The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record.
***
>> Okay. Thanks for coming. This is Youth for Rights session. Thanks everyone for joining. We'll wait for a few more minutes for people join. I think it's lunchtime, and I'll give people like a few more more minutes to wrap up their stuff. Thank you.
>> MARYANT FERNANDEZ: Okay. Well, thank you guys for coming. I think we're going to start now. Thanks so much for ‑‑ you either have had lunch already or afterwards in the break, that will help. My name is Maryant Fernandez. I work for the European Digital Rights. My job is to basically do policy and advocacy on the rights to data protection privacy, freedom of expression online. Net neutrality and other topics. With me here, I have Sara Masse from Access Now and David from E‑Help. So today basically will be facilitating this session.
This session is organized for Youth for Rights Asia. Unfortunately the lead coordinators could not be here today. Hi from them. We're helping and try to teach some things that we do. Since we're not a lot of people, we thought we would make it cozy.
If that's okay for you, you can tell us who you are and what you want from these sessions and what you want to learn, what you want to know. Is that okay for everybody? Yes? Obviously if you don't want to do that, you can say, I don't want to do that. Because we respect your privacy, of course. All right. So shall we start with the first row maybe after the picture. (Laughing) do you want to introduce yourself just briefly.
>> (?)
>> DAVID: Okay. I'll try to repeat again, I'm here from E‑Help Association which is an organization based in Hong Kong. Our main focus is child online safety.
>> I'm Shannon. I'm 17. I'll also from Hong Kong. I'm representing the English School Foundation. I guess why I'm here today is to learn more about the areas that are in discussion in regards to governance and how youth can kind of play a part in terms of representation. And I'm really looking forward to maybe discussing my areas of interest such as universal access and equality. Thank you.
>> Hello. I come from Switzerland. I'm from a technical background. I'm finishing my studies in computer science with a focus on artificial intelligence and block chains. I'm 24 by the way. Mainly I'm interested in social consequences of the tools we're developing, and how does it fit with the internet policies, and how we can get involved and get more involved globally with the impacts of what we're doing.
>> Hi. My I'm 22 based in Sweden. I'm in parts of Europe. We're a federation of youth rights organization in Europe. We're completing our project. If you meet people talking about EU copyright reform and why it is bad for you, they're somehow affiliated to my group. He's also tagging along there.
>> Yeah. Hi. I'm David, 22 years from Germany studying in the Netherlands. I still seem to care about the Internet.
>> I'm Martin from Germany, 34. I've also been 28 before.
(Laughter)
>> I've been running youth participation programs to IGF and to the relation Internet Governance Forum and member states over the last seven years. I'm here to network a bit and see what other people are doing because we're planning a larger event in 2018 ‑‑ 2019. IGF and to prepare for that and coordinate a bit.
>> Hello, again. I come from Brazil. I'm 22 years old. I'm doing my master degree in artificial intelligence like my friend here. I work with a group called Youth Observatory. What I expect for this session is learn more about how you are treating the ecosystem of internet governance.
>> I'm from Brazil. I'm part of the Youth Observatory. My interest are in access and policies and also communication issues.
>> Hi. I'm Paul from Brazil. I have 24 years. I'm fellow of the program youth from the Brazilian Internet community. I'm here to see if we have one group about the EPHAC. It's center of research in privacy, technology, and other things about Internet.
>> Hello. My name is Ellen. I'm going from Indonesia from Southeast Asia Freedom of Expression Network which is a network of volunteers that advocate and educate people about the importance of human rights online especially freedom of expression especially since in Southeast Asia the problem is mainly activities being silenced because of their activity in online. I'm also here for networking. Thank you.
>> Hi, my name is Roy Moren. I'm from Brazil. I have 22 years old. I'm a student of electrical engineering. I study cryptography and I'm concerned about the Internet environment and ‑‑ with all the public policies in accordance with cryptography. Cryptography is nothing. So here I am.
>> My name is Louisa, I'm also from Brazil. I'm a law student and philosophy student. Currently I am developing some studies relating to Internet and cyber activity. I also practice cyber activism. I'm here to talk about that and how that has influenced the Internet environment.
>> Hi, my name is Marianna. I'm 24 years old. I'm student at the Federal University. My interest for technology Internet has begun in the past few years. Nowadays I'm part ‑‑ I'm a member of a group called Internet and technology and we study data protection, cyber security, revenge porn and all these subjects. And my interest is mainly intellectual because I'm also intern in a law firm in Brazil. I'm a law student and intellectual in new technologies. Data protection and privacy is my main goal here.
>> Hi. I'm Gabriella. I'm from Brazil too. I'm law student to UFB, Federal University. I'm a student at DDIT. I'm 21 years old, and my ‑‑ I'm interested about technology on revenge porn and the implication of law.
>> Hello, everyone. I'm not from Brazil.
(Laughter)
>> To change a bit and continents. I'm coming from sadonia but I'm living in Brussels in Belgium. I'm representing the Council of Europe where I'm following the policy on internet governance. We are researching on what is the role of young people when it comes to internet governance and youth organizations. I'm interested to hear about the platform and the tools you use to raise the knowledge and the awareness of young people in digital literacy and other things connected with your work. Thank you.
>> Hi, I'm Ellie. I work with Access Now. This is the first time we will be seeing each other.
(Laughter)
>> Yes. I'm on the panel from Access Now. So we do rapid incident response for cyber incidences for ISOs mainly.
>> MARYANT FERNANDEZ: Thank you so much. We ‑‑ it's clear that ‑‑ I'm impressed with all the projects and things you already know. I hope you learn something new. If that's not the case, stop us, and contribute to the discussion. As you know, we're all young people here. So we divided the schedule in several sessions.
The first one will be human rights and internet governance. I think some of the questions and interests you have will be responded there. If not, feel free to interrupt David. Not him because he'll feel overwhelmed or wait until he's done with his presentation to ask questions. The second session will be freedom. She'll talk about access to Internet and net neutrality which is a hot topic because of the U.S.
The U.S. is not alone in the world. There's a lot of things to talk about there. Also about offensive forms of expression for certain people and what to do with them and how these are handled. The session will be about data protection and privacy. You'll have to hear them but me. I'll be presenting a booklet, and I brought some copies, the guide to digital offenders. We'll have a break. If you have not eaten, maybe you can eat there, like us. If not, then you can just like hang here or talk to us or join us for lunch. After the lunch, we will have a session on cybersecurity.
I'm glad some of you are aware of this or want to learn more. Also a session on advocacy, capacity building and representing youth voice, that will be done by you,
All right. Also, I didn't mention that the cybersecurity session will be done by another person from Access Now, Gustav. He's an expert and will have more knowledge than us. Because I'm a lawyer. Estelle studied political science and you ‑‑ I don't know.
>> Sociology.
>> MARYANT FERNANDEZ: It's good in the session we'll have some techies. I'm glad some of you are. You can also share with us some things. Without further ado, do you want to start the presentation?
>> DAVID NG: Just a small question for the people that are dumb like me. What is Access Now, and what are they doing?
(Laughter)
>> MARYANT FERNANDEZ: We can present a bit who we are and you want to start?
>> Sure. Thank you. Access Now is an international organization we extend the users around the world. We operate in 11 different countries, from London and Berlin. We're a tech organize and core. We run a 24/7 helpline. Ellie in our room is a security handler. If you're a journalist or anyone that encounter an issue with your communication, your device, you can contact the help line, and they will help you solve this issue. There are some reactive cases and some educational cases that we do for organization in order to try to improve resilience. As of the work of the tech team, I work on the policy team. And we work in larger capital events to change policy changes at a global level. We have a facility in Brussels and Washington, DC. We have colleagues working in Latin America and Indonesia and Delhi. We have a group that runs our campaign and we are supported by a larger program that is also in charge of our yearly conference where we come in around 2,000 people the year from governments and tech companies that work on privacy detail, cybersecurity, freedom of expression, and data protection and human rights. We're a member of EDRi.
>> DAVID NG: Hi, I think we can start on the session. I'll show my PowerPoint. How can I do this? Oh, yeah. Okay. Obviously I'm a Mac person. Okay. I'll see if Gustav ‑‑ no worries.
>> MARYANT FERNANDEZ: Do you want to change? Maybe we can change.
>> DAVID NG: Thank you. Maybe I stand? Yeah. Good. I think standing is better. The first session is about human rights and internet governance. I also share a bit on my background on this issue first. Actually I'm right now representing the organization, the E‑Help Association which is an organization based in Hong Kong. They're focused on promoting child online safety issue.
Back to the topics about the human rights, it says about my previous experience. At the age of 14 when I was a high school student, I was selected as an ambassador which is the United Nations convention on the rights of child. That convention is adopted by most of the countries in the world to fight for the rights for children and the protection and developments and participation. After years of ambassadorships in Hong Kong for this kind of promotion and engaging the industry in the past five years, this is already my second IGF. I was here with the youth group net mission for the youth engagement work.
Hopefully for this period of time, I'm not saying we will be teaching something about the topics, but on the issue I hope to share about some of my thoughts on this area. I'm right now a student as well. I was studying in London for student rights issue. On that particular human rights and internet governance stuff I do have some ideas on how it's going. On the other hand, I also have some question in my mind. Hopefully I can share more with you and we can think about this together.
Okay. So first part of the session about the topics about human rights. What is human rights? As we all know, there is a declaration of human rights. I just read that. It is proclaimed by the United Nations General Assembly in 20 ‑‑ they proclaim this declaration. I think it is dedicated to the war issue. In that period of time there was a war, the World War at that period. People thinking how a human being should be to live in a dignity way, they actually have a common ground for all peoples in all nations.
What is particular about this area? I think there is some exercise in the meanwhile to think about this, but there is also another issue that people will be curious and criticized about the common standard. Is it a common standard from the western world, or is it a universal standard that everyone should agree on?
I think it is quite common in a sense to ask this kind of question. So here comes the exercise. It's not just me speaking, because I think I'm not really good at speaking. I'm like you guys in this. Activities to share a bit on how you think about these areas. Actually there is four different items listed on the PowerPoint which is ‑‑ okay. I think ‑‑ just move down a bit. The first one is clean water. The medical services, 2, cash is king, the money. The last one is bicycle ‑‑ which of the four items, you can/ pick more than one, you think is representing human rights. You can discuss with the one by you and feel free to raise your opinions on this.
You already have something in your mind.
>> MARYANT FERNANDEZ: Don't be shy.
>> Okay. (Laughing).
>> (Speaking off mic).
>> DAVID NG: It seems like you have some thought. Maybe carry ‑‑ the lady in the back may share a bit. Yeah. (?) Which one do you think is representing basic human rights?
>> I can't see any of them ‑‑ I can see all of them seem like human rights actually.
>> DAVID NG: Why is this?
>> AUDIENCE MEMBER: Because it's like every human being should have a good quality of life so medical services should be a human right, I think so and clean water too and money gives you a good quality of life too. So I don't know. And I would think about transportation with bicycle and the right to go where you want to go. I don't know. But I would have to choose only one of them?
>> DAVID NG: If you could choose one or two, the most essential one.
>> AUDIENCE MEMBER: I would say clean water and medical services.
>> DAVID NG: Okay. Good. You have mentioned some key points about quality of life for the clean water and also medical service is about life or death issue. Yeah, we're concerned with these kind of areas. Is there any other thought from there? Yeah?
