The following are the outputs of the real-time captioning taken during the Tenth Annual Meeting of the Internet Governance Forum (IGF) in João Pessoa, Brazil, from 10 to 13 November 2015. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record.
***
>> IRENE POETRANTO: Good morning, everyone. Thank you for being here today. There's not very many of us. So thank you for taking the time to Dom this work shot. I'm Irene and I work with citizen's lab. I'm a researcher and communications officer with the Citizen's Lab with the University of Toronto. So today we're going to be talking about information controls in the global south and we're going to have a particular focus on Latin America and I will first start by defining what do we mean with information controls? We at the Citizen Lab define information controls as acts conducted in or through information and communication technologies which seek to deny, disrupt, shape, secure, or monitor information for political ends. So this includes filters, denial service attacks, throttling, encryption, and passive or targeted surveillance.
So we're going to focus on Latin America today. And I'm joined by Gisela Perez de Acha; Valeria Milanes from ABC, Argentina -- no, I'm sorry, from Chile. Luis Fernando Garcia from Mexico. ELEONORA Rabinovich from Google and Ariel Barbosa from Colombia. So we're going start and she's kindly volunteered to go first so I give the floor to her.
>> ARIEL BARBOSA: First of all, thank you to all of you. Because this is the last day and we are all tired. So thank you so much. I will tell you a bit about my organization. My organization is based in Argentina. It's created in 1995 and the main object is the protection of civil rights and democratic values. I'm in charge of access to information, privacy, and freedom of expression. Despite the main concern of this workshop is related also with freedom of expression, I will vocalize and share with you some of the organization in scope because the organization was working in the last three or four years at that issue.
So we realize through research, different research and investigations that, for example, we have a strong biometric control. I don't know if you know that in Argentina we have a system which gives each person with the person is born an identity number. That's an old system. But the last year, two or three years, the system collect information for the passport system. That is one of our concerns and our research. For example, another issue is that we are working on is the data protection law. We have a law in strong standards but in reality doesn't work so well. That's one of the issues also.
One that we were researching on is our intelligence system. It's corrupted because, for example, strong heritage from the dictatorship government is opaque, lack of transparency, lack of control. Congress in control of the system. And we have evidence that the Argentinian government bought from Germany interception technology but also to intercept the telephone communications which in Argentina has a history, but also to intercept e-mails. And we also know through our research that the intelligence system in Argentina is used for political purposes, sometimes of espionage, known for intelligence purposes itself.
So we're doing research in all of this kind of stuff and now with Citizen Lab, we're starting to research the cyberagenda. For example, the cybersecurity appears in different public documents and also in a decree -- the decree is like a -- it's like a law dictated by the executive power that in App law. And in this decree released last July, and the decree explains the new intelligence doctrine, the word social security appears without definitions. So the word appears in different documents but we don't know exactly what that word means. That is a risk because we don't know the extent of the investigative powers of these agencies, for example.
And another thing I want to share is -- give me one moment, please because I'm checking my notes, is that there is no cybersecurity public policy. So we are trying to analyze what are the different uses of that word and not only the word but the practices related to security in Argentina. We are working on that which are researching the same thing in Chile and we're trying to extend that analysis to Latin America. Because that is up here so much. We don't know exactly what it means and the effects that the word could have in our democracies. So that is what I want to share. And I will hear a question to a colleague in the panel. I'll ask you something. Then you answer me. Is there any kind of mention about cybersecurity in Colombia, if you can share with us? Thank you so much.
>> ARIEL BARBOSA: Can I make presentations? Can you show the presentation on the screen? No presentation? Okay. Well, my name is Ariel Barbosa. I'm from Colombia, an NGO based in Colombia. I would like to talk about the current situation about surveillance and censorship in my country. First I would like to say that Coronado Associates, we responded in 1994. We have been more than six years working on the issues related with the use of internet.
Our main goals in Coronado is basically we work with other NGOs and international organizations. Media work projects are related with e-government. We're supporting the ICT in Colombia for more than ten years doing different projects, related with transparency, related with implementation on the nationalist. And we also are working with projects with the building and the construction of policies.
Our projects are more related with gender, basically, sustainable development and free and open software. For instance, we have our software with the environment in Bogota. We're in an observatory related with environmental topics. We're part of the internet governance forum in Columbia. We were there from the beginning of the process in Colombia. But we will talk later about drawing that internet governance.
About surveillance in Colombia, I have to mention -- I would like to mention two things. The first is hacking and last year there was real evidence, fact, of the sessions of this company and one of the intelligence agencies. There was a session there. $325,000. But I want to say is this is one of The Hacking Team reports that show how Colombia -- the national policy in Colombia from Hacking Team. And the agency with the intelligence national office -- policy. Sorry. The other thing is the privacy and international reports that were released in August of this year. The first one is exposing the surveillance industry in Colombia. We are showing that in Colombia, more than 12 different international agencies are supplying communications, surveillance technology to our country. And the surveillance state and order in Colombia where they show the process, the historical process of the surveillance process in column Colombia. You know that Colombia has been an internal conflict for more than 60 years.
