[Bpf-cybersecurity] BPF - recording of Nov 15 call

Fri Nov 15 22:20:13 EST 2019

Dear Wim,

thanks for sending this so promptly. I apologize for missing the meeting -
not only was it at the time I teach but today in particular our head of
department was visiting our class. That said, I have listened to the
recording, and studied the output document. Comments:

1. the call was indeed very productive and I'm even sorrier to have missed
it. It is highly recommendable to listen to it more than once.

2. the output paper from the BPF for this year is impressive work. Kudos to
all coauthors, for an extremely useful, valuable, well-written, and
reference-worthy paper.

3. I perceive a general theme that may be missing from the integral
picture. Agreements and normative documents listed (as well as others in
Internet and cyberspace governance) are mostly either in the multilateral
or intergovernmental field or in the multistakeholder field in which
governments are absent or relatively marginal. These are not only two
fields but two distinct regimes; the first, which we laypeople like to call
"Westphalian", is well-known and is hugely preferred by governmental
actors. The more full MSH regime is adopted outside government while
governments overtly fight it or dislike it, marginalize it, try to coopt or
capture it, or in the best case reluctantly participate in it. From this
follows:

3. a. The actual practice of cybersecurity (in its many meanings, fields
e.g. national, public, etc., and other nuances) occurs in an intersection
of these regimes. The CISO of a large corporation, the people at a national
or university CERT, the firms offering managed cybersecurity services, etc.
are using stuff that comes from the Internet, more MSH-like side, like
MANRS, agreed practices, blacklists, information-exchange agreements which
may be informal, NGOs to help propagate knowledge, etc., as well as
governmental and intergovernmental stuff, like MLATs, forensic
investigations, the Budapest Convention, Interpol, and so on. They live and
work at the intersection of both regimes in what becomes a unique,
distinctive regime in itself.

3. b. Countries and companies perform a form of arbitrage between regimes,
and leverage their wins in one for pushing for wins in the other. Thus an
authoritarian country with no actual respect for multistakeholderism may
come to the IGF (or a regional event) and convince some people of their
approach to content regulation, or even only *claim* approval, then cite it
as precedent in national law and policy that uses cybersecurity as a
pretext for content and behaviour restriction. Or some firms may use the
MSH space to garner support from civil society for their approach to
lobbying for governmental and intergovernmental conventions that will
exempt the companies of responsibilities and liabilities regarding
cybersecurity as well as content moderation. The US used to be a master in
this game, which one can almost say they invented (remember the games
bewtwen Commerce and State in WSIS) and has now backed off a bit, but
others have understood it and we are in disadvantage.

This leads to point 4 of the teleconference's call for a session program,
"norm implementation experiences", as well as to the previous points. Some
norms will never be applied because they have been agreed upon by
governments that do not have a chain of command to ISPs etc.; others, well
thought out in MSH space like MANRS, can barely be supported in the
intergovernmental regime except in a few cases in which a government may
order or incentivize MANRS adoption.

I hope this can be seen as a contribution to the document, which I would
gladly develop further in it, as well as to the session, in which I would
volunteer to speak briefly with the text in the paragraphs above, if it
were found relevant. This has been published already in Spanish, in the
Mexican Review of Public Administration. My paper there is in a special
issue on National Cybersecurity which I coordinated and which contains a
dozen of great papers, one of which by our BPF co-member Anahiby Becerril,
whom you cited in the teleconference and in the paper.

Cheers all and looking forward to see you in Berlin in a few days.

Alejandro Pisanty

On Fri, Nov 15, 2019 at 12:43 PM Wim Degezelle <wdegezelle at drmv.be> wrote:

> Dear All,
>
> Thank you to all participants to today's productive call and the feedback
> on the draft agenda for the workshop in Berlin.
>
> An updated workshop agenda will be published on Monday.
>
>
> Below is a link to the recoding for those who couldn’t join.
>
> Kind Regards
> Wim
>
>
> Topic: IGF2019 BPF Cybersecurity - Call IV
> Start Time : Nov 15, 2019 04:46 PM
>
> Meeting Recording:
>
> https://intgovforum.zoom.us/recording/share/niTLWk7w6Qcw19LT4U5UT2n0GH7aIbqFxKdaTWn0o8uwIumekTziMw
>
>
>
>
>
> _________________________
>
> *Wim Degezelle*
> *Consultant IGF Secretariat / BPF Cybersecurity*
>
>
>
>
> _________________________
>
> *Wim Degezelle*
> *Consultant*
> DUERMOVO - DRMV
>
> wdegezelle at drmv.be
> mobile +32 475390185
> skype  w.r.d.d
>
>
>
> --
> Bpf-cybersecurity mailing list
> Bpf-cybersecurity at intgovforum.org
> http://intgovforum.org/mailman/listinfo/bpf-cybersecurity_intgovforum.org
>

-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - -
     Dr. Alejandro Pisanty
Facultad de Química UNAM
Av. Universidad 3000, 04510 Mexico DF Mexico
+525541444475
Blog: http://pisanty.blogspot.com
LinkedIn: http://www.linkedin.com/in/pisanty
Unete al grupo UNAM en LinkedIn,
http://www.linkedin.com/e/gis/22285/4A106C0C8614
Twitter: http://twitter.com/apisanty
---->> Unete a ISOC Mexico, http://www.isoc.org
.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bpf-cybersecurity_intgovforum.org/attachments/20191115/c7a6df56/attachment.html>