The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> JENNIFER CHUNG: Good afternoon and welcome everyone to one of the NRI topical sessions: Navigating global cyber threat via local practices. My name is Jennifer Chung. I'm with dot Asia and I'll be your moderator for today.
Just a quick housekeeping note. They're not the ones on the entire time. Navigating global cyber threats. In an increasingly interconnected world cybersecurity challenges with growing in scale and complexity. Global cybercrime is projected across 10.5 truly annually by this year posing serious risks to institutions, economies, and fundamental rights. So this session is going to look at the good practices and the actual impacts how multistakeholder cooperation can build stronger and more resilient cybersecurity frameworks while balancing innovation security and protection of human rights. We'll have a key focus on the tension between cybersecurity legislation on the one hand and existing privacy and data protection matters on the other. In some cases stricter regulations such as DNS operators may also inadvertently undermine effective rights respecting security mechanisms already in place.
We're going to hear from all the different speakers here up on the stage but of course this is a dialogue and we invite everybody that can see down there if you would also like to move up to the U shape we really do welcome you. If you're not comfortable I think there's also mics on either side as well would love to hear your thoughts on this. We have an expert panel to set the stage for everyone. I'm going to do a very quick introduction and go into the policy questions I will ask them.
To my right we have Mr. Fara, executive director of ISOC Ecuador.
Next to him we have Mr. Dennis Burdis professor of global security and technology senior fellow at the Hague program on the internaval cybersecurity and institute of security and global affairs university. Also the project coordinator of EU cyber direct. Also affiliated with the Netherlands IGF.
Next to Dennis we have Ms. Leah Hernandez. She is the founder of Apen tech and also affiliated with Panama IGF. To my left we have Mr. Deon. He's a CEO of RNIDS and also affiliated with Serbia IGF.
And finally but not least, we have next to Dejan, Ms. Lati Valaka, chairperson of the ZAIGF multistakeholder committee and affiliated with South Africa IGF.
So with this illustrious panel actually and good NRI colleagues, I'd like to turn first to Carlos to speak freely from your point of view IGF Ecuador as well. In a world where AI and IoT are increasingly shaping our lives what are the key cybersecurity concerns faced by local communities and how can we strike a balance between fostering innovation and ensuring security in these emerging technologies.?
>> CARLOS VERA: Good morning, everyone. And thank you for the opportunity to speak here at the IGF2025 in Norway. I'm Carlos from Internet Society Ecuador and from IGF Ecuador in Latin America. Please allow me to read you necessary time constraint. As we agreed today AI and IRT are not a distant concept. They are in our homes, school, hospitals and increasingly in our local government public service. This technology offer great potential but they also bring real cybersecurity risks especially for local communities. Let me highlight three of the most pressuring concepts. First, data privacy and misuse. Device call it a lot of information about that but in smaller communities where the digital knowledge may be limited that data is often collected without real understanding or consent. This create real risk of surveillance profiling or intentional harm. Second vulnerable infrastructure. Local authorities on these small organizations often lack digital systems, thus make it primary target for cyber attacks especially ransomware which can school hospitals or even border systems. And three, trust and inequality when AI system fail people lost trust and those who are already vulnerable, communities, minorities, low income groups are often the ones most affected. So how do we move forward? How do we embrace innovation while also protecting our communities? Let me suggest four principles. One, security by design. We must demand that AI and IoT systems are secure from the beginning. Two, local empowerment. We need to invest in training and capacity building not just for big tech but for the citizen, local people, local leaders they are the ones who manage, maintain the system and serve the tools and knowledge to do it safely. Three, participatory governance. That's what we're calling. We're talking about all these IGF in Norway multistakeholder governance. It is real necessary to participate. We need inclusive process where citizens help shape how AI and IUT are used in our lives. And let me have a small reflection this. While United Nation and commission on union and ITY they play a key role in the making of standard participation we still need more like Internet ‑‑
And four global frameworks for local action. In these kind of policies and ‑‑ one side fit all doesn't work. We need to take account of the local and reality. About the ethics, we are talking about ethics but it's not only what you can and cannot do. It also has to be with what governments and what companies can and cannot do. They have all the information. They have all the knowledge. We have to work on ethics also beyond the final users.