>> AUDIENCE MEMBER: Well, I think the clean water, medical services, and bicycle they're all related to personal health. But I don't think money ‑‑ it's like a basic human right itself. It's like Internet. They can provide you means to achieve other human rights like with money you can buy clean water. You can buy a bicycle. You can buy medical service. But having money is not like having human rights. I think something like that. It depends on what economic system you are into. Because money is like important if like in capitalism society, but in others money's not that important for us.
>> DAVID NG: Yeah. You make a very good point on how the money is. Yep. And I think it is important to think about rather this is really a basic and essential for human being and putting in different social conscience, maybe money isn't as important an issue.
>> AUDIENCE MEMBER: If I'm correct, there is the right to possess things. That is a right of human rights. Money is considered as a thing that every citizen have the right to possess.
>> DAVID NG: The right to possess. Okay. It is an interesting point as well. Yep?
>> AUDIENCE MEMBER: I would also understand it more metaphorically. Money is the extension of a right to property which we have. We have different rights of property, physical, and intellectual properties. Both are monetizable. Money in that sense comes to mind. People find it quite difficult to name three societies, three modern societies that go about without money in order to deal with these property transactions.
>> DAVID NG: Yeah. There's an exercise we're doing. There are points that have been raised. I want to raise the money issue about the right of property. From the bicycle issue, I want to ‑‑ I've done this kind of exercise in some countries for some children. They think bicycle is a means to have access to education or going to the outcountry to get water for themselves. It's not a clearly right or wrong answer on whether they're human rights or not. They represent something, what they think behind.
In the sense we like to separate two different concepts, the (?) Is it for your own desire like for a better quality of life, or is it basic needs for your survival? Access to information is participating in a country that says a basic needs of everyone. So I would say to determine whether this is human rights or not, I would say this does matter.
Here comes the question of today. When we talk about human rights and internet governance, based on the discussion we have just had, Internet is probably one of the human rights in a sense based on what we have discussed.
Back to the declaration. The code on 19 is medication mentioned has a right to freedom of opinion and expression. This includes the right to hold opinions without interference and to seek important information and ideas through any media regardless of fund. We have freedom of expression, net neutrality, data protection, privacy, and cybersecurity. I'll not mention too much on that area because the speaker will cover that.
I would like to mention the other case studies to think about the issue. I think inclusion everyone think it is quite rightful to discuss because this somehow should be a basic right that everyone should have to enter into the information society. You can see on the digital inclusion it can contribute to economic growth, and also for children they can have opportunity to be educated.
Somehow it should be right to talk about this area. This should be a human right, if we all agree. I do think human rights is a good tool to understand the issue in terms of ‑‑ because it's mentioned about all people in all nations. The concept of this nondiscrimination was in the core principle part. When we review the issue, it's interesting to think from an intercession perspective for the inclusion issue, we can think about what is different between boys and girls which is a gender issue.
Is there any difference about the race? Some race should have ‑‑ some races should not have is politically incorrect to say so. Race should be put into consideration. I think it is quite interesting. I haven't thought about that in the past, actually it's not just different countries and all the developed countries difference. Some island country they are somehow separate from the whole network system. Is it important to engage them to facilitate in growth in terms of the economic growth, or they can just live happily on the island or swim all the day? Is this true or is it rightful to do so?
So I think it's also worth thinking on that area. Last is generation. We may think children nowadays are using Internet. From a young age they are very used to it. Even my friend, her boy is like two years old, he can already play smart phone and also use the YouTube to browse wherever he wants. The generations ‑‑ it's important to think each generation every ‑‑ the working man, the father, the mother, and the children themselves, they should also engage in the life of the world. Internet seems there's an important point we can use human rights as a method to think and review the issues.
>> AUDIENCE MEMBER: I'm curious why you would pick out these four from these inclusion criteria. I mean usually there are paragraphs on inclusion. You can also facilitate and religion. Religion might not be the most digital. But when it comes to wealth, for example, I think wealth is a big creator in digital gaps, education, cultural heritage. We have troubling people in Europe, for example, like behind when it comes to the digital connect. I think that's why I'm curious these four and not others?
>> DAVID NG: It's just some examples I would like to raise. Yeah, religions and also the other issues I think also are put into consideration. Human rights talk about all people and all nations. I think it is a very important point to ‑‑ bear in mind there is nondiscrimination on the area. Thank you for your question. It's very important.
I like to mention about international because it many mentions about different people. There is a concept multistakeholder engagement which means everybody participates in certain things. There is a concept of internet governance. How the situation is to think about ‑‑ I go to PowerPoint first. We are now in IGF. There is different groups, civil society, intergovernmental organization, different community. I would like to see if any of you are from government? Civil society? Intergovernmental organization? Private sector? Technical community? Thank you.
Although there is some missing, somehow the ideas of multistakeholder engagement is everybody participates in the courses. So on that also some basic concept of why IGF is. I think some of you already know is there is a forum for multistakeholder to discuss intergovernmental issue, securities, stability, development. The first meeting was in 2006. There's already the ‑‑ this is the 11th year? Yeah? Yes. There's a long period of time of engagement courses.
Here comes terms I would like to think on this and reflect on this from the word governance. People may think the government should work on the governance. It's a quite common practice in the past that the governance and the sovereignties represented discuss how they run this society, the discussion. It seems to think it's not the same right now. When we talk about internet governance, it's about engagement of stakeholders. Here comes the other concept about other multistakeholder engagement.
There's another important concept that you come across in these few days is bottoms up. Not drink bottoms up. But it's about the issue brought by the community itself. The discussion is made by the community itself. Not always made by government. So for the governance term is different stakeholder engagement or only lead by government in a sense.
Of course in IGF there's one type of multistakeholder engagement model and internet governance platform. There comes another example, the ICANN, the Internet Corporation For Assigned Names and Numbers is an organization to coordinate the IP address and also the domain name system. All stakeholders engage in the policy‑building process.
It's like quite useful for the session I attend this morning is mentioned about the Internet ecosystem, the technical part. Most is not (?) But it's quite crucial for the Internet run, how the domain names and also some servers, the Internet is working in those infrastructure area of the Internet. After the infrastructure area, there is a discussion. We are in the internet governance area, IGF. And there's other users and other stakeholder engaged in the courses. That means for the Internet where it's unlike the previous one in our traditional society, the laws and locals, the "Game of Thrones" is somehow improving in this sense.
Some of you, I think are new to IGF. There are some of you like an old friend of mine. I recommend you guys can go to this website. This is the website by the joint force of YCIT, Youth Coalition of Internet Governance. This is tools for newbies. It's mentioned about youth topic and freshup. We have a screen from the whole ‑‑ you can have a look on which one you want to attend.
Also it's mentioned about how internet governance work in as simple as possible sense. There is also the other area like the best practice forum and also dynamic coalition. This is somehow the other structure assisting in the structure. You have more sense of what's going on in this website. I highly recommend you go to this website. (?) So you can save it and you can have a look later on.
Okay. Here come the last part of my sharing. I'm going to talk about human rights on Internet. There is still a lot of issue we can focus on. Last year the STG mentioned ‑‑ this is a government representative and is there any other ‑‑ is there goals we want to ac/hieve for human accessibility and sustainability sense. Goals were set and announced. I would say there's the issue about property, hunger, well being, education, gender equality, and also about involvement issue like climate change also some cooperation from different parties have mentioned these goals.
I think we all live in the Internet society. Somehow it's quite useful to use Internet to solve this kind of problems like as mentioned about introducing the Internet working. They have the development of a country's economic or it can provide some education training, online tutorial for children nowadays.
I think it's also important to whether these STGs can incorporate with the Internet development to solve different kind of problems in terms of human rights.
Here comes the last goal, I think together the multistakeholder engagement and involvement we can make a difference for society development. Thank you.
(Laughter)
(Applause)
>> DAVID NG: See if you have any question. It's just some of my question on the human rights issue, and it is not absolute right or wrong answer as a process of discussion. Just feel free if you have any question. I would stay till 6:00. Feel free.
>> MARYANT FERNANDEZ: Are there any questions now or do you want to wait until later? Okay. There's questions. You first. State your name. I think you arrived a bit later. If you want to introduce yourself.
>> AUDIENCE MEMBER: Sorry. I'm from Brazil from the Youth Authority. I don't want to ask a question but say something about what you said about the stakeholders. We're not having here like people from government or the private sector or international organization. As we discussed in my organization, we believe it is because we are mainly following academia. We're in college also. We're doing internships. We're not like grown ups and being like other stakeholders. We're like in the technical community or service society where they are stakeholders with like an interest ‑‑ easing interest in the stakeholders. I guess that's why we don't have too many people as stakeholders.
>> I think there's an interesting discussion about ‑‑ of course it is not normally youth who will be on behalf together with the world representative from government to understand. In that sense I think youth is somehow engaged right now to understand how the process is. Maybe some day we will be entering that system about the policy making process, politics, or work for the government for the whole development. I would say there's somehow a capacity building area right now to prepare for our future. I would say in this sense. There's another question in our discussion we go through these few years, whether youth should be in other stakeholders groups to be recognized in the IGF secretary system. I think it's important to think of that as well. There's controversial debate on this area. Some people think it's too separate. Also some others think they're already integrated in some stakeholder groups, and we separate from this system. I think there's a lot of room to discuss on this as well.
>> AUDIENCE MEMBER: My question would be that the talk was on human rights, and you mentioned the multistakeholder approach there, the link there, how you feel that links between the multistakeholder approach and human rights. Just to put it into a bit of context because we often have discussions that there is a difference between the multistakeholder approach and democracy as a tool and to allow participation and if the multistakeholder approach is not rather maybe stifling development of digital rights in these processes.
>> Yeah. Just my personal feel. I think for the right forces to defend or advocate for human rights is not just an effort from one party or another. It really is the involvement and also the unique whole different party here to engage in the process. I think the linkage somehow ‑‑ if there's more people on the issues different stakeholder think from different perspective, we can somehow make or even somehow to execute the human rights in a better sense with balancing different opinions and making some consensus on this. So I do think participation and engagement is a process to make the whole thing work in terms of advocacy for human rights, yeah.
>> AUDIENCE MEMBER: I have one. Sorry I'm late. I'm from Kenya. To pick up on the discussion about bringing more diversity within ourselves, not necessarily being a different stakeholder group. I'm of the school of thought we need to reach out to young government employees, young staff working at Google, Facebook, whatever, to bring them on to the spaces for them to know.
Last week there was a meeting, the African Union meeting in Egypt, there was a young government employee who she works for a regulator it was her first forum. She's young, below 30. She didn't know there was this young committee of people out here who are on internet governance issues. That's what I want to emphasize. We need to reach out beyond our silos, for example, if you're in school and you need to reach out to friends, not necessarily involved in another NGO, a young employee in government or Facebook so you can exchange the ideas and build the youth movement in the internet governance space for the next ten years. Thank you.
>> Thank you, Ephraim, for making that point. We can make a difference around part in the process and do some lobbying. Thank you.
>> Maybe Estelle. You can start the second session. We can go to other questions. Now, we talk about freedom of expression, as I mentioned before.
(Talking off mic).
>> ESTELLE MASSE: My name is Estelle Masse from Access Now. I'm also 28 years old. I've been working access for the past five years now. Mostly on privacy actually. So I'll be talking here about the works of many of my colleagues on freedom of expression and a little bit of my own work on the neutrality.
