you would like to share with the audience today? The activity that you care the most. I know that you have done a lot this year. And for example, you are one of the founders of the Teen Dynamic Coalition. Can you tell us a little bit more about this?

Pyrate Ruby Passell:
Well, recently, the Dynamic Teen Coalition, it’s newly came out, so there’s not too much information on it yet. So hopefully in the future, there will be more to learn about that. But it’s just recently opened.

Veronica Piccolo:
Thank you. Thank you, Pirate. I think that your experience and your example are very important to engage young people that are really young, that are really teenagers. And I’m very proud to get to work with you, and I’m very happy to have you in our team and to have your interview. Pirate’s profile is one of the highlights. And in the book, you will also find a QR code in one of the introductory articles written by Stacey. She’s Pirate’s mother, with Stacey’s playlist on Spotify. One aspect I would like to highlight about this book is that we have the printed copy, but we also have a digital copy. And you will find a QR code that you can scan and also watch video interviews of some of our people that we were able to interview, and a QR code to Pirate’s playlist. So many thanks, Pirate. Speaking of the evolution that young people have gone through this past year, I would like to pass the floor to Nadia. So the first youth summit was held in Germany. I think you were there. No, you were not there. But I know that you have worked a lot in the European community to empower new generation. And some of them have actually remained in this environment. And I know that also your research focus is on youth engagement. Would you like to give us some highlight on this?

Nadia Tjahja:
Hello, everyone. Thank you all so much for coming to this extremely important session. And I also just would like to add my congratulations to everybody who worked really hard on this and all the people who supported and sponsored this publication. It shows the effort, the interest, the engagement that young people have to be involved in these spaces and the different ways and methods that we try to be involved. And I think that is really important and it is really difficult to map because some things are very invisible. And through this beautiful publication, some of these things that are happening behind the scenes, some of these things that you may never have known about them existing on a wider scale have come to light in front of this. And another example of invisible things that you may not have known is that Veronica also actually organized with a really large team of international youth an event during this IGF to bring youth together to exchange ideas, exchange their experiences, but also make new friendships for further collaborations so that in a few years there will be a new youth atlas with people who are from this IGF working on new projects together. And for this reason, I think it’s really admirable that this has come out from it. I wasn’t there at the youth summit in Germany and the reason why I ended up not being there is because I was excited to see what information was going to come out from those sessions. I knew what was going to be there. I could have been there in the room, but what I wanted to see is the youth coming into the IGF and listening how youth would actually be presenting their ideas. If you already know what’s going to happen, sometimes you tune a little bit out. There’s a lot of information going on at the IGF and you need to focus. But what I loved about the youth summit is it allowed people for an empowered message. They came into the rooms in a group, they discussed with each other what they wanted to say, they planned how they wanted to say it. Their thoughts and ideas were concise, clear, and visible. Being part of something where we can support each other, standing at a microphone can be extremely intimidating. When you don’t know anyone in the room, you’re there for the first time, you’ve never been to this country before. This is my first time in Japan and I’m not wearing sleeves and everybody is and I feel very self-conscious about that. Would I then still want to be on a microphone, et cetera? But I feel supported. I feel that I am here with people who are kind and open and that allows me to speak more of what’s on my thoughts and on my mind and I hope that we can then continue fostering this continuation of participation that is supported by our peers through activities like this and bringing in new people from these spaces, from our local communities. This is why I started looking at how we could have meaningful participation at the Internet Governance Forum. I’m a Ph.D. researcher at the United Nations University and I’m based in Bruges but I also coordinate youth activities for the European Regional IGF, which is called EURODIG, and our event is called the Youth Dialogue on Internet Governance. If you live in Europe and you would like to attend, our application is open in January. The most important thing I would like to say is that meaningful participation, we hear that word so many times, the United Nations Secretary General added it in his Our Common Agenda, the UN Youth Envoy wrote a paper on meaningful participation and I wanted to know what is meaningful participation at the IGF? The IGF strategy does not give a definition of this. When we look at the outcomes from the IGF, we see how many people are attending, the stakeholders, etc. It’s numbers. Who’s here? Presence. Or who’s represented? Your affiliation. And does that say enough about you as a youth? Youth that has so many definitions based on age, based on your status as a newcomer or not, based on how far you are in your career track. There are so many different ways. So the definition that I chose to use was adopted from a paper from Malcolm which looked at processes. How can we make sure that processes include youth inclusion, integration? And I created a framework that looked at how do we participate? Because we always say, you know, when you’re here, you need to do X, Y, Z, and then you’re part. But are you really then part of the community, just being here, making a comment, making a statement, per se? I believe that we’re an ecosystem. And an ecosystem consists both of content and structure. And I believe that when you come here for the first time, there’s a lot of information coming at you and you’re being informed. That is a way of learning not only the content of this event but also the structure of how things work. When do you get to be on the microphone? Who gets to speak? At what point can you walk into the room? So right now, someone could walk into the room and I’m not offended by it. So then you also have a moment of consultation. So you’re learning something, but then you’re like, hey, I have a different perspective about that. Or I am really not sure about that point. Can you clarify that? You then take the microphone and you comment and you consult, you add to the conversation and debate. And as you go along, there will be moments and opportunities in which youth then will take on leadership positions. Either you become a session organizer and then you work with a large group or a small group of people to provide content and structure to further debates. Or perhaps you start collaborating with the IGF Secretariat to create structures like the Youth Summit to work in partnership with the IGF to foster youth spaces. And this ecosystem can go up and down. So at one moment in time, you’re still being informed. So you could walk out in the next session and you’re a speaker at the other table. Or you can walk out of the session as a speaker now, like I am now, and then I’ll be sitting in an audience somewhere and learning. It’s an ecosystem. And when we then look at participation at the IGF, I am asking you to look at it as a process. So when we’re saying we’re going to invite 30 young people, and 30 young people means that there’s participation, I’m asking you to think of it as a process. When you’re inviting young people to your table, to your events, think about it as a process. They’re coming in. What are they learning? What are they contributing? How can they start moving into being an empowered person into leadership roles? But how can we ensure their sustainable participation, whether that’s a continuous flow or the return of participants? And I’m very excited to continue this discussion because it’s certainly meaningful participation isn’t just this one framework. There’s so many different ways of approaching it. And having these open conversations about it is definitely the way forward of how we can ensure that we are leaving nobody behind. Thank you very much.

Veronica Piccolo:
Thank you, Anja. I really appreciate, actually, the concept, Nadia. I really particularly appreciate the concept of youth participation as a process because it’s not enough that a young person actually participate, speak on the microphone and talk, ask questions, and formulate comment, but also a matter of engaging on an ongoing basis also with the community of like-minded people. And I think that since 2019, we have gone a long way, but the title of this book is Covadis Youth, meaning where are you going, youth? So my question for Jenna here would be, how do you see the future of young people?

Jenna Fung:
Thank you. Thank you, Veronica, and everyone in this room to welcome me and allow me to be in this position and share my thoughts. I kind of want to start off something because I think Nadia helped us with delivering some institutional knowledge, memories, as well as touching on a little bit on how we should envision youth participation. So that first thing I really want to point out is that we, as youth, should really put ourselves out there and to be on the same table as everyone. That I mean, like literally, I wish we all are at the same table because most of you are behind me right now, and it’s kind of weird that I’m looking at myself in the back of that projector. So I mean, if you’re not too busy and if you don’t mind, I hope that you guys can move to the table because I feel very awkward when there’s like no one and I have to be the only person speaking is really my own problem. And yeah. I don’t know how many of you have been here. I would say I’m fortunate enough to be here for like my sixth time now, and unfortunately I think kind of old enough to, you know, it’s time to back out because you need to allow and make the space available for newcomers, which we have a lot. Consider I am, well, I haven’t introduced myself actually, consider I am the program coordinator of the Asia Pacific Youth IGF with a lot of different mechanism working groups set up by all the youth and youth IGF from my region, for example. They are coming in very consistently, energetically, passionately, and so we should be prepared and then at least like first thing, not to be shunned, to sit at a table, get yourself prepared to contribute. But it takes time, one step at a time, and I think it’s really important for me, and I hope it’s important for everyone as well to hear from someone like Nadia to learn about the institutional knowledge, and I think this is really important, and I only get to think about it like 30 minutes ago, because Nadia is one of the first person in the youth space that I met. I met her 2018 in Paris, and well, I get so lost, or maybe I can test it out, like how many of you have been here before, not in Kyoto, but like been to IGF before, can you raise your hand? So not too many, let me try to overwhelm you with all the acronyms, or maybe I don’t need to try, like what is Dynamic Coalition, or what is NRI, not all of us know, but in order to participate, these are really important, and so I think it’s extremely crucial for people who have been in this place for a long time, like long enough at least, to proactively work with the youth community, that includes the veteran or dynamic coalitions or the national and regional initiative that might be your own country’s IGF or your own country’s YIGF because that’s where you that’s where you’re from sometimes and you know you start from a safe space before you have to got to put yourself out there and be fearless sometimes like it takes time so and this year I am fortunate enough that I was invited to one of the DC I mean dynamic coalition sorry about that so sorry about the acronym and that dynamic coalition for example cares about child rights in digital environment and they are really interested in working with us and I appreciate that because finally all those spaces in IGF would want to work with us and sometimes even people who’ve been here for like more than 20 years did not know that there is such global youth submit that’s happened since 2019 and then when they think we need to do capacity building and they they might how the approaches is that they might start from scratch by consulting all the stakeholder how should we do capacity building without without really working with the youth and so I hope that since we have a really big and strong team put yourself out there let them know we work so closely with IGF Secretariat specifically Anya to put this youth track together and we have a youth summit every time and I hope that we will continue to have and next is what will that go rather than just doing full workshop in different regions plus this summit I hope that we can all bring this and you know football thought bring it home and think what can we do other than just this five session because I believe ongoing and ongoing effort is even more important than a one time one hour session like this and I would like to quote some and quote a phrase from my colleague actually look tail was on a table he he was helping with the Asia Pacific youth IGF this year in Brisbane and then the team behind it actually work on a lot in designing the program that is truly all going I mean all of us do that to be fair they are truly organized by you for youth and if we were to work with other stakeholder I hope that we should send out a message and let them know that nothing for youth without you that’s it thank you

Veronica Piccolo:
thank you thank you Jenna. I actually I agree with you that if I have to take some some take away from from what Nadia said or what you said I think that handover of knowledge is very important I mean it’s very important to have in this system a person is with a veteran who can transmit knowledge and can actually you know mentor young people because it is not easy to for a young person to be mentored by a more senior stakeholder because of gap in communication while a young person can see in a person in a young in appear like a someone who can actually trust and I see a lot of newcomers here and I know that you have been also accompanied by other young people that have been here in the in this ecosystem for a few years and have been able to guide you in in some way we have ten minutes left but in I would like to have like fee five or seven minutes before the group picture to give the floor to a newcomer I won’t call name but if someone of you wants to come out to the microphone and yes yes

Audience:
good afternoon everyone so I’m a newcomer to IGF I’m felt I’m from Brazil Brazilian youth delegation and I was reached by an veteran in Brazil Davi he isn’t in this edition of the IGF and it was really nice of him to make me aware of the youth program there and we just sat side-by-side he helped me to sign the the application form and all that stuff and that really changed my entire career so I’m I studied communications so in Brazil it’s kind of study area that is not that into internet governance and I think it’s funny because I seen from the outside I see that internet governance has a lot to to how could I say that a lot to move on with communication studies and communication strategies to reach more people to make more youth youth people from all around the world aware of that and how we can make those spaces not only for us to watch them but but to actually participate so as part of the Brazilian youth delegation we are a lot of people right here right now I’m really really proud to see those actions like this youth atlas and how we are being here we’re in from different different backgrounds of studies of areas of working and taking these spaces especially being from the South or left late in America so it’s really nice to be here and to see space to talk in those spaces and to reach each other and know other regions from around the globe and exchange some points of views thank you

Veronica Piccolo:
thank you for sharing your experience I think that for all of us it’s very important to know that and to remind us that we have been newcomer as well and for us has been overwhelming as well anyone else wants to come in Denise

Audience:
okay yes but I’m also from from Brazil and I am a former fellow from the Brazilian youth program and I am happy for being here and for watch all the youth initiatives and I also would like to highlight the the thing one thing which is we had a lot of sessions these years this year which were proposed by youth young people we had this big group where we’ve organized lots and lots of proposals and we’ve sent it and we’ve made it until here and we’ve occupied the space and made our voices heard which is very very important I’m also part of the youth Latin American Caribbean IGF I can’t I have to say it because my friends are there and looking at me like remember you have to say it so we have a long way to include all the people that we need to include and also in the youth Latin American Caribbean IGF and also here I think we need more voices from indigenous people and also people with disability and other minorities so I want to be I want to make this a point so that we can we can work on it for the next events and not only IGF but our events in our countries and thank you for all the work we have done until here think thank you thank thank for all of you and also for myself yes let’s keep doing the nice work and don’t be sad when a session is not full of people be brave keep going and if even if you are nervous your voice need to be heard even if you make little mistakes on your English pronunciation keep going everyone young people must be heard and we must keep doing our job our work here

Veronica Piccolo:
thank you thank you is there okay we have only five minutes left I just wanted to thank you everyone for coming in I just want to take this five minutes I don’t know if anyone wants to come in I just okay one minute one minute

Audience:
hi Zon Khan former youth ambassador at ISOC I just wanted to really quickly come in as I’m not exactly a newcomer but I’m not exactly a veteran either and I think perspective in the middle is probably really helpful because I was on the exact position where you know all of you are sitting right now and to come from there my first ever IGF where I knew absolutely nothing and I was not part of any youth program and I knew absolutely no one and showed up to having made a lot of potentially lifelong connections with not only individuals who are experts and academics and technicians in the space but also lifelong friends and to take your ideas and interventions from when you first start to the point where for example two days ago the work that I along with other people was involved with the policy network in internet fragmentation was being presented in the main hall to go from nothing to that it just shows you that youth participation can in fact be meaningful and I want to strongly echo the point that even if nobody’s there in your session or even if you don’t know anyone or don’t know anything the learning curve is always going to be there people are always going to be there to support and I really really want to thank everyone who has been involved in that development journey and I want to make sure that I can give back as well so I’m always happy to be reached out to and thank you to Nadia and Veronica who have worked with personally they’ve done an amazing job of teaching me the ropes and hopefully moving forward with the youth programs as well and thanks to everyone who’s actually been involved in youth programs as well because they are very very impactful so that’s what I wanted to say thanks

Veronica Piccolo:
thank you I just want to take another minute I know that there is another person who wants to come in he’s not she’s not actually a newcomer but I would like to give the floor to her

Audience:
thanks Veronica can you hear me hi everyone I’m definitely not a newcomer but I feel like the the different youth participation programs I IGF is very special for me because I came in 2018 in the in the coldest European winter really nervous having no idea what to do how to do it my colleague back then didn’t get her visa I was thrown into a BPF session where I was a panelist I mumbled a lot I still regret that recording but my point is yeah the idea is to keep going these programs help me make connections lifelong friends and they all kind of build fruition into me having a career in the space I work on a lot of different IG issues but it’s all because of the different working groups the different speaking sessions I have become a public speaker in so many different for us and I do owe it to a lot of the different participations writing sessions late-night sessions conversations with so many of you here thank you yeah for all of your support and so many other people who have been there but my my whole point is that you should take all of these things seriously and things do increment it takes time it builds time but also people should also understand is that our space is getting more relevant issues of privacy AI or any other issue that you want to work on will grow over time there are there’s more money being poured in and it is a viable career option for a lot of you so never give up and we are the future thank you

Veronica Piccolo:
I just want to point your attention to the screen you will see a query code to our digital version of the youth atlas people those who are on site will have the privilege to get a copy of the printed book and but before closing the session I would really like the young people who are here on site who are featured in this book to come here and take the picture and to take your copy of the atlas and thank you everyone for attending this thank you also for a participants online and to Mohammed for sharing everything okay let’s go in front of the screen I want your signs please everyone in front of the screen thank you I would borrow one as a photo

Audience

The audience emphasised the importance of supporting both girls and boys in their upbringing to grow and work together in equality. They highlighted the need to provide equal opportunities to children, regardless of their gender, to ensure a more balanced and fair society. The audience strongly believed that promoting gender equality from a young age is essential for building a future where both genders can collaborate and thrive.

Another important topic discussed was the need for a broader understanding and definition of online gender-based violence. The audience provided an example of how online platforms were used for propaganda and justification of rape in the context of war in Ethiopia. They argued that online gender-based violence goes beyond direct physical harm and includes harmful ideologies promoted on various digital platforms. The audience called for a more comprehensive approach to address this issue and stressed the importance of recognizing and combating these harmful practices online.

The audience also questioned the extent to which actions in various sectors truly reflect feminist principles. They argued that feminist analysis and gender sensitivity are not always enough, and there is a need for substantial action to address gender inequalities. The audience urged sectors to reflect on their practices and ensure that their actions align with feminist values, rather than merely performing a surface-level gender analysis.

In terms of LGBTQ rights and inclusion, the audience emphasised the importance of involving the LGBTQ community as active allies and contributors of knowledge. They highlighted the need to move beyond tokenistic inclusion and actively seek the perspectives and expertise of the LGBTQ community to create a more inclusive and equal society.

The audience also discussed the influence of the global North on the conceptualisations and terminologies of feminism, particularly in Africa. They pointed out that conceptualisations and funding often come from the global North, leading to a disconnect at the ground level in Africa. This raised questions about the applicability and relevance of feminist concepts in different regions and emphasised the need for more local and context-specific approaches to gender equality.

Cyber harassment and women’s digital rights were identified as significant barriers to women’s participation in business and politics. The audience noted that women face challenges such as cyber harassment and infringements on their digital rights, which discourage them from actively engaging in these domains.

On a positive note, the audience found that engaging through political ideologies online can help mitigate cyber harassment faced by women. They highlighted that women who engage with political ideologies face less cyber harassment and bullying, suggesting that political engagement can provide a protective environment for women online.

Moreover, the audience agreed with the need for diverse views in policy formulation and the inclusion of women’s perspectives. They emphasised the importance of women’s experiences and expertise in shaping policies that address the specific issues faced by women. The audience shared examples of women advocating for their inclusion in policy discussions and providing evidence from reports highlighting the challenges that women face.

The diversity of perspectives in defining feminism was also acknowledged, with differences observed between the global North and South. The audience highlighted the huge diversity of feminist perspectives in Germany, for example. This diversity raised difficulties in defining feminism and emphasised the need for ongoing dialogue and understanding among various feminist viewpoints.

In terms of development interventions, the struggle to translate observations into practice was highlighted. The audience emphasised the importance of evidence-based interventions to address gender inequalities effectively. They called for a more concerted effort to bridge the gap between observations and practical implementation.

