IGF 2022 Day 2 Open Forum #58 Promoting Internet standards to increase safety and security

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> DANIEL NANGHAKA: Welcome, good morning. It's a chilly morning and welcome to this session of promoting the modern Internet standards.

It's a pleasure with support from the GFCE, the Minister of Economic Affairs of the Netherlands, we're able to successfully be here and present you this session of Promoting Internet Standards to Increase Safety and Security.

Just right at the table, we have Wout, who is going to be our rapporteur. We have Alisa, from the Minister of Economic Affairs.

We have Gerben Klein joining us remotely, and also from the Australian Strategic Policy Institute.

Gilberto Zorello will be making a presentation remotely. And we have Johnny, the host master from BK, and I'll be doing the online ‑‑ have also a colleague of mine, who is doing online moderation with us, who is Gerben. We'll have a discussion on how to best promote Internet standards. This is an initiative that came in under the working group E of the GFCE, which is mainly on the cybersecurity, Internet standards.

Right with me here, I'm going to give the floor to Alisa who will give a brief remark, and then we'll get to hear from Gerben, and go through the presentations. And then wrapping up, from Maarten to give brief on the triple ‑‑

>> Alisa HEAVER: I'm from the Dutch government. We have been working since 2015, way before I started working for the Ministry of Economic Affairs and Climate Policy, we have this great website, Internet.nl. And it's a collaboration, the website was created as a collaboration between the Ministry of Economic Affairs, and the Dutch community, working on Internet standards and safety.

And thinking together that we should organize something to make people more aware of the Internet standards that are used behind the website, or used behind a domain name, I should say. And now it's also for quite some time, you can also check an e‑mail address. And I'm sure many others that Gerben will say a little bit more about it. But I'm really pleased we can show this example and that already a few other countries have also more or less copied the example thanks to the fact it's open-source software, open-source code. Everybody can use it. I think it's really important to stress that, that we can together hopefully build or create a safer Internet.

And yeah, I'm looking forward to this session. Please, if you have any questions, just raise your hand. Don't wait until the end, because I think it's important that we have this interaction with each other. We're here. We can see each other, or I can see the people at least in the room.

And for the on‑site moderators, please ensure that we have a most interactive session as possible. Because I think that will be the most useful for everyone. Thanks.

>> DANIEL NANGHAKA: Thank you Alisa for those remarks. I'm going to ask the host to help us enable the presentations.

Very quickly, let me give the opportunity to my colleague, Gerben, please.

>> GERBEN KLEIN BALTINK: Thank you, Daniel for hosting this meeting on‑site. What I will try to do is share my screen with all of you, and hopefully you will be able to see some of the things Alisa already mentioned dealing with the Internet.nl initiative.

Is the screen visible to everyone?

>> DANIEL NANGHAKA: Yes, the screen is visible.

>> GERBEN KLEIN BALTINK: Thank you. A short agenda for about ten or fifteen minutes of introduction on Internet.nl. We have since 2014, because we all agreed in the Netherlands, both from government and the private sector, that modern Internet are necessary to keep the Internet safe and secure. You will see it's a set of standards that we are dealing with that is really deep into, let's say, the Internet infrastructure. So it enables us to visit domains, websites on the Internet, and to communicate through e‑mail, in a safe and secure way.

IPv6 is mainly meant to be able to connect as many people as we can, because RPV4 has reached its end, you could say. We need to be secure, so the domain signing should have been, perhaps secure from the beginning. DNSSEC is now the answer to deal with that, and the same goes for the other standards that you can see on the screen.

What we wanted to do is promote these standards in such a way that people could understand why they are relevant to us in the modern society, and because we know that these open standards will enable us to keep the Internet working.

It is not just about security. And therefore, I would like to take a look at IPv6, and on this map you will see the enormous difference in take‑up, that is quite low in many, many countries.

We see great exceptions in green, but only a few. Many countries in deep red, where IPv6 is not ‑‑ the capable rate is not up to standards at all. And this is just an example. We could give other examples as well.

If we look at the private and public partners within our Internet standards platform, because it's not just a website that we will come back to in a few minutes. It is also about the community. And the community in the Netherlands is really a public‑private partnership between Dutch government, for example the Ministry of Economic affairs, but also the cyber security center and other Dutch government, as well as private organizations.

But all of them without a specific commercial interest. They are there because they believe in the Internet as a basic given to all of us. For example, SIDN, SURF, and ECP are supporters of the Dutch Internet Standards Platform. And I have the honor of being the chair of that platform.