So for this session on freedom of expression we've identified three specific topic as was mentioned before. This should by no means limit our exchange here if there are other issues related to freedom of expression you would like to discuss, feel free to bring it up. I'll be talking about network neutrality and content as a whole if you want to bring up question on each of these topics during the presentation, please just wave and I'll try to take them in.
The first issue will be Internet shutdowns. Internet shutdowns, I'll put forward a definition that we've worked on with the community at redcom, the conference we organized. And we gather a group of people from civil society mainly but also from intergovernmental organization and also from the telecom sector in order to discuss what is more and more becoming a norm and practice in many origins around the world which is an interruption of the Internet or communication which makes these services inaccessible or unusable either for a particular part of the population or specific location and offers to take control over the flow of information.
Basically what we had seen is that even though there are issues with access to the Internet in the sense that the quality of access between countries or even within a country may vary depending on whether you live in a rural area or a city. Also, we're seeing more and more government trying to exercise control overpopulation by shutting down either specific services, the full Internet in particular times.
So around elections we've seen a lot of Internet shutdown in Africa in particular. We've also seen Internet shutdown for a way for government to ensure that there will be no issues during state's exams of students trying to look up answers over the Internet so the full Internet was shutdown. There was also during president's visits some Internet shutdown in order to protect security. Those are reasons given by the state to limit expression. The reason behind it is to prevent organizations or the society from the population. This was started when governments have realized when the Internet can be used to disrupt political and can be used as a tool for change.
We've seen a lot of Internet shutdowns around what was referred to as the rep screen. A lot of processes happening in Egypt in 2011. That's when we started seeing that while a lot of activists and citizens that were trying to use the Internet to show the revolution in their country, the government in power at that moment was trying to shut down those messages.
Little by little we have seen those shutdowns have been increasing over the years. In 2015 we documented 15 shutdowns when we started doing the research. This figure does not necessarily reflect all of the shutdowns has happened. It is the beginning of the work we started documenting them. From 2015 we had 15 only. In the first ten months of 2016 we had documented 51 shutdowns. And in the first three quarters of 2017 we've already documented 61 shutdowns. We're seeing an increasing trend in government around the world shutting down the Internet.
We're also seeing that while for a lot of work was focused in the region and Africa region, we've seen an increase in shutdown in Asia and is used in Venezuela and Mexico only limited to a few platforms. Some disruption that cannot be qualified as shutdown, but network interferences happening around Europe and in particular in Spain recently.
Shutdowns is actually an interesting technical measures that often reflects political tension within a country. A lot of Internet shutdowns, as I said before, are links to change of power, election protests. We have tried to do a little chart of what were the reasons given for the shutdowns.
When is the telecom asking them to shut down the Internet? Political instability was used, controlling election is quite often. In very few instances that actually came from an issue from the telecom provider and the government.
Here there is a lot of issue on shutdowns for citizens that are affected by the fact that they can no longer access the Internet. They can not necessarily work. They can communicate with their friends and family. They can't relay information happening on the ‑‑ journalists are prevented from communicating with the rest of the world. There's an impact on community. A lot of transactions happened online today. Not having Internet means also a lot of economical loss there. There is a clear activity by government to control speech and limit expression from their citizens.
We have ‑‑ in order to fight for shutdown, we've created a huge coalition with more than 140 organizations. We are hoping through the IGF to reach the margin of 150. This includes members from more than 60 countries. It's really important to have as many country as possible represented within this Coalition because there are shutdowns that happen in different ways in different regions. It's really important to have reliable information on the ground on what type of shutdown is happening and what the reason is in order to counter them.
While the first part of our work in this ‑‑ in the fight against shutdown which is a violation of freedom of expression when all the means of communication are being cut for people. We were first working on trying to map them and classify exactly was happening. Since the past two years, we've been working with the coalition to map the shutdown. We're working on trying to prevent them.
When we see a situation, for instance, where tension is arising in governments or between governments and population or a large election is coming up and the incoming power might be changed, we do a lot of advocacy and lobbying work in events in the country with partners placed in the region in order to try to get the government to pledge not to shut down the Internet repeat error from the past. We had one successful case this year where the Internet was not shut down. We also had other cases where due to the large protest around it, the Internet was restored after being shut down for a couple of days even though the shutdown was supposed to last longer. There's still a lot of work being done to prevent the shutdown.
We're seeing more reaction from government. This is one of the area where more work from international community and even international ‑‑ like the UN taking pledge in order to prevent Internet shutdown, it would be extremely helpful because there's a different level of pressure exercised on the government and the users' right to expression. And they can express themselves over the Internet if they want to.
Another really important issue when we talk about Internet and freedom of expression is the issue of net neutrality. Again, what does net neutrality mean specifically? It is a guiding principle that provides the essence of the Internet which is open and free accessibility. Free in this sense is not free. Net neutrality is not regulating the Internet. It was built to be an open and accessibility tool. It's so that anywhere can communicate with each other and share content and access content. Net neutrality is this guiding principle which itself is based on three foundational principle. The first being the end‑to‑end principle whereby we must enter all points of the network should be connected to all points of the network. If I want to access Netflix, I should be able to access Netflix. There is no block of connection happening.
The guarantee your Internet provider should do the best efforts to deliver traffic point to point as quickly as possible. This is to prevent throttling. For instance, if I want to do (?) They cannot throttle that goal that would not be usable and I would switch to another service. This is another important principle in the online environment that the user can choose any product, and it will be in any case used in the same way.
The third one is the innovation without permission principle which is important for any Internet user who wish to have a page to communicate others and to have a website is knowing that your innovation and your product you want to put online, whether it is an online service, an app, a website, will be put without you having to pay a fee to the Internet providers and an equal ‑‑ the Facebook of tomorrow your provider will not ask you to pay to be the Facebook of tomorrow. Wikipedia became Wikipedia, before we were using the Encarta encyclopedia. A lot of new services and page to be created every day. This is very important to protect it.
It's important when we have in mind in neutrality that we have in mind these three layers that should be respected because interference can happen at any layer. Even though the Internet was working that way and for a long time many argued there was no reason to protect net neutrality since the web was built in a neutral way. However, some telecom providers had understood that they had the possibility to interfere with that principle by blocking content in order to have users use other type of content by throttling your voice over IP services so that you would continue using the traditional land line or foreign services so they would lose money et cetera, et cetera.
Because of this disruption from the foundational principle they have taken an action to protect net neutrality. This is a coalition on net neutrality. We operate this website and maintain the maps. Unfortunately we will have to update what perhaps the U.S. has taken recently. In lieu you would see countries that have net neutrality protection either through hard law protection which are binding rules or self‑law which is general guiding principle that it should be protected. The color does not indicate whether it's in force or implemented but means to communicate that protection exists at some level.
The red is for country that at the moment considering some protection, and the yellow is country where we know there is no protection, and we can see a lot of country where we have no information. We need more support from help on the ground or in the region in order to complete this map.
These laws, however, were not easy to get to and required a lot of mobilization around the world. Here is a little bit of a snapshot of many campaigns that have been up over the past few years. In Europe, Brazil, India, in the U.S. to get to net neutrality. The fight for net neutrality starting in 2013 and completed in 2015 and lead to the protection of net neutrality principles and ensuring there would be no blocking or throttling over the internet. In India there was zerating which is a certain type of practice whereby your ‑‑ you could get access to only part of the Internet but not the whole Internet. Those are product offered by Facebook, for instance, through your project called Internet.org or it could also be a product where it says you will have 2 gigs per month and on top you have 5 services I have selected for free. Based on our research are Facebook, Twitter. The U.S. has been doing campaigns for a long time in order to get net neutrality. The U.S. federal communication ‑‑ FCC. I forgot. The U.S. FCC (Laughter) in 2015
>> Commission.
>> ESTELLE MASSE: Thank you. It passed the Internet order to protect net neutrality in 2015 which unfortunately was repealed. This week by the new administration, the new FCC they will continue. Brazil recognized some protection for net neutrality, but more will be needed to implement them and so on and so forth. There were many campaigns organized for that.
The first contract to create net neutrality around the world was Chile and then many countries followed suit.
Here is the biggest issue of the moment for net neutrality which is the United States taking the ‑‑ many countries are moving to have net neutrality protection. The U.S. had done the same. The FCC has decided to come back on the decision. This is the full house of the FCC. At the certain you can see, Chairman Pi who ordered to repeal the net neutrality rules which was accepted by the female commissioner and rejected by the male commissioner. There is a challenge the order. There will also be proposal in U.S. Congress in order to adopt some long lasting rules for net neutrality. This event is quite important for us to see that net neutrality protection can be fragile and needs to be protected even though they've been adopted. And the need to protect the openness of the Internet and the principle that allows us to communicate freely online always needs to be looked at and protected.
I briefly mentioned about the issue of zero rating which came the new trend of net neutrality. For many years the violation was the blocking of certain contents, the throttling of certain contents. Now it has become zero rating which is the practice where your teleco is offering some content in a different condition than the rest of the Internet. This is in particular ‑‑ certain services are different than others. The permission list principle in the sense that if your Facebook new competitors you're already starting with a hurdle because Facebook, for instance, is given preferential access compared to other issues. This has boomed all over the rule like in Europe because our rules on zero rating are not clear enough. A lot of teleco‑s are testing the boundaries of those laws. Even though we've managed around the world against blocking and throttling. Further effort is needed to be closely regulated. One example would be India who has done sort of opposite approach compared to the rest of the world where they banned zero rating and looking into more overarching rules on it. It's interesting to see what is happening over there.
Then the third issue, main issue when we talk about free expression. I think by now you've seen when we talk about free expression in the online environment there is a lot of addressing threats to that freedom of expression. It's a' not really ‑‑ it's hard to ‑‑ how to counter threat by government or private sector trying to limit that freedom. So if the government user shutdown there are threats to the net neutrality principles and a little bit of the two of them put together would be be into the issue of content takedown and content regulation.
Many of you might have encountered (?) On YouTube. Content is removed for copyright reason. This is often the case that YouTube is enforcing what we call the DMC which are the U.S. rules on copyright which is not a global norm. It's a U.S. norm but it's implemented on the platform globally. Which means even if the content would not be following copyrights on your country you might not be able to access this rule. This is YouTube's decision to enforce the rules globally. There's no obligation to do so even though there might be some pressure. The U.S. is not the only place where we see this trend where companies are taking by themselves the rights, let's say, to enforce rules in a manner that restricts speech.
In many areas copyright and trade mark we're seeing companies are taking actions in order to enforce their terms or service in ways to address issues that were normally addressed by governments. We're also seeing more and more contents being taken down from the Internet by companies because there are ‑‑ they're related to hate speech, violent, child protection because of morality and nudity. The reason can vary a lot. It's usually not very explicit except on copyright. Generally what you will see if your tweet or Facebook post is taken down it's ‑‑ this content violated the terms of the service but you don't know what specifically was violated. There is little you can do to put it back up.
There is a lot of work being done globally now on trying to address this issue. Trying to prevent that private entity's decision to affect speech online. I recommend the work of the UN rapporteur on freedom of expression who is doing reports on freedom of expression largely and written quite a bit on content and how freedom of expression online happens on a daily basis and involved by (?) In terms or service. Companies are either pushed by government to so‑called do more online and they are being much more forceful in implementing their terms or service which includes vague language which doesn't allow you to understand why some content is removed or not.
