IGF 2016 - Day 2 - Room 5 - WS163: A New Social Compact for Internet Governance

The following are the outputs of the real-time captioning taken during the Eleventh Annual Meeting of the Internet Governance Forum (IGF) in Jalisco, Mexico, from 5 to 9 December 2016. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 


>> Ready for the next session, so if we could ask anyone who is just chatting after the last session, to take it into the hallway that would be a big help and we can get started in our next session momentarily.

>> MODERATOR: I think we can go ahead and get started.  I'll wait for the cue from the technology people.

Okay.  Well good afternoon, everyone.  Welcome to the workshop that's entitled a new social compact for Internet Governance.  I'm at American University in Washington, D.C. and a senior fellow of the Centre for International Governance Innovation, CG, in Canada.

The backdrop for this workshop is the Global Commission on Internet Governance, which was launched in 2014 by CG and Chatham House in response to some problematic trends including concerns about cybersecurity breaches and loss of trust in the Internet, movements toward fragmentation of the Internet the various ways with the aim of offering some guidance on how to address new challenges.  So I would just as the moderator like to give a little bit of background on the commission and then turn it over to our panel.  We'll all have very brief interventions and then would like this to be an interactive discussion.

This independent commission was chaired by Carl built, former Prime Minister of Sweden.  And it was made up of 29 individuals who represented a range of Internet Governance stake hold.

And geographic regions.

I'll soon turn it over to Latha Reddy.  We also had a global advisory network which supported which produced over 50 research papers on papers from fragmentation to human aspects of Internet Governance, interconnection and access issues, cybersecurity and trade.  Emily Taylor will be speaking.  She's one of the research experts.  And I saw Rebecca McKinnon here, as well, hiding in the back of the room who was also one of our preeminent contributors.

So this scholarship informed the deliberations of the commission and the recommendations that were put forward.  We also had a lot of public engagement in the form of surveys, quantitative surveys.  We engaged through CG and the global polling form IPSOS two extensive public opinion surveys that polled 23,000 users in 24 different countries on a range of issues from Internet Governance, cybersecurity and access.  Also contributing to the commission was the OECD and McKinzie helping with some of the economic analysis and our work was enhanced by thought leaders like Kathy Brown from the Internet Society, ambassador Eileen done an hoe who was kind to join us here today and who will give us some brief remarks.

So I just want to mention if anyone is interested in looking at the specific recommendations of the report, their available on the website which is ourinternet.org.  The 50 research papers are also available for free download there.  And actually just today we launched a new book on Internet fragmentation called a universal Internet in a bordered world.  Research on fragmentation, openness and interoperability.  Also available on the commission website and it synthesizes a lot of the research of of our experts that were involved in the commission.  So the commission focused its recommendations on a call for a new global/social compact which explains the title of this panel and this workshop.  Global social compact among stakeholders to promote a single, open, trust worthy, inclusive and secure Internet for all.  Now, some of the recommendations are very specific such as in the area of security.  Governments should not compromise or require third parties to weaken encryption standards through back doors.  So very specific recommendations like that and then a range of issues related to Freedom of Expression, privacy, interoperability and openness.  And all of these recommendations are available on the website.  So the purpose of this workshop is to discuss some elements of this social compact.  Mechanisms to achieve agreement and the best ways to build on an agreement in existing structures to make Internet Governance more inclusive and supportive of sustainable growth in addressing some of the many issues that have come up at this Internet governance Forum and others.

So if I may, I would like to turn the workshop over to my friend and colleague ambassador Latha Reddy, who is the former National Security Adviser of India.  She was the ambassador to a number of countries for India.  She was a Commissioner on the Global Commission on Internet Governance and is currently a distinguished fellow at CG.  So Latha, if I may turn the microphone over to you.

>> LATHA:  Thank you.  I was asked to speak on the core elements as envisioned by the commission.  And that's what I'm going to try to concentrate on because the commission report let me tell you is a good read.  I would recommend it strongly.  And as Laura said it's available online.  But what we're talking about is real at this new social compact that was recommended as part of the commission.  And commission report.  And let me just quote from a section that really struck the government in India, my successor deputy National Security Adviser actually quoted from this in his valedictory address to the biggest Indian cyber conference, which is called sci‑fi, cyber for you.

>> ITALY:  Says there must be a mutual understanding between citizens and the state.  If the state takes responsibility to keep its citizens safe and security under the law, while in turn citizens agree to empower the authorities to carry out that mission under a clear accessible legal framework that includes sufficient safeguards and checks and balances against abuses.


There is urge end need to achieve ‑‑ digital age in all countries.  What are the factors?  What are the core elements?  I will just run through, there are nine of them.  I will run through them briefly and also tell you why these concepts that seem so self‑evident seem so easy but should be very easy to implement why should it even be necessary to talk about them?  So I'm going to play devil's advocate a little bit.  Say something about the core element but also say something about why it's difficult to achieve understanding and agreement.

Firstly, we talk about fundamental Human Rights.  I know you will talk about that in detail including privacy and personal data protection.  The need to protect it online.  And that we need to really address any threat to these core Human Rights.  The question is when it comes to actually implement this, you will hear different countries' definitions of what are fundamental Human Rights?  What are Human Rights.  You could argue that the United Nations declaration of Human Rights is a bedrock.  But how it's interpreted in different countries and cultures and governments is very different.  Even those who are signatories to it.