And that really is a privilege, because these people are working closely together to keep up with modern, open modern Internet standards.

And I suggest that if other countries would like to follow this type of initiative do not only focus on the test tools at Internet.nl, but also think about this public‑private partnership between different organizations in your country.

What we built to make it visible to a broader audience was the website Internet.nl. And you see the interface of the current website. And later on, I suggest that you will try to look up your own domain, or your own e‑mail at Internet.nl in a few minutes.

This is the basic interface where you can test your e‑mail, website and local connection. And you will get results, you will see in a few minutes, that you can easily see what standards are up to par, and what you might have to change or update issues.

It's not only the test part of this website that makes it interesting, but we also have a hall of fame, not only for individuals who want to show that their website or e‑mail is scoring 100%, but also for hosting providers that can show that they have done their best to score 100% for their customers. Internet.nl is not just in Dutch, it's also in English as you can see.

And we know, and you will hear that in a few minutes from other countries that the take‑up is growing, and other languages will be available or are available already in other countries.

We also developed an API and a dashboard where we can do bot tests. This is not available to the general public. But if you are a public organization working in the Internet domain within the Netherlands, then you can get access to the dashboards, and you can test up to 5,000 domains at once and get really nice reports, even over time, to see how things may have changed.

It's an easy tool, used by 70‑plus users at the moment, with hundreds of thousands of tests every year.

And now for the demo. And of course, we could try to give a demo with our online participation, but I think the best way to get connected to Internet.nl is take a look for yourself. And if you use this link, you will go to the English version immediately and can check both your own domain or government domain in your country, your own e‑mail, and even the local connection at the IGF right now. So I'll take a brief moment and hope that many of you will take a look.

If there are any comments on the results you get, don't hesitate to raise a question. And then something that is behind Internet.nl.

I'm looking at the audience. Are there any questions? Any people who have scored 100%?

If you could raise your hand, that would be interesting to see. If not, I will move on. We could not have developed Internet.nl without reusing existing testing tools and source code.

So there are things that we want to share openly, because we made it available ourselves, and then our content is under the creative commons attribution 4.0 international license. And Internet.nl, and even the tooling behind is under Apache license, version 2. The building blocks, which you see underneath, are there, because there is a great open‑source community.

And we have tried to contribute to some of these building blocks ourselves from the Netherlands, from participating organizations. But other tooling and building blocks are available online for all of you to make use of.

And you will find our Internet.nl software, the codes at GitHub.

If we look at what you have seen so far, this is just a Dutch initiative. It's done over the last eight years by a group of very interested colleagues, who wanted to make sure that we strive to an open, free, and secure Internet for all of us. Not just in the Netherlands.

And therefore, we are really happy that some other countries took up the same idea and have worked together with us or even completely on their own on similar initiatives, similar websites.

So what I would like to do is give the floor now to Bart Hogeveen from Australia who have developed a web check tool themselves. And I will end my presentation right here.

>> DANIEL NANGHAKA: Thank you, Gerben. Before you proceed. Just want to check on the connection that is here at the IGF. Just for the information, the connection test just achieved 10% of standards. It has ‑‑ the modern addresses that are meant to be reachable on IPv6, they are not so much reachable.

But one advantage is that the IPv6 connectivity of the DNS server is running, it has a green check park. And the IP connection where DNS were publicly running were. But all the others are not publicly running well. So this is just an example of how you can test your connections with these standards, right in your different locations.

Let's continue with the presentation, to my next colleague.

>> BART HOGEVEEN: Thank you. Is that me?

>> GERBEN KLEIN BALTINK: That's you, Bart.

>> BART HOGEVEEN: OK. Great. If the host could enable video and/or share screen, that would be great. And while this is happening, let me give you a short introduction. So I am speaking to you from Australia, good morning to you, good evening here. Thank you very much to the IGF, to the hosts, to the team for organizing this event for allowing me to share some of our experience working with the Internet.nl Tool, and the collaboration with the Dutch Internet Standards Platform.

I assume you can all see the screen. I wanted to ‑‑ yeah, bring you through, let's say, our experience in kind of replicating to a great extent, Internet.nl in Australia.

Great to be also visibly with you. So first question up front is a.au ‑‑ a dot au check. Internet.nl is available in English, so English is the common language in Australia, so why not just use the English version of Internet.nl? That's probably kind of the main thread of my short presentation.