And without security, without cybersecurity there is no sustainable innovation and finally a call to action. Let's empower our communities to lead the way. Thank you very much for your question, Jennifer.
>> JENNIFER CHUNG: Thank you, Carlos. You brought together very important points and thank you for setting the scene about that. I think the four points that you gave us to take away is actually very good action points that we need to have security by design local and participatory government especially when looking at the multistakeholder model here. A quick reflection before I go to our next speaker is this morning I heard at one of the sessions he came up and said he was a coder and he said I'm listening to all these policy people speak but where are the people who make and do and code? We really need to bring in all of these communities are actually take action from policy that we shape here to be able to have real impact. So I think that's actually very important to have that as well. I'm now going to move on to Mr. Dejan. I know for our NIDIS you are the CTLD for Serbia and also Serbia IGF. Maybe a shift towards that question. Do you think and will stricter regulations on tech service providers improve security? What are the costs for both service providers and end users?
>> DEJAN DUKIC: Thank you. Regulation is necessary as threat becomes more sophisticated every minute, but in most cases regulation is too slow to follow technology evolution. We have many examples of that like GDPR now these two directives. Evolution of regulation and technology are not fast at the same time. So that's the reason why community involvement is essential. So we cannot sit and wait for the regulators to solve all our problems. Raising awareness that is something that we have to do constantly. Improvements are needed following up to stricter regulation can help us to be the top of our game, perhaps much faster than it's done nowadays. Five years ago we didn't have those sophisticated threats like today. However that keep security on a top priority solution to protect infrastructure and services it provides. That is what keeps our system stable and running.
Cooperation is needed by all parties however especially for law makers. In general it's really challenging to find balance between privacy and security. When we speak about time age before initial directive decided to collect fewer personal data in our database and we came to that solution in with data protection authority. But now when these two came into force in most countries in EU and we are preparing our local laws we will have to collect same amount of data as time before of the most probably we collect before. So when we start it first time the main registration we collected documents and we allied with GDPR. We decided that no documents are needed to collects.
In our zone is small and we have 150,000 Dom main registrations and around 100 domain reported abuse in 2024. So of course the law applies to everybody but numbers are cruel sometimes and to ‑‑ and definitely there will be cost for users and operators as well because operators have to improve their systems but users also have to be prepared to use those improved systems as well.
And when we speak from perspective of DNS operator establishes a prior foundation like Serbia TLD multistakeholder cooperation is essentially important. So since we didn't ‑‑ we don't have any power regarding fighting abuse and solving cybercrime involvement of parties are necessary. On local level we cooperate many with organizations in order to raise awareness with our partners we organized many cybersecurity conferences workshops. Also in concrete cases of cybercrime we also need assistance of authorities. So here is an example from a few days ago it was a situation with several domain names that ‑‑ with a website offering illegal weapons and since we are not dealing as registry with a content ‑‑ we contacted their registrar to check registration data and after the registrar confirmed data is correct we couldn't do much and we started communication with the local police cybercrime police and after continuous communication a few days and mostly few weeks they managed to provide public prosecutor and finally suspend those several domains used for weapon selling. So that's just one illustration an example how cooperation is important in sharing relevant data and knowledge among stake holds is crucial.
Thank you.
>> JENNIFER CHUNG: Thank you very much, Dejan. You talked on a whole host of critical items being discussed very much DNS abuse in the ICANN context as well looking at how it's not just policymaking in a very narrow scope there but in actual practice registry operators, registrars as well as local jurisdiction, local law enforcement there is a whole host and chain how you can address and mitigate and report and finally do any take downs if that is what it is. The original question was asking about stricter regulations but you gave us a very comprehensive mapping of what it actually means to the end user to operators and actually for the Internet I guess as a whole as well. Thank you for that sharing.