This topic is important, it's really dramatic in our country. The Colombian -- the Colombian has expanded the capacity to spy on the citizen because of this -- I have to say, because of these internet laws. One of those reports talk about some of the surveillance systems that we have in Colombia, which is the -- I have to say this is -- and the second one is Puma. We as citizens have been working with other organizations. We have been trying to make some more kind of following the process of this new system. And there's some kind of a lack of this in the process not able to get information for what are the goals, what are the budgets for that project?
What I think is important to happening in Colombia. Sorry. I have to say that because of those situations, the freedom house reports in this year could recognize Colombia from free to partly free. Now we are in a position to say in the -- show in the map because of those situations, because they are increasing the power. Because of these hacking revelations, because of this lack of transparency in the Puma system and more and more information that we've seen about how the Colombian government has been buying different so forth despite spying on its citizens. I think it's really important to assume the organization to measure the internet governance that we have in Colombia.
The Internet Governance Group we have in Colombia is going to have a big role in the process. I think it's important to have a multi-stakeholder approach for this situation. The group and the internet governance group was more or less six, five years ago. There are people from the private sector like Intel, Google, Twitter, people from the academy like the university, Coronado, the press for freedom foundation and the government, ICT ministry. We are -- until now we are working with internet reduction and net neutrality, internet governance, freedom of speech and cybersecurity and cyberdefense. But I have to say we are just beginning. We're just beginning the discussion. We're just beginning the work in this group. And we would like to have meetings with people that we -- we would like to invite people from the different ministry and the justice ministry to talk about the topics in Colombia.
In the Internet Governance Group, we have a regular meeting every two months in Bogota, the capital. We try to promote on-line participation. We like to have more participation from other cities because we know there are people working in Colombia. The main focus is in Bogota. Last year we developed the first internet governance forum in Bogota. I have to say we're more than 50 people working and talking about the internet governance in our country. But this year at the end of September, we had a second forum in Colombia with more than 150 participants, which is really good. There were people really experts talking about different situations. Thank you. Different topics like net neutrality and digital rights, freedom of speech, so the quality of the second forum was really, really good in comparison with the first one we had the last year. You want to get more information about this Internet Governance Forum in Colombia, there's the website.
I think it's really, really important, the role of this internet, the governance group, because of the post conflict process. You know that as I was saying in Colombia, we have the internet conflict for more than 60 years. And hopefully at the end of May or June, 2016, we're going sign this process and we're going to sign between the governments. So I think the role of ICF is going to be very, very important. Not only because of the surveillance policies, we had to take care of that. But also how are we going to use carefully the ICTs for the resolution of conflicts, for instance, or how to -- how to facilitate the due process? I think we're ICT is going to have an important role in this process that we're going to start hopefully this year.
Just to finish, Coronado is more focused on research. We're not an advocacy group. We're focused on research and capacity building. We trained 9,000 women in Bogota about ICT, the use of internet, how to use the internet, the basic things about the internet. But most important, the goal was to empower them, how to use -- empower women and girls, how to use ICTs to improve their rights. And this year we're running a project with Google. We are training more than 2500 young people in Colombia. One of the topics is the safe -- the security and rights. I think it's -- we're also doing a research project with the Citizen Lab. We're doing a comparative study with women groups in Colombia in on-line security and risk managing their information. How the risks can affect or limit the work of those communities and also capacity building with the rights and safe communication. Thank you.
Oh, yes. About your question. Unfortunately in Colombia, people don't know too much about the digital security. They are not -- I mean, they don't care about the digital security. Some groups like the groups in this organization are working and trying to create capacity building in these topics. But unfortunately the people don't care about the digital security.
>> IRENE POETRANTO: Okay. Thank you, Ariel. Now I will hand over the floor to Gisela.
>> GISELA PEREZ de ACHA: Hello. Thank you very much. I'm Gisela. I would like to talk about information controls from perspective on the region in general in all Latin America. While the political panorama of the internet shifted a little with the Snowden revelation, not because surveillance didn't exist before but now all of us who say it are not crazy persons, but in the United States, the political implications of the United States. When we think of this in the context of Latin America, there's other implications, first, because of the history of repression and dictatorships that we have and the very weak democracies in some of the countries, especially in Mexico.
I am from Mexico. I would say there's a very weak context that repeats along the region. So in this sense, European revolutions do not work apply blindfolded. We have to think about our own solutions and approaches. So in this regard, I would like to tall about three specific things that are seen by our organization as information controls. Especially with this new security -- it's not new, but with the security rhetoric that has complete disregard of human rights, it's either privacy or free speech. And that is very hard to overcome. So that's one thing that's very concerning.
Secondly, I would like to put it on the table -- there's some -- though attacks in media and journalists are also seen as information controls. And I will talk more about that when I address the issue of freedom of expression. So we have a clear focus and agenda based on research work. We're very interested in mapping and seeing what are the trends in the region. As you can see, well, it's a little -- it's a little stretched, but on our webpage you can also find this that we just made about Hacking Team and what each country spent on the region with Hacking Team software. So thank you.