The audience also highlighted the challenges women face when filing complaints online, as non-feasible practices discourage them from doing so. They emphasised the need for user-friendly platforms and processes that encourage women to report online harassment without fear of retribution.

Another important point raised was the demand for keeping online platforms accountable for their role in perpetuating gender-based violence. The audience called for the implementation of measures that hold online platforms responsible for the content and actions within their domains, ensuring a safer online environment for everyone.

Finally, the audience agreed that improved attention to the specific issues faced by women is necessary in policy making. They stressed the importance of policy formulation that takes into account the unique obstacles and challenges faced by women, thus promoting gender equality and social progress.

In conclusion, the audience’s discussions covered a wide range of topics related to gender equality, feminism, LGBTQ rights, online harassment, policy formulation, and development interventions. They emphasised the importance of supporting both girls and boys from a young age and called for a more comprehensive understanding of online gender-based violence. The audience urged sectors to translate feminist principles into meaningful action and involve the LGBTQ community as contributors and allies. They acknowledged the influence of the global North on feminist concepts in Africa, highlighted the barriers faced by women in business and politics, and advocated for engagement through political ideologies as a means to mitigate cyber harassment. The importance of diverse views, women’s perspectives in policy formulation, and evidence-based interventions were also discussed. Challenges in defining feminism and the need for platform accountability were raised, along with the call for improved attention to the specific issues faced by women in policy making.

Moderator – Towela Jere

The African Union is actively developing multiple strategies for digital transformation, with a strong emphasis on the importance of gender inclusion. These strategies are aimed at various sectors, including agriculture, health, and education. Recognising the need for gender inclusiveness in digitalisation, the African Union is committed to addressing the challenges and barriers that exist in this area.

It is widely agreed that digital transformation and inclusiveness must take into account the perspectives and needs of women. The implementation and benefits of digital strategies should be inclusive of women, ensuring that their voices and concerns are heard and addressed. This is crucial for achieving gender equality and ensuring that women are not left behind in the digital revolution.

Panel discussions have also been taking place to explore and address the issue of gender inclusiveness in digitalisation. These discussions provide a platform for stakeholders to share their experiences, insights, and ideas on overcoming challenges and promoting inclusivity. By delving into these issues, greater understanding and actionable solutions can be achieved.

However, concerns remain regarding the overall policy landscape in Africa in terms of women’s inclusion. Nnenna Ifeanyi-Ajufo has highlighted the lack of targeted policy implementation and development for women in the region. There is also a lack of a harmonised approach to gender issues at different levels. It is argued that women must be adequately included in all aspects of policymaking, policy implementation, and research, rather than being treated as charity or token representation.

Research and data also play a critical role in understanding gender issues in Africa. Unfortunately, there is a dearth of available research on women-related issues in the region, making it difficult to effectively address these issues. It is essential to conduct comprehensive research and collect accurate data to inform policies and initiatives aimed at promoting gender equality.

Lastly, women are encouraged to take the lead in holding institutions accountable for the implementation of policies and strategies. This involves actively participating in decision-making processes and ensuring that women’s perspectives are valued and integrated. By doing so, women can drive change and ensure that institutions are held accountable for their commitments to gender equality.

In conclusion, the African Union recognises the significance of gender inclusion in digital transformation strategies. The challenges and barriers to gender inclusiveness in digitalisation are being addressed. Implementing digital strategies inclusively, engaging in panel discussions, addressing policy gaps, promoting research and data collection, and encouraging women’s leadership are all key components in achieving gender equality in Africa.

Alice Munyua

Alice Munyua is a trailblazer in the field of digital policy-making, having made significant contributions to the advancement of technology and women’s representation in the industry. She has an impressive track record, having worked with prestigious organisations such as the Vatican, Kenya’s government, and Mozilla. Munyua’s involvement in the World Summit on the Information Society has helped shed light on the gender gap in technology and paved the way for addressing this issue.

In an effort to bridge the understanding and implementation of information and communication technology (ICT) between the government, private sector, and civil society, Munyua founded the Kenya ICT Action Network (KICTANet). Through this initiative, she has been instrumental in creating a platform that promotes collaboration and cooperation in the ICT sector.

Throughout her career, Munyua has faced numerous challenges as a woman in the field, but she has consistently overcome them with resilience and determination. She is a strong advocate for more women in leadership roles and emphasises the need for companies to have a global presence. Munyua recognises the loneliness that women often experience in the technology field and the sometimes hostile environment that they face. To address this, she has made it a priority to ensure female succession in her organisations, ensuring that women have access to opportunities for growth and leadership.

Similarly, Mozilla, a technology company, is also devoted to advancing gender equality. It actively engages and empowers women, with nearly 90% of its executives being women. This demonstrates the company’s commitment to creating an inclusive and diverse workforce. Mozilla places great emphasis on capacity building for women, acknowledging the importance of providing the necessary skills and resources for women to thrive in the technology sector.

Furthermore, Mozilla works collaboratively with organisations such as the African Union and TOELA to find solutions to the challenges faced by women entrepreneurs in the tech sector. The company conducts research on the startup ecosystem and women entrepreneurs, demonstrating its commitment to empowering women and promoting their participation in the technology industry.

Overall, Alice Munyua and Mozilla are both playing significant roles in advancing gender equality and empowering women in the technology sector. They serve as inspiring examples for other individuals and organisations to follow. By prioritising women’s representation and actively engaging and supporting them, they are contributing to a more inclusive and diverse industry.

Sonya Annasha Bonita

The research conducted by Policy in 2019-2020 in five African countries highlights the issue of online harassment faced by women in leadership positions, human rights defenders, and women in the media industry. The study reveals that these groups of women are particularly susceptible to online harassment, which can have profound psychological and professional implications for them. This finding underscores the urgent need for action to protect women in these roles from the harmful effects of online harassment.

Furthermore, the research also sheds light on the underreporting and lack of attention given to online gender-based violence against African women. While cases of domestic violence, intimate partner violence, and female genital mutilation are recorded more diligently, cases of online gender-based violence receive less attention. This discrepancy indicates a real gap in addressing and combating online violence against women in Africa. Efforts should be made to acknowledge, document, and respond to this specific form of violence.

The study also reveals that the discriminatory practices faced by women offline are reproduced in online spaces. Women encounter similar harmful behaviours and practices in digital environments, which perpetuate the discrimination they experience in their everyday lives. This finding emphasises the interconnectedness between online and offline spaces, highlighting the need for comprehensive strategies to tackle gender discrimination and violence.

Another crucial aspect highlighted by the research is the inadequacy of existing policies and normative frameworks in addressing online harassment or violence against women. While there are discussions on cybersecurity and discrimination, there is a lack of explicit mention of online violence against women. This absence indicates the need for policymakers to explicitly include online violence against women within existing policies and to develop comprehensive frameworks that address this issue. Without such explicit recognition and actions, women will continue to face the negative consequences of online violence without sufficient protection or support.

In conclusion, the research underscores the importance of making online spaces safer for women, particularly those in leadership positions, human rights defenders, and the media industry. Additionally, it highlights the urgent need for improved policies that explicitly address online harassment and violence against women. By addressing these challenges and ensuring the protection of women in online spaces, significant strides can be made towards achieving gender equality and creating a safer and more inclusive digital environment.

Nnenna Ifeanyi-Ajufo

The analysis reveals significant issues related to gender equality and the digital space in Africa. There is a lack of harmonised policy approaches, leading to fragmentation at the national level. This, coupled with a lack of conceptual understanding and implementation plans, results in little focused policy development for women. Additionally, the digital transformation strategy in Africa lacks accountability, clarity, and measurable outcomes despite being in place for several years.

Research on women and technology in Africa is scarce due to a shortage of African researchers and a lack of data. Nnenna emphasises the importance of understanding and mapping the realities faced by women to address this gap. Prioritising gender issues for digital empowerment is essential, including empowering girls, children, and families. However, Africa’s charter on human rights does not adequately prioritise women’s empowerment.

The analysis also highlights the overlooked areas of rural women and refugees in discussions on internet rights and access for women in Africa. Cyber harassment tends to overshadow the importance of internet access and rights for these underrepresented groups. Furthermore, there is a divide between the global North and South in addressing internet issues, with challenges such as acceptance of LGBTQ rights. Bridging this divide requires collaboration, mutual learning, and a focus on common challenges.

The analysis raises concerns about non-African researchers writing about Africa, which can lack authenticity and understanding of the local context. Publishers’ reluctance to work with African writers exacerbates this issue. Collaboration among different bodies is essential in promoting research platforms and supporting African writers to share their own stories and perspectives.

In summary, the analysis stresses the need for targeted policy implementation, accountability, and clarity in the digital space in Africa. It calls for more research on women and technology, prioritisation of gender issues in digital empowerment, and inclusion of underrepresented groups. Bridging the global North-South divide and promoting collaboration are crucial in addressing internet issues. Emphasising authentic African perspectives through collaboration and supporting local writers is also vital.

Tobias Thiel

Germany has made gender equality a key priority in its development policies. The country aims to allocate 90% of its development corporation portfolio resources globally by 2025 to promote gender equality. The German Federal Ministry of Economic Cooperation and Development has introduced a feminist development policy to support this commitment.

Germany is collaborating with the African Union to eliminate discriminatory structures for women and girls in digitalization and data governance. Through the partnership known as AUDANIPAT, Germany ensures that female voices are included in all activities of the German Development Corporation portfolio.

Recognizing the importance of addressing inequalities in power structures, Germany emphasizes the need to tackle these issues as part of sustainable development. The country acknowledges that sustainable development cannot be achieved without addressing power dynamics and reducing inequalities.

There is a diverse range of feminist perspectives and conceptualizations within Germany and other countries. This diversity poses challenges in labeling feminism due to different interpretations and understandings around the world.

Focusing on common ground and basic issues is paramount when discussing gender equality and reducing inequalities. By emphasizing shared goals and areas of agreement, progress can be made in advancing these causes.

Research findings and evidence-based interventions are crucial in improving development practices. It is important to translate observations into practical interventions to ensure effective and impactful development.

Challenges exist in addressing the obstacles faced by women in accessing digital services. Limited knowledge about the specific obstacles hinders efforts towards gender equality in the digital sphere.

To tackle complex policy environments ingrained in power structures, an effective diagnosis and design of interventions are necessary. Germany recognizes that power structures are deeply embedded in informal structures, ministries, and organizations. Analyzing these environments and implementing tailored interventions are key to promoting sustainable change.

In conclusion, Germany has made gender equality a priority in its development policies. Through a feminist development policy and collaborations with organizations like the African Union, Germany is working towards eliminating discriminatory structures and promoting inclusive development. Challenges remain in addressing diverse feminist perspectives, overcoming obstacles in accessing digital services, and navigating complex policy environments. However, Germany remains committed to evidence-based interventions and finding common ground to achieve gender equality and reduce inequalities.

Anna Margaretha (anriette) Esterhuysen

Progress has been made in involving women in internet governance, although challenges still persist. The African School on Internet Governance has played a significant role in showcasing this progress by ensuring an equal number of women participants. This demonstrates a commitment to gender equality and creates a more inclusive environment in the field.

Women experts in internet governance bring valuable expertise and are essential for balanced decision-making. However, it is often assumed that their primary focus should be on addressing women’s issues, limiting their contributions to a narrow scope. This expectation unfairly restricts their ability to fully engage in broader discussions and decision-making processes.

Gender stereotypes and cultural norms also present obstacles for women in the field. In some cultures, women may face higher expectations to conform to traditional gender roles or may experience a lack of respect for their professional opinions. These challenges highlight the broader issue of gender inequality, which poses a significant barrier to women’s meaningful participation in internet governance.

Despite these challenges, there is evidence of progress. Compared to the early 2000s, there is now more space for women in the field, indicating a positive trend towards greater gender diversity and inclusivity. However, it is crucial to emphasize that this progress should not be taken for granted. Continued efforts are necessary to encourage and support women’s participation, ensuring that their competence and contributions are acknowledged and valued.

It is noteworthy that the sentiment towards women’s involvement in internet governance is mixed. While there is optimism about the progress made, there is also an acknowledgment of the ongoing challenges that need to be addressed. This recognition underscores the need for a proactive approach in actively promoting gender equality and inclusivity in the field.

In conclusion, significant strides have been taken to involve women in internet governance, but there are still obstacles to overcome. The African School on Internet Governance stands as an example of progress, but it is essential to continuously challenge gender stereotypes, cultural norms, and expectations to create a more inclusive and equitable environment. By fostering sensitivity, respect, and acknowledging women’s competence, we can continue to improve the representation and contributions of women in the field of internet governance.

Liz

The participants in the discussion focused on several critical issues regarding gender equality in the digital sphere. They highlighted the disproportionate impact of information and communication technologies (ICT) on women, noting their lack of access and representation in this field. They also emphasized that new technologies, such as artificial intelligence, further marginalize women. This negative sentiment stems from the argument that internet governance, cybersecurity, and emerging technologies suffer from inadequacies in accessibility and representation for women.

However, the discussion also highlighted positive initiatives. One of these initiatives was a project that aimed to build the cybersecurity capabilities of women. Through collaborations with organizations like the International Telecommunication Union (ITU) and universities, the project sought to empower women in this field by providing training and educational opportunities. This positive sentiment underscores the importance of fostering digital literacy and capacity-building for women in cybersecurity.

Moreover, the session emphasized the significance of formulating inclusive policies and decisions that prioritize women. Notable examples of this were highlighted, such as the efforts to implement policies at Kickternet and to incorporate feminist principles in internet governance at RIA. These initiatives aimed to ensure that policies and decisions are made from a gendered perspective, promoting inclusivity in the digital world.

Additionally, the discussion stressed the need to enhance data and research capacity in order to study the effects of digital inequalities more comprehensively. By developing research capabilities and conducting after-access surveys, it becomes possible to shed light on the realities of access and how women are specifically affected. This positive sentiment underscores the importance of evidence-based approaches to address and mitigate digital disparities.

Furthermore, the conversation explored the influence of varying terminologies and concepts of feminism between the global North and Africa. It was noted that many funding and theoretical influences originate from the global North but often fail to effectively translate into practice on the ground in Africa. Moreover, different conceptualizations of feminism in various African regions contribute to a disconnect. This negative sentiment highlights the need to consider local nuances and realities to effectively empower women in Africa, instead of merely replicating models from the global North.

Additionally, the speakers addressed the issue of cyber harassment and other barriers that impede women’s participation in digital activities, particularly in Africa. The growing online presence of businesses creates difficulties for women who experience cyber harassment, which affects their ability to actively engage in digital spaces. Furthermore, women aspiring to hold political office often face discouragement from cyber harassment and other forms of resistance. These challenges underscore the importance of addressing cyber harassment and fostering an inclusive digital environment for women.

In conclusion, the participants in the discussion emphasized the need to address gender inequalities in the digital realm. They highlighted the lack of accessibility and representation of women in internet governance, cybersecurity, and emerging technologies. However, positive initiatives were also recognized, such as the capacity-building efforts in cybersecurity and the formulation of inclusive policies. The significance of conducting research and collecting data to better understand and address digital disparities was also emphasized. Additionally, the discussion shed light on the impact of varying terminologies and concepts of feminism between the global North and Africa. The issue of cyber harassment and other barriers to women’s participation in digital activities, particularly in Africa, was also highlighted. These insights call for a more comprehensive approach that takes into account local nuances and realities to effectively empower women and reduce cyberbullying and violence in the digital space.

Moderator – Towela Jere:
So good morning, good afternoon, good evening to everyone, depending on where you’re joining from. This is the IGF 2023 Open Forum, appropriately titled, Whose Internet? Towards a Feminist Digital Future for Africa. My name is Toela Nyirandajere, I work with the African Union Development Agency in Johannesburg, South Africa, and I lead the Economic Integration Division team. And it is my singular honor and pleasure really to host this session, to moderate and actually co-moderate with my colleague, Alice, who is sitting in the room, and really happy to have both the panelists that are physically present in Kyoto, but also those that are joining online for this particular session. So just to give a bit of context in terms of the discussion that we will have today, I think there’s been a number of exciting developments from the African Union side in terms of the digital transformation strategy, which the Commission has been working on in terms of unpacking that into a number of different policy frameworks and strategies for implementation, including very deliberate strategies related to data policies and data governance, looking at issues of digital ID, looking at issues of the transformative aspects of digitalization as it applies to different sectors across the continent, whether it’s in agriculture, health or education, and really trying to see how to appropriately position ICTs and digitalization at the center of Africa’s economic transformation. I think attendant with that, of course, will always be the discussions around gender inclusiveness and how we really ensure that all these different framework strategies adequately take cognizance of the important aspect of gender, and particularly the issues around inclusiveness when it comes to making sure that these policies and frameworks respond to the needs of women, that they actually are inclusive in terms of adequately positioning women, not only in the definition of the strategies, but also in their implementation and in the benefits thereof. So this discussion really is meant to give us an opportunity to delve into some of those issues. I’ve got a very stellar panel in front of me that will be really looking at this issue and trying to unpack for us from their experiences, what have they experienced in terms of gender inclusiveness, what have they done in terms of the work that they do in terms of promoting gender inclusiveness, but also the challenges that they have faced. We’ll look at some of the barriers that perhaps we need to address as we look at the gender transformative nature of digitalization, and then we will also look at some of the opportunities. Ultimately, at the end of the day, we want to be able to have recommendations for ourselves as women, recommendations for our policymakers, recommendations for our partners, and really recommendations that will ensure that for African women, indeed, the future is digital and it’s the digital future that takes cognizance of their role, both on the supply side and on the demand side, and in terms of also on the benefits as well. So maybe just to introduce my panel very briefly, and I’m sure as they also make their interventions, they will also perhaps supplement my very brief introduction with some additional information about the work that they have done. So in no particular order, we have Alice Munoz, who is the Senior Director for Africa working on a project called MRADI at Mozilla, and she has decades of experience working with multiple stakeholders on the continent on different issues, including being the founder and convener of Kittenet, and I’m sure she will tell us a little bit more about that in terms of her experiences with establishing that particular organization. We have Bonita Nyamire, who is joining us online, Co-Director for Research at Policy Uganda, which is a think tank that works at the intersection of data, technology and design to improve government service delivery. We have Dr. Nnenna Enyi-Adjufo, board member of the Network of African Women in Cybersecurity and a professor of technology law. We have Ghana Ayman, a Pan-African Youth Ambassador for the Internet Governance Forum, and the students studying at Cairo University. We have Liz Orembo, who is a Research Fellow at Research ICT Africa based in Kenya, and she basically has worked also in other capacities carrying out national cybersecurity assessments. Last but not least, we are joined by the only male on the panel, so he will give us the male perspective, but also perhaps the partner perspective on this. Tobias Thiel is the Director of the GIZAU office in Addis Ababa, and we are really pleased that he is able to join us for this session. So with that, let’s get into it. We will, of course, have a few rounds of questions and specifically to the different partners, to the different panelists. But we’re also very much welcoming our online participants to also, I think, make use of the chat functions in terms of your Q&As and then also in terms of the people that are in the room. Also, please hold your questions so that we can take them when we do the Q&A session. Just to also acknowledge the fact that Alice has generously agreed to support and co-moderate this session with me, and she will be helping us with the Q&A part of the session. So Alice, I’m going to start with you and really just looking at the different experiences that are in the room and among the panelists and how we have all traversed this digital journey. I think you’ve been working in digital policymaking for a long time. You helped establish the Kenya ICT Action Network, KICTANet. You have done a lot of consulting, including for the African Union, and you are now working for Mozilla as a director. So maybe just share with us what has been your experience in terms of paving the way, I think, for so many young African women who are on this journey and hoping to follow in your footsteps.