Now I'm going to turn over a little bit to policy approaches. I'm going to go over to Ms. Hernandez.
Leah, from your point of view as founder of the Panama IGF point of view which policy approaches can be adopted to effectively educate social media users to avoid cyber crimes such as on‑liven scams and fishing attacks.
Lia.
>> LIA HERNANDEZ: Are you hearing me? Yeah. Good morning. Well, good ‑‑ my name is Lia Hernandez. I'm a Panama lawyer. Based in Panama city but my world is focused in the America region and the Spanish speaker Caribbean. So I'm going to talk based on my experience in my region. Mainly my region and in some countries in Latin America because we have the same issues regarding to the application of cybersecurity or cybercrime standards and actually I think to effectively educate the users on social media, social network on the Internet is not enough. The capacity building is necessary that the states establish the issues as cybersecurity or cyber crimes like state policy most of the countries in Central America and Caribbean they change government every four or five years. For that reason they also change the priorities. Maybe in Panama right now cybersecurity is a priority but in five years there's not going to be a priority anymore because a new government and new party arrive to power. For that it's not enough to say we have a commitment with the cybersecurity or we have a commitment with the cybercrime. We must really be an incorporating our agendas, the agenda of the governments policymakers. Topics are cybersecurity, digital security cybercrime. It's very important to adequate our legal frames work to the new trends on cyber crimes. We have two main cyber crimes convention in the world, the recently approved United Nation cybercrime international convention. I know that not all of us we are agree with the test of these two conventions but most of the governments of our region have approved have signed but until now they haven't their local legislation. To are that I think it's necessary take the best of all of these documents convention and next convention and maybe equate our legal framework. If we don't have like a crime in our criminal code it's very difficult to avoid these kind of conducts in the cyberspace. So also have to say there is not sufficient legal framework the reference and he with must take action. Stop saying cybersecurity is the priority in my country. We must educate the citizens from the kids to the teenagers to the senior people and explain them how the Internet really works, which are the use the Internet for this or this way and don't tell them you don't ‑‑ you shouldn't do this or you shouldn't act like this because when you say don't do that they are going to try to do it. Better to explain then how really it works the Internet and the consequence they don't use the Internet in the right way and after that thinking about good, bad, and ugly of the Internet and we must educate so they know how to identify the real risk. I think this is my opinion about this question. Thanks.
>> JENNIFER CHUNG: Thank you also bringing up when you have a shift in administration and shift in priorities. The fact we have the two conventions doesn't mean it has been reflected in all over global and I guess to the local jurisdictions and legislations as well. Very important part about capacity building. I think it needs to be done holistically across the board as well.
Now we're going to turnover to Dennis Broeders. Contextualized of what you heard from the previous speakers I don't know if you can pull this into your response as well. The question really is: How can national and regional multistakeholder cooperation help build a stronger global cybersecurity resilience?
Dennis?