So, regarding cybersecurity and this is a derivative of the security of rhetoric and agenda that governments usually have. The fifth summit of analysts took place in Santiago, Chile this year. And the experts of a security company presented the data that it collected in 2014. And first period of January and August of 2015 where there were 398 million instances or digital attempts to compromise users' information. So its strength that while the government has excessive -- that wants to protect security, users' devices and privacy are being compromised. Brazil, Mexico, and Peru registered the biggest number of threats in this aspect.
And also unparallel to the security narrative, we have found that the equality narrative has also been used to censor some media and platforms on the internet. For example, in Argentina, there is the -- the discrimination law that limits and the comments section in -- in on-line media and platforms. And that broadens the definition of discrimination too much so that anything can practically be discrimination. And on the other side, in free speech -- regarding free speech, what we see is also the countries that are pursuing anonymity and trying to finance.
And we also see that as a kind of information control because it creates a chilling effect on dissidents and people who are gender fluid and cannot explore their sexuality further because of anonymity prohibitions. Specifically in Ecuador, there's a very clear regarded media tool, a clear law that requires all people to register and that could not comment or have a discussion without revealing their true identity. In Chile, a proposed amendment to the first law would put social networks in the same category as digital newspapers claiming there should be registered addresses to it. After a public debate, the language of this amendment was modified.
Finally, one of the other information controls we see now is its copyright in general especially with the discussions going on with the TPF, it's the minimum for protection of moral rights to 70 years or until the author's death. Even though Mexico has hit 100 years after the author's death. It makes no sense that if dead people have no rights, why should we protect the moral and copyright laws after they are dead, right? And especially for the on-line environment, the DMCA which is a Digital Millennium Copyright Act, that implies like a safe harbor regime for intermediaries so if they're notified, they have to take down content due to copyright requests. We have found in the region it's been abused by especially the President and Mexico's President to remove content that's not convenient for their governments and they try to take it down due to arguing copyright infringement laws.
Also a judge recently ordered the seizure of computer equipment used by a weekly newspaper after receiving a complaint of possible illegal software used in many of these machines. So this illegal software was also viewed as a copyright violation.
In Chile as well, there was a link called opengate.cl, a parity of the Opus Dai movement, a large movement in the world, and they contested this link due to also domain infringement. I think my colleague will talk more about this, but that's the retention laws in the region that are also seen as information controls, specifically in Mexico there is one retention law in up the telecommunications act. I will not talk further about this. And in Brazil, a debate right now about a new law being proposed. It was just passed in the chamber of deputies that will go against the principles and applies also in discriminated in the retention laws.
So I would like to ask something of Eleonora from Google which is a topic that's on the agenda and is very controversial lately. If we see the right to be forgotten as an information controlled tool also in Latin America or what reading can we do in this perspective? Thank you.
>> IRENE POETRANTO: Thank you, Gisela. To Luis from Mexico.
>> LUIS FERNANDO GARCIA: I'm from the Defense Network of Mexico. Our treaty, we're from the rights from Mexico. We used several tools of lit occasion, research. Communication to advance human rights perspective on rights. We believe technology is a tool for exercise of human rights and we want it to be like that. In Mexico, there are several information controls as definition given by the citizen law is given. On first, I need to -- no, no. I don't need it.
First the context of Mexico is important to take into account. The human rights and other Universal and U.N. special procedures for torture and others have recognized that Mexico is going through a human rights -- severe human rights crisis characterized by disappearances, torture, killings, and particularly some sectors of the population are particularly targeted such as journalists and human rights defenders. In Mexico, the line between organized crime and authorities is often nonexistent or at least in the best case scenario, blurry. Taking this into account, just to mention a few, I'll focus on one particular information control.
I want to mention a few. The first is the intimidation for journalists and for people who express themselves on the internet. There's plenty of other communication about that. The last decade, close to 70 journalists, seven-zero, have been killed in Mexico. Many of them have been using technology to do their work, the journalistic work. Many have mentioned the cybersecurity agenda has also gained interest in attempts to control the internet. Recently cybercrime legislation was introduced to the Senate. The bill was so badly drafted that literally using a computer was a crime, literally. Fortunately the people protested in many on-line, which speaks of the importance of the on-line forums have in Mexico for political participation. A week after the senator proposed the bill, he retired it -- he dismissed his own proposal from the Senate. So this agenda is going to continue to come back to our countries, to our doors, knock on our doors.
There are other ways in which information is shaped in Mexico net neutrality and companies have violated net neutrality even though we had a neutrality law in Mexico. There are other more subtle ways in which governments and companies and influential people trying to shape information on the internet, manipulation of twitter algorithms through fake accounts. It's a complicated procedure, but we have evidence that they're doing this. And also basically what I'm going to focus right now is on how information is monetary in Mexico.
As Gisela mentioned before, the surveillance in Mexico through retention preventions, our organization is challenging the telecommunications law that provides for that retention, the retention for two years of all data of all users of Mexico. And not indiscriminate and disproportionate way. This includes the origin of calls and communications, even the location tracking of the devices at all times for two years for a person. This reveals a lot of information, more than maybe sometimes more than the content of the communications. We're challenging this legislation and it will be decided by the Supreme Court in the following months. If someone wants to know more about it, we can talk about it later.