Secondary, the interception of communications, collection and analysis of use of data over the Internet by law enforcement and government intelligence agencies should be for purposes that are openly specified in advance, authorized by law, and consistent with principles of necessity and proportionality.  Very good.  It sounds very good.  The question is:  That there are different views again in different governments as to where you are justified in intercepting, under what circumstances would you be justified.  And we all know the famous Apple and FBI standoff in the U.S.  There are similar standoffs in most countries.  And the real question is well government says is my responsibility to keep my citizens safe to prevent a terror attack?  And am I to go through a long and complicated process and lose valuable time?

So these are really the dilemmas that you're addressing.

And the third point is that laws should be publicly accessible, clear, precise, comprehensive, nondiscriminatory, openly arrived at and robust, independent mechanisms you should be in place to ensure accountability and respect for rights.

I think this is possible to achieve, but what it means is new legislation is needed both in individual countries as well as some common understanding of international jurisdiction and legal frameworks that should apply across‑the‑board if not to all countries, to most countries.

The next point is that businesses and other organizations that transmit and store data must assume greater responsibility to safeguard that data from illegal intrusion, damage or destructions.

But apart from just securing the data, there's a second point which was also one of our core concerns, which is:  There is a need to reverse the erosion of trust in the Internet brought about by the nontransparent market in collecting, centralising, integrating and analyzing enormous quantities of private information about individuals and enterprises.  How are you going to restore that trust?

There is a real fear that data mining and personal data is being used in very unethical ways, to put it mildly, by some of the companies.  And that all of our personal data is just "out there" and not regulated in many ways.

The next point is that it talks about government's roles, that communication should be inherently considered private between intended parties regardless of communication's technology.

And the role of government should be strengthen the technology and not to weaken it.

So, again, there's a debate here on how many governments would agree that it's their responsibility to strengthen security and not the responsibility of the private sector and business.  Surely it has to be a joint effort.

The next point is the encryption issue, which is as we all know a very difficult issue.  The problem of creating back doors to access data, I've already spoken about some of the issues.  And I think the real issue is where issues of national security, maintaining law and order, avoiding social disruption, dealing with Cybercrime and terror come this is where you're going to have a problem with this one.

Finally, there's one I think one which we can all agree.  We need more cyber literacy.  We need good cyber hygiene to be spread among all our population.  We need capacity building in cybersecurity.  This I see as the easiest to incorporate because everybody wants this.  It's a question of having enough resources and building it worldwide, not just in isolated pockets of excellence.

And, finally, the transported nature of many significant forms of cyber intrusion curtails the ability of the target state to interdict, investigate and prosecute individuals or organizations responsible.  And that we should coordinate responses.  Different countries should coordinate responses and provide mutual assistance.

This comes down to the very important question of norms and of MLAT reform.  Because unless you devise some norms, right now they are nonbinding the norms that months countries have agreed to in the UNGG recommendations.  But can they actually be implemented if they're nonbinding?  How do you make them binding?  How do you move from nonbinding to binding?

And MLAT reform is essential.  It's too long, the process.  And agreements could be bilateral between countries.  They could be pluri lateral between a group of countries.  They could be regional.  They could be multilateral.  And, finally, they could be universal and international.

The universal/international and even multilateral agreement is the hardest to achieve.  It will also go by the lowest common denominator, so it will yield the lowest results.

So I believe we need to pursue on all fronts, the bilateral, the regional, the pluri lateral, and, finally, the multilateral or universal.

So I hope I've left you all with some thoughts about what the core concepts are and what our challenges are going to be.

>> MODERATOR:  Thank you very much, ambassador.  And now if I may turn it over to Sally Wentworth for some thoughts.  She is the Vice President of global policy development at the Internet Society.

>> SALLY WENTWORTH:  Thank you very much.  And first I'd just like to say that the Internet Society was ‑‑ (feedback).

Is this better?  Are we good?  Oh they're bringing me one.  Okay.

The Internet Society was pleased through Kathy Brown to participate in this work.  And I think it gives us quite a bit of food for thought.  There's been a lot of discussion this week about how you move from discussion to implementation.  And it's possible that things like this kind of social compact are a good medium step to take as we try to get to implementation of the norms and the best practices that we all care about.

One of the comments in the report that I wanted to jump off of is a comment that in the Internet we are all interdependent.  So the actions taken by one actor in the ecosystem have effects on other actors in the ecosystem.  And this seems intuitive, but we often speak about how one actor should act in isolation from how another actor should act and another actor.  And we miss sometimes the interdependencies.  I think that's a particularly important port that the report and the compact brings forward, that we all have responsibilities in the ecosystem to make it a secure place, to bring about the kind of Internet that we want and an Internet that continues to grow and evolve.

At the Internet Society, we've been particularly focused on issues related to trust and security in the Internet, believing fundamentally that for the Internet to continue to grow, people have to trust it for the kinds of advanced transactions that are starting to take place online.

And no one actor is going to solve for that, right?  It's not going to be a single government treaty that is suddenly going to make us all secure online.  It is not going to be a single product rollout from industry that suddenly we are all going to trust the Internet.  And as end‑users, I don't know, but many of you are maybe as befuddled as I am about which technology or which security protocols one should be using at any given point.