>> DENNIS BROEDERS: Thank you, Jennifer. I will try to draw in a few things but I will focus on a much more smaller but actually quite big relationship. I want to focus on cybersecurity information sharing and resilience. Keeping it a little small. Most countries also internationally say okay the value of information sharing is like a mantra, right? Then also the value of public‑private corporation into ‑‑ in information sharing is also a mantra. I'm talking about the sharing of information about digital vulnerabilities, about incidents, about methods of states and criminal actors. So threat Intel in short, right? Everybody realized the value of ‑‑ in digital resilience. In practice it proves to be something actually very difficult. Many forums here talking about it. In my country Netherlands every single cybersecurity strategy we had underlies the importance of information sharing and every single strategy we had says we need to do better, right? There's where we are. Most recent cyber strategy 2022, 2028 puts information sharing front and center and also acknowledges that information exchange is still fragmented and under mines the cyber resilience of companies and organizations and society as a whole. To a certain extent and I think many people realize that's easily explained, right? All the organizations that have information that would affect others, benefit others they also have good at least understandable reasons not to share that information. Information is often not shared and reasons for that. We look at different organizations, intelligence agencies. They have lots of information. They ever tire of telling us. We know everything but they have a professional focus on national security that comes with an emphasize on secrecy. They have limited incentive to share information with others. Internationally they have a quid pro could he with sister organizations in other countries and they also have an organizational interest in keeping certain vulnerability behind because they may prove useful for their own work. So transparency there is not optimal let's put it that way. Then we have companies, governments, organizations they all have information useful when they have been breached or attacked bigger companies will have information about what they see in their own works that will be useful for others but when it comes to breaches or vulnerabilities they also have little incentive, it could lead them to damage, open them up for claims, liabilities and also sharing does not necessarily get them any meaningful response from other companies. Why share? Then we have the Mandians of the world, basically. They have a lot of data, information mostly Western bias. When you talk to them they see the value of sharing but they're not that eager to share which is also logical because it's their business model to use and market that information resilience is nice but profit is better. No transparency, client privilege and NDa on the information. Hooray for Internet governance is C certs. They have a longstanding tradition in international community of exchanging information and they see it as a core value to do so. Government organizations they focus on the resilience of the Internet as a global network and they work more along the lines of what you would call like a health and safety approach rather than security approach. That does something. Having said that how do we overcome blockages to information sharing. One is a little philosophical in nature. Starting where we left off with the C certificates basically. How can we spend the logic of health and safety to more forms of information sharing, right? Can we get more levels of sort of information in the frame of sort of first medical responders where we tried to make sure the patient is okay rather than into a security frame of mind where we're looking at who is at fault, why have they done it consequences, liable, et cetera. There is a balance to look for. Related to that because I think these are communities of trust and someone mentioned this before is how can we create communities of trust? I think this probably well aware certain sectors the banking and financial sectors in Netherlands elsewhere as well they have created information center and ISECs.
In these ISECs, no question banks are competitors but they do have a common interest in keeping the digital financial system as healthy and well functioning as possible. That helps. The close nature of ISEC. Closed system, trust system, even an amber system and red system, what kind of information gets written down community of trust but also often facilitated by the government. This is where governments can do something. Lastly this has already been mentioned, always regulation. Not always the best option forward but for example in Netherlands if we look at the implementation of the EU2 directive that will mean that in the Netherlands 5,000 companies will now have reporting obligations and certain obligations to have preventive measures as opposed to the 200 that were designated like that before. That is a huge difference. The idea is of course this will create more resilience. Whether that's actually the case is something we will have to see in the future. I'll leave it at that.
>> JENNIFER CHUNG: Thank you Dennis. That was a lot of good information and a lot to unpack. I'm not even going to attempt to try to summarize any of this before we go to our next speaker but I think you really highlighted the big problem and the tension between having this formation and incentive to share, shifting that paradigm to what you mentioned as health and safety instead of liability and fault I think that red light allows us to look at it more clearly. On the other context before next speaker this is also played out in the ICANN context for those who do participate in ICANN policymaking and that community as well there has been a lot of tension and urgency to do request for information but the problem still is how do we authenticate these requesters? How can we make sure that we have the obligation, the legal framework to do so and disclose this information? Thank you very much for highlighting this, you know, very inherent tension between that. Hopefully we'll be able to be able to dig out some and tease out some possible solutions going forward but I do see it is not on one party or two parties but a whole host of considerations and again multistakeholder is what we're talking about here.
So with our last speaker I'd like to go over to Ms. Lati from a South Africa IGF and I'd like to get a sense of what the best impacts are a little bit of thread of the legislation and regulation in South Africa and what the recommendations are I guess coming forward for cybersecurity and that part from south African point of view.
