Monday, 4 November 2013

Thoughts from the Parliament and Internet Conference

Background…

I originally requested a place at this event about four weeks in advance, only to be told that the event was full.  It is of course pure speculation to suggest that the lack of space for me had anything to do with my vociferous opposition to the direct.uk proposal at the Nominet consultation meeting in London on 9th September… but as I was not the only person to have been denied a place on these grounds, it did make me think!

However, having heard from a colleague who registered much later that there were “plenty of space available” I emailed the organisers and after a brief telephone conversation was awarded a place!

The opening speaker even reinforced the point that the event had been over-subscribed, though the many empty seats did rather undermine this message!

Session One -  "Are we privatising morality?" - Chair: Baroness Fritchie


Dr Miranda Horvath, Forensic Psychology, Middlesex University

Exposure of young people to pornography... Boys more likely to access, girls more likely to "be exposed"... Influences attitudes to sex and gender roles unrealistically.  Strong links in evidence between exposure to pornography and risky sexual behaviour.  Need to examine the issue of pornography in the context of wiser social attitudes to sex, sexual objectivisation and gender roles.  Young people want better education and access to a broader range of information about sex, sexuality, pornography and the internet.  There is no silver bullet and it is a societal issue not one individuals can solve.

Dr Julian Hupper MP, Lib Dem,  Cambridge

How do we respond as a society to technological change?  Not keen on default blocking as definitions are ambiguous and impossible to police effectively without risk of blocking legitimate and reasonable content.  

Nick Pickes - Big Brother Watch - privacy campaign group.  

Being portrayed as a binary choice between a "safe internet" and the Wild West, but it far from that simple.  We cannot promise a safe internet.  What would such a thing look like?  Depends on the individual's perspective... There is no technological solution to what is a human issue.  Filling is a good tool for parents to help make the internet a safer place.  This is an international issue and the debate about how the internet is governed is broad and complex.

Prof Andy Phippen, Social Responsibility, Plymouth University

Concerned about filters being applied at the network level rather than in the home as the language is so ambiguous.  Example... Asda sells FHM. Magazine but their "mums net approved filtering" blocks FHM website!  
Questions from the Floor...

Freedom of Expression
Controls on in app purchasing by children
Role of politicians is to "not mess it up"
Drop in reported crime... Is this because crime is falling or because the police have no capability to respond so victims are not reporting... Similarly with sexual harassment cases, victims fear (supported by evidence) that they will not be taken seriously.

Comments:

1) This was quite an interesting session, though there seemed to me to be an underlying assumption in the question (not shared by the speakers) that it would be possible for governments to be able to act effectively on moral grounds.  Personally, I believe this to be naive at best and probably delusional thinking.  All the evidence, from the earliest days of the worldwide web, is that where the content of sites is challenged on moral grounds, the sites either move to a different jurisdiction (with different moral norms) or head for the dark web.  

2) I am certain that there is a role to play for Registries in responding to legitimate complaints, but determining what constitutes “legitimate” is a knotty issue to say the least.  Witness the couple recently arrested in a Middle Eastern country for posting a picture of themselves kissing… in many countries this would be regarded as perfectly normal and acceptable behaviour.

3) The last issue raised from the floor, on the reduction in reported crime, is of great concern.  There was and is much debate on why this should be the case, but one clear, albeit anecdotal, indication is that there is a general perception that the police and other authorities neither fully understand what might be criminal behaviour online and, perhaps even more worryingly, are building a reputation for not taking complaints in this arena seriously.  There has been a rash of news reports lately indicating that young people see online bullying as something which is inevitable and unavoidable… but does that mean we should behave as if it is acceptable?  I think not.  The National Cyber Crime Programme placed a very heavy emphasis on the training of “front line” police officers to recognise cyber crime, and this should eventually result in more crimes being reported as more reports are taken seriously and prosecuted… but as a society we cannot afford to take our eyes of this ball as it touches everyone, directly or indirectly, and we all have a responsibility to do what we can to reduce the volume of online unpleasantness wherever and however we can.

Keynote One - European Single Market & Digital Integration - Paul Timmers, EC DG CONNECT for Sustainable and Secure Society

Snapshot of the digital single market... 

European Council October '13... 
- investing in digital economy... Infrastructure, cloud, big data, taxation
- digital single market... Connected continent, eID, eInvoincing, cyber security, modern public administrations
- improving digital skills
- innovation
- services and trade

EU's share in global ICT market is dropping... Connectivity is a key driver for competitiveness... Rollout of fibre and 4G will be critical to future economic success.