So we all have a role to play here.  And in the Internet Society, we've sort of thought about this a bit and talked a little bit about or coined a phrase, so to speak, on how to approach security called collaborative security.  This idea that each actor in the ecosystem has a role to play and they have to do this in a collaborative fashion.  Nobody does this on their own.  And that there are some benchmarks or some principles that are worth keeping in mind as each stakeholder group tries to take their steps forward.  Fundamentally, the goal of security, the goal of cybersecurity action should be to foster confidence and protect the opportunities of the Internet.  This seems, again, intuitive and yet sometimes it's important to remember that security is only part of the goal.  The other parts of the goal are to keep the Internet growing and innovative.  So we can't forget that.

This notion of collective responsibility, it's not enough to say that I'm just going to think about my own network.  Every action in your network has spillover effects to other networks.  The Internet is an inter network.  It is a network of networks.  So practicing good security policies within your network is crucial for the security of the whole.  And we see that in major breaches where you have actions by one actor having significant consequences for others in the ecosystem.

That there are fundamental properties and values.  Fundamental Human Rights are crucial and should be at the foremost of stakeholders' minds as you're looking to secure the Internet.  And often, I'm afraid, that those are the very first thing to be trampled when we delve into security.  So protecting the free flow of information, the ability to speak freely, the ability to build communities and to protect marginalised communities, et cetera, is a crucial aspect of any efforts towards cybersecurity.

This idea of evolution is crucial in the Internet.  The Internet doesn't stay still.  So if you create a security environment in which things cannot evolve, in which innovation can't happen, you have not respected the basic fundamental properties of the Internet.  So that means that you have to have security approaches that are ‑‑ that allow for evolution and that allow for continued growth.  That's often harder than it sounds.

And, finally, think globally, act locally.  Again, this notion that you are not alone in the ecosystem, that your actions online have effects around the world.

And so these components are how we approach sort of quote/unquote cybersecurity or other trust‑related discussions whether it's at the technical level, the commercial level or the political level.  And we found it to be at least a helpful tool for thinking about online security, online trust.  And I think that it fits nicely within this notion of a compact that we all are in this together and we all have responsibilities to the whole.

>> MODERATOR:  Thank you very much.  I think that might be a good transition to Pablo Hinojosa.  I see a hand there, though.

>> I have a question from remote participant.  Do you want me to read it?

>> MODERATOR:  Would you mind holding the question until a few brief interventions and then we would love to take that question.

>> Okay, perfect.

>> MODERATOR:  We'll definitely come back to that.  Thank you.

So I would like to ‑‑ we have Pablo Hinojosa, the strategic engagement director at APNIC.  Very happy to have his brief intervention.  Thank you, Pablo.

>> Pablo:  Thank you, Laura.  First about the report, I think the work of the commission was very good and timely.  The report is an excellent compilation.  Let's say it explains very well the state‑of‑the‑art, where we are on Internet Governance discussions.

However, I think we are very far from being able to agree on a social compact.  The way at least it is described in the report.

The first question I would like to bring to the discussion is have we ever reached a social compact?  And I think the only process that can qualify as such is the World Summit on the Information Society.  Is the report suggesting that it is time for another World Summit on the Information Society?  I really, really hope not.

The second question.  How are we doing so far?  And I don't think we're doing very well, actually.  Let's take two examples.

The way things went at the ITU the recent world telecommunications standards assembly.  Last month in Tunis.  And ongoing discussions, this is the second example on CSTD on enhanced communication.  We really need to revolutionize all parties commitment to the multistakeholder model.  Some proposals contracted at the WTSA were very consensus, in particular the ones that Member States pushed to direct some study groups into the standards around the technology called digital objects identifiers.  And these proposals consider abandoning global open standards and instead suggest proprietary object identifiers.

I think there are many questions around digital objects governance structures.  And I'm not sure they abide very well to the multistakeholder future that the report suggests and that we want to see.


I want to talk of about the enhanced, but preserving the open Internet and ensuring good multistakeholder outcomes, for example, privacy, the Internet of Things, also cybersecurity, as Sally said, this is a very, very big challenge.

Now, if we read social compact as something that might not need to be written, something that we might wish for it to be absorbed rather than agreed, from these basis, a new social compact should not require a new process.

For example, at APNIC, the place where I work, it is a regional Internet race.  We are purely technical organisation.  But since our foundation, we have worked for a goal of Internet development in the Asia‑Pacific region.  And this didn't require social compact, but it certainly have a social dimension, one that we have fulfilled through our technical work.

What I want to say here is that the great interest of the Internet has achieved so much already without the need for a social compact.  For instance, the work of APNIC has been undertaken with distinct, ethical or developmental interest.

So we think about new efforts to find such a thing, it is important that they not have negative effects and the costs shouldn't outweigh the real benefits.

Let me finish just by saying something.  And it is the question of how the idea of a social compact translates globally.  And let's learn by example.  How hard it was or it has been to find proper words in Chinese, in Japanese, in Korean, even in Spanish to translate governance, to translate multistakeholder.

Here we are again dealing with a concept that it is very of attached to the history of the modern west.  Hopes John lock, John jacks or so.  Does this social compact translate or refers well, say, in a Confucianism or taoist approach?  I don't think so.  In conclusion, I think the report offers good recommendations with e should all consider.  I don't think the social compact requires a new process or an agreement.  And I think there are Internet Governance.  Such as stewardship example.  These need to be discussed dynamically throughout the years until a social compact that will not be achieved but it can only be inspired.  And I think that's the real value of the report.

>> MODERATOR:  That you very much for that intervention.  We have two more quick interventions and then I would like to open it up to discussion.

If I may call on Emily Taylor next who is a research contributor to the Global Commission on Internet Governance.  She's a regional Internet Governance associate fellow in international security at Chatham House in the UK.  Emily.