Alice Munyua:
Thank you very much, Toela, and thank you very much, GIZ, for inviting me to be on this panel and to co-moderate with you, Toela. I’ve known Toela for very many years, and you’ve really made me – you’ve aged me. You’ve really made me – yes, yes. I’m actually quite old in this space, having started when we used to call this communication for development, or even before communication for development, we used to call it social communications. So, yes, you know, and yes, my first job was actually beginning to look at what the internet, the impact that the new so-called internet was having on society when I was then working for the Vatican, the Vatican Radio, and we were creating the Vatican II Council. Okay, God, yes, I’m old. And we were the first ones to actually begin to interrogate what this so-called new technology was about and what impact it would have in society generally. So – and yes, I was actually the second or third cohort of women to be allowed to attend the prestigious Pontificia Universitas Gregoriana at the Vatican, and also as a program assistant for the African service of the Vatican Radio. So my background in communication is quite, you know, very fast, and my fast laptop was actually those huge things that needed a whole wheelbarrow to carry when I lived in Rome, so it’s quite a long journey. And by then, then, you know, we were looking at radio, and then from then the internet, and then I was involved with the World Summit on the Information Society, and there really acknowledging that there was a huge gender gap in that women were not involved in the discussions, the discourse, and even the building of this new technology, the internet. So that’s how far I come, and I would find myself in these spaces as the only woman, and for those who know how that can be – I don’t want to – I mean, I think I am going to use the word violent. It can be really a violent space to be the only woman and the only black woman in these spaces, but then we did it, and also then coming home to Kenya where the Kenyan government had declared the internet illegal and having to fight that, that whole process. Our government actually did not want the internet introduced in our country because there was this perception that it was taken away from the Kenyan posts and telecommunication, what you used to call telecom Kenya. Lonely journey in that we didn’t – nobody understood this technology. The government policymakers did not understand this technology, did not understand how it could contribute or what value it was bringing to its own national development framework or the way they thought about the development framework. So it’s through that and through joining together with – I actually started working – my first job was with the Association for Progressive Communications with UNREIT here running as their program officer for communications, running a huge project called Catalyzing Access to ICTs in Africa that was funded by the UK government, the DFID. And it’s from there that I then created the Kenya ICT Action Network simply because the reason why I created the Kenya ICT Action Network was because a lot of people – on one end you had government that did not understand the internet. Then you have the private sector that understood the potential of the internet, and there was the civil society that also understood the potential for the internet in democratizing communication. And we were all fighting each other, you know, pulling each other. And so I took on the responsibility to try and bring us together. And those who are Kenyans know that around this period until today – and it’s not just Kenya, actually, it’s globally – when you’re fighting for any right, it’s very easy to be branded, you know, terrible names. There’s an African saying that when a hyena wants to eat its cubs, it first accuses them of smelling of goats. And so we were accused of being activists. And because once you’re called an activist in Kenya – I don’t know about other countries – it means that policymakers are not going to listen to you. Neither is the private sector. Actually, neither is the media, unless they’re really courageous to put down and to expose what we are trying to advocate for. So luckily for us, there was a huge policy window. A new government came in, the Kibaki government in 2000, and there was a policy window. And at that point, the Ministry of Information and Communication was created. And two of my really good friends, Honorable Tuju and Honorable Regé, were then appointed Tuju as the minister and Honorable Regé as the permanent secretary. But then they made the mistake of disbanding the communications commission, the regulatory body, the board, and by then had left the APC and was fully committed to just convening and ensuring that Kiktonet was running and fighting to have an ICT policy framework that would allow especially the private sector and civil society to then do work in the country. And guess what? Kibaki then appointed me to be a commissioner on the regulatory authority, and I served for six years there. And serving with the various ministers, it was fast. The first was second and third. We managed to bring in the fiber optic cable, managed to create competition, signed. I’m the one who was the chair of the technical committee of the communications commission of Kenya then. It used to be called the CCK. Now it’s called the Communication Authority. Including signing the papers for what the famous mobile money, M-Pesa. Mobile money is the most famous mobile payment platform actually in the world. And even Kiktonet is actually the only network of that nature. Although currently it’s completely different. Government no longer actively contributes. It’s become a think tank, which is brilliant because we had not anticipated, and Riet will actually affirm to this, we continue to do a lot of monitoring and evaluation. And we’re very clear that we didn’t expect Kiktonet to survive beyond the creation of the ICT policy, that it has survived beyond that. It’s a huge legacy, and I’m very, very proud of what it is. But it was actually quite difficult doing that as a woman. It was lonely. I was the only woman, but I was very, very fortunate to be supported by a very strong team of men and allies. So the former minister of information communication, the immediate former minister, Joseph Moshero, created the network with me. And it is what it is now. And as a woman, and I knew how difficult it is, especially for young women to get into this kind of leadership position, so I only stayed long enough to be able to pave the way and hand it over to the current convener, Grace Githaiga. And I remember making her promise me that she will not continue becoming a convener for more than five years so she can hand over to the next women, so we can have even more women in this space. So I moved from there and worked with the African Union for about three years. That was, I think, the most difficult period of my life because I became the punching bag. I was an easy target. I became the punching bag for our top-level domain, .Africa. We were fighting for our top-level domain, .Africa, from an American that wanted it. So an American wanting a domain name that belongs to an entire continent. How I became a punching bag was because I was the only woman among a team of men that was fighting for that. We eventually had the domain name delegated to the African Union and with the back-end manager, the ZACR, and I’m really proud of that. I moved from then and I am now leading and worked for Mozilla for about two years as the policy lead for Africa, and I’m now leading a program that’s looking at having Mozilla’s presence in the global majority. So in Africa, South America, and Asia. Because Mozilla is an American company that hasn’t actually made such a huge effort to be global. So my role is actually to create a blueprint for Mozilla to show up globally and to show up globally differently because Mozilla is not big tech. Mozilla is a mission-based company, although I work for the corporation, not for the foundation. But we are a very different kind of corporation. We believe in an internet that is truly healthy, joyful, and puts people, especially women, back in control of their online lives. I’ll leave it at that for any questions. Back to you, Toela. Thank you.

Moderator – Towela Jere:
Thank you very much, Alice. And I think maybe the themes of persistence, resilience, and also being able to pave the way and hand over and pass the baton to other women, I think, are coming through in terms of your story. So I’m going to turn to you, Bonita. And I know that you do quite a lot of research in terms of looking at issues around women’s participation in the internet. You have co-authored a very interesting report about alternate realities and alternate internets and how African feminist research can actually guide a feminist internet. And I’m curious to know a little bit more about this research and really what were the most interesting insights that you were able to uncover, Bonita.

Sonya Annasha Bonita:
You can see me and hear me. Please let me know. Thank you. My name is Bonita. As already introduced, I work for Policy as a co-director in research. And the research that Toela is talking about, we conducted as Policy in 2019-2020. That was in five African countries, Uganda, Kenya, South Africa, Senegal, and Ethiopia. And in this research, we looked at experiences of women who use the internet. So general women who use the internet and wanted to understand their experiences, gain an insight into their experiences while using online spaces, while using the internet. And we got very interesting, what we can say interesting findings, but also very sad findings on the side of women. And some of the key findings that we got were that that all women are generally affected by online harassment, you know, in online spaces, on different platforms. And it is not that only women are affected, even men are also affected by online harassment or online gender-based violence, but women are significantly affected. They are more affected compared to men. And we also discovered that it was different categories of women that affected by this online harassment in these digital spaces. There were categories that was more affected than the others. And we looked at, we saw women who are in positions of leadership. Like Alice was saying, she was, you know, a punching bag, very, very true. I relate with her experience physically, but also online when it comes to women who are in leadership positions, both political leadership and other leadership positions. They are very, very significantly affected by online harassment. Then women human rights defenders, again, goes back to Alice’s job at one point as a woman human rights defender. They are also significantly affected by online harassment because of the work they do. You know, they are trying to, you know, to create safer spaces for other women and girls. So they really become punching bags in online spaces, but also in offline spaces, like Alice really said. Then women in the media, women journalists, bloggers, influencers, you know, because of the work they do. You know, they are in the face, you know, of the TV, of online platforms every time, sharing news, raising awareness on different issues. So they also significantly face or experience online harassment. So those were the key categories of women that we found that are significantly affected by online harassment. Then the other key finding from our research was that issues of online presence for African women are not as well attended to if you compare to other forms of violence. And this is about online gender-based violence. So we found that other forms of harassment or violence or gender-based violence, they are well attended to, they are articulated, they are policies which are very straightforward. But if you look at online harassment, online gender-based violence, it is not as well as explored if you compare with, for instance, domestic violence, with intimate partner violence, with female genital mutilation. I’ll give an example, for instance, if you come to Uganda to any police station looking for registered or recorded cases of online gender-based violence, you will hardly find any. But you’ll find cases of domestic violence have been recorded, cases of intimate partner violence have been recorded. FGM is very recorded in areas where it was in Uganda or is still even up to today. So you find that these issues of online gender-based violence among women, they are not as recorded as if you compare with other cases of forms of violence against women. So which is a very, very big gap. They actually tend to be pushed away and they are told that, oh, this is a small thing that you can deal with. You can handle that. It’s very simple. Or you actually, you are the one who caused it, go and handle it. And it is because of the work they do. It is because of their presence on online spaces, in digital spaces that they encountered these experiences. So that was the other key issue that we found out. Then the other one was that what we see offline actually is reproduced online. The discriminatory agenda practices shaped by social, economic, cultural and political structures that we see offline, they are really now reproduced online. Whatever women are encountering in offline spaces, they are now seeing the same thing happening to them in online spaces, on social media platforms and so on and so forth. The other key finding was that the policies that exist for countering online gender-based violence among women, they are not very explicit about this kind of violence. They are very silent. They talk about cyber security. They talk about discrimination in online spaces. There shouldn’t be discrimination. There should be equality online. The internet is a human right, even for women, but they are not very explicit. They don’t really come out to say online harassment. They don’t really end against women, because we have other policies, more like domestic violence, intimate partner violence, saying all A, B, C, D, X, Y, Z about women, about girls, about children. So that is not yet happening in the context of online gender-based violence. So most of the policies, even the normative frameworks, they talk about gender equality, but they do not really come out about this form of violence. So those are some of the key findings that we established from our research, and I will leave it at that. Thank you very much.

Moderator – Towela Jere:
Thank you, Bonita, and really thank you, I think, for highlighting, I think, the fact that perhaps there’s a lot of asymmetry in terms of the information that is being captured about women’s experiences online, especially when it pertains to the harm that is caused by online spaces, and how that perhaps can then impact on the women’s ability to engage effectively with online spaces. I think it’s also important, maybe as we continue having this discussion, to always be mindful that in our context, I think women span a very broad socioeconomic base. So you have women in the rural areas, you have women in the urban, very urban, and all of these women are having different experiences of the same issues, and the question is, how does one then also begin to address that as well? I’m going to turn to you now, Nnena, and I know that you are a prolific academic and researcher, you teach on law and technology in the UK, but you’re also very connected to the policy spaces, not only globally, but on the continent as well, and you have a leading role in the AU Cyber Security Experts Group. So I’m curious to hear from you, what have your experiences been as a woman working in this field, but working, I think, in two different contexts, one in the UK, one here on the continent, and really trying to navigate that space in terms of the intersection of law and technology, but also your journey as a woman in that space, Nnena.

Nnenna Ifeanyi-Ajufo:
Thank you so much, Toela. Namaste, thank you to our Danepad for this very important conversation, this panel, and of course to GIZ as well. In terms of personal experience, I would say that a huge motivation for me has been women’s rights. 17, 18 years ago, which is also interesting to see the dimensions, the differing dimensions of our conversation in terms of women and the discussion. I was researching into criminal human rights abuses, international criminal crimes in Anglophone Africa then about 18 years ago, and it struck me one day how women’s voices could be amplified in terms of being witnesses or being victims. And interestingly, years later, the International Criminal Court is now accepting digital evidence. And for me at that time, it was how do I work in an area where digital evidence, human rights, cyber rights would be relevant. And I think as we have these conversations, there are three key issues that needs to be underscored. The first one is human rights and technology for women, which Bonita has talked a lot about, digital rights. There are also questions of cybersecurity and women, which Bonita has also highlighted. And also bridging the digital divide is key in Africa because sometimes when I think about bridging the digital divide in Africa, there are still levels to it. Africa remains the least digitalized region in the world, but not just bridging the gender digital divide as we talk about, but also enhancing inclusion and ownership in the digital space for women. These conversations need to be had in this sort of, when we promote these discussions. Now, in terms of my experience and aligning to promoting women and enhancing women participation and rights for women, I will first of all start by saying that in the policy space, I’ll come to the research and academic perspective. In the policy space, there is very little focused and targeted policy implementation and even policy development for women in Africa. What we have seen is sort of a charity approach to these conversations. Sometimes I usually say it’s easy to come for election campaigns and hear men talk about what they would do for women. And of course that is also reflected in the digital space. So it’s easy for new policy makers to talk about what they want to do for women. But in reality, these policies are not clearly conceptually clear and they are not even, there is no plan to implement these policies. The other issue is a lack of a harmonized approach to these issues. Now, one of the things you pointed out is being in the UK, you would see a more harmonized approach to these issues. It is clear that this is what the policy is all about. This is what the target, this is what the outcome, this is what the goal is. In Africa, there is no harmonized approach, whether from the African Union regional level, the sub-regional level, and even at the national level. So even at the national level, you have this sort of fragmented approach to the issues of women in the digital space, whether it’s for inclusion, whether it’s for participation, digital empowerment, cybersecurity issues, or questions of digital rights. What you then have is a more individualistic approach in terms of capacity building, in terms of access. You have individuals who want to help, you have civil society organization, like Bonita’s organizations. But then when you then talk of having it harmonized and measuring the implementation is usually a challenge. The other issue for me is Africa’s digital transformation strategy. I mean, we’ve done well by pushing out a digital transformation strategy for the next 10 years, but I usually ask, where is the accountability in terms of the digital transformation strategy? Are we clear on what we want to achieve with the digital transformation strategy? What is the short-term implementation? What is the long-term implementation? It has been there for three to four years now. Where are the gains? We don’t see any document anywhere telling us this is what has been achieved, who has achieved what, and where we are going with the strategy. And I think we have to be practical with these conversations. It is very silent when you talk of women. And so there is even a lack of prioritization of these issues. And I think that is where we also need to start having the conversation. Are we prioritizing issues of gender? And when we talk of gender in Africa, we usually think, oh, it’s all about empowering women. It’s just about women, but it’s a whole triangle of even empowering children, girls, the girl child, children, and even the family as a whole. And if you look at Africa’s charter on human rights, Africa is one continent that actually stipulates culture and family as a key issue. And I think it’s something that should be reflected in other aspects. Now, I also want to talk about research. I think in 2017, I was privileged to do a human rights publication on human rights and technology for African women. And sometimes I go back to look for research in relation to women in Africa. There is none. Interestingly, I’m working with Bonita on an edited project on cyber rights. And it’s been a struggle getting that book published. She knows about this. And it just gets me to reflect on the challenges you have with research. First of all, the challenge of having African researchers in the field. We can’t do anything without data. We can’t do anything without research. And I think it’s one thing I’ve noticed in terms of my experience is a huge challenge in that aspect. We can’t have these conversations if we’ve not mapped the realities. And I know ICT Africa, Lizzie is here. They’ve been trying to do so much work as well. So we can’t have these conversations if we’ve not mapped the reality. It becomes more hypothetical than it is real saying, oh, Africa in terms of culture, gender issues. But then in reality, if we can’t map the reality, then we can’t actually answer or have a valid conversation about these issues. And as we go on, I can talk more about other experiences. Thank you.

Moderator – Towela Jere:
Thank you very much, Nnenna. As I will not attempt to summarize all of that, but I will say that what has stood out for me is the fact that number one, we don’t want charity. We don’t want tokenism. I think women want to be adequately included in all aspects of whether it’s policymaking, policy implementation, research, and just making sure that our voices are heard. And I think that to the point around really the research and the data and the evidence, I think there is also, I think, a space perhaps for having a conversation about how as women we’re going to show up in terms of leading and driving some of these processes, including holding our institutions to account when they develop strategies and when these strategies now need to be implemented. So, Tobias, I’m going to now turn to you. You have heard from three very powerful women. One more is still to come, but I’m curious to know from you now in the role that you have working at GIZ, working with the African Union and really managing that cooperation between the GIZ on behalf of the German government and the African Union. Based on your experience, how do you see Germany’s development cooperation adequately supporting Africa’s digital transformation? And what role do you see gender inclusiveness playing in the digital sector, Tobias?

Tobias Thiel:
Okay, I’ll try this one, yeah. Thank you so much, Tovela, and good afternoon to everyone and good morning to those who are joining us online from the African continent. It’s a real pleasure to be here at the IGF and I would just like to use the opportunity to thank our hosts, the GIZ, and the African Union for their support. I used to seize the opportunity to thank our hosts, the government and people of Japan for doing an absolutely wonderful job at the hospitality here in Kyoto. Since I identify as a feminist and an ally in the cause of women’s empowerment, it’s of course a particular honor to be on a panel that is basically, except for myself, only staffed with powerful and inspiring women and I believe that this actually sends also an important signal because I think we all know that there is a tendency in international conferences for panels to be rather male-dominated. The theme of this session is actually a very important one for the German Development Corporation. I mean, a feminist approach to Africa’s digital transformation. It both resonates with the German Development Corporation as a whole in terms of general policy but also especially with the work that my colleagues and I are doing in the context of our work with the African Union. So as you might know, the German government has made gender equality a key priority and that includes also having a foreign and development policy that takes gender equality as a particular priority. So the German Federal Ministry of Economic Cooperation and Development, the BMZ, recently introduced a new strategic approach which it calls the feminist development policy and at the core of that policy or strategy lie the three R’s. There’s a focus on rights, resources, and representation as sort of three important dimensions that we need to consider when promoting the cause of women’s empowerment. So in that spirit, Germany has set itself the goal of dedicating directly 90% of the resources of the German Development Corporation portfolio globally to contribute to gender equality by 2025. And this feminist agenda is, of course, also a close guiding principle for our cooperation with the African Union, including AUDANIPAT, where Tovela works. And together in that context, we aim to eliminate discriminatory structures for women and girls and other marginalized groups in the field of digitalization and data governance. And in this context, we try to ensure particularly that female voices are systematically considered in all of the activities of the German Development Corporation portfolio and not only that these voices are included, but also that they actually heard and find the right resonance. And the reason why we do this is out of the conviction, the fundamental conviction that sustainable development cannot be achieved if we don’t address the fundamental flaws and inequalities in power structures. And this includes women particularly, who constitute 50% of the population of this planet, but it, of course, also includes any other group that experiences any form of discrimination based on any of the criteria or characteristics. So, and in that sense, it’s particularly important that gender equality and inclusion become a reality for all. Thank you.