And also the lack of interest for the so-called interventions, location of mobile devices and access of data to users, there's not clarity about which authorities can ask about this information. There's no clarity or -- or there's clarity they don't need a judicial warrant to get this information. There's a lack of safeguards which is problematic for surveillance because surveillance is a mission of the right that the user -- the person affectled by that invasion does not know it's being violated. You cannot defend yourself. This is why it's so important because you cannot defend your right by yourself, you need jobs, you need other voices and other accountability measures to make sure that these provisions and these tools that are so invasive and can lead to more human rights violations, especially in the place in Mexico in which as I mentioned, the different authorities and organized crime is practically nonexistent. This is very, very important.
But sometimes -- now I turn to my presentation. To be honest, it's not a presentation I did. Hacking Team did it for me. This is our -- this is our slide show from The Hacking Team. So thanks, Hacking Team, for doing my presentation today. But suddenly, privacy advocates are dismissed as paranoids and as oh, yeah, it could be abuse but -- but you're being paranoid.
So what I'm going do with the rest of my time, I'm going to show you how we can prove that Hacking Team software has been purchased legally, has been used illegally, and has been used for political purposes. So, this is Hacking Team's Mexico insider plan. You can find it on the e-mails published biweekly, for example. This is a slide about the MART initiative. It's a security corporation agreement between the United States and Mexico. Hacking Team highlights how much money this involves, $2.Billion and they want a piece of that. They want a piece of that because this money is basically used to purchase among other things surveillance equipment because the United States believes that giving Mexico authorities this kind of equipment will serve the security interest. This shows how important the security of the United States is influencing -- the security agenda that's pushing the controls in Latin America and particularly in Mexico. The Hacking Team shows in this message how Mexico is the biggest buyer, more than 6 million Euros, that's the best by far, the best client is Mexico. His third individual client is more profitable is the intelligence agency of Mexico. Mexico has the biggest number of clients by Hacking Team. Both federal and local -- local authorities. For example, the National Intelligence Agency and Policia Federale, the federal above us, at least they do have legal authorization with all of the lack of -- at least they have a constitutional and legal capability to perform some surveillance, target the surveillance. But there are other -- most of them, these are just the only two -- well, and one more, the last one there that is the authority that investigates other crimes.
Besides those three, most of the rest that I’m going to show you don't even have legal capability to do surveillance. So it's only the purchase and the use of -- any use they do is already illegal. For example, the Mexican army, which was requesting for equipment to be able to target 600 people at the same time, the same army that's just been shown to commit human rights violations such as the killings in La Playa, the execution of almost 20 people, the navy who do not have authorization under the law to perform surveillance. And most importantly, many local authorities. It's a map of Mexico and the ones in gray are its clients. Most of the states, here you can see the agency. Most of the agencies are office of the governor. So the governors of some local states are purchasing these equipment and another, I point you to another -- to another part of this slide where it says partners, Hacking Team and other companies have always said that they only sell these kinds of equipment directly to officials that have authorization under the law. This shows a lot of evidence shows that they are using intermediary companies to sell these -- this equipment.
And here it's the name of some of them. The states of Puebla and Yucatan are from the office of the governor who doesn't have any authorization under the law do this. In one state, the police doesn't have any capabilities to do surveillance. In the state of Mexico, if the prosecutor -- it does have. So but that doesn't make it right. But at least you have some authorization under the constitution to perform this kind of surveillance. And this one is weird, a state-owned oil company. Purchasing surveillance malware. A good thing is that even though they have this capability, it hasn't been very efficient. The national security agency of Mexico, intelligence agency, has not been very effective. Only 2% of the potential volume of the equipment has been used.
It has the capability of performing, of targeting 1,000 people. And they have only been able to in fact successfully 18 people. So at least they're not very good at their job. However, some are good at a job. And they -- and they are being successfully targeting political adversaries. That's what I want to show you right now. So, sorry. This is an e-mail. One of the e-mails you can see in -- or let me go to this, it's better, probably. So, here is an e-mail. You can find in Wikileaks. And it's one of the customers, the Puebla government asked The Hacking Team to create exploit documents to this says to use a document -- to use a Word document as a cover for the infection that will allow this surveillance. So, what Puebla did is they sent a document that they wanted the exploit to be inserted. The document has the name of the target. It says dear Ignacio De La Mora.
Then there's another. When you open that file, this is the file that I merges. -- that emerges. It's an invitation for an event that says dear Ignacio De La Mora, we invite you to the fake event that doesn't exist. We want you to click on this and then we can intercept it and surveil you. This is what happens. We got to know who the target is. We have been able to identify this and we have been able to confirm this with the people affected and they've been showing us our e-mail inbox and they say yes, I did receive the e-mail. This person was a political adversary from the Governor of Puebla. He was not subject of the investigation or security. This was used for political purposes.
So it's not paranoia. It's not hypothetical. It's happening. Mexico is using and purchasing surveillance illegally and using it for political purposes, again, illegally, committing more human rights violations. So I rest my case, thank you. But I want to make a question with what Valeria was saying. And I want to know if there's been some instances of dialogue with these agencies. Do you think there's a possibility to engage with them. I think we are -- rights advocates are very far from these people and not having an engagement is probably causing more problems. Thank you.