It is obviously, not a simple copy‑paste.

Just to give you a bit of context about the cybersecurity context in Australia. This is a sheet from the Australian cyber security center, which they published in their previous annual cybersecurity report where they look at the previous cybersecurity incidents. Most of the incidents being reported to our national cybersecurity center are what they call low level malicious attacks. Targeted reconnaissance, phishing and data loss, affecting small and medium‑sized organizations and state government and academia, and state government for us is going to be the sub‑national government entities.

So building on that, we kind of took a few kind of concepts into practice. There's obviously, kind of the UN General Assembly resolutions back in 2003, which is calling on the creation of a global culture of cybersecurity. I think this fits into that free border agenda.

But we are not only looking at what was happening in the Internet.nl context, the UN context. We for instance, also looked at what was happening across the channel in the UK, where the UK national cybersecurity center had ‑‑ trying to do simple things at scale, which can then have a positive and matchable effect.

One of the things we're talking about here is doing simple straightforward, relatively simple and straightforward things that at scale, and will have a massive impact on cyber ‑‑ the uptake of standards, by consequence cyber security and cyber resilience across our economy

In the 2020 cybersecurity strategy, there's not only an ambition for online to be safe for all Australians, but also for businesses to take responsibility to make sure their own products are services are secure. In other words, not seen as a government responsibility but as an individual and private responsibility.

So where do we start with our initiative? And this goes back already four years, four or five years is that we would kind of replicate the Internet.nl ecosystem. Not just the tool, but also kind of establish some kind of a multi‑stakeholder platform, and also be involved in kind of activities around education and assistance. Speaking to audience like the IGF, as well as other platforms and conferences and sessions here in Australia.

As you can judge by the traffic lights, even though developing and launching the tool took us nearly four years, that's the only thing that got through at the moment, let's say. Kind of building the ecosystem around it with those multiple stakeholders and kind of building that community has been a much harder sell here in Australia.

And just kind of give you a comparison, the previous speaker kind of listed the actors that are kind of key partners of the Dutch Internet Standards Platform. And on the left‑hand side I was kind of listing, their Australian equivalents.

There's a small business and family enterprise ombudsman, which is kind of the representative of the community of small businesses here in Australia. That's one of the reasons that's why it's important to flag, in our consultations with industry groups across the country, is there's a real need to help and assist the small and medium enterprises.

Those smaller companies that don't have kind of a cybersecurity team on‑site, that are relying on their service providers to just provide them with hosting service, a website, and NL service that is allegedly up to standard.

That's where we are. I think in a different ecosystem than (?) and the team have been able to create back in the Netherlands ‑‑ Gerben and the team have been able to create in the Netherlands.

Thank you so much for making Internet.nl available a few years back. But we had really the issue of kind of creating a sense that all those standards which are internationally generally accepted and seen as good practices, are also kind of applicable here in the Australian context. So we really had to make an effort to make sure we would not only reference to kind of the Internet.nl source materials or the IETS source materials, but really link back to Australian relevant materials. For us, that's the information security manual being produced and managed by the Australian Cybersecurity Center. Most of the standards that are being tested can be found in that manual, but not all of them.

And an interesting discussion we've been having for many, many years is for instance around DNSSEC, which is in Europe and Netherlands widely accepted. Here in Australia there's a bit of hesitance, if not a bit of pushback, against the adoption of their particular standard, by industry, and therefore, also there's little kind of appetite, even within government to kind of push that across the economy.

So as I mentioned, we've had kind of quite an extensive period of debate and consultations with industry, and the different kind of economic centers across the country. And also with the Australian cybersecurity center.

I think that consultation and engagement component is also really important, but it also comes with a time and cost vestment. I mentioned the debate we had about DNSSEC about a kind of necessary thing to check.

And the waitings, how much can you weight and kind of assess websites of small and medium businesses in our case. And kind of can you judge them by the standards you apply, if there's no rock‑solid and strong support that these standards are kind of the standards to follow in the Australian case.

Then there was also an issue that we've been facing all the time, where I think the cultural context, is quite different. Where there, it's easier to kind of name websites and domains, either as saying you've reached X number of percent or you're in the hall of fame.

That was kind of not really accepted here. So we had to refrain from using percentage scores and we also decided not to include a hall of fame. People were just kind of afraid for reputations, on the good side or on the bad side.