Then comes the question of ‑‑ which relates to the nature of the Internet which is available for all but it's still privately owned platforms and whether the companies that operate under the platform are responsible for human rights. Of course, companies have a responsibility to protect our human rights but they are now taking care of the enforcement of those rights sometimes. They're deciding based on their terms of services or coerced through government or self‑regulation practices which content we should be able to see globally or in a specific jurisdiction taking away measures that may have been considered by government whether or not they're good enough or not but had been considered through democratic processes.
Faced with this issues related to freedom of expression and in particular on content there is a set of measures that needs to be considered. First there is more that needs to be done with regard to compatibility to ensure users when content may be removed. There is a due diligence that needs to be conducted as well in order for companies to assist the impact a decision can have. There is of greater need for transparency and disclosure when content is being removed and clearer eave for redress. However, corporate should not be left alone with the responsibility to deal with content online. This is not their rule. They don't have to be a jury of the equality and the liability and the legality of the content online. We need to continue by and by our rule of law which mean restriction of content online must always be provided for by law even though the order may be communicated by the company, but there must be basis in law. The law must ensure that redress mentioned before are actually there.
Finally, it's an issue that we largely also overlook, but there is a lot of content online where there is a little bit less of discussion on whether it should be online or not. We have, of course, a lot of debate regarding copyright and freedom of expression because not the same laws apply everywhere. One topic where we have more or less a global agreement is child exploitation content. This is one content where everyone agrees it should not be online and measures can be taken on that basis, however, whether that content or all the rest of the content, it's important to ensure that there is youth intervention in taking down the content and not only done based on algorithm and automated decision making. The decisions can be too broad. We've heard of cases on Facebook of heart or painting being down. It's important that there is a human involved to fact check or double‑check the decision or to ‑‑ do a first ‑‑ it's important to ensure there are supports for the people involving the program and further reviewers. They're exposed during hours that is dark content and hurtful content. This is not an easy job. There is a lot of content out there that is extremely graphic. We need to intervene for more human intervention and more support for people actually doing this review.
I'll leave it here. I left you with a lot of threat basically to freedom of expression online which I think it's quite interesting in the sense that all around the world we protect freedom of expression, and there is a general agreement to have freedom of expression online. But in many places we do not have overarching laws protecting but we have laws limiting expression online. I have seen norms where the baseline is important which is net neutrality is so important and ensure places ‑‑ (?) Which is also why clear rules on content regulation is necessary. So there is ‑‑ I think a lot of time when we consider the work that we represent at UN level or regional level or politicians creating laws sounds really boring or sounds really complicated or really shady, but the impact that those laws will have on your day‑to‑day basis is so important that it's really important to consider that the people making those decision needs to be informed on the impact it will have. We should not leave it up to all the online companies to figure it out by themselves what we should be accessing on it. We should have these democratic debates. It's a complex issue and not everyone will agree with each other. We will have differences and that's okay too. We should just get around the table, agree to disagree in certain instances and try to find common ground where we can in order to ensure that global freedom of expression and freedom of expression online is respected.
With that, if you have any questions, on any of those three or freedom of expression more globally. I know I was a little bit of ‑‑ not happy topic. Yes?
>> AUDIENCE MEMBER: It's mainly your opinion on a topic, like the net neutrality and the Internet of things because some people say that if you have the net neutrality, you can't develop Internet of things some kind of ways, for example self‑driving cars. You would need to prioritize this data so you don't have accidents and this kind of stuff. So what's your opinion on it.
>> ESTELLE MASSE: It was SCUD in countries where there is hard law on neutrality. Will they found that an IoT device is connected to the Internet but is not online, per se. Therefore for these types of specialized services and very specific services like e‑health services which requires a stable bandwidth. You don't want your car to be loading every five seconds or your insulin pump or pace maker. Special bandwidth should be allocated for it and there should be a specific exception for that.
However, there are still some general net neutrality law that should apply across the board. The solution that has been found at the moment is a compromise to see also how the Internet of things will develop. We're talking about the connected cars but we haven't seen that many yet. It's not yet fully developed exactly how it will function and what it will need to function fully. There is some flexibilities that have been put in there. IoT can co‑exist is net neutrality principle.
>> AUDIENCE MEMBER: Only to check. When you go to other countries that have some kind of shadow (?) Is because you consider application shutdown like the WhatsApp. Are you considered ‑‑
>> ESTELLE MASSE: Some of the shutdown is on a specific service and some are the full Internet.
>> AUDIENCE MEMBER: Just on the point you said previously about the prioritization of some services. While I don't agree that connected cars should have some like allocated bandwidth or something like this which is special for them since most automated cars are able to go through a tunnel or something like this without everyone inside the car dying. But what do you mean by having some special lanes for Internet of things, which was the answer to the first question?
>> ESTELLE MASSE: The IoT's are not connected to the full Internet. When it's connected it's not connected to ‑‑ you don't connect your car to the Internet. You make it available ‑‑ there is a part which is over a network but it's different from it. So it has a special ‑‑ it's disconnected from it but we didn't want to have an issue where the IoT would have been used as a loop hole for different services to be considered specialized service. There was an agreement to be made that if you're using the full Internet and if you're connecting through the Internet, there is no such rule. Then you have to apply the net neutrality. If you're a product that is connected, then it's a different rule that apply. On the nitty‑gritty the engineers from the telecoms regulators have found a way to make that happen and developing technical standards on that which I could look up information about that. But I'm not too well versed on the technical specificities of it.
(Silence).
>> I was listening to my colleagues, I was thinking instead of talking about for example, what state of data protection is how you would be interested in how EDRi makes that happen. Would that be interesting for you? If so, I have other presentations that I can ping here. Always leave the region as different. But if this can be helpful for your work or your future activities? Is that a yes or not?
(Laughter)
>> MARYANT FERNANDEZ: Yes? I'll do a mix‑up because it's a bit like ‑‑ how can I say this? A bit spontaneous but I hope this can help. Okay. Just give me some minutes while I can put this here. In the meantime, do you have anything specific that you want me to address? Something that concerns you on privacy and data protection?
>> AUDIENCE MEMBER: Maybe the GDPR, that's important?
>> I hope that means it doesn't concern you but you want to have information about it?
(Speaking off mic).
>> MARYANT FERNANDEZ: Fair enough. Just one second. Anything else? I hope that I keep you entertained with a lot of things that I need to share with you. As I said my name is Maryant Fernandez. I work European Data Rights. EDRi, it's an organization of 35 NGOs. We have representation in I think 19 European countries but also other countries that don't belong to the European Union such as Turkey or Serbia. We were founded in 2002. It seems quite similar to what you do. It started because several people decided they were interested about the rights and thought it would be great to create something together. At the time there was no single European organization that was actually interested in defending the rights or had the rights to do it. In the beginning it started with a mailing list. Some people gathering together at conferences and had they said let's do something.
Then so in 2009, my boss, the director of EDRi, Joe McNamee founded the office in 2009. We also started with just one person. That's to give you a bit of hope. Now we're 80 staff. We have three magnificent interns. If you were willing to be one, you can work with me and my colleagues. I work in the (?) EDR is structured differently. We represent members like Access Now but also other members across Europe. Some of our members has international presence as well like EFF and Wexnel like you just heard also Privacy International and also ‑‑ I'm not sure ‑‑ article 19. For example, they're a member. We also have many NGOs that are voluntary based. They have a job in the best case scenario. When they have free time, what they do is dedicate themselves to ‑‑ I think this is very lovely. That's what you're doing now because you're in your studies. Thanks so much on behalf of all societies.
So we have rights and freedoms online and technology has benefits and dangers. I'm fascinated by technology and I'm sure you are too. But also it has some dangers that we need to tackle, right? When there's a restriction to our rights, we try to protect them. And when there's a benefit, we're trying to reinforce them. That's like a general representation.
Normally, this is what we call in Brussels the EU bubble. I come from Spain. I was raised in Venezuela. I've been to France. You're in Switzerland and different regions so that makes you international. In Brussels there's a lot of different people from different nationalities. There are those that are on in the EU bubble. I like this picture because it's what we do. I want to ‑‑ I don't know what the purpose of this picture but anyway I always say I'm this person, this woman outside because sometimes I need to get out of the bubble and talk to people like you and try to inspire you, that's my goal in any case. To inspire others to do what I do, it makes me do a lot of extra hours and talk to politicians, talk to other stakeholders, talk to other people about why it's important to develop the rights.
The first thing you need to do if you want to work on any other topics my colleagues explained, you have to know what you want to do and how to achieve it. It's good to do mappings about the stakeholders you want to create alliances with or the stakeholders that you think will not be helpful. Like for example we fight a lot against the big companies. But sometimes it's helpful to talk to them because you can know their perspective. We do communication awareness raising. We also do policy analysis and advocacy ‑‑ that's what I do mostly. We also do campaigning. She mentioned the Internet was part of that campaign.
Our goal was to ensure that people would write their politicians either members of the European Parliament or members of the government in the council and also litigation. In the case of EDRi we don't do education. Have you heard about Max Shrems? He's famous in Europe. He hasn't finished his PhD?
>> He has.
>> MARYANT FERNANDEZ: When he became famous he didn't finish his studies. He was studying data protection and then he was in the U.S. doing an exchange. He said like, I'm seeing that a lot of violations to my rights to personal data protection is happening especially by Facebook. I'm going to do something about it. He did a campaign. Eventually he brought a case before the court of justice of the European Union and won against Facebook. That's why I'm going to call a safe harbor had to be suspended and then afterwards reformed. There are a lot of initiatives in the litigation side that are being very successful.
On a normal day as a senior policy advisor like myself. This is a to list for myself. I check the news. It's important that you know what's happening in the world otherwise you would be a bit disconnected. You need to ‑‑ normally respond to emails and send an update about the mailing list that you handle or that you are. And I sometimes have lunches with politicians or their assistants. I have meetings with them. I review also the work of other colleagues. That's important. But in reality also there's a lot of things that you don't foresee like, for example ‑‑ I don't know political, for example. Our press release and they'll say I'm interested in that. I need more information. Can you give it to me? Then I have my boss. Oh, my God. I just received an email. We need to act. And then with that, that's like really more like a normal day in the EDRi Brussels office. If you work as a civil society organization, you probably have these things and in the end you have a little work.
In order to defend the rights like data protection and privacy, there are different phases. First is the public debate. Then you have the policy debate which debates the different types of options to fix an issue. Then you have the legislative part.
In the European Union it's a bit complex because you have three institutions that actually legislate. Together with other bodies and agencies that give opinions. Like, for example, in the case of data protection. You have the European data protection supervisor that will change with the general data protection regulation. Then you have the working party 29 which gathers the data protection authorities. You have many other bodies that will be ‑‑ this commission council, Parliament will be the main ones.
In those phases you need to design campaigns and advocacy around it.
This is how we do it. But the topic of today was privacy and data protection. Do you know what it is or what they are actually? Yes. Can someone enlighten me with what these rights are? It's okay. There's not wrong answer. So you can speak freely. No? You don't want to try. You just said yes before.
>> AUDIENCE MEMBER: (Off mic).
>> MARYANT FERNANDEZ: The European Union it's quite particular like GDPR because we have legislation to protect the rights to data protection. At the same time we have legislation to protect the right to privacy that is actually on the reform. It's called the European E‑Privacy regulation. And so the right to privacy relates to our intimacy our private being. It means that whenever you want to do something or you want to share something, you actually have the control about it. And it should be private, and you decide when you want to share it and how to share it basically in simple terms.