Costs of roaming also of concern.... Europe is not a single market... 250 operators and 28 regulatory frameworks!!

It is not just about telecoms but the whole economy... Proposal is called the Connected Continent.. Consistent rules, regulators and remedies...  Encouraging pan-EU telecoms providers. 

Comments:

1)  As a fan of the European Union, for which I make no apologies whatsoever, I found this presentation very encouraging and illuminating.  Mr Timmers presented not only some of the more important public concerns, such as the wide disparity in costs for data traffic across the EU and especially when data cross borders, but he also shed some light on the lack of integration in terms of the regulatory framework.  Each EU nation has its own rules when it comes to regulating and policing the telecommunications providers and the historic encouragement of competition in this market has resulted in the EU having a very large encumber of providers.  However, as Mr Timmers also pointed out, each nation has only a limited number of providers which presents great challenges in terms of making bi-lateral agreements on, for example, data roaming charges.

2) The EU has a significant number of large and important ICT companies, but their share of worldwide markets is shrinking.  If the EU economy is to proposed on the back of recent technological advances then this sector must become more globally effective.  This probably means that the leaders of the EU’s large technology companies need to do two things far better than they have in the past:  Firstly they need to work much more effectively with SMEs and secondly they need to encourage innovation… easy to say but is it easy to do?  My experience in large ICT companies  based in the UK, the USA and Italy, is that the EU-based companies are too risk-averse and too conservative when it comes to innovation… in fact, the ability to take a new idea to market seems to be based on the objective judgements of senior managers and executives rather than evidence.  US-based companies tend to work on the basis of data - and while not all innovations prove to be successful, the pervasive attitude is one of trying things on the basis that some (not all) will work.

3)  I am encouraged by the concept of the connected continent, especially if it means that data roaming charges reduce, but I am not convinced that the diversity in regulatory environments will encourage this consolidation… nor am I convinced that there is the political will to address these issues - more on which later!

Breakout Session - Internet Govenance etc

Alan Cairns MP - interest in child protection online, fallout from Snowden.

Leslie Cowley... IGF majored on internet governance... Impetus from many stakeholders on review of how the internet is managed and governed.  Many people talking of multi-lateral frameworks... UK is not really active in that discussion, which will kick off in Brazil next April... Looking for UK government to take the lead.

Mark Carvell, DCMS... Ed Vaizey in bali underlined UK's ongoing commitment to multi-stakeholder approach.  Discussion with ICANN aimed at ensuring that the process continues along the multi-stakeholder path... Do not want the initiative to be led by a single government but by a small group of governments.  UK will engage with the process being hosted by Brazil.  

Dan Wiles, FCO - need to ensure that the multi-stakeholder approach maximises benefits for all and not just for some.  Need to find policies to bridge the digital divide worldwide.  Also need to align internet governance to millennium development goals.

Andrew Puddephatt, Global Partners...  Need to be prepared with proactive policy proposals as we can expect Russia to come to Brazil with proposals for a state centric governance model.  Need to get involved in shaping the summit with proactive proposals and we have not taken any significant steps in heat direction for the last 10 years.

Olivier Crepin-Leblond, Chair of ISOC UK... General view that ICANN's leadership has not been a success.  very pleased with general level and quality of the discussion at IGF in Bali.

Views from the Floor:

Louise Bennett, BCS... Severe erosion of trust in US government and US companies... Risk of Internet community becoming a "gated community" due to this erosion of trust.  

There are initiatives going on at UNESCO amongst others in parallel with the proposed meeting in Brazil! indicating that the process is both multi-stakeholder AND multi-lateral.

Feedback from IGF is major concern expressed by civil society reps from around the world at the way in which China and reissue are using the Snowden revelations to back their goal of state controlled internet.  Huge sens pe of despair and depression at how quiet the western democracies and others are being on this issue.

Credibility of the UK. Wil be vital if the UK's voice is to bea heard and listened to in hither be debate and there is a strong role for UK government which needs to be taken up.

Concern that the investments by the FCO in the process, which began in London 2011, appear unaligned with IGF.. Why are the UK investing in a different process rather than getting more actively involved with IGF as ah a major player.