So what we did is kind of we put ‑‑ if you compare, let's say, a U-Check, to international, we kind of put a layer in between. There's international which is great for a non‑technical audience. Tried to educate and kind of give low‑access understanding to what it is that we're trying to do, and what it is that if I have a small business or I am a sole trader or have a website and run with a generic e‑mail provider. What is it that I need to know? What can I do myself, and what are basic steps of protection I can take and refer back to generally available tools.

This is kind of the user interface that we have. As I said, we got rid of all the percentage scores, although you can still see kind of where you're landing. On the right‑hand side, we also included a graph, which kind of says how you compare to the average scores of people taking the test.

And we've included some things around things to check that links back to the additional sub‑tests that Internet.nl is using.

As I said, it's been quite a journey. So we started with the whole back in 2017 and launched earlier this year. So we don't have kind of established user experience yet, but we hope to be able to report on that in the course of next year. But it takes quite a time to kind of get the ecosystem ready and get the right parameters in place to launch this.

This is our landing page, which obviously also looks slightly different from the Internet.nl interface. Just to show you, a couple of last months, I ran a test on a small sample of Federal Government domains on domains of some key AS6100, that's kind of our ASX index ‑‑ ASX100. That's kind of our Internet index.

The uptake of scores, as in which ones get to 100% score is pretty low. That goes for HTTPS all the way through to IPv6. And the antiphishing tools, the DMARC and SPFF is probably considered the bigger uptake.

So next? Hopefully to improve the service offering for small and medium enterprises, and leverage our partnerships. So make sure that kind of the test was part of the service package. And really use the tool to kind of do a regular check on what I would call kind of the health of the.au domain. I'll leave it at that. Happy to have any questions, comments, suggestions. Thank you very much, back to you.

>> DANIEL NANGHAKA: Thank you very much. That was a great presentation. Since we're looking at use cases, we shall be monitoring the temperature of the questions as they come in. Since we have some kind of limitation in time.

Let me just give the opportunity to give back to present another use case.

>> GILBERTO ZORELLO: Good morning. Let me share my presentation. Can you see my presentation?

>> DANIEL NANGHAKA: Yes.

>> GILBERTO ZORELLO: Good. Thank you. I would like to thank you, Internet standards, for the opportunity to participate in this event. My name is Gilberto Zorello, and I'm project manager from nic.br, the Brazilian information network center.

Designed by the Brazilian Internet steering committee, responsible for the coordination of Internet service initiatives in the country.

Presentations about the top tests ‑‑ test standards. Based on the Internet.nl tool.

Our agenda, we're talking about the project, the difference between the Internet.nl, obstacles, statistics and implementation impact.

Was developed by NIC.br to disseminate the best security practices in Brazil for websites, e‑mail and user connection to Internet.

It uses the open‑source code provided by Dutch implementation of Internet.nl. With our web interface in Portuguese.

The name is top, and we start operation in December 21st.

The access is top.nic.br.

Profile of Brazilian users who do not normally use the English language in his day-to-day life. It was necessary to translate the tool to Portuguese. Django.po facilitate a lot the work.

Many links have been redirected to documents in Portuguese and links were created to contents and courses from the NIC.br.

A new visual was created with new name and logo. And change the user's ability according to NIC.br website standards.

There are no relevant differences technically.

Other difference is we change the hall of fame to "Quem é top," "Who is top" in English. That sounds better in Portuguese and create a new picture for stamps.

The main obstacles for the project implementation. The main difficulty was the gap between the available documentation and the inference that has to be made to deploy the tool.

Whenever external help was needed, we opened issues on GitHub and we've always been quickly and kindly attended. By the Internet service team.

It's based on free and open-source software tool. The challenge was to make everything work together as a solution.

The implementation is not very complicated, but our engineering team's experience with DNS projects has been crucial to implementing it.

At first, we were concerned about how the project would be maintained and updated from the point of view of bugs and security patches.

But now, we have seen that Internet standards are following a clear and suitable road map for the tool evolution.

The development of the TOP was carried out in collaboration with several nic.br internal areas, like development systems, cert.br communication legal (phonetic).

The top version in response to Internet.nl, 1.4. The implementation of RPKI and security.txt is planned for next year.

Some statistics about the utilization of the tool. An internal tool was developed to monitor the use of the TOP, which accesses its database directly, and provides statistical data about the measurements carried out.

Some statistics from Brazil. The presentation of IPv6 usage in Brazil is 38%. Information from APNIC.