When it comes to ‑‑ it's also ‑‑ it has a lot of implications not only online but also offline. The same goes for the rights of personal data protection. When it comes to personal data protection, the thing it's obviously about information. Obviously with regards to privacy, we're not just data but it's a human rights where in the EU we went a bit further and recognize the right of data protection, and that's why we have the data protection regulation.
In order to spread the word about what we can do about our privacy, we developed in EDRi a guide because the Internet rights are not guaranteed. You have to do something to make sure that they're guaranteed. That's where what I wanted to present today and that's why we need the defenders like you.
So our main goal to produce this booklet it was produced yet in Europe. We wanted to empower kids and young people instead of terrifying them, maybe I'm not feeling motivated to do anything because it's going to be bad anyway.
Actually the main goal of this session is to show you that, yes, there are threats, but, yes, you can do something about it. There are means to do it. Any small victories is a huge victory and without you it would not be the same.
Our main motivation was to help everyone to be safer and make more informed choices about what we do in the online environment. So the booklet was first published in 2016. In the first six weeks it was downloaded 22,000 times. We were pleased about that. Now it's available in eight languages. We didn't do it alone. It's not like we have powers to do everything. The sign was made by a common artist called set lack. This is project. The phrasing you'll see is tailored for the European Union or European general. If you see things that do not correspond to your region, you can translate it later. We're a European network and our audience is mainly Europeans, but it's published under creative comments license. So you can reuse it, distribute it and obviously you can keep in touch. But as I said, we didn't do it alone. A lot of our members contributed to it but also scholars and the better Internet for kids and EUN partnership.
So as I said, the booklet is now available in other language including Serbian, German, Italian, Turkish, Spanish. If ‑‑ is there anybody Spanish here or from Latin America? No.
>> AUDIENCE MEMBER: Latin America and Brazil.
>> MARYANT FERNANDEZ: Actually. That's a fair point. Actually it's being developed. That's a good example. As you know in Portugal and Brazil the language is a bit different. I noticed that when I was living in Portugal. Spain is the same. You speak the same language. We decided to create two versions and creative comments. Guatemala was very helpful. We put their logo in there. Thanks a lot to many of them.
There are other translations that are on their way. We have a work of volunteers. If you ever wanted to become one, just let me know.
What is this booklet about, right? So I will explain what Internet is. We already explained what it is. It's not a magical thing. It kind of is. There is some technology behind it that allows us to be connected. And there's also some information about what privacy is and how to protect yourself including how to achieve a safer Internet and have smart phone security and password security and how to better share in a safer way. There are some tools and examples that can help you. From that perspective, I was wondering whether you're interested, for example, to know or to share things that you actually use to protect yourself online. Do you use any specific, for example, browser or apps that you think are more privacy friendly? No?
>> AUDIENCE MEMBER: (Off mic).
(Laughter)
>> MARYANT FERNANDEZ: I must specify these are tailored for Europeans, but I'm sure that if they're not available in your countries, there will be others. Fortunately in any case they can be tailored. So if you want, I can share some tips of what I do personally, so it's not another recommendation. We don't endorse product or services because it's very difficult to know how, for example, companies will develop their products. Maybe now it's perfect but the day after it will not be that perfect, and we would be in trouble. These are basically things that we like the at the moment of writing.
So, for example ‑‑ I'm sorry. So, for example, for your browser, for desktop I use Firefox. I don't know if you know what it is or have you encountered it. You can download it easily. I like it quite a lot. What is helpful is you can have a lot of add ones which are additional items you can add. I have privacy badger which was developed by a member of EFF. Ublock and ITTS Everywhere which makes your online experience a bit safer. On mobile I use Firefox Focus. I don't know if you've heard of it. It allows you to see the trackers on your website. So when you surf online, a lot ‑‑ it's not that nobody's watching. There's a lot of countries and government that are watching. There's also a lot of entities making money about what you do.
So what is interesting about Firefox Focus is it allows you to block cookies and also show you the tracker so you can be informed and know what to do.
Then when it comes to the search engine there are other alternatives to Google. In desktop you can use start page. It was developed by a Dutch company. You can also use one developed by a French company which is like Google search but it's more private. And for your mobile phone if you use, for example, Firefox, you will notice that start page is not there yet but Quant. It is quite good and much better done than Google search for your privacy reasons.
When it comes to a specific recommendations for your desk top, well you should obviously clean your cookies and history often. I don't know if you know that besides Apple and Microsoft, there are many other options. One we like is Linux. You can install it and that's much better in our view.
Then you can have, for example, privacy screen, I have one here. I don't know if you've ever seen this. I can show you like this. So like this. Do you see the screen? No? Well, that's the intention. That's very helpful if you don't want your neighbor to actually look at what you're doing. For example, I think it's helpful when you travel or when you're on a train, you want to protect yourself a bit. For your mobile phone you've seen camera stickers. There are privacy screens that are also allowed ‑‑ not allowed, exist in mobile phones that you can use.
Also, your device there's also some settings that you can change according to, for example, the EU rules and companies need to provide privacy by default and by design. They will be implemented in 2018. Actually I think your ‑‑ I would say that you're quite lucky today because my colleague on the left, Estelle, I'm not going to say drafters, but one of the influencers to have digital data protection regulation. I think it would not make justice to the work that she did to present it. Do you mind jumping in and talking about what the GDPR is and why do you think it was important to work on it? My colleague Diego worked on it. I think that he ‑‑ you're very honored to ‑‑ really, to have her here. I think she should talk.
>> ESTELLE MASSE: I don't know about the GDPR. The General Data Protection Regulation which are the rules that have been existing for more than 25 years. It was 1995 in the EU. A lot of the GDPR is based on this previous rules. One of the major changes of it is stronger enforcement and stronger liability for private sector owned private sector using your public information.
All the rights have been upgraded to make them fit the 21st century and changing context. In 1995 when the first rules were negotiated, only one person in the population of Europe was using the Internet. Of course the purpose of the law at the time was very different than the GDPR now where most of the population in Europe is online, and the scope is much different given the volume of data that is being traded.
The enforcement and the fact there are larger fines applied in case of violation is one of the big changes brought by the GDPR which means a lot of companies unfortunately have been ignoring our rules for 25 years are now trying to catch up and waking up to the fact that data protection is something that needs to be considered.
The two concepts that Maryant mentioned privacy by design and default, which is data protection by design and data protection by default, which are important in order to not only have data protection as a mere compliance element in the sense that it is recognized in Europe as a fundamental right and one of the objective of the reform is try to build a society where privacy and data protection are not seen as a burden that you don't really understand or care about but more something that would be embedded into the thinking of every public authority and private entities processing data, which means if I'm an engineer developing an application at the early stage of my development phase, I want not to only be thinking about if my project will be smooth and used but also if the data I will collect is needed for my service, that I don't collect data I don't need it. How will I store it? How will I protect it? What is the functionality I need to give to the user and give them the autonomy and the protection they need? Et cetera, et cetera.
There is a lot of new opportunities for users to take greater control over their personal information but also new opportunities for the private sector and the public authority to better understand what data protection means in the environment and how to create a way for this to be implemented at the earlier stage and for data protection not to be considered as a burden.
Of course, since we're still in the implementation phase of the law at the moment and there is a lot of legal details to be figured out, we're still not there but the potential and the opportunities of that law are very important. And it's quite interesting to see that many countries around the world are also looking at it as an example of things to follow but also issues to not repeat. Because as every legislation not everything in it is perfect, and there are still things that need to be improved.
(Captioning of this session will end in a few minutes).
>> MARYANT FERNANDEZ: As you know, there are other countries that have taken on other approaches. We see that obviously coming from our work on the EU. We think the GDPR is a good example. I know that several colleagues from Access Now and also from Privacy International and the members of EDRi. And you may receive emails and calls to explain the rules in Europe, because they are interested in it and would like to have something similar.
But in any case so what I presented was more how can you protect yourself as an individual but also we're better protected with products and services, but rather a strong rule set that would force the market to respect you as an individual and as a human being and not as a commodity or product.
With regards to the booklet, the booklet you will see that there are some heroes and some enemies. We call them digital defenders against intruders. This is perhaps ‑‑ perhaps this is more for younger people. We found that it was a good way to communicate with youngsters to understand the benefits and also the dangers of the Internet and how basically to protect yourself.
So you can help translating the booklet in schools and with donations. We have some partnerships we have developed with some people sharing it at schools or teaching about it. As I said, it's published under a creative common license. It can be free downloaded and redistributed. You can mix it up, as I said.
So thanks so much for ‑‑ I hope you have a lot of questions. You can always get in touch, especially if you're interested to know more about what we do and how to protect your privacy, your personal data, your freedom of expression, net neutrality, anything you may think about data rights. We not only have lawyers like myself. We also have nerds and techies, and we also have a lot of people that are actually professionals in the sector. So they have a lot of expertise. Is there any questions you can ask? You want to know?
(Captioner switch, continuing off from previous captioner)
>> Like collaboration, especially, you have the European commission and also paramilitary to coordinate the collaboration among different countries. The GDP is one of the initiatives of collaboration on this sense.
Back to the other regions like Asia and other area, we don't have such kind of like commission in the sense to set up common grounds laws or ‑‑ common grounds or laws.
Do you have any thoughts how other areas can do ‑‑ other ‑‑ in lower nations?
>> So with regards to the second question, I would ‑‑ I think she has ‑‑ well, thanks to the ‑‑ in a society that seems, you know, it's okay to share everything. We try to, obviously, combat this ideal we have nothing to hide because ‑‑ here it is. It has some titles ‑‑
(Speaking Language Other Than English.)
(Video being played.
>> So what do you think about this?
>> I have to ‑‑
(Video being played.
>> Sorry, okay.
So what do you think about this ‑‑ is there any ‑‑ like I say, us young people, like, what are the challenges that you are facing to tell perhaps ‑‑ because I have the impression that all of you are already aware have rights and privacy and why it's important to protect yourself. What ideas do you have that can help other people actually do the same ‑‑ what I like to think about this video is that it exemplifies quite a bit about the dangers and the threats that we face constantly online. I think the most outrageous thing is that people are not informed and you don't know exactly what's happening behind, and I think what is very important is to do this type of public awareness exercises where you show exactly what's happening behind, and there's a lot of many others who are trying to show, you know ‑‑ that it's not true that's ‑‑ we have nothing to hide.
In any case, in the case of governance, for example, they're the ones who need to tell us why they would need to do that and in case of companies as well if ‑‑ it's in your mobile device for example it's quite often that you would see that ‑‑ for example, to offer their service they would access, you know, the camera, your contacts and these are not, you know, necessary for most of the things.
As an example, Google Maps often if you install it, they will ask access to many things. For example, they don't need your camera to show you where to go. They don't need your contacts to tell you where to go, so it's important that people know and halfway to protect themselves.
Is there anything specific in the region that you're developing in your movements that we can help as well?
>> I would like to know that you said it was like going to public schools maybe or not ‑‑ I wanted to know how it's like to fit back there, of the kids or ‑‑ are they interested in the topic?
>> Yes. So far all the feedback that we've had a very good, and we don't do it like personally from the office so we let our members to actually go and reach out or to anybody that is interested in that.
>> We're working with kids and young people and developing separate projects to ensure that, you know, it was not something for adults even though when we publish one of the first feeds. We got ‑‑ well, you say that is for kids or young people, but I'm actually not that young. I love it and I can use it for myself because it has useful tips. Obviously, if you, you know, cannot ‑‑ if you're very, very young it might not be for you perhaps you cannot read it it's useful for parents, for example, to know ‑‑ I mean, as you said, I think in the beginning you have friends that have kids that are 2 years old or older already with smart phones, and it's very important that also parents are aware. And you can use ‑‑ it can be an inspiration for your campaigns and your movements.