>> IRENE POETRANTO: Thank you, Lewis. I would ask her to hold on that thought and give the floor to ELEONORA Rabinovich from Google. Thank you.
>> ELEONORA RABINOVICH: Thank you. Thank you for inviting me to talk here and it's very interesting and inspiring to think -- to hear all of the stories about the activities from the things that are happening in Latin America. We talk a little bit about the trends that we are seeing as a company. Some censorship trends. The Latin America trends. But first let me talk about what we're finding in the transparency report. Transparency report is a tool that provides Google to reveal government actions can affect the free flow of information. We put it that's our request, the government's removal of the request. The copyright removal request. The European privacy request. And it seems like the right to be controlling in Europe and the issues while traffic and safer e-mail. So you can find information for the last six or seven years about all of these trends globally and some countries on locations.
So, for me it was interesting to see the trends in Latin America regarding information control that comes from these transparency report. Content removal trend request. For example, we see that from December 2012 December to last December government removal requests have increased. But then the requests remains steady from 2012 through June last June and it increased again in the second half of last year. Now over 90% of the requests come from court orders so we have to pay attention to what the courts are doing with the content removal and information control issues also.
Something that caught my attention is since the launch of the conspiracy report, more than 1/3 of all government removal requests have called information as the reason for removal. But Latin American countries, information is 60% of all content removal requests since we launched the transparency report. So there are other reasons include privacy and security reasons. So a tool for some kind of information controlling it in some kind of the impersonation trademark copyrighted among others. I think that -- this is the first trend we see but information is still a problem. And it's a challenge that apparently Google built to tackling the region after years of the criminalization campaign from the part and also the American system of human rights have strong standards against the criminalization of opinions and of information.
But we still have a problem with the information and the information is a tool that is used in -- for some public figures or governments to control the criticism, the public criticism. So I think we have a problem there. The other type of censorship we're seeing in the region is the trend of trying to censor the platforms. We know that a lot of people use different internet platforms to communicate to look for information, they use the social media, they use certain things to find the information they want and to solicit their own opinions. So we are seeing that many policymakers in Latin America and the data protection authorities by having to have legislation approved in order to grant citizens, for example, the right to be forgotten as Gisela mentioned before, or removal rights of similar nature based on privacy or protection or even copyright.
So what's the problem here? They're trying to put pressure on intermediaries so that we have to remove content requests from the individual, not the cards. That's a bigger problem for the region to remove these private removal and establish these kinds of mechanisms by law in Latin America. As it happens in other parts of the world and in some of Europe. Another type of information control we're seeing as Gisela mentioned is the legislation, the regulations that seeks to control controversial speech. I think we have to find a way to marginalize this kind of speech, discriminatory speech, hate speech, we have to have a debate in Latin America because we have a high standard on free speech but we see that there are many initiatives in different countries to put an Obstacle to put a ban on this kind of speech but also harm other public interest discourse. So we're worried about that.
The same happens with the legislation that seeks to protect children, for example. And we see that with the law in Peru, just like an old initiative that it was not passed after a push from civil society. But the protection of the children is sometimes an excuse to put some kind of like obstacles and restrictions. All of these activities talk about civilians and what's happening in our countries. So what can we do from the private sector also to protect our users from these trends. We're improving the tools but not only to protect privacy but also a tool to protect other users from masking civilian initiatives. Yes, we have seen some reactions from governments all over the world and other companies also.
Some Telco’s that want to prevent us to improve our encryption tools. So I think that's also something that we have been aware of. And now I would like to ask Gisela, but it's a question that could be addressed by everybody in this table. How can you in a civil society work to create awareness of the civilian trends in Latin America to put the public. I don't know what the opinions of that are, if that's something that citizens are worried about? Do they see this is a problem of expression of privacy that affects our rights? How do we partner on create a greater awareness of that? Thank you.
>> IRENE POETRANTO: Thank you, ELEONORA. I think Gisela posed question to you. Would you like to take the time to respond to that right now?
>> ELEONORA RABINOVICH: Well, going to ask me about right to be forgotten and I have already said that yes, I think the right to be forgotten -- well, we have to define what is right to be forgotten and we have mainly panels in this IGF with the right to be forgotten. But basically the problem with right to be forgotten is a mechanism to allow any person to to other and they tell me they'd like a search engine to remove -- to remove information based on personal protection in very broad terms.
So the ruling in Europe has created the precedent that I think is dangerous if you want to apply it in Latin America because it will allow for any people to ask us and other intermediaries to remove information that could be public interest. The problem with right to be forgotten it puts people in the position of making decisions of what's the content that could be allowed on-line or not. So it creates the recommendation to remove information but it doesn't take into account with all of the problems but it's the agency that has to -- that has the duty and the obligation to decide upon our rights. So, I'm really worried about the right to be forgotten, trying to -- to in Latin America.