>> Emily:  Thank you very much, Laura, thank you for inviting me to participate in panel.  Like Pablo and the other speakers, Sally, I think that the Global Commission report ‑‑ and I can say this having not been involved in writing it but as part of the research team ‑‑ I think that the report is a very important piece of work.  Thank you.

And it does reflect the state‑of‑the‑art and the state of thinking at this thinking and the concerns.

What particularly struck me about it as really sensible is this sort of scenario‑based thinking on what could happen in the future of the Internet.  It could be a colossal loss of trust, ram panned Cybercrime, breaking up into fragmented, according to national borders.  An Internet that none of us would want.

And at the end of the spectrum, this rosy future where we really harness the capability of the' net to do good and to help the environment, the Internet of Things had really take off in a positive way.

And then this sort of middle course which is one of, you know, muddling through, but stunted growth or perhaps, you know, just lack of realising that potential.

And I think these scenarios are sensible because they recognize that there are different futures that we could have and that also it's up to us to try to shape, to decide what sort of future we want and to do a little bit to help it.

Now, I think many of us were in the session the other day where somebody sort of mentioned ‑‑ and it was quite funny, the sort of well, this is a great report, all these great minds.  And really it boils down to why can't everybody just cooperate a bit more?  And that got a laugh.  And I laughed, as well.  But it made me feel a bit uneasy because what we're advocating is as Pablo said is in short supply at the moment.  I think we're all our confidence has been shaken by a series of unfortunate events or shocks, you know, going back to the Snowden revelations, increasing cyber attacks.  Those of us in the United Kingdom or perhaps the United States, we might be worried at the moment about what this new medium is doing to our democracies and whether that's having a positive effect.

You know, it's hard to know that to do.  It's hard to solve these problems.

I think that it reminds me of that saying by Churchill of when you're going through hell, keep going.

And I think we have to keep going with our positive local actions.  And so from the point of view of Chatham House in terms of what we're doing to take the work forward, we have developed a new peer review journal called the journal of cyber policy.  And that is hoping to take the discussion forward to reflect, to sit at the intersection of all of these different overlapping policy issues and try to just raise awareness.  What we're seeing is that people from different disciplines are becoming increasingly interested in this area and they're looking for information about it.  They also have a lot to contribute from other perspectives and other walks of life.

I think the other thing that I think perhaps is uncomfortable ‑‑ and this is my final point ‑‑ about from those of us, like Sally and myself or Pablo who have been in this space for quite a while is a growing realisation that actually states do have a role in terms of making a fair future both in balancing the power of an increasingly small number of very powerful private sector organizations who almost exercise the powers of states, it seems, in some ways.  And there's an important need for that power to be counteracted for the Human Rights obligations of states to be upheld and for us to, you know, keep speaking truth to power wherever that power happens to lie.  It might lie in new places like companies, for example, rather than states.  And we just have to keep the dialogue going and keep advocating a fair and non‑radical future.

>> MODERATOR:  Thank you very much, Emily.  Now if I could call on ambassador Eileen done an hoe who is also a fellow.  She was part of the Global Commission on Internet Governance and needs no introduction.  Former United States ambassador to the United Nations Human Rights Council and former director of the global affairs for Human Rights Watch.  So what are the Human Rights implications of all of this?

>> There are many.  And it's incredibly consequential.  I just want to pick up on themes that were already mentioned because I think the previous speakers hit what's really important.  In particular, Latha, it's one thing the say what we want, it's another thing how we get there, whether it is protection of Human Rights or protecting the Internet or how do we get a social compact?  That's of easier to say than to do.

Sally, I thought your emphasis on the concept of collaborative security is a really interesting move that I think we have to make and to be thinking about the whole.  We all have some response about it to the whole and this sense of interdependence.

And then Pablo and Emily, you both sort of, you said we got to move through hell.  Where are we in this process?  We are in a very difficult space.  And we've got to get through it.

You emphasized the dual sidedness of the technology.  There was an optimistic moment when we all thought it was going to be great for Human Rights.  Now we're feeling so negatively about it.  It's almost like we're retreating from the technology itself.  And we have to get past that.

So I'm just going to make a couple quick comments, more focused on the Human Rights dimensions.

You know, obviously the Internet and the concept of universal Human Rights, they in some ways go so well together.  The universal Human Rights framework was in some ways the first global set of norms.  And it was almost the founders of the universal declaration, they were almost prescient in coming up with that notion.

We know that we've went through a phase where the flourishing of Human Rights, Freedom of Expression, freedom of assembly and association, there was a time when Human Rights defenders were really ahead of the curve and we felt really good about it.

We know that all of ‑‑ the three pillars of the UN are all completely interdependent with technology now.  The Sustainable Development Goals, norms on use of force is connected to cyber technology, and then the enjoyment of Human Rights.  We basically cannot conceive of the enjoyment of Human Rights without ICT.  And that goes for the people who are not yet connected, more than half the world.  We have to be thinking about their enjoyment of Human Rights through the expansion of technology at the same time we're trying to figure out how to protect people from the technology.

Where are we now?  I think we are, as several of you have said, we're at a tough moment because the fear of systemic cyber vulnerability and society‑wide digital insecurity is overwhelming people in many different walks of life.  And that is combining with the conceptual confusion of how do we think about governance in this space?