>> Thank you, Moderator. My name is Latty from South Africa, chairperson of the south African Internet governance multistakeholder committee. Before I start I just need to remind us cybersecurity is not just a technical challenge it is a human rights development and governance issue. Address it through multistakeholder cooperation at national regional and global level. So going into best practices, multistakeholder approach we collaborate globally and regionally through AUCONN invention. We also participate in GECU and African initiatives build structures like the cybersecurity hub project by the department of communications and digital technologies. National from security incident response team project established to make cyberspace an environment where all safety communicate ‑‑ we can all safely communicate socialize and transact in confidence. This project works with stakeholders from civil society. It works with government, the private sector, technical community in academia and preventing and responding to threats. Our south African police services and state security agency also coordinate cybercrime in investigations and threat intelligence together with private sector and ISPs and also worth noting our IGF is very strong when it comes to addressing and engaging in matters of cybersecurity where cybersecurity is not just discussed annually or allocated annually also integrated in you will a the thematic areas and we've seen firsthand the impact of an action where data has revealed 22 percent year on year increase in ransomware incident targeting south African institutions. We have had I think amongst others digital fraud in the banking sector, ransom aware texts on public institutions, ordinary citizens also getting attacked on a daily basis and in addressing these we are active in research and cybersecurity. We have a few initiatives and I've already mentioned the cybersecurity hub, also got the cyber command center and where legislation is involved we have a cybersecurity policy framework cyber crimes act and protection of personal information act. We've noticed the growing tension between the cybersecurity laws and our constitutional duty to uphold privacy and data protection. Our cyber crimes act criminalizes malicious activity while the poppy act protects personal data. Together they offer legal balance bullet test realize in the implementation and without proper oversight there's a risk of overreach public distrust and suppressed digital freedoms. We found that the law enforcement sometimes maybe faces delays due to legal processes required under poppy Act to access digital evidence and civility society has also raised concerns over potential overage in surveillance protections of the cyber crimes Act. I think we just need to strengthen oversight mechanisms such as judicial review for data access and update laws to ensure pro pork inability and transparency and surveillance and I think that's why we also just calling for three things. We call for policy coherence with cybersecurity strategies must go hand in hand with privacy protections and rights based governance. We also calling for global and regional collaboration through harmonized laws shared intelligence and joint incident response and we ums need to have an inclusive governance where youth civil society have a seat at the table. National Internet Governance Forum has proven this model does work if we don't act decisively we risk widening the digital divide weakening human rights and undermining regional trust so need to remember is not just about defending networks, it's about defending people democracy and dignity in a dig pal world. Africa is ready to lead, learn, and we cannot afford to wait.
>> JENNIFER CHUNG: Thank you very much. I think the ending was important to remember. We're not just defending the networks, we are defending humans. Thank you also for sharing all the work being done right no with South Africa. I think I hear a thread amongst all the speakers this is a multistakeholder effort we need to address cybersecurity risks but need to balance it with privacy and having inclusive governance where underrepresented groups do have a seat at the table. For the next 20 minutes we have an open floor and I think already see some indications that we would like some speaking over there. Bangladesh, Anu, please go ahead.
>> Anu: Hello Jennifer. This is secretary general Bangladesh IGF. As cyber threats grow in skill and complexity, it is clear while the challenges are global, the responses must be grounded in local realities. In Bangladesh we have witnessed how community based capacity building and multistakeholder engagement can help counter cyber threat more effectively than top down approach alone. The Bangladesh Internet Governance Forum has been working to promote trust security and responsible digital practice by fostering cooperation between government civil society the private sector and groups. Our local cybersecurity framework are aligned with global norms but are ums tailored to unique social economic and digital contest. We believe that regional and Internet Governance Forum play a critical role in sharing best practice and ensure that cybersecurity is not just a technical issues but share social responsibility by building resilience from the ground up, we ascend the global digital ecosystem. Let us continue working together across borders and stakeholder group to ensure a safe more inclusive digital future for all.
Thank you, Jennifer.