Moderator – Towela Jere:
Thank you very much, Tobias. Thank you really for highlighting those three R’s, the rights, the resources, the representation. I don’t know about everybody else, but I definitely have latched onto that 90%. So we will see how we also make sure that we are able to direct resources adequately towards the participation of women. But I think it’s also perhaps a challenge to the continent as well, in terms of being able to also direct more resources to amplify the voices of women. My last panelist, I believe Liz is now in the room. Before we go to taking some Q&A and comments from the room and from those online, Liz, I’m just going to invite you to really share with us your experience in terms of the work that you’ve been doing in intergovernance, in multi-stakeholder engagement in Africa, and really perhaps just getting to hear from you, your experience of the gaps in terms of where the women’s engagement in digital processes is evident. And then also what else you have found in terms of your work, both at RIA, as well as at Kiktonet. Liz.

Liz:
Thank you, GIZ, for inviting me to this session, which I’m so passionate about. And I’d like to start off by saying my story is not a movie like Alice Muñoz and the rest because she actually opened up ways for us, other women who are coming after her. And actually my story started out from the global internet governance that she organized in Kenya in 20, was it 2012, 2011. Then I was a student and I was struggling to find out where I would fit into the society as a second year student taking communications, bachelor education communications. At that time I was struggling to see whether I would like to be a poet, I would like to be a singer, I would like to be all those things. But then I stumbled upon, I noticed that said something like, do you want to know how the internet works? And I started volunteering for that organization. But what I didn’t know is that I was working on the wrong side of the history. So when Alice says that she was being bullied, I was on the team that was bullying her. I wasn’t bullying her, but I was on that side until I was invited to the global IGF to market the other side of dot Africa. And then I got the story and I was invited to intern at Kenic where she was a board member. So it was a very good experience from that leadership and from there I got to have a chance to be in the team that actually formed Internet Society Kenya Chapter, which was a struggle to form because of many, a lot of political issues through the 10 years, but it was a success. I’d like to say that during that year, tech was really developing in Kenya, but it was so much of an elitist thing and a men’s thing. So being in that field as a woman, it was intimidating and I would agree it’s also violent because you raise your hand, no one is interested to get what you’re saying. And even when you manage to say something, no one acknowledges it. And it’s those tiny things that actually discourage you from continuing being in the space. At that time, as a woman and as a youth, the spaces to participate in Internet governance was very, very little and it was a struggle to stay in the space. Because one, you need to sustain yourself in the space, you need to travel, you need to contribute as a volunteer. It’s meant that at that time you’re struggling between finding a job that actually pays you and actually doing some of these passionate things. And also, when you’re attending meetings, as a young woman, you’re assigned the role of a note taker and you don’t get to contribute to those meetings. So for a very long time, I was a note taker, but it wasn’t a disadvantage. It was a disadvantage in the end because you get to understand, because the field is so dynamic, it meant that you get to understand what people are saying. You have to put it down in a way that other people also understand what is communicated in those meetings. And that really helped grow my career. So from there, when Gigi was taking over Kickternet, she invited me to be part of the board members of Kickternet. And I would say the experience there was exciting and challenging at the same time because that was when internet governance and the usage of internet was really opening up in Kenya. And we had to start demystifying concepts of net neutrality, privacy, in a way that policymakers actually understand. And I think that was the most exciting thing for me during that time. And I remember now moving it forward to now when we are trying to tell people about the concepts of privacy and the data protection, now it’s very, very easy. I remember the first times when we were advocating for the same and trying to get parliament to put in a data protection policy, parliamentarians would ask, if you’re a good citizen, what do you want to hide? And what would citizens want to hide? And those were very difficult questions also to answer from our end. And so conceptualizing those concepts in a way that policymakers and even people on the ground got to understand and even start working on those policies was a challenging thing, but it was also exciting at the same time. So I continued working with Kickternet. And I think, as Alice mentions, that we moved from that space of engagement. It’s still an engagement space, but you also realize that much of the things were being said on the list, but not being carried out or even being followed up. So when government made a commitment to say that they want to follow up with data protection frameworks, then they would need someone to help them, the civil society to help them. And Kickternet became that civil society that actually helped them through policy implementation. That meant that we had to be registered. That meant that we had to start designing the organization from just where people just engaged, but also people collaborated at the back end. So after Kickternet, I moved to Global Cybersecurity Capacity Center, which was another exciting venture for me. I felt like I had done enough at the national level, and we had opened up spaces for participation through the Kenya School of Internet Governance that brought in very many experts from different fields to start working on internet governance issues, which Kickternet by itself could not have done that because it was so overwhelming even for the organization. For the GCSEC, another exciting work, like I’ve said, and I’ve worked with Toela. At that time, I started working with RIA because they were very big partners with the GCSEC, forming the Global Cybersecurity Capacity Center for South Africa, C3SA. And that’s where we worked with governments to actually build capacity, national capacity on cybersecurity. There, again, it was another space where women were not actively participating, and especially African women. And we started driving the concept of cybersecurity not just being a technical thing, but it also has a people process, and women were so instrumental in participating in cybersecurity policies. And also because they are also most vulnerable because digital literacy, they’re on the other side of the disparity on digital literacy, access use. The domestic nature of African homes is that women manage the small bills in homes, and they’re the ones who use the mobile money, they’re the ones who manage the homes. So even being targeted by cyber, what do we call them, the social engineering tactics was very easy, like someone being told that your child is sick, please send this kind of money or they’re in danger, and they would be vulnerable from that point. So with those projects, we started seeing the need of getting more women into the space of cybersecurity capacity. We started, we partnered with ITU, we partnered with some of the universities that we were working on, universities in Cape Town, universities in Tanzania, on global cybersecurity, on capacity building CCB for women. And from there, I see more women participating, the alumni in those programs participating actually. So I worked at the GCSEC for like one or two years, one and a half to two years, and then I felt like I wanted to develop my research capacity, and I moved to RIA. And the first project with RIA was conceptualizing the feminist principles that would go into the GDC, was the new deal that we want. And that resonated so much with me because through my work, I’ve been seeing how women have been affected disproportionately by ICT. They lack access, lack of representation with the new technologies. They become even more marginalized because they’re not seen in the new technologies like AI, which also automatically makes decisions for them. So these decisions are biased, even in the first place. And from there, we started developing not just feminist principles, but African perspectives to it into these global processes that are actually starting, and we are continuing to make submissions to engage with the technical envoy and with other partners on these feminist principles of them. And in every submissions that we also make, we also try to see the gender perspective of it. And from the access research, I think this is something that we’ve been seeing through the IGF, that the inequalities that are actually reflected from the after-access surveys, that women are so much disproportionately affected in such a way that there’s so much economic injustice for them to participate economically, politically, and even socially. And what the after-access survey does is to provide this disaggregated data so that you can see the realities of access and how they’re affected even beyond. I’m going to stop here, and then I’ll welcome any questions if you have.

Moderator – Towela Jere:
Thank you very much, Liz. And I must commend my panel, because I think you have made our work a little bit easier, because you have managed to touch on a number of things in your intervention. So looking at your experiences, some of the barriers, and maybe even some of the opportunities. So what I would like to do now, because I am mindful of time, and I also would like to give space for discussion and dialogue and Q&A. So I’m going to open the floor now for questions, comments, inputs, both from the online and those that are physically in the room. And for this, I am going to hand over to you, Alice, to manage for us this process. And Fabiola, I think, will support you in terms of the online interventions. Over to you, Alice.

Alice Munyua:
Okay. Thank you. Thank you to all. And thank you to all the other panelists. So I’d like to open it up to any questions from the room. Microphones, one there, one there. And there’s also roaming microphones here.

Anna Margaretha (anriette) Esterhuysen:
I want Andri to say what I told her many years ago. She looked at me in one of these meetings and said to me, because I offered, put up my hand to take notes. And she said, you never do that. But actually, as someone said, I don’t know, who was it? Was it you, Liz? Well, someone said that if you take notes, it does give you a certain kind of power as well. Yes, it does. No, I just wanted to say that I think, I mean, it’s really amazing to listen to the stories. And Alice, a movie is a good idea, I think. Liz is right there. My name is Anriet Esterhuisen. And I, together with Alison and the African Union, organize the African School on Internet Governance every year. And I think the one thing that I can say for that is that we’ve made huge progress. We never struggle to get good women who are experts. Tawela is one of the founders of the school. So having Tawela there as well, it’s just very difficult to get hold of her. She’s so busy. But there are women in the field. We have them on this panel here. And there are others. So the expertise is there. We always have at least half the participants also women. But there are still, there’s still resistance. I think there’s still particular, there’s still assumptions. There’s assumptions that women experts have to deal with women’s issues. And that if women or gender issues are on the agenda, it has to be women that put them on the agenda. And then I think at the level of cultural norms of expectations of how women behave, there are still huge barriers. You know, I think several of you mentioned the bullying, the expectation of how to behave as a woman in this space. You’re not supposed to be controversial. You’re not supposed to really be challenging, particularly not challenging people in authority. I think in Africa, there is respect as a very much part of the culture of how we work. And I think it can sometimes be a little bit of a barrier. But I think, I mean, what we try to do at the African School is at least create a space where there is, where gender is recognized, even if that’s not the focus. And where participants are made conscious of the need to be respectful and to listen to one another. So, I think as one of our members of parliament who participated in this year’s school, when they wanted one of the women staff members to type their notes, she said no. And in a way, that’s how we are trying to contribute to establish more sensitivity to that. But I just want to commend you, really. I mean, Alice, listening to you and talk of those early years with Minister Tuju, how hopeful we were, and then how many challenges there were. I really think there has been a substantial change. There’s still lots of challenges. But compared to the early 2000s, I think there’s just, there is more recognition, there is more space for women to be in this space. And I think it’s done by people like yourselves. And Alison over there as well, who never stops annoying government officials and policy makers with all her very disturbing statistics.

Alice Munyua:
Thank you, Andrea. Yes, please.

Audience:
Is it working? Okay. Thank you, Alice, for moderating this. And thank you for weathering everything that you went through. And it is absolutely wonderful. I am a woman. You’ll be surprised, because on my right side is a woman, and on my left side is a man. So together, if you take the word woman, you put a bracket at the man. So you find the set is a woman, and a man in a subset. So I am a subset of a woman. My mother didn’t go to school. And it is because of a man. His brother, when she passed to go to the grade four, she was told that you cannot go to school because you are supposed to be working, doing the fields, and taking care of the cows. So when my mother told me that story, I made up my mind then when I was in primary school that when I grow up, you know, if I have a boy and a girl, they will grow on equal footing. So thank you for everything. So my thing really is to say that we really need to make sure that we continue to support girls and boys to grow up together, to work together, to support each other, so that as they grow up to become full women and men, they defend each other in terms of supporting each other. That is all I wanted to say. Thank you. Thank you for being an ally. There’s a lady there. Hi. Hello. Sorry. I had my hands up. I’m behind you. Hello. Hi. I’m sorry. It’s okay. Can I ask? Yes, please. Thank you. Sorry. So my name is Tagus. My name is Tagus. I am from APC. So now everyone is looking at me, so I’m just scared. I’ve been following the conversation actually online because I was supporting a friend who was in need of some consulting. But thank you, Farben, for sending me the link. So I have listened to most of the conversation, and it has been very engaging. And it’s so inspiring to hear feminist researchers having a conversation in a room because I think we’re stuck with gender as part of analysis but not feminism being welcome in spaces. So it’s a good and refreshing thing to hear. I have a couple of questions maybe if the panelists can respond to. The first one is, I mean, in this IGF, one of the things that we have realized is thanks to organizations like APC, after decades of struggle, that we now get to see online gender-based violence with its new terminology, technology-faceted gender-based violence being part of the agenda. You hear it everywhere. Everyone is picking it up, which is awesome, which means that part of the struggle has been won. So that’s a good thing. So for me, my question is, it seems like in terms of—this comes from a research perspective—it seems that we are much more inclined into talking about online harassment, which are very valid conversations to be having, and dog-seeing and other—they are very predictable thematic areas that we keep on picking up on. And I feel like there has to be a way in which feminists have to start thinking about expanding the idea of violence, specifically online, from a multiple perspective. And I think I kind of came to that realization after we have experienced it—I’m also from Ethiopia—a war in different regions, and the online space being a propaganda space for justification of rape against women, and that being seen not only from a government perspective, but also even from international media, who have been reciting around that. And I think that kind of reciting—that kind of work needs to resurface in this space, so that the urgency of the matter can be much more pertinent. So, that’s my invitation, and also I would like to ask for people to start thinking about expanding the idea of online gender-based violence from multiple spaces. The other one is, how feminists is our work? I’m asking that because we tend to write feminism, but we end up doing a gender analysis. For me, they are two different things, because feminism has its own values in terms of really prioritizing women in gender-diverse communities. And in that sense, how do you reflect about the sector that we are working on, and then how are you dealing with trying to bring in feminist issues in that space, by dealing with those who are— are only interested in the analysis of it. The last question I have is, and also, how do you deal with, this is also, again, from a research perspective. One of my critics that I have is, in this kind of online gender-based violence, we tend to categorize women in the LGBTQ community together. And then the analysis, even the conversation, end up being about women. And so how do feminists start making sure that the LGBTQ community are not just there as a list, but also as an active allies, and active contributors of knowledge? And so, yeah, I’m asking that question. Thank you.

Alice Munyua:
Thank you for those questions. Would any of the panelists, because these are research questions. Can I hand that to Nnenna and to Liz? Liz, do you want to start to respond? Nnenna, please? Yeah, Nnenna can start. Is Nnenna still online?

Nnenna Ifeanyi-Ajufo:
Yes, I’m here. Thank you very much. And I think it’s also a very important question for Bonita. She has also been engaged in research. Just to say that Tigi’s points, they’re very, very valid. One of the things, the project I talked about, the edited project that we’re struggling to work on, I think chapter two of that book is entirely on the topic I’ve termed Afro-cyberfeminism. And interestingly, you’re talking about these points. I agree with you. Sometimes it seems like the conversation is all about just cyber harassment. But I also want to point out that there are also other aspects of the core. It’s a broad discourse more than. In fact, when Toela was talking, I was like, apart from rural women, there are also questions of refugees, women who are refugees in Africa. Nobody’s really talking about this group. And in terms of access, in terms of rights, there are absolutely so many discussions that needs to be had. But I just want to say that, except we work together, I’ve been very careful not to talk about personal experience because if I do, people in the room or people online would actually pinpoint at maybe who I’m referring to in terms of some of the conversations and the challenges that we tend to have. And one of the things Lizzie also pointed out too is we’ve moved from this space of technical expertise to broader aspects, policy and all of that. And I’m excited to see that and read, Alison is in the room. I think we need to work more together and bring together the stories. The stories I’ve had today gives a reflection of the research perspectives we need to put out there. But what challenge you tend to have, like I said earlier, is lack of researchers that are homegrown. Again, I had the cyber crime working group of the GFCE. There is also the challenge of the Global North and the Global South dichotomy, which you find reflected in issues of research. For example, talking of LGBTQ, we have to look at the African realities and acceptance of these issues and then advocacy and campaigning to push these conversations. The fact that there are people in those groups who would want to also tell their stories, but because of the African reality to these perspectives, they also can’t come out to speak about their realities. So there is that Global South, Global North dichotomy. We can also move from just having an African conversation to more of a Global South, where we can look at challenges and look at commonalities in both regions. I think it would help if you look at, for example, Latin America and this sort of Afro cyber feminism conversations, and even from the LGBTQ perspective, there is a lot to share. So finally, just because of time, there are bodies, for example, like the UNECA. I know they are happy to work with organizations like the UNICEF, the UNICEF, the UNICEF, I know Research ICT is doing a lot. I think that there should be more platforms for research. People want to write. I know more and more academics in Africa, they want to write, but you also have this sort of Westernized approach to writing. Most people who are writing about Africa are actually not in Africa. And that’s a huge challenge. People tell you that publishers don’t actually want to work with them because they can’t validate the authenticity of their work in Africa. And I find that very off-putting. It’s triggering for me, but then you find that people want to tell your stories more than you can actually tell your story. And I think UNREC is here, the Internet Governance School. It’s a great agenda, and I think it will be an opportunity to highlight more of these issues, as well as give opportunities for more platforms for women to talk about this from the points you’ve raised. Thank you.

Alice Munyua:
Yeah, thank you, Nnenna, for that. And actually, thank you so much for bringing up the issue of the global North and global majority dichotomy, because even more nuanced than that, there’s the whole difference. When you look at feminism, there’s the way black women look at feminism and the way other non-black women look at feminism. There’s also that dichotomy that I think we should not shy away from talking about it. It should not, you know, it’s a controversial issue and we should not lose. And then, there’s a lady. Yes. Oh, here, I can give you this one. Okay. I can take it out. Okay. Oh, it’s to Liz. Liz. Yeah, yeah. Okay, let’s, yeah, thank you. Okay, let’s, yeah, take this one. Oh, is this one working? Thank you.