>> IRENE POETRANTO: Thank you, Eleonora. Before we go to the question and answer question. A few questions were posed to the panelists, I would like to thank all of the panelists for their interesting presentation which has been helpful in helping us learn more about what's been going on in Latin America. I would also like to take the time to mention that a few of our panelists today are member of the Citizen Lab's cyberstorage network. These are countries around the world working on different issues on cybersecurity looking at a human rights perspective. And Gisela, Valeria, and Ariel, they're all members of the network. So I would like to give the time for Gisela and Valeria to answer the questions and you have a question to ask as well and I'll open it to the floor, thank you.
>> GISELA PEREZ de ACHA: The question about surveillance. It's an interesting one because as a civil society it's hard to communicate how we're constantly being surveilled and I would like to put another topic on the table. It's private and public surveillance. And the -- that's why I brought the NSA revelations into the revelations to the table. What I mean is that it's very hard to communicate how the surveillance is happening on-line all the time. As Fernando mentioned The Hacking Team. There's the prism software that was given to the -- to the U.S. government, all of the information from our social networks. So how to communicate these without sounding like a crazy person and really paranoid. It's very, very complicated and it all starts with communication. A
nd then there should be a strategy of advocacy directed to governments, specifically, because they are the ones that have the on obligation to respect human rights so it can be guaranteed from every single perspective. But it's a very -- it's a tough challenge that we're facing nowadays, I believe. And also, I love that you brought it up, but encryption is a very important thing. We already mentioned it but it's part of the human right to privacy on the internet and it should be done in a massive scale. We should all be tech savvy enough and have enough education to encrypt everything. Not even I do it. Those perspectives should be taken into account.
>> VALERIA MILANES: Well, regarding the question that Fernando asked me, I would say after the prosecutor's death that was last January and provokes the system into law, there have been some movement from the government to open the dialogue. But not too much. We are having conversations, informal conversations with the office that's now in charge with the interception communication which is in charge of the order and we are trying to concentrate or make accordance in the way that we could participate in that dialogue. And those we are having conversations with the Minister of Defense and the military forces which is surprising because the military had the ones that had the best in the country because of their dictatorship growing. But we are having troubles to contact the politicians in charge of these and governments in charge and congressmen in charge. People in congress are interested in these issues. So it's difficult and we are only talking about national level.
In my country, we have 24 provinces with the power of decision. And each province policy had units and we have other international forces with the unit itself. So there's not a unified discourse and we are just in baby steps in all these kinds of conversations. So we hope that now we are facing a chance, a new intellectual process that maybe the new President and the new authorities will be in this space so we're looking forward to that.
>> IRENE POETRANTO: Before I open up the other -- the Q&A session, I believe that Eleonora asked a question on how civil society can respond. Does anyone want to take up that question?
>> VALERIA MILANES: I'll be brief because I really want to hear questions from the floor. I think what to do? I think there's no silver bullet. I would say everything you can. And I would say everyone has different tools and possibilities to do something and some of us are doing more permanent work. But everyone can do something, can do something to protect itself. But I wouldn't -- I don't want to put the burden on you and it's your fault if you're being surveilled if you don't encrypt your e-mails. Try to do it if you can. That's not the solution only. If that's the advocacy, litigation, communication.
In the case of advance, I agree with Gisela, it's difficult, but I think we need to build the stories and to encourage the story of surveillance and use that our documents are real and not a political anymore. This is real, this is the stories of people who are being surveilled and the consequences, especially in the context of our country and our region. Surveillance -- a company where community and surveillance is nonsense. In our countries, not having privacy means your security is more vulnerable from crime and authorities which, again, I say are often the same to be -- to harm you. So I would say that and also coordinating our efforts from the global south to create a narrative that includes us, includes our perspective is not only dominated by the perspective that we have the debates in the previous years.
>> How to create awareness of the surveillance. Because it's important to have face-to-face meetings, the situation, explaining the information, explaining what it means. Explaining how it works and explaining the information like The Hacking Teams last year. In Google, we had this project and part of it is to talk to young people about their internet rights, about the shadow, about the importance of their own information and it was a surprise for us how interested they are because of it. So I think it's really important to talk with the people, not -- we're really in this -- we're complimenting the on-line about some software and these kinds of things. It's important that the people are hearing them. So, of course important advocacy is important to create awareness and the political community but it's important to raise awareness in the people.
>> ELEONORA RABINOVICH: I want to add something. We have to work to explain how the internet works, to the policy makers, and the people in the industry. And, of course, sometimes censorship is for civilians is something that it's -- it's not -- the ones who do that. But with some legislations, for example, with the end of discrimination, you know, in Argentina and sometimes with the right, we find that they don't really understand the scope of the impact of what they are doing, what they are pursuing with their legislation. So all of our -- all of the -- we're all involved in this decision, we have the responsibility of trying to explain how is the internet and what is the impact in the perspective of the legislation that they want to pass, that's very important also.
>> IRENE POETRANTO: Thank you for that. I'm going to open the floor for questions and answers and even I see there are colleagues from Asia, from Africa. So even if you don't have any questions, we would really like to hear from you or if you have anything to add with regard to what's going on in your region, that would be interesting to hear as well. I would like to give the floor first to the gentleman who's been very patient waiting. So you and Pilar and the lady on the left. Thank you.