Susie Hargreaves, Internet Watch foundation - concerned that Bali was essentially two separate conferences! one on child protection and the other on internet governance.

Oxford Internet Institute - brought a group of young people to the IGF, and was encouraged that each year, more delegates are wanting to engage with the young people... Made front page of IGF news.  need more specific stakeholder groups and a remote participation.

Identity & Trust - Louise Bennett, BCS

86% of responders to survey of young people want guarantee that they can communicate on the internet without having disclose who they are...  

Big Data,... Eg surveillance and NSA were main topic of discussion.  Wider big data issues need to be discussed more widely both in terms of potential for social good as well as down side risks.  LB feels it is important for UK to lead the debate on the positives and potential negatives of Big Data...

Vicki Nash, Oxford Internet Institute - Session Summary

3 main areas to consider... Internet governance as an issue in its own right.. What is the UK  strategy?

Leadership... Who is going to take the lead and who will they bring with them

Cannot afford to focus so much on internet governance that we lose sight of specific issues where quick or significant wins can be achieved in parallel.

If I we are going to get civil society properly engaged in this debate then we need to look carefully at the language that is used as in general it is esoteri, specialised and unapproachable for the average citizen.

Also need to widen participation in IGF to encourage more voices to engage in the process...  Mechanisms for obtaining speaking slots, workshop sessions etc need to be more transparent.

IGF came close to cancellation a month ahead of the event... Many aorticipants were approached for donations at that stage.  Only one full time staff member... Not a great impressions for a major UN body.

Press coverage was also very disappointing... Need to understand the reasons so that the same mistakes are not made at the next event in Turkey.

Model for IGF meetings is that they are locally funded and they believe the funding issues in banality were a one off.

Comments:

1) I’ve been involved in information security and business risk management for the best part of 20 years but have only recently become interested in issues of internet governance… and have to admit to being puzzled by the attitudes of many protagonists in the ongoing discussions.  OK, there are different views at governmental level ranging from the “controlling” stance of nations such as Russia and China to the “laissez faire” attitude of nations such as the UK and USA, with many shades of grey in between. I am aware from some of my previous work that the levels of monitoring of internet use in some nations make the recent revelations regarding PRISM and Tempora seem very tame indeed… but my primary concern is that our national governments still seem to be approaching internet governance from the standpoint that they have the ability to be effective - which in my view is a rather flawed assumption.  National governments must observe national boundaries and international treaties and so on, the worldwide web sneers at such limitations and the bodies responsible for managing the domain spaces and address spaces will need to be much more robust if they are to be more than a minor irritant to the purveyors of filth, malware and online criminality.

2) As the home of at least some of the original innovators of the worldwide web, it is immensely disappointing that the UK government appears to have decided not to get too involved in the internet governance debate.  We appear to have no coherent strategy and worse, no apparent understanding of how this issue will ultimately impact the British and EU economies (which are highly interdependent).

3)  The lack of press coverage was ascribed by at least one commentator to the fact that the IGF took place in Bali… forgive me, but I cannot help feeling that this is nonsense.  When Islamist terrorists set of bombs in Bali killing many people, there was no shortage of press coverage globally - which might lead one to conclude that the  news media figured that the IGF would not be particularly newsworthy.  This should be a concern for everyone involved in the world of technology and especially the web - its economic significance is growing every year and there are now at least as many devices connected to the web as there are people on the planet, so if the IGF in its current form is not newsworthy, then those responsible need to look long and hard at themselves and their agenda to ensure that the news media want to come to the next meeting.

Keynote Two - James Brokenshire

Focus on national and regional capability for cybercrime, serious organised crime and child protection.

New strategy separates cyber crime into two categories...

Cyber dependent crime - hacking, ddos etc
Cyber enabled crime - crime that would not be possible without online facilities

JB will shortly be establishing an academic working group to enhance the quality of data available relating to of cyber crime, fraud etc.

What is the government doing on cyber security and where does industry fit?

National cyber security programme... £860m over five years to develop a step change in capability... Key are of work is in transforming the way that we pursue cyber criminals...  NCA will lead UK's fight to cut serious and organised crime.  Through NCCU au and economic crime command, will unify the. UK's law enforcement response to the most complex and serious cyber crimes.  Half of the NCA's staff will be trained in cyber investigation techniques.  Regional eCrime units will received additional funding, in parallel with regional serious organised crime units to have their own cyber crime capabilities.  Regionalising expertise is intrinsic to enhancing our law enforcement response.