The Norwegian consumer organization did a project called a toy fair campaign. I don't know if you heard Cayla? No? So Cayla is a connected doll and basically allows kids to talk to the doll and the doll talk to you and stuff so that he actually did some research and found there were a lot of insecurities, and it was basically hackable and so they managed to create a project and awareness around it, and it has had, like, wide impact, so it has been banned from being sold in several countries. And then it's forcing the policy debate to go more like we need to protect your kids are talking to the doll and somebody else is able to access the doll and talk to your kids and things like this, it's not very good.
So the same applies to all of us and so this can be useful things to do now they developed another campaign called "Watch Out," and they have done similar research and testing on smart watches, and they have also found a lot of insecurity in these projects that leads to with things like this to me very small and you can do a lot of impact with a booklet. You're not going to solve a problem with campaign and solve the problem but it's just a tool that you can use, among many others like fighting to have rules in your country or many other.
Any other questions? Yes. I actually ‑‑ sorry, I ‑‑ okay.
>> I'll talk about the developments in Brazil. So ‑‑ oh, our folks in Brazil. Well, after the FCC approval about the invitations ‑‑ oh, sorry, I need to stop it right here. One sec.
>> In the meantime, he can talk of the second question of him. Okay.
So the question was about how in other region can their protection also be developed and mechanism for cooperation over there. So we have this lull in Europe. We're very happy with the GDPR, but it's really a European‑focused framework, but a lot can be taken as example or inspiration but every country has a different approach on how to ‑‑ to protect data and every approach fits specific regions so it's quite interesting also to compare the different norms and there's a few places one is international cooperation of privacy commissioner which was just held in Hong Kong actually. And there is a lot of development in parallel of Europe also in Asia through Asian‑Pacific Cooperation in the apex. There's the rules and protection that has some similarities in Europe as they're both using the OICD guidelines.
But then based on everyone's different interpretation on scope of privacy, the scope of data protection there's some differences also on how exactly it works, but it's ‑‑ it's quite interesting to have the one commonality is that each time we have a data protection law, there's an enforcement body or there should be one in order for it to be meaningful and the enforcement body ‑‑ the protection offices or commission are meeting once a year at least, somewhere in the world where there is data protection in place, and they discuss for a few days how to better cooperate today.
What are the differences between their laws? And how those differences may impact global flaws, how their similarities might raise opportunities? How can they work together and they're doing reform so that they don't impact too much with the other? What can they learn from best practices from each other, et cetera, et cetera? And that also helps drives the movement for data protection and privacy to be globally protected.
There is at the moment two ‑‑ 3 actually countries that I know of and I'm sure there are many more that are developing their first data protection law which is Tunisia, India and Jamaica. There's a few upgrading, and Mexico might also start review so there's a lot of importance for cooperation and this conference is one of them. It has traditionally been open and closed to civil society.
We're trying to regain a little bit of space there, and it will take place next year in Brussels in the fall, so that might be one good place to be.
Despite their location, it's very usually global event so it's really important to also have ‑‑ from the civil society, side, representation globally in order to discuss these differences and approach.
>> Do you want to ask a question that you had? No, that's fine.
Okay, all right, so I now ‑‑ we're supposed to have a break, and then right after, we'll have the cybersecurity session. Gustaf is here already. He's in the back so don't miss it and don't go anywhere other than, you know, coming back if you do so. And thanks so much for listening and for staying here.
>> Maybe we have, like, 10‑minutes break.
>> Yes, sorry. I didn't say the time.
>> We'll be starting again at 3:25. Thank you.
(Break.)
(Captioner change)
>> For the upcoming two sessions ‑‑ guys, for the upcoming two sessions, it will be mainly two areas. One is on the security stuff, and the other is the efficacy area: How we can do the work.
So right now the session ‑‑ we have Gustaf from Access Now to talk about the thinking security on how the issue is. So welcome.
(Applause.)
>> I'll pass the mic to you.
>> GUSTAF: Great, thank you.
So you might be able to move so you can see the screen, if you can't already see it. So today I'm going to talk about ‑‑ well, I'm not going to talk about tools. I'm not going to talk about specific types of security and what to do in this situation or that situation. What I'm going to try and do is teach you for the mindset of security. So if you can adopt a security mindset, you should be able to apply that in any situation to ‑‑ to analyze, you know, what a more secure and a less secure path might be in any particular context. So that's what we're going to try to attempt.
So I'm Gustaf. I'm the chief technologist at Access Now. I have 23 years' professional experience in information security and many years before that of unprofessional experience to this talk about cover these things.
I don't know if you're familiar with Access Now, if people can raise their hands, and I'll skip that bit. A few of you. All right. We'll see how we go.
We'll talk about best security versus appropriate security and we'll do some very, very basic looking at security modeling. It's going to be super, super high‑level, but we look at some things like adversaries and asset values, and then we'll just talk about support that you can get in the security space.
All right. So introduction to Access Now, we're international digital human rights NGO. We have offices all around the world. Our mission is to extend the digital rights of users and risks around the world and we really do that through 5 arms: Policy, advocacy, technology, which is primarily our digital security help line, grants and rights.
So I want to just pay particular attention to the digital security help line as it's applicable to all of you. And to this ‑‑ this topic. But for 5 years now, we're in a 24x7 digital help line digital security. We go out and raise money so that we can have this facility and offer the expertise free to members of civil society around the world.
So we operate from 3 offices. Those offices are more or less equidistant around the globe. So each office does an 8‑hour shift and those 8 hours make up 24 hours, so each shift hands to the next shift. And 3 x 8 is 24 hours and then it starts again.
So we hire local people in those offices and we are able to speak the languages you see up there. If we get cases in languages that are not up there, we can usually handle them, but with a bit of a time delay.
Okay. So what is security? The main thing to start with is that security is always content‑specific. So there is absolutely no such thing as a one size fits all in security. You know, it really depends on the type of work that you do, what it is that you need to protect, who you're trying to protect from, you know, right down to what specific type of computer you have, the applications that you use, where you connect to the internet or to communications networks from, the way you work and so on.
So there's so many factors that go into the equation of working out what is the most appropriate security, so it's just something to ‑‑ to remember. That you can't, you know, sort of put something into Google and find a top 10 list of security practices and implement those and necessarily be safe or not.
So the second thing I would say is just be, you know ‑‑ be aware of absolutists, so there's a lot of people out there, security professionals, and unprofessionals, and, you know, they'll tell you can't be secure unless you use fruit bat encryption on a Wasabi T‑Mobile phone and you do it standing on your head and if you don't do that you're not secure. And that's very unhelpful and I'll show you why that's unhelpful.
So what we're really looking for is appropriate security for your specific content, in an infancy of vulnerability, and what I mean is if you break into the Pentagon, and I'm not suggesting that you do that, you know, admittedly it's going to be hard, but there's always vulnerabilities out there and given enough time and resource, I'm sure there would be a way to get through that security. So that is the infancy of vulnerability, but what we're really trying to do is find the appropriate level of security within that sea of vulnerability.
Okay. So what we're really talking about here is not, you know, the best security. We're not talking about securing everything and applying the, you know, strongest encryption. What we're trying to do is we're trying to implement security that is just good enough. And what I mean by that is there's a whole a lot of factors that you ‑‑ you know, you want to take into consideration to this. So the first one that is super, super important is that the security measures should not stop you from doing your work. So, you know, depend what your work is, but if it's something like activism, if the implementation of the security measures are so high and so invasive into your own way of operation that it prevents you from doing the work, then you've already lost. So it's very, very important to make sure that whatever security measures are in place, that they allow you to continue to do the work, and security measures cost money and they cost time and effort to implement.
So, again, we don't just want to be taking on any security measures or security measures that are deemed to be, you know, super strong. We just want to implement the appropriate measures.
Ideally, when doing the threat modeling piece and working out, you know, who the adversaries are and what's important in terms of security, what we're really trying to do is to raise the bar for the adversary high enough that it's no longer worth them to pursue circumventing your security. So that's ‑‑ that's really the goal. And once you've raised that bar high enough, and as soon as it's high enough, you stop, and then you just, you know, put all your effort into continuing your work.
Okay. So appropriate security, I'll just give you an example ‑‑ a stupid example, but it will illustrate the point. So if you lived in a house on a mountaintop, you would not ‑‑ it would not be wise in an effort to secure that house against floods because it's never going to flood at the top of the mountain, but it would be very wise to secure that house house from lightning strikes because it is at the top of the mountain and that's much more likely. So that's really what we're talking about. We're just talking about identifying those things that are important and focusing on them.
Okay, security prioritization. So we are working out what is appropriate security and we're going to put, you know, costs and time and effort into implementing those, but it's also important to work out what sequence those should be implemented in. Again, we don't want a situation where you would cease working until all of the identified security mechanisms are in place. You want to be able to have that continuity. So we just need to work out what is the best sequence to implement the things in, and it really sort of comes down to, you know ‑‑ we have this jargon word called low hanging fruit. It's sort of the easiest things that you can mitigate that will give you the biggest return. So they're the kind of things that we're looking for.
We went to secure an organization in Uganda. And we did a full assessment and, you know, their practices and when, you know, they were doing things that were not secure and things like that, and it turned out that the time the greatest time of their insecurity was when the power would go off and it would go off for much of the day. They would all just get up out of their office, walk over to an internet cafe and start working from the internet cafe and there was no security, whatsoever, at that internet cafe. So the solution to this problem ‑‑ and the solution to, you know, 60% of all of the security vulnerability was power their office with power all day and every day and that solved most of the security problems. So that's what we're looking for. We're looking for those things where a small amount of the effort and implementation gives a big reward in terms of improving their security stance.
And then we come to security modeling. So we'll look adversaries first of all. And this is a bit of a chicken‑and‑egg problem because you want to, would out what harm matters to you and in order to work out what harm, you know, might exist there, you have to know who will be perpetrating that harm so it's difficult to work out which ones to address first. You have to be able to address these things in parallel, work out who it is that might want to cause you harm and at the same time, work out of that harm what are the things that matter to you.
Okay. So who are your adversaries? So I don't know who your adversaries are, but for the clients, I guess the most common adversary is nation states.
So in terms of, you know, human rights defenders, journalists activists, bloggers and a lot of countries, a lot of the adversaries is the state itself. It's not the only adversaries that are out there. So for organizations working on indigenous land rights so they're fighting multiple national corporations to prevent land grabs for mining and other extraction resources or whatever. The adversary there is a corporate entity and that corporate entity, because it's big and powerful and multiple national ‑‑ they might have allies in more than one nation so that really changes the landscape.
For others it might be just individuals or individuals that loosely get together like trolls. Antifeminist trolls ‑‑ they have their own formats and websites and ways of organizing and perpetrating harassment so that's a very different landscape again.
It might even be something like we've had cases where there's been a disagreement inside an NGO and the NGO has split and one side has, you know, taken half of the accounts or all of the accounts and the other half are trying to recover those accounts, and so the adversary in that case might be much, much closer to home. It is important to work out ‑‑ given the work that you do and where you are and so on, who those potential adversaries are.