There is few dimensions that particularly challenge the original Human Rights framework itself.  So digitisation of everything.  It's got many upside benefits.  But obviously it presents a serious threat to privacy, which in turn presents a threat to Freedom of Expression, freedom of assembly and association.  It also raises challenges about how do we think bid at this, ownership ‑‑ about identity.  Is the government watching the people?  And then digitisation has played into this sense of deep digital insecurity.

The second part of the conceptual challenge of the digital ecosystem is the fact that extra‑territorial reach is the norm, not the exception.  And the original framework envisioned nation states with primary obligation to citizens within their territory and boundary.  And now they are somewhat powerless to protect people.  And they also, by the way, have extra‑territorial reach themselves.

And the last piece of the conceptual puzzle is this trend toward privatization of governance.  Again, the Human Rights framework does not really directly address the private sector.  And yet they are by Terms of Service or community guidelines or just plain ownership operation and securitization of the infrastructure itself playing a dominant role in governance.

So, I will just make a couple of slightly more optimistic points, which is I do think there's something we all need to push on in the multistakeholder model because we don't have many good examples of it, but I think we can sense there is something there we need to learn from.  And we've moved way past this concept of governments having a monopoly on governance.  That's over.  I think we're all dissatisfied with the dual relationship between governments and private sector and the burden shifting from governments to the private sector and the lack of transparency and accountability.  That's not going to cut it, either.

However difficult it is, this multistakeholder concept will get to the sense of greater inclusion and diversity, and it will help build legitimacy and trust.  I know it's time consuming, frustrating.  It's an ugly thing sometimes.  But I think it's the only way through hell, as Emily said.

I also think we need real paradigm shifts society wide on digital security.  I think we need to turn it on its head and stop seeing security as opposition to Human Rights.  Security is the most fundamental Human Rights issue of our time.  Digital security.  Human Rights defenders' lives depend upon it.  It's not just nice to have.  It's basic.  It's so fundamental to the Human Rights movement.  It's also happens to be fundamental to economic security and national security.  So that I think there's opportunity for new alliances.

And then last, Latha, you raised this issue of how do we implement our existing Human Rights commitments in this transborder environment?  I don't think we know the answer, but I think one clue is to have some humility about the assertion of the jurisdiction extra‑territorially.  And at least embrace the concept of "do no harm." If you're going to claim of doing something in the security of your people or protection of Human Rights of your people and people elsewhere are affected but experience it as undermining their Human Rights, that's not your space.

>> MODERATOR:  Thank you very much.  I think at this point we'll open it up for a discussion.  Shall we start with my friend ‑‑ okay.  We have, thank you.  Let's start with the question from the remote moderation if we may.

Would you mind saying that one important time with the microphone?

And just a little bit slower, too.

>> The question is:  Before NSA or SDI, how could we forbid a website from collecting a private data unless it's allowed by a specific law?

>> MODERATOR:  That's very specific.  Let's hear from Alex and let's take a number of questions and then we'll respond.

>> Laura, this is Alejandro Pisanty from the Internet Society in Mexico.  I will repeat.  Alejandro Pisanty from the Internet Society in Mexico.  Thank you, Laura, and the Global Commission for putting forward this report.  This is an amazing piece of work in so many ways.  It brings together strands of thought that are around that brings them together in a structure and then intelligent way.  It looks at ways forward.


I am not going to say anything specific to points in the report right now, but more like a global view derived from the reading.  And the reactions that it is sparking comments and questions that are already around.

First, I think that one has to be very careful in going forward in presenting things in such a way that spark the delusion of one world government.  The idea that there could be one single global uniform social compact for the Internet or for cyberspace or for whatever is easily associated in many people's minds with the idea of a single way of doing things, a single place to concentrate and a single legislature and a single judiciary power.  And then you would have to have a single executive power because you can't have two without having three.

And this is a very dangerous delusion because it will never happen.  And it won't be built by the liberation.

The report suggests a single social compact.  And I think that's an pipe dream.  That's not a goal that people should have.

In conversations about four or five years ago with Paul Tumi, which I think then fed into the work of the Commission, I mentioned to him that my wording was a new social covenant about the things that happened around the Internet and it starts with very basic like almost etiquette kind of relationships and agreements.  Like what is it right to do if you see a picture of your classmates who are very drunk on the beach?

We already have a Rule for that.  If you saw somewhere your classmates in a very improper position, you would be expected to do something and not to do something else.  And we have to change that because of the way the Internet has changed the memory of these things.  And this goes all the way to the big social compact.  Pablo has well mentioned western concept of the social contracts.

But it leaves aside layers in which these things happen.  You have one contract that you need for the physical layer, communications layer and it's going to be very difficult when you begin to think what hate is, what freedom is.

I take an phrase from spam analysis where we say one man's spam is another man's ‑‑ one man's freedom is another man's threat.  One man's struggle for freedom is seen as extremely threatening to other cultures.

So it's hard again to build a single social compact around these concepts.  And they have to go layer by layer.  Or some layers have better defined stuff and some have to be very diffuse and vague.

Mixing, we have heard during this meeting, not this particular session but during this meeting of the IGF calls for the correct use of the Internet which are ‑‑ calls for responsible use of the Internet which still I find ‑‑ I do feel ‑‑ there's an association for proper Internet Governance.  All these objectives.  So low that need definitions.  And we should not feed any of these things by the reading and diffusion of the report because it would lose its value.