Effective response is dependent upon having a realistic view of the threat.  Action fraud, as the single consolidated reporting point for fraud, will assist with that process.  need to increase the proportion of cyber crime that is reported.

International collaboration is central to the NCA/NCCU strategy for crime reduction.  FBI have cited relationship with NCCU. As the exemplar of how international collaboration should be done.

Need also to ensure that the right legal frameworks are in place and that our criminal justice system is fit for purpose for investigating and prosecuting cyber crime. Proposals will be brought forward in due course.  imputed misuse act wil be updated next year.  UK government has ratified the Budapest convention.

Industry?  Management of cyber threats should be at the core of corporate governance and at the heart of the business.  Gvernment has published guidance for business leaders (10 steps) and is working with the big audit firms.

Also need to increase the public's awareness of how to stay safe online.  Next few months will see a major ecompetence campaign.

PROTECT... Sharing intelligence...  NCA will have a dedicated unit for sharing intelligence on cyber crime with industry.  CISP was launched this year with the active involvement of security services, law enforcement and government with more than 250 private sector organisations and growing.

Comments:

1)  Not much new here.  Mr Brokenshire was his usual engaging self at the podium but the speech did still sound a little like "motherhood and apple pie” as our American cousins might say.

2)  The message regarding the National Crime Agency contained some positive messages, but early indications (again anecdotal) are that the NCCU will have to work very hard at its investigative and enforcement remit to achieve the levels of success delivered but he Police Central eCrime Unit (PCeU).

Keynote Three - Ed Vaisey, PUSS Culture, Communications & Creative Media, DCMS
& Ed Richards, CEO, Ofcom

Rollout of super fast broadband underway at the rate if 10,000 premises per week now, rising to 40,000 per week next year.  A further £250m funding has been allocated.  Target 95% by 2017 and 99% by 2019.

Super connected city programme underway.  Pilot in 5 cities successful.

IGF - do not currently believe there is a ace for greater intervention by government and that self-regulation is the way forward for the .uk domain space.

Tried to raise the issue of second level .uk domains and the need for regulation of the .uk domain space and the IPv6 address space... Both Ed Vaizey disagreed that there is any need for regulation and Ed Richards (Ofcom) disagreed that it was a role of Ofcom.

Comments:

1)  This was the session I had most looked forward to as I hoped to hear about the government’s attitude towards internet governance… what we got was a minister who clearly has little understanding of the issues and was more intent on cracking weak gags than making any serious policy statements.  Mr Vaizey’s affection for self-regulation (when asked about he role of the government and Ofcom in regulating the .uk domain space and IPv6 address space) seemed to this observer at least to be somewhat irresponsible, given that the ability of Nominet to govern itself effectively in the public interest and in the interest of its members has recently been found wanting.

2) Ed Richards of Ofcom was equally disappointing, though for different reasons.  In his opening remarks I was encouraged to hear him talk about he need for a solid regulatory framework on internet governance, but when addressing the .uk domain space issue he was monosyllabic in declining to accept any role for Ofcom in regulating this monopoly.  I was appalled when he also made highly disrespectful remarks concerning the presentation by Paul Timmers; on the numbers of regulators and players in the EU compared with the USA, Mr Richards suggested that drawing such a comparison was nonsense… not only was this disrespectful when Mr Timmers was not present to defend his position, it also seemed to miss completely the point that Mr Timmers was making - which was that creating a single market amid such diversity was going to be a big challenge for governments, regulators and service providers.  But once again, the attraction of scoring a cheap point on the Eu won out over addressing the fundamental need for there to be effective governance and regulation of the worldwide web and the service providers who facilitate access to it.

Conclusions:

* It was worthwhile attending this meeting, but as ever more for the conversations held with other attendees than much of the formal content;

* Internet Governance is a global issue that must be addressed by governments, regulators, registries and civil society working together.  That IGF meetings are not considered newsworthy is a damming indictment of recent events and must be addressed as a matter of urgency.

* The EU has some ambitious plans to create a connected continent but needs more support from national governments and regulators to press ahead with harmonisation and to encourage consolidation of service providers across national boundaries.

* The UK ought to be playing a leading international role in driving the internet governance agenda, but we seem to lack the political leadership, understanding and willpower to do anything other than sit on the sidelines making snide remarks about how everyone else is doing.  This has got to change.