Percentage of domains tested by TOP Test site with 100% IPv6 is 24%. Numbers of dot br domains, 5 million. We have a lot of domains in Brazil. And numbers of dot br with DNSSEC configured, 1,500,000. About 30%. The percent of domains by the top test site with DNSSEC is 20%.

Some statistics of our implementation. Up to now, we really just have one year running. We have about 25,000 measurements involving 10,000 unique domains.

Here, "Quem é top" we have only 300. And for IPv6, 100%, and DNSSEC, 100%. We have these numbers. And the presentation is here. Relative to unique domains.

TOP test e‑mail, we have 8,000 measurements up to now, and about 3,000 unique domains for e‑mail.

The "Quem é top", just 49. These are numbers for IPv6 and then DNSSEC ‑‑

The connection test, we have up to now, 70,000 measurements, involving 4,000 AS tested. And this number for the DNS server tested and validated. With DNSSEC.

And DNSSEC server and ‑‑ DNS server and user test with IPv6.

And this is some numbers about the measurements per month. For this year, this first year of creation. We have about 1,500 tests per month. For sites, for e‑mail, about 500. And for connection, 6,000 tests per month.

The software was recently deployed, as I said. We are disseminating the tool in technical events and in specific sectors such as government and academia.

We have partnership with associations of Internet providers in Brazil and academia, which help to publicize the tool in their events.

With the dissemination of the tool, it's already possible to observe some actors adopting the good practices verified by the tool.

Brazil has continental dimensions and it's a challenge to follow the evolution of the use of the standards. We are working to take measurements on controlled groups such as government websites, academia, and banks.

These are our partnerships in Brazil. Many here.

ISPs associations. And RNP is academia.

I would like to thank Internet standards, support team, who are helping us to keep the TOP up to date following best security practices. These are our points of contact, and I would like to say thank you for the opportunity for this presentation.

>> DANIEL NANGHAKA: Thank you very much, Gilberto. These are some interesting use cases of the adoption of standards. I appreciate the GFCE for taking up this initiative, and under the GFC, just a reminder, this is under working group E, which deals with Internet standards and cybersecurity.

I'm happy to mention with us here, we have Maarten who focuses on the triple I project. And extending knowledge and building capacity on adoption of the standards. I will not speak much about Maarten, but give him ‑‑

>> MAARTEN BOTTERMAN: Thank you, Daniel. This works even better. Welcome in the room. Some of you may know me better as the director of the ICANN board, which I am as well, but that's not a full‑time job. I'm also very interested in helping the world build capacity.

And this is what GFCE is doing. The triple I initiative within GFCE that I've been honored to set up and lead on behalf of GFCE, is really aimed at improving justified trust in the use of the Internet in your region. In your region.

It requires collaboration on the ground of notable people. And in fact, Daniel is one of the people who have been instrumental in helping at previous African Internet summits, to have such a workshop, where mainly multipliers from the African Internet industry, users. But also governments came together.

And were eager to learn from the work that has been done here. The platform, Internet.nl, is really offering an opportunity. You can already use it today, because it works in English. If you're able to work in English, you can use it.

Now the instances that you heard from Australia and Brazil and also Denmark, where they made kind of local implementation, using the code that Internet.nl has developed, which is freely available as the chairman of the platform said early on.

If you implement that for yourself, you can link it to what is important to you in your region, who are the people to call if you want to improve something. And information like that, you can, of course, at languages that are prevalent.

For instance, if we would have something like this in Africa, I would see it would not only be in English, but also in French and maybe other languages. In India, we're talking about English and Hindi.

So this is the tool that already offers possibilities today and more tomorrow.

Now Gerben is chairman of the platform, which is not the software platform itself, but truly, the collaboration of those people that together in the Netherlands, government, tech suppliers, user industry are getting together to say what is important in the Netherlands, where do we put our emphasis? What other standards do we maybe need to check in the future with this platform? And things like that.

So if you're thinking of how this could mean something for you in your region, think also about how can you guide such an implementation of a local version. So that's the second step and the third is awareness raising.

I know in Africa ‑‑ in Africa, the priority is not safety or security, it is getting online, right?

And getting online is a first prerequisite to be able to get in trouble. The problem is nowadays, as soon as you get online, you can get in trouble, because people from all over the world will be able to take you ‑‑ trick you, confuse you, or abuse you. It's good to be prepared for that, so to be aware of that from day 1. It comes with the connectivity. This the access of this wonderful world of good and bad. So better be prepared.