It's important to keep things dynamic to remember how the Internet works, to remember how the Internet is decentralised, diverse, how Internet Governance has been built around solving specific problems by bringing the specific large number, broad number of stakeholders but I will say it with examples of imaginary companies.  If you have a content company and net work company, if they are going to discuss spam, they will bring in the engineers.  If they will discuss intellectual properties they will bring the lawyers.  It's the same entities making the agreements.

So the final point I would like to make is to emphasize that as we are looking at the problems the report looks at and time has been passing, we're looking less and less at problems of the Internet than at problems of conduct that display or execute over the Internet.  By being displayed or executed over the Internet, conduct becomes massified, it becomes easier to objectify, to cross jurisdictions and as a consequence you have reduction of freedom, friction, and lowering of barriers.  That's what happens.  Essentially that's what happens to conduct, human or corporate or governmental with the Internet.

We have to focus on the conduct have we have to focus on the motivations.  We have to focus on the objectives of the humans or corporations or governments that are creating this conduct and then separate what the compact will be properly about.  Thank you.

>> MODERATOR:  Thank you very much.  And I think it's a good time to probably make clear that the report is not calling for one government entity or one judiciary.  It actually is something that disaggregates this dialogue about Internet Governance as one thing into many different parts.  So it actually disaggregates and talks about specific areas.  And it's a very strong statement of support for the multistakeholder approach to Internet Governance.  So I thought I would just mention that.  No one is calling for another WSIS, either.  But I just wanted to say that so that people didn't have the idea that there was a call for anything like that in the report.  But thank you very much.

And how about a comment from right here.  If you wouldn't mind stating your name for folks.

>> Hi, Jeremy Malcolm here from Electronic Frontier Foundation and I want to respond to Alejandro's remarks and also to Pablo's in some way.

So the report is very coy about what sort of process or institution might guide or host the construction of a new social contract for the Internet.  And Pablo suggested that it might sort of be some kind of emergent property of the status quo whereas Alejandro is saying we can't aspire towards a broad social compact.  We have to have a multitude of different ‑‑

>> I'd really like you to quote me accurately.

>> Anyway, we all just heard what you said, we don't need to repeat it.  But it doesn't seem realistic to me that we can achieve the outcomes that the report is terming as a new social contract if we don't be a little more proactive about it.  Even the IGF, after 11 years, hasn't come up with a single recommendation.  And meanwhile as the report points out, Internet roles are being developed in fora such as trade agreements.  These are intended to be all encompassing in the nature of a concept.  We're saying we can't do this because it's incompatible with Confucian can cultures, and yet it's happening in trade agreements.  If we want to counteract and be more multistakeholder how we address trees problems, we have to do things like at the one meeting where we did come up with a broad compact.  It wasn't universal.  It didn't cover all issues.  But perhaps, I mean the report does recommend the continuity of the IGF.  And that has happened.  But can't we do more to actually facilitate the development of a new social contract in a way, I mean, Alejandro said it's kind of impossible to do what Mondale actually did.  Can't we be a bit more ambitious?  So that's my question.

>> Alejandro:  I'm glad you have the privilege to reinterpret creatively what the previous speakers say.  Thank you.

>> MODERATOR:  There's hand down at the end of the table and then one here.  Let's take those there.  Starting at the end of the table, there's some mics down there, too.  And if you could please state your name that would be fantastic.

>> Hi, my name is ‑‑ and I'm from the ‑‑ IGF programme of ISOC.  So my question is regarding a lot of the agreements and compacts and covenants that are happening round the world right now, one of the problems is that the binding issue is a real problem to enforce such compacts and such agreements around the world and throughout cultures and throughout religions and everything.

So my question is about in the report, what are the proposals and what are you proposing to enforce?  Cohesive covenant that is binding to all of the signing parts?  And what are the possibilities of these to actually happening in the real world?  Thank you.

>> SALLY WENTWORTH:  So I maybe just will weigh in.  I wasn't on the commission, but I think the emphasis or the desire to go straight to implementation and we need a single mechanism or a formal this or formal that, I guess the way I looked at this was there's a nice list in here of some core elements of this compact, whatever you want to call it.  We don't like that mic.  Okay.  It's a way of doing things.  It's an a way of approaching issues.  And I think the way I was thinking of it is if we say in here the Commission has said that interception of the communications, this is something the ambassador raised, this should be necessary and proportionate.  So there's some basic principles in here.  You don't then have to go immediately and codify that.  But rather think of it as a way of doing business, as a way of trying to move forward on problem solving.

If we immediately have to take everything into a treaty or into a single implementation mechanism, then we challenge I think the point that I was making was you got to allow things to evolve and grow.  These are some basic norms or concepts that should help guide our thinking as we try to solve these problems.

>> MODERATOR:  Thanks, Sally.  And Emily has a quick two finger intervention and then we have a comment here and at the end of the table.

>> EMILY TAYLOR:  Sorry.  I'll be brief.  Really to support your point, Sally.


I hadn't read.  It's become clear to me listening to others that people are reading the report in different ways.  Well there's a surprise.  Of course people are.

I had also seen it as almost like a strategic framework.  And I think this is reflected in the final lines of the report which says "we reiterate the value of approaching Internet‑related issues within a conceptual framework of the global/social compact.  It is not a world where any one group can unilaterally make or impose decisions no matter if it is as powerful as the nation state."

So I didn't see the report as advocating a particular solution or of doing a power grab but just of projecting different futures that might occur and encouraging us to think about our own role in really trying to help shape a positive future for the Internet because it is possible to do that.  It is also possible to make a choice to take no action and just allow technical determine any many to just take its course.



