[Read more session reports and updates from the 14th Internet Governance Forum]
Implementing Internet standards and protocols to make the Internet more secure needs to be approached from many different angles. Mr Wout de Natris (Founder, de Natris Consult) highlighted this reality before asking the room to divide into five groups to focus on developing recommendations for speeding up the deployment of secure technologies. The groups focused on:
- Creating a positive business case for the deployment of Internet standards
- Making the case for the necessity of incorporating standards into law and actively regulating it
- Building standards into products by default
- Increasing awareness for standards and their benefit to Internet security
- Make ICT and Internet products more secure through education
The first group highlighted that in many countries, communities are not in a position to start discussing business cases, because the Internet infrastructure is run by external actors, especially in small countries. They argued that all standards that are relevant to the security of the Internet should remain free and open. Financially incentivising adoption and making it cost neutral could speed up processes.
The second group talked about the current lack of interface between standards development bodies and governments. Standards bodies do not view themselves as regulators and take a ‘libertarian’ approach according to which the market will deliver what businesses and consumers want. More efforts need to be put into building technical capacity among governments in order to increase their engagement in the process. Another group discussing a different subject suggested the government lead by example in requiring standards deployment in its procurement processes.
The third group that discussed building standards into products argued for implementing them by default. This could be a selling point by creating and adding a quality mark indicating that a particular product or service is using certain technologies that have been identified by the community as making the Internet more secure.
The fourth group argued that while Internet security standards may not be the most engaging topic, it is possible to reach communities by making it relatable. This could be done, for example, by developing best practices and using that to praise actors that are doing the right thing for Internet security, while possibly ‘naming and shaming’ actors with poor practices.
The group advocating for the promotion of secure technologies through education highlighted that education is a means of communicating values. Accordingly, educational institutions can be used to communicate values that create demand for the standards on behalf of users. In driving the demand side, the group suggested placing security education in the context of human rights and other issues that students care about. Institutions, companies, and governments with expertise and resources can create modules that other institutions can use in their courses.
de Natris concluded by noting that the session was a pilot designed to explore what can be achieved by crowd-sourcing recommendations that can drive forward issues and reach quicker solutions. He expressed hopes that these types of sessions can be part of a potential IGF Plus process.
By Dustin Loup