So this is why it's interesting and so relevant to take this into account. So the last thing we're trying to do, and in India, we're talking about how can we get that done already, is to have kind of awareness‑raising campaign that goes to the normal people.

And Bart was with us in the recent event also, in India, where the Indians are also considering building their own instance. And what you see is that particularly, you come to a whole thing, or good or bad, or naming and shaming. It doesn't work as well in each culture as it works in the Dutch.

You can call us for whatever we are, and we'll say "oh". In other cultures, sometimes that's a show‑stopper. So that's just an example of one of the elements of what is important to take into account, if you want to help in your region to make this progress.

And again, I think you can already start today using Internet.nl. If you're really interested, and you have the right contacts, you can engage with your technical partners, with your governments, with others, to start an initiative like this.

Information on this is available from the GFCE website. With the help of the Ministry of economics as a main driver, in the Netherlands, we've gotten to this point. But it's not only the Ministry of Economic Affairs anymore and the few users. Same in your region, as Bart said, it's not the same group of stakeholders, but the small and medium businesses. Organization is one driving there. Maybe something different in your land, in your country.

The second good news is we also heard from Bart, and it was confirmed by Brazil, it's not copy and paste. No. That's true.

Yet the use of the code is getting easier over time, because the Dutch also pay attention to making it usable. An example of that is it will be easier to add an extra language, because the software is now structured in a way that you can in a way have the key messages translated in any language that you want.

So they're thinking how to make it more usable as well, next to make it available in GitHub and, et cetera.

So if you care about the Internet in your region, if you think it makes sense to improve the justify trust. Because of good use of state-of-the-art standards, start today and if you really want to have GFCE help you, reach out to GFCE. And there's all kind of material on the previous workshops.

There's a handbook on the standards, why they matter. There is even a playbook for setting up events, if you're really interested. And the Dutch platform has always been very helpful in helping you in using the software as well. And on GitHub itself.

So with that, I think I see some smiles. So I hope the smiles are followed by action. You can start with putting in your own website. I'm at 85%.

So not yet 100% either. So I ‑‑ oh, yeah, one thing they told me in India when they made this presentation, if you make 100%, send an e‑mail at info.Internet.nl and you get a free T‑shirt.

>> DANIEL NANGHAKA: Those are kind of some of the opportunities and you may be wondering where Africa is involved in this. I will give briefly. We started the campaign 2017 or 2018 to engage different stakeholders to start advocating about these standards. We got the code and customized it, somewhere somehow, we got a few challenges. But I would like to say that the code is getting easier.

And through support from other African (?) ‑‑ some of the national sites, they took up this initiative to start doing the campaign. And in coming 2023, we are going to be setting up initiative called the trusted Africa Internet initiative, which is aiming at promoting these standards.

One thing to make it more clear is that GFCE is building a multi‑stakeholder community from all respective regions around the world. And these comprise of all government or entities with Civil Society. We all need one Internet. It's not only the role of government, but also the role of you. How can you be able to influence?

We have seen from the statistics that have been shared. We have lots of domains running the website. We have lots of websites on.

But how many of them are following these standards? How many web hosts are advocating for these standards? And I think that is something.

Let me just give Gerben to say something. Gerben?

>> GERBEN KLEIN BALTINK: Thank you, Daniel. Thanks for hosting this event. And I want to thank Maarten, Bart, and Gilberto for all the nice words mentioned about Internet.nl. But we never intended for Internet.nl to be more or less the standard for the rest of the world. We just wanted to share our experience.

And we are more than willing to continue to do that. Let me share with you a few things that resulted from all of this work in the Netherlands.

We have seen over the last eight years, enormous take‑up of the percentage of websites and e‑mail servers, and connections that have even improved just by the fact that people were shown that results.

And sometimes in comparison with others, the naming and shaming, also, that they were not doing as well as their neighbor. And therefore, they wanted to improve. That perhaps works only in the Dutch context.

We do realize that, but we have seen that it can be a feature if you have a list of, for example, government domains that are showing in order of success. And where the organizations with a lower result really want to make sure that it gets better and better.

At least in the Netherlands it works. And we are really happy to see that around the world, others are dealing with the same issue and taking up good initiatives to make all of this work.

But it's only limited to a few countries. There is some work going on in the European community as well, where they have measured all EU countries. To a certain extent, making use of Internet.nl and their own code, developed by the Joint Researchers Center.

But nonetheless, there's a long road to go. And what we would like to do is call upon United Nations to help accelerate the global uptake of all of these relevant standards.