Liz:
Yeah, so I get it that what was asked was the terminologies of feminism as it’s in different regions, which you’ve actually started talking about. And this is something that we’ve realized, not just in my work with Ria, also with Kiktonite, because some of these concepts come from the global North because the funding is also coming from the global North. It comes with the conceptualization of how the global North faces it. And when you come to the ground, you realize that there’s a disconnect, that people don’t really, either don’t understand what you’re saying or they just listen to you, but there’s no impact that is actually going to happen. The other kinds of differences in these terminologies is how also different regions in Africa also conceptualizes the term, because it’s different from Francophone region, West African region, East African region, South African region. And also what you’re trying to do at Research ICT Africa is to also enact some of these conceptualizations so that when you are talking to policymakers, what are we equipping them with? Are we equipping them with evidence from what you get from the ground? And also with our consultation, we also try to reach as wide as we can so that we also get the contributions especially from Francophone, which is not really covered in the work that we do. So yeah, the other one was on cyber harassment and rights, which is also kind of the same. Most of the work that organizations in Africa and women do first go to cyber harassment, digital rights, women accessing opportunities. And which is rightly so, because we look at these things as just one thing, but it’s one thing that is actually affecting other areas of women participation, be it in business participation, because so much businesses are going online, so much marketing is actually going online. And when women can’t participate in these social spaces, it means that they can’t market themselves. They can’t even run for office. There’s this training that we actually did after Kenyan elections, where we called women who vied and started getting their experiences on how they performed and whether they would like to vie again. And they were so discouraged because of the journey that they’ve gone through. So it’s a series of harassment one after another. And through the campaign period, they think that this is just the last one until we go to vote. And then after voting, they even realized that even the promises that they got from the ground, nothing just actually materialized. So they think back and they’re like, all these hurdles that they’ve passed through, including cyber harassment, was it worth it when it doesn’t actually translate even to a single vote? So when we actually did that training, and it was a wholesome training, not just a cyber security training, but also for them how to engage themselves, much of it covered media literacy and digital literacy. You start getting hope and different approaches in how they also engage the society. So coming back to the terminologies and how they help, how to translate on the ground, is that some of these approaches, we have to be careful in how we translate them from the West coming down. Because it means that these trainings that we do, as much as we get funding from them, that one, they’re not having an impact and two, they’re even doing worse because they go out there with so much confidence, but yet they get even more backlash when it comes to implementation. I think the first digital security trainings we emphasize on women having a thick skin, which really didn’t help. And we tried to conceptualize things like, how should we take on our content online? Should we go with the norms that are actually there? If a woman is supposed to market themselves with how they dress, should they continue? Or should they continue with engaging with content? And we started mapping out how much of these women or giving examples of women politicians, especially who actually engage online with political ideologies rather than other types of content that are quite popular. And when telling them that their realities, that there are women who are out there who don’t actually conform to this content that are popular and actually attract so much cyber bullying and cyber violence and they can actually engage in ideologies, then they start seeing these examples as things that can actually work and they’ve actually started trying them out. So, yeah, in conclusion, I think, yeah, this, we can form our own ideologies of how that would look like and how, what approaches that you can use in engaging when seeking higher positions, political positions or whatever social positions that you want.

Audience:
Thank you, everyone. And so my first response, not a question, just supplementing the conversation. She’s asked a question that, are you equipping policy makers with evidence? And that is my thought process this whole time, which takes me back to a time last year when I was invited as a note taker for a consultation meeting where our, my name is Claire and I’m from Uganda, our Ministry of Information and Technology was trying to introduce a bill that is going to review policies and laws governing the media industry in Uganda and we’re holding consultation meetings. This particular consultation meeting was this big with just one woman, two women, another lady and myself was taking notes. So I listened to the conversation and the views that everyone in the room had and did my job as a note taker. When I was done with my report, what I did was to write my own recommendations as a note taker. But okay, well, this is what was discussed, but I think that we can do better to get more diverse views and I wrote about three pages of recommendations at the end and then included the list of women, what they do and how they can contribute to this discussion. And I also included evidence. One of the reports I attached was the report by policy that Bonita has been working on that talks about cyber harassment and stuff and other reports that have talked about issues affecting women in the media industry in Uganda. So I attached that to the report and included a note in the email to the person who had invited me. I said, here’s the report. I didn’t participate in the discussion because I had to listen to your views, but I’ve also added my views as a woman who is in the media industry and is affected by these issues. I’ve also included recommendations of women you can invite in future. Within a month or so, there was another activity that was involving the women that I had listed. So I think sometimes you just have to use the little opportunity you have to make your mark.

Tobias Thiel:
Thank you. Yes, thank you. I just wanted, from the perspective of a policymaker and the German Development Corporation, address some of the things that have been said here. I mean, first of all, I very much agree with my co-panelists that labels are something that is quite difficult. And we have, I would say, quite different conceptualizations of what feminism means, both between the global north and the global south. But it is also something that, even if I look at my own country, Germany, you will find a huge diversity of different feminist perspectives and streams. And I think what is important is not to lose the final end out of sight, which is that, I mean, there certainly are differences, but I think quite often the issues that we’re facing are quite basic. And there’s a lot of common ground, there are a lot of interfaces between different diverging opinions that we share together. And I think if we want to achieve something jointly, I think we should focus on that rather than dwelling on or having conceptual debates about which label is the right one. The second point that I think concerns us as policymakers a lot is also the question of how we translate what we observe, what we see into practice. Because we, I mean, we are always interested in improving the development interventions that we do. And I think it’s very important to have discussions like this and rely on the findings of research to actually have evidence-based interventions. And I think we often find that we’re still lacking a lot of detailed knowledge of what other specific obstacles that women face in terms of access to digital services, for example. On the one hand, so what’s the diagnosis of what are the issues? And on the other hand, what are effective ways, even if we know them, how to address them? Because we often work also in highly complex multi-stakeholder policy environments where there are power structures ingrained in informal structures, in ministries, in organizations. And so even having just a diagnosis is not enough to really design effective interventions. And I think that’s why the discussions like this are very important.

Audience:
Hi, everyone. My name is Tashi, I’m from India. It’s been a very fascinating discussion because although I’m not from the region, I have worked in the region in some way or the other. And I like how everyone talks about policy, people talk about regulation. My question was, I was actually looking at what are some of the best practices and solutions that organizations have when it comes to convincing women to come forward and report a complaint? And also, I mean, a complaint of an abuse or harm. I used to work on building multilingual repository of hate speech lexicons. Policy, people were talking, someone was here from policy. Policy actually used a data set for a report that they did out for online abuses against female politicians in Uganda. And I think there’s also a new report out for the Tanzanian region. I’m more interested in learning about how these discussions can help platform accountability, not with big tech, but maybe smaller platforms that would take these mechanisms seriously. But I’m really curious as to how Mozilla’s leading that work or GIZ is leading that work in keeping platforms accountable and how do we find solutions? Because there are so many of these mechanisms, but we also see that a lot of women are not confident with moving online and sharing their grievances or complaint. And I know that I’m running out of time, but yes, I was just curious.

Alice Munyua:
Yeah, that would be the last question. And perhaps you can, Tobias, you want to start on how perhaps GIZ deals with that, how GIZ deals with that first? Do you want to start? The question is some examples. And we want. Yeah, we’ve only got five more minutes, I’m so sorry. You know, at Mozilla, we’re very lucky. To begin with, Mozilla was founded by a woman. So, you know, and we have, you know, Mitchell Baker, she’s the founder, chairperson, and current CEO of the Mozilla Corporation. And she’s the founder and CEO of the Mozilla Corporation. And she’s the founder and CEO of the Mozilla Corporation. And she’s the founder and CEO of the Mozilla Corporation. And actually, more than nearly 90% of the executives are women. So, very, very proud of Mozilla. You know, and we actually really work hard to try and engage as many women as we can, and not just engaging them, but we go beyond. For example, you know, understanding the role that women play in society and community, that there’s still that societal experience that there’s still that societal expectation. So we make space for that kind of thing. For example, you know, parental, understanding that their parental obligations are usually, you know, placed on women. And a real emphasis on engaging on capacity building, especially, you know, for women. We haven’t got it right yet. It’s still an issue, and it’s still an issue that we are struggling with, even as a mission-based company. And really looking forward to working with other organizations to be able to find really lasting and sustainable solutions to support that. And in fact, that brings me to one issue that we’ve done, for example, and together with the African Union and TOELA, we conducted a research on the startup ecosystem and women entrepreneurs, because that is one thing that we haven’t touched on. And when you look at that, for example, the African continent, more than 80% of micro, small, and medium entrepreneurs are women. And yet, they receive only… This, this, this…

Pratik Chapagain

UNESCO is actively driving discussions on the regulation of various aspects while also supporting artists. They have recognised the importance of information as a public good and have endorsed this concept. In order to ensure media pluralism and transparency in the digital realm, UNESCO has developed guidelines. Additionally, they are actively engaged in strengthening Internet governance and promoting the proliferation of media.

To enhance digital capacity within public administrations, UNESCO is working on various initiatives, including the exploration of digital capacity building programs and training opportunities. Moreover, UNESCO is planning a significant conference in February 2025 with a focus on addressing challenges related to digital transformation and governance. This conference aims to bring together stakeholders and partners from diverse backgrounds to discuss and find solutions.

Furthermore, UNESCO is considering establishing an Internet Governance Forum (IGF) dynamic coalition for digital capacity building. This demonstrates UNESCO’s commitment to enhancing digital skills and knowledge across different sectors.

In November, the UNESCO General Conference will take place, where discussions related to the World Summit on the Information Society (WSIS) will be conducted. This highlights the importance UNESCO places on global cooperation and addressing digital challenges.

Overall, UNESCO’s active involvement in regulation discussions and support for artists signifies their commitment to fostering a fair and inclusive digital landscape. By endorsing information as a public good, developing guidelines, and focusing on capacity building and engagement with multiple stakeholders, UNESCO strives to promote transparency, accessibility, and knowledge sharing in the digital domain.

Gitanjali Sah

The first open consultation process meeting for the World Summit on the Information Society (WSIS) Forum has begun. This meeting marks the start of the consultative process and aims to develop the agenda and program for the event. The purpose of this open consultation process is to involve all stakeholders and encourage their active participation and feedback. This inclusivity ensures that all voices are heard and taken into consideration.

Furthermore, the WSIS Forum will be held in collaboration with the AI for Good Summit. The AI for Good Summit will take place in the CICG, while the WSIS Forum will be held in both the CICG and the ITU premises. This collaboration emphasizes the importance of combining efforts in leveraging technology for the benefit of humanity.

The review process of WSIS Plus 20 is a multi-stakeholder approach that involves the collection of perspectives from various sectors such as civil society, academia, and other stakeholders. This process consists of different stages, including the SDG Summit, the Internet Governance Forum (IGF) in 2020, regional reviews by different commissions, and a high-level meeting in the United Nations General Assembly (UNGA) in 2025. The aim of this review process is to ensure the continuous engagement of different stakeholders in shaping the future of WSIS beyond 2025.

The WSIS process strongly encourages cross-sectoral participation. Ministers from various sectors including environment, education, and climate are expected to engage in the process. Additionally, participation from heads of state, UN agencies, CEOs, ambassadors, mayors, and leaders from civil society is also invited. The meeting also provides a provision for remote participation, allowing for wider inclusion.

During the UNESCO General Conference, discussions will focus on the challenges surrounding digital transformation and capacity building in public administrations. This thematic focus highlights the need to address the obstacles faced during the process of embracing digital technologies in public administrations and the importance of enhancing capacity in this area.

Ensuring the smooth execution of both the WSIS and AI for Good conferences is a priority. Logistics for these conferences are currently under discussion, and efforts are being made to ensure that the venues for both events are adjacent. This will facilitate better coordination and alignment between the conferences, promoting a seamless experience for participants.

The role of the technical community in internet governance is crucial. However, it was noted that there was an oversight in one of the presentations, where the role of the technical community was not sufficiently highlighted. This was acknowledged as a human error, and Gitanjali Sah agreed with Byron Holland’s suggestion of including the technical community as a prominent stakeholder. This emphasizes the importance of recognizing and involving the technical community in shaping internet governance policies and practices.

In conclusion, the first open consultation process meeting of the WSIS Forum has begun, focusing on developing the agenda and program for the event. The WSIS process encourages the involvement of all stakeholders and aims to gather diverse perspectives for the review of WSIS Plus 20. The collaboration with the AI for Good Summit and the emphasis on cross-sectoral participation further highlight the collaborative approach of WSIS. Additionally, discussions during the UNESCO General Conference will center around digital transformation challenges and capacity building in public administrations. The smooth execution of both the WSIS and AI for Good conferences is a priority, and the importance of involving the technical community in internet governance has been recognized.

Tomas Lamanauskas

The World Summit on Information Society (WSIS) is a significant global platform for digital cooperation and development. It has been praised for its inclusive and multi-stakeholder nature, allowing various voices and perspectives to shape policies and initiatives that will define our digital future. The WSIS process plays a vital role in harnessing the collective energy of stakeholders for the benefit of humanity and the planet.

One noteworthy argument is that digital technologies have the potential to boost 70% of the Sustainable Development Goals (SDG) targets. This highlights the transformative power of technology in achieving the SDGs, particularly in areas such as industry, innovation, and infrastructure. By leveraging digital technologies, countries can accelerate progress towards achieving the SDGs and addressing global challenges.

The upcoming WSIS plus 20 high-level event, scheduled from 27th to 31st May 2024, is a special edition of the annual WSIS Forum. This event will be co-hosted by the Confederation of Switzerland. It provides an opportunity for stakeholders to come together and discuss the future of digital cooperation and development. Such events allow for collaboration, innovation, and work towards creating more inclusive information and knowledge societies.

The Consultative Meetings within the WSIS process are highlighted as crucial platforms where diverse voices can shape policies, strategies, and initiatives. These meetings offer an opportunity for stakeholders to contribute their insights and expertise in defining our digital future. By taking an inclusive approach, the WSIS process ensures that the needs and perspectives of all stakeholders are considered.

Another notable aspect is the Open Consultation Process (OCP), which invites all stakeholders to participate. This process encourages individuals and organizations to share their views and ideas, fostering collaboration and engagement in digital cooperation efforts. It acts as a mechanism to gather input and promote a bottom-up approach to decision-making.

Furthermore, the importance of collaboration and partnership among stakeholders and UN agencies is emphasized. The WSIS plus 20 review calls for enhanced collaboration and partnership to strengthen digital cooperation and development efforts. The close collaboration among UN agencies such as UNESCO, UNDP, UNCTAD, CSTD, and UNDESA is cited as an example of the valuable partnerships that can be formed.

In conclusion, the World Summit on Information Society (WSIS) is a vital global platform that promotes digital cooperation and development. Its inclusive and multi-stakeholder nature allows for collaboration, innovation, and the shaping of policies and initiatives that will define our digital future. Digital technologies have the potential to boost the achievement of the Sustainable Development Goals (SDGs). The WSIS plus 20 high-level event, Consultative Meetings, Open Consultation Process (OCP), and collaboration among stakeholders and UN agencies all contribute to the ongoing efforts in achieving digital cooperation and development goals.

Valeria Betancourt

The analysis of the provided information reveals several important points made by the speakers. Firstly, it is highlighted that digital inequality is increasing as more people become connected. This amplifies and complicates existing disparities. The speakers argue that as technology becomes more accessible and prevalent, it is essential to address the growing digital divide to ensure equal opportunities and access for all individuals.

The second point raised is regarding the upcoming WSIS plus 20 review. The speakers pose the question of what we want to achieve and in which direction to go for building a digital society. This review serves as an opportunity to assess the progress made so far and to determine the future direction. The speakers emphasize the importance of strategic planning and the need to identify the desired outcomes for building a digital society.

Furthermore, the analysis highlights the significance of compromises and inputs in shaping policy processes for the digital future. The speakers argue that to address the complex issues surrounding digital advancements, it is crucial to arrive at agreements that consider multiple perspectives. They stress the need for inclusive decision-making processes and the involvement of all stakeholders to ensure policies are effective and beneficial to society.

Lastly, there is a call to strengthen the mandate of the Internet Governance Forum (IGF) to operationalize global digital cooperation. The IGF serves as a platform for dialogue and collaboration among different actors involved in internet governance. The speakers argue that by enhancing the IGF’s mandate, there can be greater operationalization of global digital cooperation, leading to more effective and inclusive decision-making processes.

In conclusion, the analysis highlights the increasing digital inequality resulting from the expanding number of people becoming connected. It emphasises the importance of strategic planning and goal-setting for building a digital society, as well as the need for compromises and inputs in policy processes addressing the digital future. Moreover, there is a call to strengthen the mandate of the Internet Governance Forum to enhance global digital cooperation. These insights shed light on the challenges and opportunities in the digital realm and underscore the need for collaborative efforts to ensure a more equitable and inclusive digital future.

Audience

During the review of WSIS plus 20, it has been highlighted that addressing the implications of changes in the digital society is crucial. This is due to the fact that an increasing number of people are getting connected, leading to a rise in digital inequality. The argument is that it is important to deal with these implications in order to ensure a fair and inclusive digital society.

A key aspect emphasized during the review is the necessity for compromise and agreement in order to achieve the goals set by WSIS. This is particularly important in relation to industry, innovation, and infrastructure, as well as peace, justice, and strong institutions. The focus is on identifying factors that will contribute to reaching compromise during the review process.

Addressing the issue of digital inequality is another important aspect discussed during the review. As more people become connected, digital inequality is amplified and continues to grow. The argument is that this paradoxical situation needs to be addressed in order to achieve SDG 10, which aims to reduce inequalities. The review acknowledges the need to find solutions to bridge the digital divide and prioritize digital inclusion.

Critical attention has also been given to other areas such as digital rights, environmental sustainability, digital inclusion, and cybersecurity. These are seen as significant factors that require careful consideration and swift action. The review highlights the importance of protecting digital rights, ensuring environmental sustainability in digital development, promoting digital inclusion for all groups, and prioritizing cybersecurity to safeguard digital systems.

The importance of financial resources in building the digital future is also highlighted. This neutral argument emphasizes the need for financial investments to support the development of digital infrastructure, innovation, and initiatives. The review recognizes that financial resources play a vital role in ensuring the successful implementation of the digital future.

One positive outcome mentioned in the review is the extension of the mandate of the IGF (Internet Governance Forum) and WSIS Forum. This is seen as a positive development, as these platforms facilitate discussions and collaboration on key digital issues. The extension of their mandate reflects the recognition of their importance in shaping the digital agenda.

However, the review also criticizes the lack of ambition in previous actions. It highlights that previous initiatives and resolutions, including those discussed in the UN General Assembly, did not adequately address crucial aspects such as artificial intelligence, social networks, and the Internet of Things. This critical stance underscores the need for more ambitious and comprehensive actions to address emerging digital challenges.

The review also emphasizes the importance of outlining the future with ambition. This calls for forward-thinking and proactive planning to adapt to evolving digital landscapes. It is mentioned that the future needs to be thoughtfully and ambitiously defined to ensure progress and avoid falling behind.

One observation made during the review is the uncertainty regarding the influence of the UN General Assembly due to political influences. This neutral stance acknowledges that political factors can impact the decision-making process and the implementation of digital initiatives. It highlights the need for careful consideration of political influences and the importance of ensuring unbiased decision-making.

In conclusion, the WSIS plus 20 review underscores the need to address the implications of changes in the digital society. It emphasizes the importance of compromise and agreement to achieve goals, as well as the need to tackle digital inequality. Critical attention is given to digital rights, environmental sustainability, digital inclusion, and cybersecurity. Financial resources are deemed necessary for building the digital future, while the extension of the mandate of the IGF and WSIS Forum is considered a positive outcome. Criticism is expressed regarding the lack of ambition in previous actions, and there is a call for outlining the future with ambition. However, uncertainty exists regarding the influence of the UN General Assembly due to political influences.