>> AUDIENCE: I can do the question in Spanish?
>> IRENE POETRANTO: Sure. Can you please stay your name and where you're from.
>> AUDIENCE: (no English interpretation).
>> AUDIENCE: Thank you. I'm Pilar Sands from Colombia. I want to welcome the points because we need to talk about this. First there is a lack of controls of the activities of the national intelligence agencies in Colombia. There's only one supervision and that's at the commission of the congress. This commission does not operate. The meeting was to disclose another case that in they chose against the peace process in Colombia and this commission prepare maybe 64, 65 questions about this but only get answers for four of them. So this communication that's supposed to do an oversight of the national intelligence agencies is not working. And when working, they don't have any results. That's the first.
The second point is about the in this moment the Colombia government is preparing a new policy on cybersecurity. I think that is important one. But it was a draft document of these new policy. It's not set or open to comments from the civil society. There have been some closed door meetings with some actor for exclusion, but it's not an open -- it's not an open process. This new policy includes the reform today intelligent systems so we think that it's important to be there in this discussion. The third point is there's a lack also in the revelation of the use of technology tools for surveillance not only for massive surveillance, but also for other kinds of surveillance. For example, The Hacking Team tools. In Colombia, there have been different fairs to sell this kind of equipment. We can see the use of it or remote conversation like the team support but there's a lack of revelation for making or to use this software, even for the government and even for the government.
Finally I think that Ariel raised there's a lack of concern on the part of Colombians for this subject. But we the conversation to meet the security of any cost, including the loss of privacy. So for us that the government and the agency has a capacity and we even know about that. It doesn't matter. Thank you.
>> AUDIENCE: Good morning. I'm Erica Smith from the Association of Progressive Communications. One of the things we're working on is technology related violence against women on-line. It's great to hear that when you're talk about citizenry, you're taking an intersexual approach and understanding why we have to look at basic rights and citizenry, there are aspects of gender we have to look at and get better results.
One of our biggest concerns is that we've seen in their desire to have quick remedy, many women's victims -- many women and victims units and victims units from governments as well are asking for intermediary intervention where they're pushing intermediaries to be the judges. The women themselves want Google to be the judge because that's the only way they can get a quick response. That's the feeling. Because you mentioned, with all of the problems in the justice system, it's quite slow. So by the time there is a justice or legal decision, then, you know, that video is not at 6,000 or 600,000, it's at 6 million views. That's just in six months.
So, for example, dissemination of intimate videos. One of the things that I have -- it's interesting to see that states, of course, love these sorts of arguments to be able to pass broad laws and citizenry really like them. They will feel more protected. And it can be in fact their demands. They don't understand it. My daughter had her cell phone. Why can we not find her and why can't we take action in 24 hours, find her, she's being trafficked, her battery will go dead in less than 12. So that kind of action is hard in any of the countries that we live.
How much are people going to work with units, how much is it intermediaries or human rights defenders when the law is established? The comeback is we can solve it with people. We're building this law together, in fact in the Latin American IGF, that's the response we got from government units so it's important to be aware of those situations of victims and how can we make that happen?
Also, from a point of view of the intermediaries, so that people are understanding many local police will say well, we're never going to get a response from Google or twitter or youtube. And twitter is like actually, we have this PDF right here. As soon as you flag it, we will respond. All we need is an order. So be able to say that to the process encourages them to take it much more seriously. You don't want Google meeting with local police, they could, I don't know. But how could intermediaries make that process that much easier knowing the justice system is slow and how can we as people who are concerned about these sorts of laws and know how they can get twisted, what role can we play with these victims who are really demanding some of these lawns that we know will be used against them.
>> AUDIENCE: My question is for Eleonora. A lot of the encryption practices that Google seems to be putting in place which are awesome, by the way, they seem very focused on data transport. And not on data storage. And a lot of, for example, a lot of the issues that were raised today would be impacted quite a bit. When is Google going to start addressing that and ape allowing options for people to truly store their own data in fully encrypted ways that Google doesn't hold the key and then is not handing that over, which we do know they are in fact handing that over in certain instances so --
>> IRENE POETRANTO: One more and I will give the opportunity for participants to respond.
>> AUDIENCE: I would like to thank you for the Citizen Workshop. This is an eye opener. Mexico is holding an open partnership two weeks ago. Whether that platform can help the multi-stake holder engagement in cybersecurity. Is that possible?
>> IRENE POETRANTO: Thank you. Whoever would like to respond first? Okay, Valeria.
>> VALERIA MILANES: I would like to answer the question from the person from Ecuador. I don't have a precise answer. I wish I had. But I can share with you what we've done in Argentina. The information we get, for example, about the government, interception technology from Germany. We don't have it from Argentina. Some colleagues from the Green Party in Germany asked to the German government to share that information and we get from there. So when we have international relations, Argentina doesn't appear like the country had The Hacking Team. But yes, the very -- some versus and intelligence systems had conversations with Hacking Team companies.