For example, by including their proportion in the global digital context and make sure that they support other countries in setting up test websites and initiatives similar to that we have taken up in Brazil, Australia, Denmark, and many other countries have taken up as well.

So I think there is still work to do, and I'm really wondering if there are questions from the audience online or at the meeting of the IGF to learn about your ideas on how we can promote these open standards. Daniel, back to you.

>> DANIEL NANGHAKA: Thank you very much. There are some questions from the audience. I'll start from my extreme left and go to my right.

>> Am I actually left?

>> DANIEL NANGHAKA: Oh, absolutely, yes.

(Laughter)

>> I like the honesty of the presentation, because the presentation itself already demonstrated that there are no standards. Because Australia is just ignoring DNSSEC, for example, which is strange, because that's part of a standard. So if you allow organizations to create their own standards, what's the standard in the end?

And I was checking the Australian check website on the Internet.nl, and scored 95%, not even 100%.

So I mean it's not a standard yet. So there's to be work done there. The other thing, and that's more political thing, is like, it doesn't say anything about this e‑mail provider is reading your e‑mail for ‑‑ well, checking or maybe advertising purposes. Could that also be included at some point, maybe?

>> DANIEL NANGHAKA: Thank you. I suggest we take the questions at once and then we can answer them. Also, a reminder please introduce yourself, and then you would be able to speak. Thank you.

>> MARK CARVELL: OK. Thanks. My name is Mark Carvell, special adviser for the Internet Standards for Security and Safety. This dynamic coalition is looking very much at this terrain of deployment of security‑related standards.

And our networking session for the dynamic coalition is taking place in this room straight after this session. So we very much hope that participants in this session, at Internet.nl and the triple I initiative, will want to join us and hear about the progress that we are making in the dynamic coalition, in looking at the take‑up for standards and in particular, the driver for deployments of standards. And this is an area where we hope to also contribute to the digital global impact as Gilberto was describing. So we're starting at 10:45 a.m. local time here. So please, I hope you will join us and engage with us.

And hopefully contribute to our work on this important issue, deployment of key standards. And help us with our working groups and our research projects on these issues. Thank you very much.

>> DANIEL NANGHAKA: Thank you.

>> I'm from Liberia, I would like to commend this particular session for the level of working of the Internet.nl, and I believe from an African perspective, we also need to look at this benchmark. Not to just replicate, but to look at how it can if it into African context. But this is a good standard in terms of what I see with the level of literature in terms of methodology. What I would like to see is for sake of quality, because the quality is key in terms of the quality standards. I believe in Africa, we can look at this as (?) because the region of (?) IP addresses and roll out of more domains and the rest becomes an issue of standards. So I think this is just a comment, and I believe that is in the right direction to have ‑‑ to harmonize the level of standards that can be used in the (?) World.

>> DANIEL NANGHAKA: Thank you.

>> Hello, good morning. I'm part of the technical committee, and I'm here by the Brazilian (?) problem, provided by the Brazilian Internet Steering Committee. First of all, would like to congratulate you all by your initiative. And in the case of all these standards, we have a good situation, where we have the protocols implemented. But we also have the situation of new protocols being developed that can solve many other problems.

And we still don't have implementation of this protocol. And we also can't deploy them if we don't have implementation. So this is something else that we can maybe discuss later. But I think that we should put some light on it.

And it's during this point of the context of these presentations. I would like to know what comes next. I mean, these are good initiatives, capacity building. I can see a really great effort in the Brazilian community, that I know well.

But it's still not been enough. So I would like to know what comes next. How can we improve the adoption of this standards, mostly in the context of ISPs? Thank you.

>> DANIEL NANGHAKA: Thank you. Let me close the queue for questions. Let me give Maarten to give one answer.

>> MAARTEN BOTTERMAN: Thank you for all the questions. It's really ‑‑ to start with the last question, this is why it starts here, and it starts here every moment. It starts with people. Any such initiatives.

What you said about, what are the standards? Basically the standards that are currently on the list, on the Internet.nl website, they're all generally agreed standards by the standard bodies.

And where the priorities are, and as Bart said, it's different in Australia than in the Netherlands, for instance. It's also where the attention is.

And what happened in Australia a couple of years ago is that there was a compromise of the use of e‑mail from parliamentarians, that led to some parliamentarian debate and public unrest generated by abuse, which generally could have been prevented by the use of DMARC.

