Cybersecurity, Trust and Privacy

10 minutes - Introduction: primary use and purpose of WHOIS. Accountability on the Internet. Anonymous behavior.
30 minutes - Discussion: Use of Whois by the CERT community. How IP address operators or domain name holders are informed about a security incident affecting them? Can registration data help identify individual malicious actors? Why is important that CERTs maintain access to Whois private data? To what degree has the security community made a successful case for the collection of WHOIS data under GDPR rules? What existing or new technical means of access can be used and deployed to provide access to a limited set of accredited security actors? Who accredits the security actors?
20 minutes - Answering to questions.
10 minutes - Closing

Part 1: Lightning talks - 25 minutes
- Each speaker gives a "lighting talk" of max 2 minutes on their specific area of intervention/expertise.

Part 2: Breakaway group discussion - 20 Minutes
- Breakaway groups discussing different aspects of algorithmic transparency
- The remote participants will organise an internet breakaway group
- Someone from each group volunteers to rapporteur

Part 3: Report back from breakaway group discussions - 10 Mintes
- Rapporteurs report back and display their flip charts
- Remote participants, the internet reports back
- Some panelists take notes and document in order to create an outcome document for the event.

Part 4: Questions - 5 - 10 minutes

Wrap up with questions and interventions from audience and remote participants.

Timing:

• Setup of the topic by moderator & introduction of speakers, online moderator and rapporteur, including their background/experience - 5 min
• Short statements by each speaker reflecting the theme of the session from different perspectives - 15 min (3 min per person)
• Discussion phase where moderator is addressing one/two key questions to each speaker - 20 min (4 min per person)
• Questions from onsite and online participants are welcomed throughout the whole discussion - 15 min
• Brief conclusion and thank you note - 5 min

Thematic focus:

• Techno-utopia: neutral nature of technological tools v. their targeted (for better or worse) use. Current paradigm - the more information we have, the more ignorant we become. Data is not the new oil due to its infiniteness.
• Controlling technology or controlled by it: domain name v. FB profile. How to regain control from technology over us? Generation of prosumer communities.
• Social platforms as a profitable business: can money be balanced with morals when it comes to self-regulation?
• Impact at the society level: awareness and education for the connected and non-connected communities. Digital culture. Everyone should learn to use technologies. Create own technologies. Protect developed technologies. Generate awareness about the use of data and its importance. Is it fair to receive income for the use of your data?
• Impact at the state level: nations overtaken by technological companies in charge of data. Does it make nations dependent on businesses? Does this impact democracy? Does the abuse of social platforms by states ensures tolerating self-regulation?
• What can a country do to recover its technological sovereignty? With examples such as Estonia, could a true digital government and democracy exist in the future?
• Industry landscape and regulatory environment for platforms in China and the USA: national intermediary liability laws.
• Shortlist of possible regulators: heavyweight v. super heavyweight. Mutually exclusive or complementary?

To stimulate a dynamic format and facilitate interactions with the participants this workshop will feature two co-moderators, Luca Belli and Jhessica Reia, that will also act as speakers.

The workshop will follow the following agenda

First segment will be moderated by Luca Belli

Mr Robert Mathews, from University of Hawaii (and former White House senior official), will open the session exploring the security challenges and frequent failures of critical infrastructures and so-called “smart” systems.

Mr Nicholas Bramble, from Google, will debate Google's recent projects with regard to smart city services and will share his perspective on the future evolutions of this field

Ms Jhessica Reia, from FGV, will discuss the main challenges related to smart city initiatives in the implementation of the New Urban Agenda over the next years.

Brief pause: 3 questions from the participants

Second segment will be moderated by Jhessica Reia

Mr Jean-Philbert Nsengimana, from Smart Africa (and former ICT minister of Rwanda), will analyse the potential of smart city services and open data utilisation for African countries in the context of the Smart Africa initiative

Ms Olga Cavalli, from the South School of Internet Governance, will analyse the challenges of smart cities and IoT with regard to Latin America.

Mr Antti Poikola, from MyData.org and the University of Helsinki, will present the MyData model, stressing its potential for individual empowerment with regard to the control of personal data.

Mr Luca Belli, from FGV, will analyse some of the challenges related to personal data regulation in the context of Smart Cities, exploring the initial findings of the project “Discrimination vs. Data Control in Brazilian Smart Cities”, run by FGV and supported by the Open Society Foundations

Open debate

Wrap-up (1 min per participant)

The panelists will interrogate such questions as:

• How is the local population involved into the organization of smart city services?
• At which stage consultations are organized?
• What kind of information is shared (if any) prior to the local debates and by whom (i.e. the local government, NGOs, academics, smart city service providers)?
• How are procurement rules defined?
• How are procurements organised? 
• What kind of control/governance is foreseen to manage public data and publicly owned digital infrastructure?
• What kind of measures are foreseen in order to keep the smart city infrastructures secure?
• Are personal data collected through smart city services shared with law enforcement? If so under what conditions?
• What kind of legal frameworks apply to personal as well as non-personal data collected in the context of smart city services ?
• What kind of control can individuals exert over their data?
• Are local residents’ data covered by any (intellectual) property right? If so who is the rightholder? 
• What are the business models utilised to finance the development of smart city services? Are such business models clearly presented prior to the development of the services and described in openly accessible information? Can the local population express its preference for any proposed business models?

1. Cybersecurity Challenges Create Need for Collaborative Solutions: Importance of Multistakeholder Participation
2. Why regional approaches are necessary regarding such issues as strategy development, cyber risk frameworks, CSIRT, awareness raising, cybercrime, and research
3. What are the benefits of global but also regional coordination
4. Why a Voluntary, Risk-Based Approach Is Optimal
5. The Importance of Finding Consensus Among Global Stakeholders: International Standards and Trade and how can they be translated for other communities, such as academia, private sector, civil society, and intergovernmental initiatives
6. Design Principles to “Build in Security” from the Start
7. Addressing Capacity-Building Challenges: What Policies/Support Are Needed for Implementation?
8. It is clear that investment remains national. Are there opportunities to improve the return on investment of cybersecurity capacity building projects to nations, such as through better coordination of systems, better metrics to access their outcomes, and improved identification and prioritisation of cybersecurity risks
9. Wrap Up

Welcome, setting the scene and introduction of speakers (5min)

4 speakers, each will share their story for about 5min (20min)

Exchange between panel on implications of luxury to disconnect from their region (20min)

Q&A with audience (10min)

Concluding remarks from each panelist (5min)