So we ask for your request to all of them and in my country it's difficult, of course. Because we don't have yet an access to information law, which is crazy. But we may have presented 11 formal requests and we have the answer of one of the minister of defense saying they didn't buy anything but you have to keep trying in every sense you can and try and try to get information and talk to media and whatever you can do because it's important that this issue appears on the table and on the public discourse.
>> GISELA PEREZ de ACHA: I would like to address Erica's question. Thank you very much. I think the topic of on-line harassment and internet reliability is one of the most controversial at times along with the right to be forgotten which also implies some kind of intermediary liable. The thing is that one of the main principles of the internet is that no one should be held responsible for content they didn't produce or publish themselves. And that implies the Google, Facebook, Twitter, and all of the platforms and the intermediaries that should be responsible for what third parties put on their systems.
So when we talked about women's harassment, it's hard because for example in the case of the revenge porn, but Google has actually a very good mechanism regarding that, but so there's a revenge point picture on Facebook that needs to be taken down, there's a temptation to say if Facebook doesn't take it down, they should be held responsible too. Mexico meanwhile just proposed they're going to put Mark Zuckerberg in jail if he didn't take down any revenge porn which is ridiculous. Overcensoring just not to be thrown in jail or be held accountability for really big fines. So I don't have an answer to that. I don't think there is. But it's very interesting that we're exploring all of the different principles and at least advance a little built on the conversation.
>> IRENE POETRANTO: Our friend from Ecuador. I'll try to find him and respond to his question later. Just about this, I think Erica makes an excellent point. I think intermediaries need to realize that their lack of diligence and their lack of interest. Saying Google necessarily, one of them has the best policies. The lack of interest in this is creating problems for us. Because it's getting the opportunities for governments to hijack these discourses and use it to harm us. So you should also feel threatened because if you don't act by yourself, governments will try to regulate you and you don't want that.
Intermediaries should really help themselves and help us not let our repressive governments to hijack these discourses. And I really, really think that's a very important point. And the civil society needs to address this issue head on and not hide about this issue and really find solutions to it, taking into account all things concerned, no. To ask this question, I was an OGP. I participate in a panel. I am here, I've been in many panels. The government is not here. There hasn't been any panel about human rights, our privacy, they don't want to discuss. Yesterday they were at this table talking about the digital strategy. They didn't let questions from public. In Mexico's IGF governance forum, there's no discussion. So we're here, we're ready to debate. But the government doesn't show up. And probably next year the IGF will be in Mexico. I hope you remember this. All that I'm say right now. Next IGF, maybe we can force the government to really confront and discuss these things in public because they only offer back door conversations and we don't want that. We want to have public discussion about the issues that are affecting the internet in Mexico.
>> To the question with encryption, yes, Google drive is encrypted and if you update android, you can encrypt your phone. And we have one of our best engineers here in the IGF. He's in encryption. So if you have further questions on this, you can also talk to him after this panel. The information is encrypt in the cloud also.
>> AUDIENCE: More than a comment. I would like to ask a question. Because we're now running with this, we're working with women who are activists as well. They're working on the environmental issues. They have some kind of evidence that The Hacking Team is also selling Hacking Team software to private companies or even to, I don't know, maybe to other kind of multinationals?
>> IRENE POETRANTO: Thank you for the question. I'm going take one more question for Arthur. We've already gone over time. We'll have to close it after this. Go ahead.
>> AUDIENCE: I'm -- I'm also doing research on influence controls covering southern Africa. My question has been partly answered. It's all an issue of cybersecurity. One of their findings or maybe the observations that I'm making in my research is that, you know, the governments are controlling information, maybe through and governance forums. I'm realizing that you know even in governance forums, national and regional are becoming more like just our talk shows. And we have the internet governance forums. That ought to cause that, we're governments, maybe, discuss more serious issues about laws and technologies. Sir, even the government forums have become pseudodemocratic structures. And the more we in the civil society are playing along with those forums sometimes, without really challenging the governments in a robust way, I think we are actually assisting the resurgence maybe repressive terms on the internet. We don't challenge them. They're not playing along. This is not just talk shows sometimes. That's what I think. Thank you.
>> LUIS FERNANDO GARCIA: Just real fast. Yes, there's evidence, some Hacking Teams. That includes lots of companies. It's not clear, they contact them for offensive or defensive services. The case of Mexico, it's a company but there's a company, no? And there's been evidence that other surveillance equipment has been missing. For example, a mayor bought surveillance equipment and when the next main your came, it was gone. In the panel with The Hacking Team, that will happen as well. The President will acquire Hacking Team tools and when the next President came, the equipment was missing. So where is it? In private hands. I'm here talking but I totally agree. I have tried to confront -- it was two delegations. They event they didn't allow for questions. I took the microphone anyway. I challenge them. They don't want to challenge them, I think. I think it does have its value. I learn a lot. But yes, they're trying to decide things away from the public, they're discussing things in back doors and in dinners and they ear not discussing this with us. We need to do something as a civil society to stop this parade. Right? Thanks.
>> IRENE POETRANTO: Thank you for that, Luis. I have to close the session now. We've gone overtime. We want to thank the panelists for their impressions and thank you for coming to the session today and I hope you enjoy the rest of the day. Thanks.
[ Applause ]