In the Netherlands, DNSSEC is pretty high. Because a couple years ago, for about a half year, banks had a hard time ‑‑ because of attacks. Which led to emphasis on solutions there, support from Dutch partners to get the DNSSEC.

They were offering ‑‑ discount if they would implement DNSSEC.

So this is why it is so important to talk together. Now I must say it's good that Australia also have DNSSEC on its visor. Because I think in the end, we can wait until DNSSEC (?) And then start focusing on the standards that could have prevent that. But we could also start implementing these standards that help for the integrity of the routing so that you get to the right address of the integrity of the message. That people cannot tamper with the message.

All these kinds of things are affected by the standards, and for more technical information go to the Internet.nl website or the GFCE handbook, and you'll find more information.

So I think that is key. Standards are also living things. So we have Mark, and another person working on it here. And also part of that dynamic collation.

Standards are an evolving thing. It's almost like a (?) Run. We try to deal with the vulnerabilities, because when the Internet was built it was not built to be safe, it was built to be used. And now it's used for things that the original builders never foresaw they would be used for. So it's become more critical in certain aspects, and that's why we see standards emerging that in a way, harden the Internet and ensure that you can have more justified trust in it.

So that's why I think that's a very good call and for those who have time in other sessions, please stay. And last thing I wanted to say is really related to the statistics.

What Brazil has done with these statistics, similar things that happened in the Netherlands. It wasn't demonstrated that much by Gavin, but the fact you can use these ‑‑ Gerben, the fact that you can use API tool to have a check of government websites, or just simple a basket of websites, in a country, to see how the uptake of these standards is improving over time.

Measurement 1, measurement 2, measurement 3, is an excellent way to see where the vulnerabilities are, and where the attention is.

Because in the end, standard implementation isn't a one‑place point, but it's on the value chain.

If you as the end user are interested to have all these protections, you then need to find a provider who can offer that. An ISP that offers that too. So that's the last thing. So also consider the statistic.

>> DANIEL NANGHAKA: Thank you. As we're coming towards the end of this, I'm just requesting that the next will be able to make remarks within one minute.

>> Thank you. I'm the coordinator of the Dynamic Coalition Internet Standards Security and Safety. We, as a coalition, look at the drivers for implementation, but we're talking about standards that make the Internet work. And they're insecure, and these newer standards deliver the security once deployed.

And in our view that if the big users on the Internet, specifically governments and large corporations, would start demanding these standards to be built into the products.

Whether it's on e‑mail, whether it's on security of software, if they demand it, then as a procurement process, and then (?) provided won't get the assignment. So that would be a tremendous driver for industry to start deploying these standards. And that is what we are sort of promoting from different angles.

So if you want to hear more please join this session and tomorrow at 16:15 in the large (?) room, we'll be presenting our report.

>> GERBEN KLEIN BALTINK: Thank you all. First of all, I would like to thank the audience for these questions. I will ‑‑ for the questions.

I will get back to one small topic. I would like to thank the contributors for showing how important modern Internet standards are in keeping our Internet open, free, and secure, accessible to everyone. And open standards come from an international community. Prepared by the Internet engineering task force.

And well described and designed. But the first question was a little bit about ethics. What are e‑mail service providers, for example, doing with our e‑mail? That kind of question is typical for the kind of dialogue and discussion we have in our Internet standards platform.

So don't forget, if you have something like Internet.nl, it is a great step towards checking the security of your own Internet and e‑mail. But you also need an audience or a group of people, a group of experts willing to discuss the way forward. What standards to include, what is the ethical aspects of those standards, who are benefitting from it, and can it be used in a perhaps, wrong, in a bad way, as well.

And if we see that kind of thing, we really are not advising to use that kind of standard. So once again, from our side, from Internet.nl, thank you for your attention. And I hope that we can keep the Internet open, free, and secure. Thanks a lot.

>> DANIEL NANGHAKA: Thank you, Gerben. Just as putting forth some closing remarks. The question about if Africa, kind ‑‑ for Africa. Kindly, those from Africa, the trusted Internet initiative coming up in 2023. Encourage you to participate.

Because it is going to take up a full multi‑stakeholder approach, all regional distributions within all regions of Africa.

What comes after this? Still we're going to continue the mission of advocacy, capacity‑building and calling in for collaboration to be able to make the Internet standards applicable globally. With that, thank you very much for your attention. Thank you for the technical team. And thank you all for participating. Any questions, kindly send an e‑mail to contact at the GFCE. Thank you.