>> All right.  This seems to work.  Yes?  Yes.  Okay.

The first thing ‑‑ oh, I'm sorry.  I'm garland McCoy with technology education institute.

And first thing I'd like to put on the table is that governments lie.  They violate their own laws.  The private sector lies.  Of course they don't have any laws to really violate.  But there's a real trust issue that goes really at the core of all this.

I sit here in a session or two back and this guy was saying "well, in Brazil they have a law against depack and inspection." I said that's great.  That means you don't have an Internet in Brazil.  What do you mean?  Well then you have depack inspection because that's how you find the anomalies.  That's how you weed out your malware.  In other words, they just constantly getting caught on their own lies.  The right to be forgotten.  It's garbage.  Anybody knows how the thing works.

So you got a huge trust issue you have to deal with.

The other problem that I see looming on the horizon is the fact that you're going to end up with only a few governments and only a few companies that will have both the financial wherewithal, the technological wherewithal, and most importantly the power, electricity, that will be needed in quantum computers to crack any code.  So they'll be the preeminent guardians of security, if you will, in the fact that they alone will be able to put enough just plain force behind getting any code you possibly can write.  Because eventually you can consider anything.  You just have to keep piling enough computing power which requires enough electricity on the issue.

So one is trust, the other is security, which then translates back into power.  So you'll have these power kings at the top of the pyramid.

One of the things that I thought might be something to look at that I had a hand in setting up is the broadband Internet technical advisory group, what they call BTAG.  The reason I sort of like this molded with the multistakeholder structure is at some point you really do need to have some trusted, impartial group sort of like the MPAA found very early on they needed to have some way of firewall protecting the folks that were going to rate the movies.  And since that was a very important thing that would go to the bottom line of the studios, they had to really firewall these guys out.  Their ruling was law.

You have to have some way to hold these, both sides, the two big boys, if you will, hold their feet to the fire.  Show the lies for what they are.  Keep flashing the light back in their face for two reasons, one on the private sector side, they don't want to lose customers.  They live on the customers.  They get the customers start not trusting them, then they learn about the dirty dealings, they'll walk.

Second on the government side, not all governments, but at least the ones that have some sort of democratic elections, same thing, you lie to them once too often, they say okay, you're not getting re‑elected.

So if we could form some sort of trusted core, surround it with the kind of stakeholders on both sides that will keep that, protect that core element there, keep it trustworthy and give it the power and authority to keep shining that light, keep being the truth teller regardless of what side we're working with, then maybe the next step will become a little bit more obvious than it is to me right now.  That's it.  Thanks.

>> MODERATOR:  Thank you.  The gentleman at the end of the table.  There's a mic for you.

>> Does this work?  Yes.  I'm Thomas.  I'm the ambassador for cyber foreign policy at the German general foreign office.  I wanted to react to the criticism that was addressed to the drafters or to the report as such.

I didn't read it that way, that this would be a document that governments or stakeholders should sign up to and that was it.  What I liked about the report was that for the first time, a group of experts like this actually challenges us saying:  We are at a point where people may no longer trust the Internet.  And they may be withdrawing from it.  Because so far all the narratives where it gets better.  When you had the next 4 billion and everything goes up and forward. 

You for the first time say we are at an important point it may not be the case.  Then you come up with these three scenarios which I think is very useful.  One is really scary.  The middle one is probably what we have and the other one is maybe too rosy but it's nice to think in alternatives.  So in that sense, and then you come up with these recommendations.  Which, let's put it this bay way.  Well meaning democratically controlled government that is not lying.  My government doesn't lie at least not flightily in the face of people in the room ‑‑ flatly.

Government that is aware of its responsibility.  And users who want to defend and preserve freedom and liberty of the Internet, these groups, stakeholders as we call them, that could be their vision, in a way, the renewed sense of purpose.  This is what the report contains in my view.  That's how I read it and in that sense I'm very grateful to the authors.  It's a good thing piece and makes us step back and think again.  Thank you.

>> MODERATOR:  Thank you.  Latha, feel free.

>> LATHA:  I just wanted to say that if you read the introduction to the report carefully, you would see that we very clearly stated that in writing this report, the GCIG is we, we believe, providing practical advice on the steps everyone needs to take to achieve a positive, creative outcome.

So it was never meant to be that we have the solution.  It was simply outlining the problems.  And as you said, the three possible scenarios.  The danger is broken, cyberspace, the unequal gains and, finally, the wonderful utopia of the broad, unprecedented progress is I think what we called it.

And I agree with you.  I think we're at the uneven and unequal gains but with the very real threat of the dangerous and broken cyberspace if we don't act now.

>> MODERATOR:  Do we have any remote moderation questions that have come in?  Okay.  Any other thoughts from the room?  Yes.  At the end of the table.

>> Good afternoon.  I'm Michael.  I'm a bit like Thomas have I'm the cyber foreign policy for the foreign ministry of Canada.

We were pleased to support the work of the commission.  We were there at the early days and some of the early discussions about the Commission.  And we've been assisting the Commission in transmitting the results of its report.  And we've been very pleased to do that.

A bit like Thomas, we find the report to be a very useful assessment of the current situation.  It portrays some different possibilities for the future.  And I think as Latha has suggested it does make some concrete recommendations about moving forward.

But I did want to speak a little bit about the social compact.  In my view, in my reading of the report, the social compact is not meant to be something that's negotiated and adopted and written down and cast in stone; rather, it's a conceptual framework.  It's what we should all be thinking about when we think about how we tackle these problems.