Shamika Sirimanne

The WSIS Plus 20 review process has commenced with the initiation of the first consultation at the IGF (Internet Governance Forum). Adopting a multistakeholder approach, the process aims to evaluate progress in implementing the World Summit on the Information Society (WSIS) outcomes. Furthermore, plans are in place to organise events in various regions in collaboration with the regional commissions or the IGF regional forums. This inclusive approach promotes diverse perspectives and contributions to shaping the information society.

UNCTAD, together with other agencies such as ITU, UNESCO, UNDP, and DESA, has released a questionnaire to assess the advancement towards achieving a people-centred, inclusive, and development-oriented information society as envisaged in Tunis. The objective is to gather comprehensive data for a meaningful review, which will be submitted to the General Assembly. This collaborative effort among agencies reflects the commitment to evaluating and fostering progress in the information society domain.

UNCTAD’s primary mandate revolves around leveraging international trade for development, with a particular focus on enabling developing countries to engage effectively in e-commerce and the digital economy. To facilitate this objective, UNCTAD has conducted diagnostic assessments for approximately 39-40 countries to determine their readiness for e-commerce. Additionally, the E-trade for All Platform, a collaborative initiative involving 35 agencies, is working towards addressing the challenges and opportunities associated with e-commerce in developing countries. UNCTAD’s upcoming E-Week in Geneva will dedicate its focus to capturing the potential benefits of the digital economy for developing nations.

However, despite the efforts being made, numerous developing countries, especially the Least Developed Countries (LDCs), face substantial obstacles that impede their ability to actively participate in e-commerce and the digital economy. These challenges include insufficient connectivity, inadequate legal and regulatory frameworks, and inadequate logistics facilities. It is evident that addressing these issues requires a collective effort, as no single agency can single-handedly achieve the goal of inclusive participation in e-commerce for all developing countries.

In conclusion, the WSIS Plus 20 review process has commenced with the inclusion of multiple stakeholders, allowing for a comprehensive evaluation of progress in implementing the WSIS outcomes. UNCTAD, in conjunction with other agencies, is working towards assessing the achievement of a people-centred information society through a questionnaire. UNCTAD’s primary focus on leveraging international trade for development aligns with its efforts to enable developing countries to embrace e-commerce and the digital economy. However, challenges persist, particularly in the case of developing countries and LDCs, in terms of connectivity, legal frameworks, and logistical capabilities. Addressing these issues necessitates a collaborative approach involving various stakeholders to ensure meaningful and inclusive participation of all developing countries in the digital economy.

Nigel Hicson

The WSIS plus 20 review process was emphasised as being of great importance. The focus of this review process is on the process itself, ensuring that all stakeholders and diverse regions are included. This highlights the significance placed on inclusivity and collaboration in shaping the future of the WSIS. The review process aims to examine not only past achievements, but also looks ahead to the future, considering the importance of the roadmap towards the UNGA discussions and the need to bridge the connectivity gap.

The discussions also highlighted the need to bridge the connectivity gap, emphasizing its hindrance to progress in various areas, including achieving the sustainable development goals. To achieve this, there is a call to evolve the WSIS action lines to complement the sustainable development goals. The linkage between the sustainable development goals and the matrix developed in 2015 was seen as important, emphasizing the need for a comprehensive approach that aligns various objectives to promote a more interconnected and sustainable world.

In addition, a recommendation was made to have ministers come to Geneva to discuss issues at a proposed high-level track during the WSIS Forum. This aims to facilitate more meaningful and impactful discussions, indicating the importance of preparation in advance to ensure that important topics are effectively addressed.

The analysis also revealed a positive sentiment towards the work done by UNESCO and ICANN on multilingualism, recognizing their efforts in reducing inequalities and fostering inclusivity in communication and internet accessibility. UNESCO’s “Connecting the Dots” event was greatly appreciated, along with the recognition of ICANN and other areas’ work in developing international domain names and furthering multilingualism.

Overall, the observations from the analysis indicate the recognition of the importance of the WSIS plus 20 review process, bridging the connectivity gap, and evolving the WSIS action lines to align with the sustainable development goals. The recommendation for a high-level track at the WSIS Forum, along with the appreciation for UNESCO and ICANN’s work on multilingualism, further demonstrates the commitment towards promoting inclusivity, collaboration, and international cooperation in addressing global challenges.

Brooke Biasella

The World Summit on the Information Society (WSIS) has made significant progress, operating in 182 countries and offering concrete solutions to address the challenges of today. The need to prioritize WSIS goals and align them with other important issues has been emphasized. One argument put forward is that the focus on knowledge society and transformation should be reinstated, recognizing the importance of skills, competencies, democratic participation, and individuals’ ability to tackle current and future challenges.

It has been observed that the impact of digital transformation on traditional media and the public sphere is profound. Legacy media has been significantly affected, and the public sphere has become fragmented due to the rise of various digital platforms and sources of information. This raises questions about the future of traditional media and the importance of ensuring a diverse and inclusive public discourse in the digital age.

Furthermore, there is a call for European Union (EU) countries to unite around a digital solidarity agenda. Digital solidarity is seen as a political agenda crucial for bridging the digital divide. Cooperation among EU countries is essential in addressing disparities in access to digital technologies and ensuring equal opportunities for all citizens.

In conclusion, the WSIS demands focused prioritization and collaboration with other areas of concern. Reinstating the focus on knowledge society and transformation is crucial, encompassing important aspects such as skills, competencies, democratic participation, and the capability to address current and future challenges. The impact of digital transformation on legacy media and the public sphere is undeniable, highlighting the need for adaptation and inclusivity. Additionally, unity among EU countries on a digital solidarity agenda is necessary to address the digital divide, ensuring that no individual or community is left behind in the digital era.

Bertrand De La Chapelle

The analysis focuses on the frustrations expressed by Bertrand regarding the lack of global cooperation in digital matters. Bertrand expresses a desire to understand the collective global ambition for digital cooperation. The success of the technical architecture during the pandemic is mentioned as evidence of the potential for collaboration. However, the absence of a collective decision is seen as a hindrance to achieving this ambition.

The discussion also highlights Bertrand’s negative sentiment towards WSIS Plus 20 being limited to a mere review. He believes that the event should be more than just a backward-looking examination of past achievements. Rather, there should be a critical evaluation of the failings and missed opportunities to drive progress in digital cooperation. This stance suggests the need for substantial and meaningful action during WSIS Plus 20, rather than merely revisiting past discussions.

The analysis further emphasizes the significance of transnational institutions in addressing the lack of cooperation. It is argued that the absence of collaboration is a major obstacle to achieving digital cooperation goals. While the technical community is acknowledged for its successful contributions, it is believed that they do not have the authority to speak on policy matters. Thus, the need for transnational institutions is highlighted to facilitate effective policy-making and decision-making processes.

In conclusion, the analysis illuminates the frustration over the lack of global cooperation in digital matters. It emphasizes the importance of a collective decision on the ambition for digital cooperation and calls for WSIS Plus 20 to go beyond a mere review. The significance of transnational institutions in fostering collaboration and addressing policy issues is underscored. Overall, the analysis highlights the need for concerted efforts and effective governance structures to achieve meaningful progress in digital cooperation.

Balzur Rahman

The analysis highlights several significant points regarding the integration of WSIS action lines in Bangladesh. Firstly, the government of Bangladesh, in collaboration with civil society organizations (CSOs), has successfully integrated the WSIS action lines with their 5-year plan. This integration demonstrates their commitment to digital transformation, as they have aligned their national development goals with the objectives set by the WSIS action lines. This achievement is a positive indicator of Bangladesh’s progress in promoting industry, innovation, and infrastructure, as outlined in SDG 9.

Furthermore, the analysis emphasizes the need for an annual WSIS forum. This forum would serve as a platform for stakeholders to come together and discuss the latest developments in industry, innovation, and infrastructure. By convening this forum, opportunities for collaboration, knowledge-sharing, and partnership-building can be created. This neutral argument recommends the regular organization of this forum, given the fast-paced nature of advancements in technology and the need for continuous dialogue among stakeholders.

Moreover, the analysis highlights the importance of the WSIS Secretariat developing a toolkit for parliamentarians and mayors. This toolkit would assist these key decision-makers in effectively implementing the WSIS action lines and promoting sustainable cities and communities, as outlined in SDG 11. By providing parliamentarians and mayors with practical resources and guidance, the WSIS Secretariat can contribute to the successful implementation of the action lines at the local level.

Additionally, there is a discussion around the need for the localization of WSIS action lines and the conduct of separate sub-regional open consultations. These measures would ensure that the WSIS action lines are adapted and implemented to suit the specific contexts and needs of different regions. Localizing the action lines and facilitating sub-regional consultations can help address the diverse challenges and opportunities faced by different countries and communities.

Moreover, the analysis raises concerns about the impact of social media and new technologies on the community media sector. It argues that community media, which plays a crucial role in giving voice to marginalized groups, is under threat due to the dominance of social media platforms and advancements in technology. This negative sentiment calls for the protection of the community media sector as a voice for the voiceless. The summary further highlights the supporting fact that community media is the only media ensuring voices for the voiceless from the ground.

In conclusion, the analysis provides valuable insights into the integration of WSIS action lines in Bangladesh, emphasizing the successful alignment of the action lines with the country’s 5-year plan. It also highlights the importance of an annual WSIS forum, the development of a toolkit for parliamentarians and mayors, and the localization of action lines through separate sub-regional open consultations. Additionally, it highlights the challenges faced by the community media sector and advocates for its protection as a valuable platform for amplifying the voices of marginalized groups. These findings underscore the significance of international cooperation and collaboration in achieving the sustainable development goals and promoting digital transformation.

Vladimir Minkin

During the event, the speakers emphasised the importance of long-term planning and consideration beyond the year 2025. They suggested taking a preliminary 20-year view to better understand future needs and goals. This long-term vision is seen as necessary for effective preparation and decision-making.

A key aspect highlighted by the speakers is the need to define what is desired for the future. By clearly outlining the objectives, it becomes easier to work towards achieving them. This includes considering the future of visas, Sustainable Development Goals (SDGs), and digital companies. Involving a broad range of stakeholders allows for multi-stakeholder estimation, providing diverse perspectives and insights.

The involvement of multiple stakeholders is regarded as essential in shaping the future of visas, SDGs, and digital companies. This approach enables diverse voices to be heard, ensuring that decisions are well-informed and inclusive. The speakers believe that by soliciting input from various stakeholders, a comprehensive and holistic understanding of the future can be achieved.

The speakers stated the importance of considering at least a preliminary 20-year view as evidence. This suggests that future planning should take into account long-term consequences and impacts. Proactive measures can then be taken to address potential challenges and opportunities.

Overall, the speakers expressed a positive sentiment towards long-term planning, multi-stakeholder involvement, and defining future goals. They emphasised the value of considering a broader perspective and seeking input from various stakeholders for a more inclusive and comprehensive decision-making process.

To conclude, long-term vision and planning beyond 2025 are crucial for effective preparation and decision-making. By involving multiple stakeholders and defining future objectives, a more inclusive and comprehensive understanding of the future can be achieved. This approach ensures that decisions regarding visas, SDGs, and digital companies are well-informed and aligned with desired outcomes.

Justin Fair

Justin Fair, a prominent figure in the field, applauds the coordination and maturity displayed in the WSIS (World Summit on the Information Society) process. He notes a significant improvement in these areas, resulting in better outcomes. This positive sentiment signifies general satisfaction with the progress achieved in the WSIS process.

Fair also emphasizes the importance of conducting a thorough review of past progress and challenges in the WSIS. He highlights the WSIS Plus Forum as a valuable platform for retrospectively evaluating accomplishments and obstacles. Fair argues that understanding these experiences is vital for preparing for the future. By drawing insights from past successes and challenges, stakeholders can develop more effective strategies to achieve greater outcomes.

Furthermore, Fair seeks more information about an upcoming UNESCO conference scheduled for early 2025. He specifically wants to know if the conference is part of the WSIS Plus 20 review. Fair also raises concerns about the logistics of merging two meetings in Geneva and managing a large number of attendees. These inquiries underscore the significance of detailed planning and efficient execution in organizing successful conferences and events.

Overall, Fair’s observations and insights highlight the positive developments within the WSIS process. The coordination and maturity he commends serve as catalysts for achieving better outcomes. Additionally, his focus on reviewing past progress and challenges acknowledges the importance of learning from past experiences to shape future actions. Fair’s inquiries about logistics and concerns about attendee management underscore the practical challenges organizers must overcome to deliver successful events.

Byron Holland

The analysis presented focuses on the contention surrounding the inclusion of the technical community in the process of internet governance. One of the speakers, Byron Holland, who represents CIRA, which operates the .ca domain, advocates for the involvement of the technical community. Holland stresses that the technical community, distinct from academia and civil society, plays a crucial role in running the internet and should therefore have a voice in the governance process.

Another speaker takes a neutral stance on the issue, arguing that the technical community should be recognized as key actors and stakeholders in internet governance. It is important to note that the technical community comprises both for-profit and non-profit organizations.

The overall sentiment towards the inclusion of the technical community leans towards negativity, indicating opposing views on their participation in internet governance. However, the neutral stance on their role as key actors suggests an acknowledgment of their significance and influence in the process.

The analysis lacks specific supporting evidence for the negative sentiment, making it necessary to further explore the reasons underlying this viewpoint. Delving deeper into this topic could provide insights into the concerns or reservations held by those who oppose including the technical community in the governance process.

In conclusion, the debate over the inclusion of the technical community in internet governance reveals differing opinions. The analysis raises important points about their role and underscores the need for a comprehensive understanding of this issue.

Thomas Schneider

The WSIS plus 20 process has significantly evolved over the past 20 years, as there has been an increase in the number of events, structures, and overlapping structures. This complexity is seen as both a challenge and an opportunity. On one hand, the multitude of tracks and parallel structures can make the process more challenging to navigate. However, on the other hand, it is seen as a positive reflection of the diversity of perspectives and interests involved in the process.

The WSIS process and the Internet Governance Forum (IGF) have played vital roles in creating a more inclusive space within the United Nations (UN) and other institutions. By giving voice to stakeholders from all over the world, these initiatives have helped ensure that diverse perspectives are represented and considered in discussions related to industry, innovation, and infrastructure (SDG 9) and reducing inequalities (SDG 10), as well as peace, justice, and strong institutions (SDG 16).

Switzerland is set to co-host the next year’s WSIS event, which demonstrates its commitment to the process. Thomas Schneider, in particular, has shown his support for the actors driving the WSIS process and is excited about Switzerland’s role as the co-host. This involvement further underscores the importance of the WSIS process and Switzerland’s dedication to fostering partnerships for the goals (SDG 17).

The AI for Good Summit, a significant initiative in the field of artificial intelligence (AI), will be held during the WSIS Plus 20 High-Level Forum week. This demonstrates the recognition of the interconnections between the advancements in AI, industry, innovation, and infrastructure.

However, it is important to acknowledge that there has been a shift in the global landscape. 20 years ago, after the fall of the Berlin Wall, there was hope that technology would foster peace, freedoms, and sharing. However, in the current environment, the focus has shifted towards competition, with a win-lose mentality prevailing over collaboration and sharing. This observation highlights the need for a renewed commitment to peace, cooperation, and collaboration in the face of these complex times. It is essential to reinterpret the Vicious Vision, a concept associated with striving for peace and cooperation, in light of these challenges.

Overall, the WSIS plus 20 process has become more intricate over the years, with an increase in events, structures, and overlapping structures. However, the existence of several tracks and parallel structures is also seen as a positive reflection of the diversity of perspectives involved. The WSIS process, along with the IGF, has played a crucial role in creating a more inclusive space within the UN and other institutions. Switzerland’s upcoming role as co-host of the next year’s event further demonstrates its commitment to the process. The AI for Good Summit, held during the WSIS Plus 20 High-Level Forum week, highlights the intersectionality between AI and the WSIS process. As the world becomes more competitive, it becomes increasingly important to strive for peace, cooperation, and reinterpret the Vicious Vision to address the challenges of the present times.

Rob Golding

ICTs and digital technologies are poised to play a crucial role in shaping the future of humanity. This recognition marks a pivotal moment in our understanding of their potential impact and significance. The speaker highlights the importance of these technologies in advancing the Sustainable Development Goals (SDGs), specifically SDG 9, which focuses on industry, innovation, and infrastructure.

There is widespread recognition of the transformative power of digital technologies in accelerating progress towards achieving the SDGs. The argument stresses the positive impact these technologies can have on various aspects of society. The SDG Digital Acceleration Agenda report, co-released with the International Telecommunication Union (ITU), supports this argument by showcasing the numerous ways in which technology can contribute to SDG attainment. It is seen as cause for celebration, as the potential of digital technologies to address the underlying challenges outlined in the SDGs is acknowledged.

The speaker proudly mentions their role as a co-chair of the UN Group on Information Society. Together with co-organizers UNCTAD and UNESCO, they actively contribute to the work of this group. The UN Group on Information Society is focused on SDG 17, which emphasizes partnerships for the goals. This highlights the importance of collaborative efforts in achieving the SDGs. The speaker expresses gratitude towards the government of Switzerland for hosting the WSIS Forum this year. This serves as a platform for sharing ideas, insights, and experiences to further advance the information society agenda.

In conclusion, ICTs and digital technologies have become vital tools for the future of humanity. Their potential to accelerate progress towards the SDGs is widely recognized. The speaker’s involvement in the UN Group on Information Society reflects a commitment to partnership and collaboration, as no one entity can achieve the SDGs alone. Finally, the speaker extends their gratitude to the government of Switzerland for hosting the WSIS Forum, a significant event for advancing the global information society.

Gitanjali Sah:
Good morning, ladies and gentleman. We’re about to start. I believe there’s a parallel session going on Where some of our participants are still stuck, So I encourage you to join us around the table because This is going to be a consultative process. When this session gets over, the others can join us as well. Good morning, ladies and gentlemen. This is the first open consultation process meeting, hybrid meeting. Every WSIS Forum has a consultative process where we develop the agenda and the program of the event and basically highlight the priorities for the event. So thank you very much for joining us today. We have only one hour, and we will start by short introductory remarks by the co-organizers and then the co-hosts, Switzerland. I have a short presentation to update you on the plans till now, and then we’ll open up the floor, and as usual, we expect to receive some comments from you all. It’s a consultative process, so this is more to listen from all stakeholders. So our Secretary General of ITU had to leave yesterday, so I do have a video from our Deputy Secretary General, and I’d like to request our colleagues from the logistics team to please play it.