Okay. So once we have an idea about the adversaries that are against us what's important tomorrow morning about what's their sphere of influence because we're talking about digital security and so we're interested in what capabilities the adversary has and where those are in the network. So if the adversary was a nation state, then it's likely to be the communications infrastructure of that nation state. If all the communication structure is government‑owned if that's a really bad situation it's the commercial telecommunications providers then that gives you a little bit of separation but largely they'll still operate on the instruction of the authorities so ‑‑ so in terms of a nation state you want to look at things like what is known about the surveillance equipment they have? Where is in the network is that surveillance equipment, what censorship mechanisms do they have? Are they known to purchase offensive hacking tools from one of the commercial providers, like, hacking team or anything like that? So that gives you an indication of the capability and where in the network they're most likely to be a problem.
If the adversary is something else ‑‑ if it's smaller adversary, then you have a lot more scope for defending against them.
So we'll talk about security as a chain and we have to always think about security as a chain because your security is only as strong as the weakest link you in that chain. And, you know, we tend to be very self‑centered and see the world from our own perspective but insecurity actions can actually create risk for someone else apart from ourselves and we do have to think about that so we will get to that.
So what do I mean of the sphere of influence? In the diagram above there, we're just going to take a very simple circumstance of email and the person on the left is using an email provider that has either HTTPS through the browser or through the encryption or IMPLS from a native app but that cloud represents the sphere of influence of the adversary. So let's say this is a journalist working inside a country and the state is their adversary. So it's really important in this chain, this security chain has that first hop be encrypted. So the green those that it's encrypted and the red parts are unencrypted so this journalist is sending something to a person outside of the country, and because that first hop is encrypted and the server that is providing the email service is outside of the country, that journalist is hopping beyond the sphere of influence by using encryption and so, therefore, is safe.
We can look at other examples so here is an example where the adversary has access to in your where the email provider itself is sitting. So in this circumstance it would be something like the U.S. government. So if those providers are listed there, Google and Yahoo!, the servers are likely to be in a jurisdiction that the U.S. government has access to. They have access through programs like Prism. And so even though the individual at the left of the screen is using encryption with their email, the communication is not safe. It's certainly not safe for the person on the right, who is themselves easy in a sphere of influence of the adversary, and so that's not a great security scenario.
Here we see the other end doing HTTPS encryption through the browser but if you have providers like this ‑‑ one provider is Google and one provider is Yahoo! the actual communication between their email service is not encrypted. So even though the sender and the recipient are both using encryption, you don't have encryption and privacy and protection from end to end. So, again, there's a number of attacks depending on who the adversary is, to compromise that.
So this is, obviously, the ideal so if both the sender and recipient are using Google, we know that Google encrypts in transit between their own email service so anywhere in the world you should have encryption as in this diagram. But again, it's still encrypted from the sender to the server that's in plain text unencrypted on the server and get encrypted to get to the next server and unencrypted, on the next server and encrypted to the recipient on there are still areas of vulnerability in that, in that Google service themselves could be hacked or the adversary has a jurisdictional control over those servers then you still have some vulnerability.
So this is mail using public key encryption. So it's using GPG or PGP so that gives you added security because the message itself is encrypted on the computer of the and it's not decrypted from the sender of the recipient. So even when the data is there on those servers in between, the adversary cannot see what the message contains, but there's always this vulnerability so as you can see on the right‑hand side there's a fellow with something in his hand and we call this the rubber hose attack because ‑‑
(Laugh.)
>> They can turn up at your door and beat you with a rubber hose until you provide them with the passwords and everything they need to know. Yeah. Even the best digital security doesn't necessarily prevent the information from getting into the wrong hands.
By the way, if anyone has any questions, you can interrupt me at any time.
All right. So what we saw was security as a chain. So the message to you is that your security awareness needs to go beyond yourself, and you need to think about everyone that your communication touches, and you need to consider what their security position is and who their adversaries are as well.
All right. So the second part of all of this was the harm part, so you know, what's the value of the assets that you have? Yep, go.
>> So what would be an example of your ‑‑ of your security actions, putting other people at risk?
>> Okay, so if, you know, you ‑‑ you send someone else a message but the adversary ‑‑ and you might be secure so your adversary and its sphere of influence, you know, might be where you are and you've used encryption on that first hop to escape your adversary, but if the rest of it is not encrypted and their adversary can see it with their surveillance equipment, then they're going to get in trouble. Yep.
>> PARTICIPANT: I think two years ago, in the IGF, we heard Google is not safe but now as you mentioned pretty much safe so we don't ‑‑ how can we know ‑‑ I mean, as a regular people knows which one is secured and which one is not secured? And without using HTTPS is necessary or not, yeah, kind of explain.
>> Okay. Google is not safe. Depending on who your adversary is. So if your adversary includes the U.S. government or 5 I nations then you're not safe using Google. But if your adversary is, I don't know, the government of Nigeria, you are safe. So it really depends on the context, yep.
>> PARTICIPANT: I have a question of the cost. If you're doing the encryption and the encryption at your own place ‑‑ I mean, the sender and receiver, cost‑wise, it's more expensive than putting the energy to do the whole stuff?
>> No. So it's just the software that you install that does that encryption and decryption, so ‑‑ yeah, it has a lot of other advances which we'll get to.
(Laugh.)
>> So, yeah, it's important to analyze what's important to protect. And the good news it's all data when we're talking about digital security, what we're worried about is data of one form or another falling into the wrong hands, and so we have to consider data at rest and data in transit. And data at rest ‑‑ let's say you have a database on your computer of documented human rights violations. That is data at rest and so solving the security of that problem is going to be quite different to the scenarios we talked about before of communicating to someone else over email. That's data in transit. So you're looking at the two different types of security problems. Solve data at rest and data in transit.
So for data at rest, there's many possibilities there. But it usually involves encryption of one form or another, either encrypting individual files or encrypting the entire hard drive.
You were asking about the PGP before. One of the great things about PGP is that when you receive the messages and they're on your computer, they're encrypted. You can be load up your software and read them but when you close your software, they're still encrypted on your hard drive. So if your device is seized or someone hacks into your device, they still can't read your email; whereas, you know, if you solve the data in‑transit problem and let's say you worked out that chain of security and you managed to get HTTPS and encryption the whole way but those messages are going to sit on your hard drive and encrypted. You're vulnerable with data at rest even though you solved the problem with data protected in data.
And one other thing that's very important to consider is identity and anonymity. So yeah, your identity is data but, obviously, it has very particular or ‑‑ it can have very severe consequences if that data is leaked, but it's very important to identify whether hiding your identity and having anonymity is important in your particular security context because it's a very difficult, difficult thing to do and, of course, if you make a mistake once, your identity is no longer anonymous and you can't get that back. You can't go back once it's been leaked.
For the tools, for all of these ‑‑ I didn't talk about the tools, but you can get with me and I'll be happy to help you out with those kinds of things. But identity is not only important for yourself and your own identity, but it might be important for you to be able to robustly identify someone else and not necessarily who they are, but the fact that the person that you are communicating with is the person you expect.
(Laugh.)
>> GUSTAF: So that, you know, you're not subjected to kind of like a man in the middle attack where you think you're communicating to someone but in actual fact you're communicating to someone else. So we can solve those problems again with encryption. Yep.
All right. So the last part is security support. And there was a question before about, you know, how do we know if we need HTTPS, or not, you know ‑‑ information security is a very deep topic and ideally, we don't want you all to have to become, you know, deeply versed in all the minutia of information security. We want you to know enough to be able to think securely and to know when to reach out to people when necessary. So there's plenty of professionals out there that can assist you both in terms of the preventive security so like the things that are listed there security and assessments, setting up secured communications, implementing security policies and things like that and behavioral security at your organization, as well as incident response.
So, yeah, triage, investigation emergency funds, and things like that, so that's, you know, where our digital security help line comes in. It's a free service. You can be contact us just by emailing help at AccessNow.org you can do that with encryption the PGP encryption is there. Given it's 24x7 you should get a response usually within 10 minutes, but guaranteed within 2 hours.
So we're there to help you ‑‑ help you assess any of these things, help you work out your threat‑modeling. Work, out who your adversaries are and so on. Yeah, if you can think securely, then whatever, you know ‑‑ people like Access Now help you implement, you'll be able to continue to keep that security working for you by thinking securely.
Any questions? All right.
>> Okay. You mean this or ‑‑
(Speaker Not Mic'd.)
>> The slides. Okay. We share the PowerPoints and people say go to the website to download it. Thank you.
>> No problem.
>> So we have a round of applause to Gustaf and if we go through any security issues you can stay in touch with you and give any opinions or issues. Thank you.
>> No problem.
>> And guys, here comes the last session. It's about advocacy work. It's a long day and thank you for everyone for staying to the end. For this session we'll, like, change model a little bit. This will be a more hands‑on session. So you guys come in the first row if we can do some exercises together.
(Speaker Not Mic'd.)
>> Thank you.
>> And I'll be ‑‑
(Inaudible conversations.)
>> Yeah, it is advocacy and, hopefully, we will try building some activities together. I mean, some advocacy work or campaign together so there's hands‑on experience how the things are going, and we'll go through some key points how the program and see if we find some of the problems. Yep. So, yeah, here comes the last session. I think it is ‑‑ yeah. It's about advocacy work how we're doing, and it's also about the ‑‑ representative youth's voice.
On the work of some tools that we can use to tackle some problems and for this stage ‑‑ when we talk about advocacy, it's by definition is mainly about how someone or ‑‑ a person who will be publicly supported or recommended the policies or persons who breached a cause to someone or behalf of someone else it's quite ‑‑ in the simple work is somehow ‑‑ if there is an items or issues here you're concerned, you'll be trying to speak for someone and for a purpose of somehow like social justice or solving these kind of problems or questions. In terms of advocacy that's what it actually means. I think it's quite interesting when we talk about how advocacy actually is. That involves different areas and elements.
Take advocacy, you'll see as an example, man, when we talk about advocacy of communications and media work communication for behavioral change. Developing the partnerships alliance collisions, campaigning, doing some research, working with, you know, targets, having the social mobilizations and also there's some conference you speak for ‑‑ once you want to send a message on.
For today, we will go four different areas for doing some ‑‑ the first one is human rights and also the internet governance. The second one is about the freedom of expression and then about the data protection and also the privacy issues last but not least, the cybersecurity.
When we're doing advocacy work, hopefully, we should identify a social problem or issue we're concerned. There's a lot of issue today taking some advocates as an example ‑‑ I know some of you may already know who they are and for this exercise we're thinking about what are the problems that ‑‑ the advocate is tackling. So I know anyone who shares ‑‑ yeah, shares ‑‑ shares advocates for the education rights and also the agenda equality. Or getting some shot by some terrorists in her home country because they have these ideas for the equality work. That means she is advocating for an avocation and advocacy process. She wants ‑‑ she was a prize winner. I think she is more ‑‑
(Inaudible.)
>> So I just say what she's doing and is quite inspiring questions and inspiring story from her. It's mainly about internet inter‑issues she's tackling. Her name is Tricia ‑‑ sorry, my pronunciation is maybe not very correct. Her name is Tricia. On that area she was tackling the cyberbullying issues by inventing an app, which is an online app to send some hate speech or inappropriate work online the app stands out and notice to say are you sure you be sending out? So it's providing another opportunity for people to rethink about the message they're going to send out. What it is hurting for someone or hurting someone.
The app is called "Think," and she received some award from Google and this is the app you can find in app store right now.