And I think that the key part of that social compact, the proposal there, is the idea that we've got to stop looking at this as a zero sum game where one person wins and another person loses, that really what we need to do is stop and think about how do we all gain the benefits that are available to us if we can solve this problem?  And I think that that is a very salient point and one that we should keep in mind as we go forward.

But I wouldn't want to underestimate the difficulty of that because as some commenters had suggested, there are ‑‑ this is a complicated world.  Issues like multistakeholderism are not universally accepted.  States are powerful.  States do operate in this space.  And states reject the notion, some states reject the notion of multistakeholderism.

I've had the questionable pleasure of being involved in negotiations in UN General Assembly at WSIS and elsewhere.  And reference has been made to NETmundial, which I think was considered by many an enormous success.  And yet we have states that block every effort to even refer to it in a resolution.


So let's please not underestimate the difficulties that we face.  But I think in a way the report tries to address that, as well because I think it suggests that in approaching this intellectual or conceptual framework that's exemplified by the compact, it points out the way that I think we need to engage with those other actors, as well, to try to turn it away from zero sum game and into one where we all benefit, taking into account all the various interests of every one there.  So thank you very much for the report.

>> MODERATOR:  Thank you very much.  Alejandro?

>> ALEJANDRO PISANTY:  I will try the unfriendly microphone.  That's where it stops working.

So I would like to insist that I appreciate the report very highly.  I was able to read most of the report that the Commission was producing, so it's a pleasant conclusion.  It's a capping.  A very worthy capping stone to the effort.

It's unfortunately, let me make this more direct.  I am not referring to, as I said, to that report as saying that there will be a single world government or other the things that I mentioned.  I said I perceived readings of it that are possible in that way.  In fact, I found parts of the presentation of Ambassador Reddy that already resonated with the views that we in turn look for global agreements, treaties and so forth.

I think we are in the best of cases very far from all encompassing treaties that could really deal with the whole of cyber or the whole of Internet Governance.  There is value in the work of the traditional international relations point of view of aiming at treaties or multilateral agreements.  But definitely multilateral will only cover the government part of the problem in the best of cases.  It may become irrelevant by not covering the rest.  But again these are echoes and resonances from the reading of the report.

About the effort that went into NETmundial which called for the ratification of some of the views of the report, there is amazingly for some YMMD your mileage may vary.  Some of us perceive that the top‑down politically motivated very substantial and time‑driven, deadline‑driven process of NETmundial induced some flaws in the process.  They don't kill it.  They don't reduce the value that it does have.  It does put a cap on that value and the value as example.  Plus the fact that the report has been decoupled from the initiative.  And the initiative, the NETmundial initiative has faded away tells you again that these one‑time efforts that are not completely organic are again only part of what you need.

That's the way forward that I think.

I think that we have to again realise also the IGF has produced very little resolutions.  In fact, it will be half fulfilled its mission if it has as its principles if it produces no resolutions and recommendations that can be implemented elsewhere.  If it produces a resolution or recommendation on spectrum, it'll be duplicating the ITU's work.  If it produces a recommendation on freedom of speech or on linguistic diversity, it will be invading UNESCO territory and so forth.

These are the boundaries that you have to look at when we try honestly to build something like a social compact or moving pieces that will eventually lead to an assembly of come tax that actually work instead of a single one that you don't achieve.

>> MODERATOR:  So just trying to be a bit optimistic and think of the opportunities for how we use this work going forward, if we look forward to 2017, I know my German colleague is here, there's the G20 meeting that Germany is hosting, the G7 that Italy is hosting.  These are government meetings.  But hopefully with multistakeholder components.  And some of the specificity that comes through these principles when coupled with what comes out of WSIS, what comes out of other venues could be a nice basis for some of that work.

And we see some opportunities to move this forward in those venues.  Those are government venues.  But there are others.  There's work being done on jurisdiction where these kinds of principles can be useful.  That is not government‑driven but that is ‑‑ has some policy implications.

Many of my community live in the technical world.  And looking at an understanding that the protocols that we develop have implications for real people and that there are some requirements on privacy and security that need to be taken into account.

So I think again rather than looking at this in the singular, we look at how we utilize these principles.  And what I like that comes out of here is it seems to take it to the next level.  So we've had some high‑level statements.  Now we get a little bit more specificity and we start to use these principles to shape the policy frameworks that are emerging in the opportunity space that we see before us.

So 2017 has these G7, G20.  The next year will have something else.  And we keep moving and building on this.  So from this perspective we found this to be quite helpful.

>> MODERATOR:  Well that's actually a great place to stop the session.  I want to thank everyone for coming and for providing such feedback.  It has been really interesting over the last 10 years to watch Internet Governance, just thinking back to the 2006 Athens IGF.  A decade before that even watching it go from being interesting only to those of us who are technologists and academics and a certain subset of policymakers to being so high on the agenda of all governments and talked about in the same vein as poverty and human security and climate change and other kinds of global collective action problems.

So I appreciate very much the opportunity to share some of the information about the report and thank everyone who had interventions.

If anyone would like a copy of the report, that's a hard copy, there are some floating around the room and I hope you'll just take them.

And I want to reiterate that the 50 research papers, the poll information, the report and also this specific document toward a social compact for digital privacy and security, are all available on the website ourinternet.  So thank you so much for coming and enjoy the rest of the IGF.

(end of session)