Tomas Lamanauskas:
Excellencies, colleagues, ladies and gentlemen, for 20 years now, the World Summit on Information Society, or WSIS process, has been an important global platform for digital cooperation and development, standing the test of time. As the SDG acceleration agenda recently released by YES together with UNDP and other partners demonstrate, 70% of SDG targets could be boosted by digital technologies, and such a boost is desperately needed. At the midpoint of the implementation of the sustainable development agenda, we find it woefully off track, and the climate crisis is becoming a reality through scorching heat, wildfires, and floods that we have to reckon with. The WSIS process plays a key role in harnessing the collective energy of the vast variety of stakeholders to enable harnessing the power of digital for the benefit of the humanity and the planet. As we embark on the WSIS plus 20 process, this first meeting of the high-level event open consultation process is an invaluable opportunity to collectively gather inputs and perspectives that will help shape preparation and program of our WSIS plus 20 high-level event, which is a special edition of the annual WSIS Forum and will take place next year. The event will be held from 27th to 31st of May 2024 and will be co-hosted by the Confederation of Switzerland in Geneva. I would like to take this opportunity to thank Switzerland for co-hosting the event and to Ambassador Thomas Schneider for his leadership and commitment to the WSIS process. Outcomes of this open consultation process will also contribute to the overall review of the implementation of WSIS plus 20 outcomes by the UN General Assembly in 2025. We also hope that such outcomes will be found useful in the context of broader discussions on our digital future, including in terms of the next year’s Summit to the Future and development of the Global Digital Compact. Your voices matter. The strength of the WSIS Forum lies in its truly inclusive and multi-stakeholder nature. The consultative meeting is a testament to the enduring spirit of WSIS, where diverse voices converge to shape policies, strategies and initiatives that will define our digital future. It is an invitation to collaborate, innovate and work together towards a more inclusive and equitable information and knowledge societies. Your active participation and valuable insights are integral in ensuring that WSIS remains at the forefront of addressing the evolving challenges and opportunities in the era of digital transformation. As the WSIS plus 20 review draws near, it is crucial for all stakeholders, including governments, civil society, the private sector, technical community, academia, regional and international organizations, to come together. We also appreciate the close collaboration among UN agencies – UNESCO, UNDP, UNCTAD, CSTD and UNDESA – which highlights our unified joint approach and shared commitment towards the WSIS plus 20 review. I am confident in the spirit of collaboration and partnership that has defined WSIS will continue to steer us towards progress. Thank you for your commitment as we continue to build on the foundation established over the previous two decades. I encourage you to actively engage in the OCP, or Open Consultation Process, by participating in consultative meetings and submitting input through the official submission form. I look forward to the productive discussions and outcomes that will emerge from our collective efforts. Together we can build a world where technology serves as a force for good and where information and knowledge societies truly empower every individual. Thank you.

Gitanjali Sah:
Thank you very much to our Deputy Secretary General. You heard him right, this venue is basically to collect voices of the civil society, private sector, technical community, of course governments, UN agencies. We see all our partners here. And I’d like to pass on the mic to our co-organizers, starting with UNESCO. Pratik is representing UNESCO today for very short remarks on what their expectations are of the event next year.

Pratik Chapagain:
Thanks, Geethanjali, and I’ll be very short, we have only one hour. So, just to outline that UNESCO is also looking towards WSIS 2.0, and we’ve been working to strengthen the mandate that we had from WSIS around Internet governance with the Rome Principles, but also with the UNESCO General Conference adopting, endorsing information as a public good, the Windhoek Plus 30 Declaration, to strengthen media pluralism and independence and transparency of digital platforms, which was again guidelines which have been developed and were consulted upon actively with the multi-stakeholder community this year. We’re also working to strengthen media and information literacy in view of the challenges of disinformation, misinformation, and hate speech online. The programs on open solutions and what we are now calling digital public goods are an active part of UNESCO’s mandate with the recommendation on open science, which was adopted in 2019, and the recommendation on open educational resources, which have now vibrant dynamic coalitions functioning. We’ll briefly mention two more things, the recommendation on the ethics of artificial intelligence, which is now a global standard and the only one which has been adopted by 193 countries and is informing global discussions on this important topic. In the field of culture, UNESCO is advancing substantial discussions on regulation, but also supporting artists, and there was the UNESCO Mondial World Conference, which was organized in 2022. Finally, we have been working on digital capacity building of public administrations, as was also highlighted in the Secretary General’s roadmap on digital cooperation, but also the recent policy papers on GDC. And in this regard, as part of the WSIS process from UNESCO, in addition to the WSIS Forum, we will be organizing organizing a major conference on this in 2025 in February, and the theme would be on digital governance and digital transformation, empowering civil servants. I will stop here now and pass the mic back to Geetanjali.

Gitanjali Sah:
Thank you, Pratik. I’ll invite Shamika from UNCTAD. Shamika.

Shamika Sirimanne:
Thank you, thank you, Geetanjali. Good morning to all of you. So good to see all of you. I think many faces I see at the CSTD. So on behalf of UNCTAD and our co-facilitators of the WSIS Action Line on E-Business, that means the ITC, the International Trade Center, the Universal Postal Union, and so a big welcome to all of you for being here. Let me highlight two things. First, as Geetanjali, you started saying, we have begun the WSIS Plus 20 process. The CSTD has been asked to begin the process. So we had our very first consultation here in this IGF, and I think it’s very fitting to do that, to begin the process here, and we had a very good and energetic and a very insightful session yesterday. And we will continue this, and we will continue this in the vein of multi-stakeholderism, which was, as Peter, you mentioned, which was born, given birth to in the UN system in WSIS process, and we would make sure that it is the case as we review the WSIS Plus 20 process. So be aware of the events that we will be holding in regions, especially with the regional commissions or with the IGF regional forums. And here, I also want to say that we have issued a questionnaire, meaning all of us, ITU, UNESCO, UNCTAD, UNDP, DESA, we have issued a questionnaire to gauge the views of key stakeholders on how far we have come from the Tunis aspiration of people-centered, inclusive, and development-oriented information society, and how far we have to go to fulfill that aspiration. So please take note of this questionnaire, and please give it to all your networks, and get us data so that we can have a very meaningful review done, that to send to the General Assembly. Now on the action lines, let me just very quickly say from UNCTAD perspective, our mandate is basically to leverage international trade for development, and we have done a lot of work. We are working on developing countries’ readiness for e-commerce and the digital economy. We have done about 39, 40 countries’ diagnostics. Are they ready to engage in the e-commerce? And we assess this readiness on various policy measures. We look at the connectivity, we look at the regulatory frameworks, the e-payment systems, logistic skills, finance, and so forth, and we find many developing countries, I think the vast majority of developing countries, almost all LDCs, are not ready to engage in e-commerce and the digital economy, and this, so we are quite concerned this massive technological revolution would yet again bypass them. So there are, it’s not just the issues, are not just connectivity issues, the issues are multifaceted, issues of the inadequate legal regulatory frameworks, inadequate e-payment system, especially if you want to do exports, and inadequate logistics facilities, especially if you want to do exports, because everybody wants to get your goods fast, because that’s the digital commerce. So there will be, and what we also found, is that we cannot, one agency cannot do it all together. We at UNCTAD, we cannot do the regulatory systems, the e-payment systems, the skills, the finance, and the gender aspects and all that. So we have created a very, very effective platform called E-Trade for All Platform, and 35 agencies are working with us, meaning who is who in e-commerce and the digital economy are part of it. So if, for example, if a country ask us, they want to do more on e-payment systems, we, for example, would invite the World Bank to undertake that work. And many countries ask us, their post offices are not ready to do small parcels, we work with the UPU to do that work. So that’s how we work, and the platform is a real, a true, this is something that we aspire here in the WSIS Forum. So everyone, so note, we are going to have E-Week in Geneva, and it’s the week of December 4th, and it is called Shaping the Future, and it is about entering the digital economy, capturing the gains for digital economy for developing countries. So having said that, and thank you so much, Geetanjali, and thank you that you all see that we are all together in this journey, the UN family, and you will see as we go for the WSIS Plus 20 review, we will go as one UN. Thank you.

Gitanjali Sah:
Thank you, Shamika. Rob?

Rob Golding:
Yes, very quickly. I actually would just maybe, I know Thomas has set a little bit of the context, but just a little bit more on that. We are definitely at a pivotal moment for the role of ICTs and digital technologies for the future of humanity. I think that’s not an overstatement. This year we had the SDG Summit, so we’re halfway through the SDG period, and I think there’s broad recognition of the role that digital technologies can play in accelerating our progress. To that end, we, together with ITU, released a report called the SDG Digital Acceleration Agenda, and celebrated that day the various ways in which technology can really help us get to the SDGs. This also comes in the run-up to the global digital compact process and the summit of the future next year. So the role of WSIS in this is really important, and we have a very strong opportunity to leverage the platform that is there to feed into the global digital compact, to follow the process after the global digital compact, and be really a platform where the world comes together to look at how does this actually work? How does this actually get done? So that’s what we’re looking forward to, and UNDP is pleased to co-chair the UN Group on Information Society this year, and work together with our co-organizers, UNCTAD, UNESCO. On this, we are, as Shamika said, we are acting as one on this. We see nobody can do this alone, so we work together, and we also look at how do we extend this platform and go through the WSIS plus 20 process, and really come out the other end with, I can’t remember who said WSIS 2.0, maybe it was you, Pratik. And just also just to say a wonderful thanks to the government of Switzerland for hosting the WSIS Forum this year, and we’re really looking forward to this opportunity.

Gitanjali Sah:
Thank you, Rob, representing UNDP. So we are about to start with our updates and preparatory process for the high-level event next year, but we also have Ambassador Schneider with us from Switzerland. So Ambassador Schneider, what can people expect next year? How should we prepare?

Thomas Schneider:
Yes, thank you, and sometimes I think that the more difficult question than how will AI change all our lives is how will the WSIS plus 20 process look like, and people keep asking themselves and each other questions, and I must say it’s complicated, and it was much easier 20 years ago. 20 years ago at this time, we were negotiating the Geneva Declaration and the Geneva Plan of Action, and that was the only thing there was. There was no structure, there was nothing. There was just the WSIS process, and based on a number of UN institutions and other players, but that was it, and now the world has become much more complicated. We already have hundreds of events and structures and parallel structures and overlapping structures, but on the other hand, this is life. That’s diversity, so we may not get all the answers today. I don’t think anyone has them because there’s so many players, but I think it is also just reality that there are several tracks, and it helps, I think, and this is one of the key points why we are still very much supportive of the WSIS process because in order to make all possible voices heard, one-size-fits-all solution, one track may not be enough, so we don’t have a problem per se with the fact that there are several tracks, there are several things going on at the same time. Of course, it would be nice to see how this all fits together, and for us, it is important that we have a discussion in New York, in the UN, in the General Assembly, but this is definitely a very government-led space, which is necessary, which is important, but which needs to be complemented by other processes that are more, let’s say, balanced towards stakeholder participation, and for us, really, the WSIS process has been a milestone in broadening up the space in the UN and building bridges to other stakeholders like it didn’t really exist before, at least not in the areas that I know, and I think also the ITU, UNESCO, and all the other institutions have been able to develop with the WSIS process to become more inclusive, to try and give more voices to stakeholders from all over the world that have not been heard before, and basically, the key for us is that we continue to use the WSIS process and the IGF, which for us is also part of the WSIS process, has been created to bring voices in to make sure that decisions that are taken, no matter where they are taken, are as respectful as possible of all the issues, all the needs of all the people in the world, and so this is why we are still very committed to the WSIS process to support the actors that are driving the process, and we’re happy to be the co-host of the next year. It’s gonna, again, probably be a complicated week because it’s a shared week with the AI for Good Summit, and not everything there is clear either, so don’t expect too clear answers, neither from the IG nor from anybody else. We’re all, I think, working on it, each of us with our capabilities. You will hear more details about what is planned for the WSIS Plus 20 High-Level Forum, and I would stop here because actually, this is to also listen to expectations so that the actors can actually build on what they are expected to do and try to live up to the expectations, which is a very challenging thing, probably. Thank you very much.

Gitanjali Sah:
Thank you, Ambassador Schneider. So I’ll start with my short presentation. Of course, WSIS is a UN process. We work with more than 32 UN agencies. I can see many of our friends here, FAO, UN-DESA, and quite a few of them, so thank you very much for being here. In 2015, we aligned the WSIS action lines with the Sustainable Development Goals to highlight the clear linkages of digital, accelerating the achievement of the Sustainable Development Goals. You’re very familiar with the matrix, so a slide with the timeline for those of you who are new here, but I doubt if anyone is new. You’re all familiar faces. So basically, we’ve put it together until the UNGA high-level meeting in 2025. These slides will be available, so please feel free to look at the website later. So also, the WSIS Plus 20 review process, what are the expectations from the UN agencies, from multi-stakeholders, that of course it should be a multi-stakeholder process. We have to ensure, as Ambassador Schneider said, that though a process will take place in the overall review in the UNGA, but there have to be avenues for collecting the voices of the civil society, academia, and all stakeholders. Strengthen digital collaboration, so you heard from our co-organizers. We are working very closely, ITU, UNESCO, UNDP, CSTD, UNDESA in particular, who have a clear mandate to implement the WSIS process. 20 years of implementation. We did hear a lot of people talking about achievements in these 20 years, so it’s really important that we capture these achievements. And of course, outcome expectation would be that it’s a multi-stakeholder outcome on a vision of WSIS beyond 2025, and we do hope that this is submitted to the Summit of the Future and endorsed during the high-level meeting in 2025. So brainstorming that has been happening. You also saw Shameka present this during the CSTD session. So there are, of course, the SDG Summit already happened where we contributed as the SDG digital. Rob mentioned it, highlighting the importance of digital preceding the UNGA. 2020 Japan phase is the IGF. We have heard several discussions on the WSIS Plus 20 review process and the future. Regional reviews, our colleagues are sitting and we’d encourage you to take the floor later. SCAP is doing one in Armenia. ECA is scheduled to do one soon. ESCWA in February 2024. Geneva phase, Ambassador Schneider mentioned it briefly. And then we do expect that the Summit of the Future captures some of the outcomes of all these phases that we’ve been working towards. Paris phase, Pratik did mention it, UNESCO 18 to 28 February 2025. Tunisia would like to host, though it’s not confirmed, they would like to host a session on WSIS Plus 20 in Tunisia. CSTD review takes place in April 2025, the official one that Shameka mentioned. 2025 WSIS Forum may happen in UAE. It’s still not confirmed. And then eventually it all finishes at the high-level meeting which takes place in the UNGA. So moving now to the high-level event, the WSIS Forum high-level event will take place from the 27th to 31st of May. So please mark this on your calendar. And as Ambassador Schneider mentioned, we are doing it in collaboration with the AI for Good Summit. So Monday, Tuesday, Wednesday, we will be in the CICG. And Thursday, Friday, we come to the ITU premises. AI for Good will take place in the CICG. So there are very clear two processes for AI for Good and WSIS. So we will make sure that the linkages and wherever we are trying to save resources, we are highlighting all of that. However, it’s very clear that there are two independent meetings and processes. So the open consultative process, today is the first meeting. 13th of December, we’ll have one in Geneva, Switzerland. So we do hope to see all of you there as well. And the final briefing will take place on the 15th of February. And 26th of March, we plan to do a special session with Ambassador Schneider’s leadership and the chair of the WSIS Plus 20 Forum High Level Event. The open consultation process, you’re familiar with it. It’s an online form. So those of you already have an account, you don’t need to create an old one. We’ve developed the website in a way that your details are recorded there. Those of you who don’t have a form, you’ll have to create an account for yourself. The preparatory process, it’s the same. You fill up through the form. We have an open consultation process and also multi-stakeholder discussions to elaborate the outcome of the meeting. So we have the written inputs, the 20-year reports, also the CSTV form, the 20-year WSIS Action Line reports, which we are working with the UN Action Line facilitators for linkages with the Partner to Connect, UN High Impact Initiatives, and so on and so forth. High level track participation, we are working with Ambassador Schneider and his team to explore the participation of heads of states. So those of you who are interested, please do get in touch with us and we will make sure that we enable this participation. Ministers, of course, we nearly have more than 80 ministers at the WSIS Forum. However, we’d like to make it cross-sectoral. So if you have ministers of environment, of climate, of education, it’ll be really great if we can have a cross-sectoral discussion amongst the ministers and the ministerial. Ambassadors, mayors, we initiated a discussion on smart cities with. mayors and local chiefs. This was really a very interesting discussion. And they were able to share a lot of ideas because not all cities are as advanced as the others. Heads of UN agencies and international organizations, we were approached by some parliamentarians who would like to do some activities there, CEOs, civil society leaders, and of course, it’ll all have remote participation as well. Agenda and program, we develop it through a consultative format. So we are, of course, still developing it, but just to share the structure and the skeleton, the high-level track, workshops, of course, all interactive, civil society, private sector consultations. We were approached by many young people to ensure that the youth track is maintained. So the last day will be mostly focusing on youth track activities with the convergence with the AI for Good Summit. So AI Governance Day, most probably on Wednesday. The WSIS plus 20 track, UN consultations, and the academia track. So there are several other calls for action. You know that we have beautiful photographs from the ground that are submitted by you every year. And these are free for use by all of you. So if you want to use them for your presentations, your websites, you can just write to us and take them from there. The WSIS Digital Service Design Special Prize, which we launched last year. The WSIS Healthy Aging Innovation Prize, which focuses on healthy aging and is aligned with WHO’s Decade of Healthy Aging. We will have an exhibition space. And as you’ve seen, we are extra budgetary. So it’s a very humble exhibition space. It’s not very fancy, but of course it does the job. You have your area to talk about your projects and to interact with all participants. The call for WSIS Stock Taking Database will be launched soon and WSIS Prizes. I can see many winners here. So please make sure that you also start applying for the WSIS Prizes very soon. Like I mentioned, WSIS Forum is completely extra budgetary. So we really appreciate the contributions we receive from you every year. So please do write to us if you’re interested in partnering with us. Currently, all the packages are open. So thank you very much. I’d now like to open the floor. This was just to provide some updates. Please do raise your hand and we’ll just share the mic with you. So there are some roving mics and there is one mic there at the audience space as well. So, sure. Professor Brook, over to you.