So for young advocates they are tackling some problems they think is important in a sense. Malila mentioned education and gender equality. And Tricia mention the cyberbullying issue so the exercise today is how about you? What kind of issue do you think it is important to you after we go through the whole session of the day, there's lots of governance issue in different countries and different worlds and also maybe back in your home country the critical issues you're tackling and facing.
And toward the last session we're trying to do ‑‑ try getting our hands dirty. By doing this exercise and know there's a small group of people so we can work on one single and single proposal on addressing different question I mentioned here.
The first one, of course, as I mentioned, we should identify a problem. So the first question is among yourself ‑‑ talk among yourself which problems you would like to address and the internet governance and mainly internet issues you want to address.
The second one is what is the goal for that? It means how you like to solve the problems. In more sense, and then setting an objective. Objective means how to move to go step‑by‑step. There's smart principles in that which is specific, which means ‑‑ specifics mean, of course, it is one couple of questioning ‑‑ one area you especially want to address but not focus on too many. Be specific in the sense measurable. Measurables means, for example, I would like to reach out to 100 of kids in high school about ‑‑ to get to know about internet governance issue. Hundreds of children or hundreds of high school kids. This is somewhat measurable. Achievable.
It is mainly about your ability on doing stuff so ‑‑ and is there any manpower to put in consideration? Any time constraints? On that sense it's also about the realistic because we do not ‑‑ we should not overestimate our ability so also be realistic and time ‑‑ which means a period of time how you can finish the whole stuff on doing the whole thing. This is how we set our objectives.
And then follow the fourth session is about most of your purpose ‑‑ most of your target groups and who you partner on doing these activities and ‑‑ and how you are doing this together or with someone else or you'll be doing that alone that surely you should set your target group on what you should focus on. Here comes the last session on how we can plan for our whole program. So just get into your group and try to see how the things work. Yep? Yeah, a small group and just like ‑‑
(Speaker Not Mic'd.)
>> And from there I think it's quite feasible. For the first question I would like to see if you guys have any specific internet issue ‑‑
(Speaker Not Mic'd.)
>> In Brazil, I participate in a lot of events.
>> Yeah.
>> And do a flagship. And interesting flagship is there is no freedom without privacy.
>> No people without privacy.
>> Yeah. It's to defend online privacy and to achieve ‑‑ achieve production of the freedom of the people but when you don't have privacy, we can't ‑‑ we can't control ‑‑ we can be easily controlled.
>> Hmmm! Okay. So you mentioned about ‑‑
(Inaudible.)
>> Yep.
>> And also the freedom.
>> Yep.
>> So are there any other problems which is what you address?
>> I would say the you can see to be able to ‑‑ any time access on data but what's the ‑‑
(Inaudible.)
>> And see what we got.
>> Hmmm!
>> On that area ‑‑
>> Data control.
>> On data control.
>> Creating information to ‑‑
(Speaker Not Mic'd.)
>> And then it's used to make assumption about how online tracking works. The fact that you're seeing certain commercials because privacy in a way people think it would be ‑‑
>> Uh‑huh.
>> It's using many different ‑‑
(Voice Trailing Off.)
>> So do online ‑‑
(Speaker Not Mic'd.)
>> Anything from you?
(Laugh.)
>> Yes, yes, yes.
(Laugh.)
>> So I was not here when you did discussion when you all started, but I see that addressed. Cyberbullying. Cyberbullying.
>> So we have different kind of problems for tackling of building a proposal which is more ‑‑ this will be more easy to focus on one area and have one goal. So on that we can choose one of those to try to go through ‑‑
(Speaker Not Mic'd.)
>> Yeah. So the second part ‑‑ you talk about online piracy issues and the in the home country the issues not really of people's concern.
>> Yep.
>> So that's on a personal advantage or the governance sense
>> Yeah, actually it's a lot of working with the government and the society the ‑‑ I don't know. I didn't think the is to people know what is at stake? Of left in your privacy, right? What about when you are completely online and everyone can access and connect the data that you're producing. So I think the goal is to make the people understand what is at stake.
>> I agree. I agree with you because I come from Indonesia which privacy people sometimes think that's a western kept we don't have here we have communal and everybody knows our own business so I think really need to know what is privacy in the digital age? And what is at stake because it's not only about us but also the companies that are using our data, as you mentioned, providing us and giving us what we would like to see or they perceive what we would like to see? An understanding of privacy in a digital age and culture and the challenges. Yeah.
>> So maybe make people understand the issue, that we accept these kinds of goals. We should move forward to the objective to make it more specific because, for example, in the statement make the people understand the issue. On that way we can focus on that keyhole, on that issue, on the targets. And how to have people raise that understanding or issue what people would like to focus on that is, like, parents, just a general update in a sense.
There is another area we can just like to specify the whole objective, so this is ‑‑ so for example, we can say maybe do some school education, school education for next generation and never be students. And how to make it more feasible and more measurable so we should accept, I guess, how many schools -- numbers. What students wish so it's about measurable areas. Yep. So it's simply how we can move forward for a more specific objective. And in that area not only about your target groups. If you just take an example of doing some school education you can also think of any partners that you partner with at schools. Do you think of any partners related to that area? Yes.
>> Private schools.
>> Yep, actually, for example, in my home country, the government ‑‑ they have some funding for school maybe citizenship program so one is to find some partnership so you can see how to put your plans into execution. And there's some funding in a sense of some issues and also on the area maybe you can also see some supportive schools or even some grammar schools.
If you have this kind of network, it will be easier to achieve your objective like school you wish or the number of students you would like to achieve in your whole program. So it's important to identify your partnerships in a sense. Is your plan more feasible? And also increase some funding in a sense. Yes. Last but not least, just a simple device, as we know we specify to go to the objective like the number of hundreds of schools in your home country, like, 80,000 students in the program. So here's some ‑‑
(Voice trailing off.)
>> So because of the activities and I found ‑‑ for example, the high school. So last but least some outcomes whether it's a success or not. If you think there's any assessment you can do for students to understand the issues or understand the whole thing enjoy things.
(Inaudible.)
>> Yeah, I'll give some examples. For example, the examples is normally sometimes it's right after the IGF making there's some ‑‑ there's some see it every time, but one of the outcomes are measured whether your program is a success or not. So actually, you can also try doing some small things after you have towards the understanding so you can say the students can get, like, 4 out of 5 marks and they have increased the understanding of the issue for this issue is privacy issue. So these type of outcomes you can also put in your agenda and also in your plan to estimate whether your program is a success or not. So this is ‑‑ another is lots of things to be done that is just a very simple exercise to think about how we can plan programs.
The reason why of doing this you can ‑‑ as we have mentioned about the type of issue today, the thing is also important to gather youth in involving the whole process to bring these types of ideas back to your own community on doing your own ‑‑ own advocacy work. So I hope this is useful for you guys and also for you guys to stay in the moment.
I'd also like to share a shot of tools that we can find online. It's included all the things that I mentioned. These tools of advocacy by robo‑partners.
So there's also mentioned the goals and some objectives that you set. And also the outcomes and the problems we have and also mapping the ecosystem which means you need to target your service targets and partners you would like to cooperate with as mentioned in your case that would be in some school principles or if in the government they can provide some funding to make sure you carry out and some opportunities and like Plan B, like, the government school and maybe you can organize an online campaign maybe and maybe there's some support by just sending out your materials online media in a very ‑‑ and then people can use the materials to raise online security stuff. So you can list other opportunities and plans on your mind in the whole proposal in a sense. But, as I mentioned whether your policies are success or not or any okay ‑‑ and it's important to visit them in your home proposal and some of the tools you can also take reference to. It's a blank version online. There's more version and talk about each area of finding some guiding question and you already know how to fill in that time and that exercise is not really fair and you can still go through there. So, yeah, thank you for your participation.
(Applause.)
>> Now, in the region we also still have another capacity buildings to use online and opportunities that you can also participate. She wants to share any other opportunity on top of the IGF when you're back at your home countries and know more about internet governance.
>> I'll be very brief, only 5 slides.
>> Sorry.
>> There's not ‑‑
>> Is it this one.
>> No, it's this one. Perhaps I can do it here. Is that okay?
>> Yeah.
>> I can do it from here.
>> So I can offer ‑‑ sometimes use that to ‑‑
(Speaker Not Mic'd.)
>> So basically the process in the ‑‑
(Speaker Not Mic'd.)
>> And nothing on how ‑‑ on our details on that job. So also the development, when you have the process in which ‑‑
(Lost audio.)
>> Be the only type of intervention which DPLO has chosen but we have an internet platform advisory, yeah. We also have monthly newsletter printed. It's being translated from Indonesian, Spanish, French and English so 4 languages and we have the monthly barometer but also part of the newsletter and we have monthly briefing every last Tuesday of the month and we have lots of hubs in the world so we have Asia, Africa, Latin America and we do have one from ‑‑ yeah, it was also part consist of a lot of collaborators and a lot of people around the world have these issues of either policy and we understand the complexity of this issue. That's why we have to put it in the different type of in the different type of information for making people understand.
I come from Indonesia which one of the ‑‑ I'm also helping the minister of communication technology folks and they are very helpful for people that has been doing. For example, my boss which is a director general of our application asked for any updates on Uber or online transportation and then you can download it easily from the digital facility on these issues or other issues ‑‑ or, for example, there is one legal institute in Indonesia that would like ‑‑ because that article just being put in our law and that's also the things that organizations like DPLO can do because we have the updates all over the world but this is only one type of intervention. They have lots of type of interchange on the capacity compassion. We have 8 Pacific ‑‑ this is actually one of the new organizations but the main concerns they have a lot of capacity ability and needs in the Asia‑Pacific on the issues of many issues and they would like ‑‑ these are the people other organization that used to have this capacity‑building internet or abilities they would like to do together and make one collapse because there's one technical community and internet school of governance there's one from Africa and one the WSIS ‑‑ yeah, the APC, the APC school of internet governance in Africa and school of Asia Pacific and around the globe there is a school of internet governance. We have digital platforms when I mentioned before.
We also have a lot of national and regional IGFs. Yeah, we have more than 70 national and regional IGF and in many places the regional and national IGF basically being put as capacity building or building awareness at least if not capacity building as the meaning of really build capacity skills and knowledge, but at least building awareness on the issue of capacity governance. There's a lot of concerns about issues and many national IGF being established in more than 70 countries in less than a year, I guess. So very quickly ‑‑ very quickly increase and also fellowship organization I don't know whether you also come all the fellowships going on from this community. I think in my perspective on the youth participation I think it is very important for youth to be part of continuous discussion within local or national processes because many active users are young people, and it is important for young people because then you will be part of the decision‑making making processes later on in your life. It's very important to take part and take an active part. It's also very important as I mentioned before because the capacity ‑‑ the issues of internet governance is very complex. It's very important for young people or youth group to have collaboration with specific subject matter expert either coming from Indonesia of technical communities and, et cetera, and I think what's really important related to the session before is be part of the process and your seat because they are especially in the policymaking processes there are so many people who doesn't understand the technical what they're talking about especially in the eye of the users especially in the eye of young people that mainly use the internet or the digital technologies and it's certainly part to take part of that processes and you learn by not only learning but also be part of the processes, that's what we call the capacity buildings happening so it's only about the skills but also the knowledge and understanding the whole issues. That's it. Thank you very much.
(Applause.)
(Speaker Not Mic'd.)
>> This one? This one.
>> Before last.
>> This one?
>> Yes.
>> Yeah, I will retrieve the page.
(Laugh.)
(The session adjourned at 9:51 CST.)
(CART provider signing off.)