Brooke Biasella:
Thank you very much, Chittangli. I’m the chairman of the World Summit Awards and we have, since 2003, every year presented the best practices globally from how digital technologies are used for a positive social impact. We are very happy to contribute also to the WSIS Review and to the events there. I want to recall for those of you who have been in 2003 and 2005 in Geneva and in Tunis that we had very spectacular events showing the creative side of using digital technology with a positive social impact. And I think it’s very important to see that this is actually a bottom-up view from the creative side regarding what they can contribute, what is contributed from all around the world. WSIS is now present in 182 countries in terms of how to transform and meet the challenges of today and offer very concrete solutions. That is very important in so far as in the WSIS action lines, there’s a specific paragraph and also emphasis on local content and on local impact. And I think it’s very important that we look at this through a procedure as the WSA, which is a multi-stakeholder initiative. There are two things which I think is important in addition to this kind of offer of collaboration and input. It is that I think that we have, and this speaks very much to Ambassador Schneider’s point regarding that there are hundreds of events and many different kind of issues. I think that from our point of view and from civil society point of view, it would be very good to set and focus and prioritize what WSIS wants to do in comparison and in conjunction with other issues. So you have said yourself that there is AI for Good Summit. I think that it’s very important that we deal with AI issues there and we deal with other issues at WSIS. What are these other issues? In the Tunis action plan, there are three issues which have been lost in terms of the site of the WSIS process. And I talked yesterday already at another session about the focus that we have lost very much is the focus on knowledge society and the transformation. And I think it’s absolutely essential that we focus on this in terms of all the related issues regarding skills, competencies, democratic participations, the people’s ability to deal personally and also communally with the challenges of today and in the near future. The other things which I think is very important is the entire media agenda. And I think it’s very important here that we also deal with the economics of the digital transformation. And I think the devastation of the traditional media, the legacy media and the fragmentation in terms of the public sphere is something which needs to be as a topic. And the third one is, I think we have as an action line under the number D, the entire agenda on digital solidarity and also the digital solidarity fund and the issues there in terms of funding certain kind of aspects and having an equitable, I mean, also way of looking at that we close digital divides this way. I think that is a political agenda and I will push very much that the European Union will also put this on the agenda because I think it’s very important that European Union countries speak with one voice on the United Nations level on that issue. Thank you very much.

Gitanjali Sah:
Thank you very much, Professor Brook and thank you for the great collaboration WSA has with us. In fact, quite a few of your community were applicants to the SDG Digital Game Changers Award. So yes, thank you for this great collaboration. APC has raised their hand, chat APC.

Audience:
Thank you very much, Itanjali. It is really encouraging to see the room full in order to shape the future together. This is Valeria Betancur from the Association for Progressive Communications. It has been pointed out so much has changed since the WSIS and since the 10-year review. In the preparations for this review of the 20 years of the WSIS, obviously we will have to deal with the implications of those changes that are not a few, are many and also with the reinterpretation of the WSIS vision in order to respond to this constantly changing environment of the digital society that we have today. And obviously there are also unquestionably remaining challenges from the WSIS plus 10 review that persists until the current time such as inclusion and equality and something that we are calling the digital inequality paradox. As more people are connected, digital inequality is amplified and increasing and getting more sophisticated. So what are the long-term opportunities and also the risks in areas that are critical today such as digital rights, such as the environmental crisis and environmental sustainability but also sustainable development, digital inclusion itself, cybersecurity, surveillance, concentration of corporate power among others. The underlying question in our view that should guide the preparations for the WSIS plus 20 at the end of the day is what do we want to achieve? What do we want to go in which direction? What type of digital society we want and also what we need to build it including financial resources, the financial resources that we need to really build the type of digital future that we want to address that systemic and structural challenges that we are still facing. So at the practical level, it is also very important in our view that we identified what will contribute to reach compromise during the WSIS plus 20 review, what type of process has to be in place and what type of inputs are needed to contribute to arrive to those agreements, to build on processes that help us to address this widened scope of policy issues

Valeria Betancourt:
that we have today. So what are the conditions that have to be in place for coming up with outcomes that balance the differences of power, not only between stakeholders but also within stakeholders and the contesting parties as well as the multiplicity of interest. We also seen that in particular the WSIS plus 20 review process should be used to contribute to the strengthening of the mandate of the Internet Governance Forum and it’s the role that it has to operationalize global digital cooperation and reach the gap between the decision making spaces and the multi-stakeholder ones and then to take it as the very unique opportunity to place global digital cooperation towards global and contextual responses that are needed and to put those issues at the top of the political agendas in order to address the challenges that we face today. APC is looking forward to continue contributing to not only the implementation of the WSIS action lines but to commit to the review in all its phases and to bring our contingency to shape the digital future that we want together. So thank you so much.

Gitanjali Sah:
Thank you. Thank you Valeria and thanks to APC for galvanizing action around civil society for so many years. You also the nodal civil society group which got the voices together in 2003. So we do hope that this will continue. Thank you so much. I think Justin from USA has raised his hand. Yes.

Justin Fair:
Yeah, Justin Fair, U.S. Department of State. First off, just thank you all for this, for Gitanjali for organizing this and Ambassador Snyder and the Swiss government for coming along to host this year but all the other UN agencies that are here. I think that over the past year, to the point Ambassador made about all the various processes, there has been a lot of concern just about the system is kind of overwhelmed and that we really need to avoid duplication of effort, find synergies, do better at digital cooperation. I really like that term, digital cooperation. And I think you see it here this morning within the WSIS process and for the WSIS review of a great deal of coordination. And I want to commend that because I think it shows a maturity and a strengthening of the WSIS process that wasn’t always there but I think is there now and hopefully that will lead to a good outcome this year. I will say I think that the WSIS Plus Forum is a really good opportunity to do what we often talk about, taking stock. I mean, born out of the meeting of the Action Line facilitators, as we kind of look to the future, it’s really important that first we have that kind of understanding of what has worked, what progress has been made, where there were challenges, what was done and tried, what worked, what didn’t. And that’s part of the review process, that first step to really kind of understand how we got to where we are. And then we kind of look to like, okay, then what comes next, how we can put the whole system together. So really look forward to this meeting, this engagement. I do have two questions just from the briefings this morning. One for our colleagues from UNESCO, the conference on in early, I think, February 2025, just if there’s any more information about what that is, is that envisioned as part of the WSIS Plus 20 review, kind of like the connecting the dots or something, any information about that? And then also just logistics on pushing two meetings together in the same week in Geneva, how that’s gonna work. For those that have been there, there’s a lot that come to both. I’m sure there’s overlap, but it’s a lot of folks descending on one little area in Geneva. Same venue, different venues, kind of how that’s gonna be managed. Any information there for planning purposes, I think would be very helpful. Thanks.

Pratik Chapagain:
So thanks for that question. Actually, it’s part of the discussions at the UNESCO General Conference, which will take place in November. And it’s part of the draft resolution so far. So it is for WSIS discussions, part of the roadmap as Gitanjali had highlighted, but we are also bringing a more thematic focus to that conference, to focus on capacity building in public administrations, focusing on the challenges that we are seeing around digital transformation, digital governance, and so to bring all the stakeholders, partners around the table. Yesterday, we had the discussion around launching an IGF dynamic coalition on digital capacity building. So it’s really also going to be a multi-stakeholder endeavor which will feed into some of the WSIS action lines. Thank you.

Gitanjali Sah:
Thank you. Thank you, Justin. So as Ambassador Schneider said, we are still figuring out the logistics, but of course, the venues will be next to each other. So CICG and ITU. And like I mentioned, the way we are planning it is Monday, Tuesday, Wednesday, WSIS will be in CICG, the high-level component. And then we come back to ITU for Thursday, Friday, which would be more of workshops and exhibitions and things like that. And the AI for Good takes place only for two days. So Thursday, Friday, they’re gonna be there. So we will try to make sure that we are aligned and we keep taking suggestions from you to make sure that it’s smooth and you’re able to participate. Sir, yes, please, Justin, do you have the mic yet? Yeah, if you could please introduce yourself, sir.

Byron Holland:
Thank you. Byron Holland from CIRA. We’re the operators of the .ca country code top-level domain. And we also do a lot of work in the cybersecurity and DNS fields on behalf of others. Thank you very much for this presentation. I think many of us have been trying to understand what the process looks like. And definitely, certainly to my mind, charts and graphs and linear timelines make sense. So thank you very much for helping bring this into focus. The one thing that I couldn’t help but noticing a couple of slides back was the agenda and the different groups that were gonna be part of the process. No surprise, I was quite struck by the absence of the technical community. So when I looked at the agenda and all the communities involved, the technical community, the folks who in general actually run the internet are missing from that. And I would suggest strongly that you would want to include that community as one of the key actors and one of the key stakeholders in the process. Because we are very different from academia. We are not per se civil society. Some of us are for profit. Many of us are not for profit type entities. It’s a distinct community. Thank you.

Gitanjali Sah:
Thank you, Brian, for highlighting that. Basically, it’s human error. That’s it in one slide. Because in the rest of the slides, you will see that technical community is very prominently featured. This was a couple of years back where we were basically decided all of us together that civil society and technical community should be a different category. And it has been so ever since. So thank you very much for highlighting that. Nigel from UK, Nigel, does it work? I think you have to switch it on, Nigel, from the top.

Nigel Hicson:
Okay, thank you very much, yes, after yesterday. Nigel Hickson from the UK government. I mean, just first of all, to echo what was said yesterday during the UN CSTD session, and what’s been said this morning, you know, the focus on the WSIS plus 20 review process is clearly very important. The roadmap towards the UNGA discussions is complicated, and like Byron, it’s good to see a timeline for these discussions. We’re very much focused on the process, and that the process includes all stakeholders, and a diverse range of regions, and that everyone has an opportunity to contribute to this process ahead of the UNGA discussions. And for us, it’s very important that the UN CSTD produces this report, which was discussed yesterday, which will not only look at where we’ve come from, perhaps, in the last 20 years, but will look to the future. Because I think, for many of us, the future is what’s important, how the WSIS 2.0, I, you know, this is a new term, but, I mean, you know, whatever, you know, can come out, if you like, from those UNGA discussions, and can emerge. And for us, it’s very important that we focus on what is important to bridge the connectivity gap, to do what many people have been talking about at this, to do a lot more, in terms of evolving the WSIS action lines, so they help complement the sustainable development goals, so there’s a clear linkage between that, between those goals, and the matrix, of course, that was developed in 2015, was important in that regard. So I think that, you know, there are some real important steps that have to be taken. In terms of the WSIS Forum next year, clearly important to have this WSIS Plus 20 high-level track, but I think it has to be prepared well. If we’re going to have our ministers to come to Geneva to discuss these issues, then there has to be some sort of preparation in advance, so they know what they’re going to discuss, but, you know, clearly important. It’s really good to hear that UNESCO are doing something. Many of us remember joining the dots. I think it was joining the dots, wasn’t it? No, it was connecting the dots. Oh, connecting the dots, I’m so sorry, yeah. But I mean, that was a very significant event, and the work that UNESCO has done on multilingualism is, I think, another important factor that perhaps will feature at the WSIS Forum next May, and that brings to an extent in the technical community and the work that’s been done at ICANN and in other areas to develop international domain names, to further multilingualism, to look at universal acceptance, and that, in terms of, you know, the evolving of the action lines to meet the Sustainable Development Goals is an important factor, so thank you.

Gitanjali Sah:
Thank you very much, Nigel. Balzoor, is the mic somewhere there? Thank you very much.

Balzur Rahman:
Very good morning. Basically, my name is A.S. Balzoor Rahman. I am working with Bangladesh NGOs Network for Radio and Communication. Basically, Bangladesh is one of the impact country of the WSIS action line implementation, C1 to C11. So, Bangladesh government and CSO, civil society organization, successfully integrated WSIS action line, C1 to C11, with the five-year plan, and as well as digital Bangladesh process, and smart Bangladesh process, and as well as civil society organization intervention. As a result, Bangladesh government and civil society organization received lots of WSIS prizes, as a winner and as a champion. Especially, my organization, Bangladesh NGOs Network for Radio and Communication, received seven award, as a winner and as a champion. We need WSIS forum annually. It is really multi-stakeholder manner. Now, it is model of multi-stakeholder. We would appreciate if the WSIS Secretariat would publish a toolkit for parliamentarian, and as well as mayor, because I saw they have a parliamentarian track, and also mayor track. We need WSIS action line localization, like a sub-regional basis, often consultation, like South Asia, because UNSCAP is so far from us. It is a mixed of the South Asia and Southeast Asia. So, we need a separate sub-regional open consultation about WSIS action line, like South Asia, and as well as country level open consultation. Open consultation is very important for reviewing the action line progress, called C1 to C11. C9 is very important, UNESCO representative is here. It is real that community media sector is now under threat by the social media, and also new tech. This is the reality. But community media needed for voices for the voiceless. It is only media ensuring voices for the voiceless from the ground. Finally, based on the WSIS multi-stakeholder experience, we have harmonized with the Global Digital Compact, and as well as Summit of the Future.

Gitanjali Sah:
And we developed one initiative, two years initiative, basically called Bangladesh Initiative for Connecting, Empowering, and Amplifying Unified Voice on Global Digital Compact and UN Summit of the Future. Make Bangladesh voices heard at the GDC, and as well as UN Summit of the Future. Thank you. Thank you, Baljour. Mr. Bertrand de La Chapelle, it’s good to see you after a long time.

Bertrand De La Chapelle:
Thank you very much. I’m Bertrand de La Chapelle, I’m the Executive Director of the Internet Interdiction Policy Network, and the Chief Vision Officer of the Data Sphere Initiative. It’s great to be here, but I have to say that I may be a little bit less diplomatic than I’m usually. I have an intense frustration with the question of the WSIS plus 20. A deep frustration. As many of us have participated in the initial WSIS in 2003, 2005, there was a drive there. There was an ambition, there was a vision. People were thinking that there was a challenge at the time, 20 years ago almost, that there was an information society in the coming, and that it created a certain number of technical, social, but also political challenges, and that we needed to find a way to work together to address those challenges, and make the best of the information society, which at the time was just ICT. We are 20 years later, and in spite of all the amazing developments, the political landscape has become worse and worse. We are not able to address the challenges because there is a lack of cooperation internationally. We do not have the transnational institutions that are needed. The technical architecture and the technical governance architecture is functioning very well, thank you. During the pandemic, without the internet, the world wouldn’t have been able to live, and the technical community, which doesn’t have basically the right to speak on the policy issues, is the one that managed the world to keep tight. Meanwhile, and I don’t even talk about the environment or the political geopolitical battles, we’re seeing an absolute lack of capacity to address the key challenges, and the Secretary General of the UN has rightly said that there are two existential crisis. One is the climate crisis, and the other one is what is the digital society we want to build together? And here, when we’re talking about the WSIS, 20 years is a nice anniversary. It’s usually a coming of age party, and we’re going backwards, just looking at the review, and don’t get me wrong, the review is extremely important. What we’ve accomplished, what we’ve not accomplished is important. I’m afraid that we’re gonna look too much at what we’ve accomplished and missing what we have not accomplished, which is a lot. We should have a little bit of self-criticism collectively, but what I would like is a term that I haven’t heard in many years, is what is our ambition? What do we collectively want to achieve together? And I want just to finish by saying, for a year and a half, I’ve participated in a few sessions regarding the WSIS Plus 20, I still don’t know what it is. And Thomas was saying it. I think if it ends up being the equivalent of the WSIS Plus 10 review, a mere resolution in the UN General Assembly, we have missed a massive opportunity. So I would like to encourage everybody to think about this not as a WSIS Plus 20 review, but as 2025, as the moment where we, through all the different processes, think about what is the damn ambition that we want to have for cooperation. Thank you.

Gitanjali Sah:
Thank you very much for that call for action. Call for action that was very much needed in this meeting. What is our ambition? So who’s next? Peter, the right person. Is there a mic there? No, okay. Okay, yeah.

Audience:
Thank you, Bertrand. Thank you. Well, you rightly said the 10-year review, which ended with the resolution, produced nothing. Well, that’s not true. We have extended the mandate of the IGF. We have extended the mandate of the WSIS Forum. That’s true. However, there was no ambition. However, if I record the CSCD report, which was a very short report of 300 pages, we have already mentioned a lot of things. Does it ring a bell? AI, social networks, IoT, everything was there. Everything in the report. Have you seen anything in the resolution? Nothing. We are going to do something very ambitious this time as well. As you said, we would like to outline the future, and I’m sure we are going to do that. Now, if we do our best, probably it won’t be enough, because the UN General Assembly will be very political. Say, what influence do we have? It’s a question I don’t have the answer. I don’t really have the answer, but we have to do our best, and I think what you said, we should be doing it, and we are going to do it.

Gitanjali Sah:
Thank you, Peter. We look forward to your guidance in this whole process, and Bertrand, if you noticed, we are trying to be slightly ambitious, because in the time that we have, we are trying to be slightly ambitious, because in the timeline, we have made sure that the UNGA is involved in the whole preparatory process, and our colleagues from UNDESA are also present here. So we have one minute. We have a few remote participants. Professor Minkin can hand you the floor. Very quick comments. Remote participation, please. Logistics team, we have a remote participant. Professor Minkin, we are informed that you need to unmute yourself. We do not hear you. You can just unmute yourself and go ahead. Please go ahead.

Vladimir Minkin:
Yes, thank you. Thank you very much, Gitanjali. Good time of the day, dear colleagues. Let me shortly, first of all, I agreed the last speakers, especially Nigel, Bertrand, and Peter, and I think we have a lot to learn from them. And Peter, and I would only draw attention, now our first meeting for preparation. And main point, we should think what will be the outcome of this is plus 10 high-level event. What we want from this outcome, it was formed with this outcome, how we will prepare to this outcome. In all cases, what we should do, we should consider at least preliminary 20 years view, what was happening in each action line, and define what we want from future. How we see the vision, this is beyond 2025, that we should prepare to that. It should be chance for multi-stakeholder estimation, this, and to receive multi-stakeholder view on the future. Future of visas, future of SDGs, digital companies, and so on. That we expected from this high-level forum, and I hope we should carefully prepare for that together. Thank you very much.

Gitanjali Sah:
Thank you, Professor Menken. The logistics team is giving me an indication that we need to finish. There are a lot of hands up still. Yeah, there are a lot of hand ups still, but we continue on the 13th of December in Geneva and virtually, so please join us. But Ambassador Schneider, you have a few last words.

Thomas Schneider:
I’ll just, and please, those that did not have the chance to comment, there are ways to contact us, to contact also the DI2 and UNESCO and us. Just one reaction, a brief on Bertrand, and it would be also nice to hear from younger people, because we were maybe younger 20 years ago, but we are definitely not that young anymore now. But that’s a side remark. I think the world has changed. And because 20 years ago, it was 10 years after the fall of the Berlin Wall, we were all hoping that the end of history would be a nice thing and that the technology would help us to spread peace and freedoms and everything, and sharing was the word. Now we’re in a different, not just geopolitical, but we’re in a different environment. It’s not about sharing, it’s about fighting. It’s about winning or losing. We are back into some kind of middle-age thing. It’s like we cannot all win together. If I win, you need to lose. We’re gonna have a discussion on this, and we can continue. Just to cut it short. And that has an impact also on us. It does. I think it is up to us to try to make the best out of it and reinterpret, as Valeria had said, reinterpret the Vicious Vision in the times that we are now. They are more difficult, but it’s not the end of history, so it’s also up on us to try and go back into the right direction. But it’s difficult times, I guess, for all of us.

Bertrand De La Chapelle:
But it’s precisely because of this environment that we needed spaces to cooperate and bring the moderates together instead of being hostages by the extremes in all cases.

Gitanjali Sah:
On that note, thank you.