>> JENNIFER CHUNG: Thank you very much, Anu. I am also going to see if we do have anything online we do have our online moderator Godsway. He has reminded everyone participating remotely to indicate whether or not you'd like to ask questions or actually give some comments.
Godsway are there any questions or comments or request to take the mic?
>> Godsway. I'm online facilitator and also Ghana IGF. I think for now we don't have much questions but I'm hoping that before we finish the session there will be some questions.
>> JENNIFER CHUNG: Thank you very much, Godsway.
I see on the floor Mary Aduma.
>> Thank you very much for giving me the opportunity to speak if we are to navigate globally and locally in cyber threat, we are a local partnership. We have mentioned already the multistakeholder process. So there's a lot of collaboration to be done, a lot of capacity building to be done ask a lot of awareness creation. There are some people that's cruel, they don't even know that they are being attacked. So in the password management, cyber so some of the things are collaborating with law enforcement. In the law enforcement needs a lot of capacity or capacitation. Capacity building and development with law enforcement is very key Nigeria Internet association. The dot NG managers. We have this capacity building and exchanges and engagement with law enforcement to be able to bring to fore, you know, some of the threats and they also understand the threats as well. So those are the few things I just want to mention because people have, you know, the panelists they've already mentioned a lot of them, but collaboration, capacity building, sensitization, and relation ‑‑ engagement with the law enforcement to help us navigate those three. They are very, very real.
Thank you.
>> JENNIFER CHUNG: Thank you, Mary, for sharing the perspective from Nigeria and also west Africa.
Looking around the room to see if there's any hands up? Of course colleagues sitting in front of us please you are welcome to come over to the U shape to take the mics as well. I know there are mics on the side of the room if you would prefer that as well. If not, I'm going to use a little bit of moderator progressive.
I see Dr. Nazar, please go ahead.
One second, you need to turn on your mic.
>> Dr. Nazar: Touch it, don't touch. That's what I say.
Thank you so much, Jennifer and team from all over the globe. My intervention on this front will be later also focus on the local talents in terms of how universities are creating and cocreating a lot of young people with a lot of skills. What I find is that the local conception in terms of companies and the governments and even civil societies are not actually using these local talents and the local skills that have been created by our universities. So while we are talking about combating all these cyber threats we need to focus using the resources that are there. The young people from the universities they very learned on ICTs and cybersecurity but the applications and the skills from the local content have not been properly utilized. So I think that will be my contribution so I can also yield time to others to contribute as well. Focus should be ensuring that we use the local content available to combat both the local and global cybersecurity threats.
Thank you.
>> JENNIFER CHUNG: Thank you, Nazar for reminding us that we absolutely need to rely on local talent and content to also combat all of this.
I do have one comment on‑line which I'll go first and then I'll come to you, Carlos. So Godsway please read out the question.
>> GODSWAY: Do we have to empower in the global south?
>> JENNIFER CHUNG: Thank you, Godsway. Before I go to Carlos I'm wondering if anybody up here on the panel or in the room would like to answer Emmanuel's question? The question again is, you know, what international framework we have to empower law enforcement agencies in the global south. Read it again so we have some time to think about the answer. While you're ruminating on this answer for Emanuel, I'd like to go to Carlos. Please go ahead.
>> CARLOS VERA: Thank you again.
I think that one of the main words or concept we have to have is share. We share the room. We were in the same room yesterday in the hall, main hall with Joseph Gordon Leavitt and in one moment because saying aloud I love you and of course I say thank you, thank you. And this nice looking guy look at me and I say let's say guess what we have to say to government to big tech companies let's say accountability, responsibility cybersecurity decision making process is a shaded process. That's why we strongly support the multistakeholder process and share, share, share this is the key issue for all of us. Thank you.
>> JENNIFER CHUNG: Thank you Carlos that was a great analogy. Maybe Joseph Gordon Leavitt can solve all our cybercrime and security problems just drawing the attention and asking everyone that you need to share information.
>> He's got that Ph.D. of computer science.
>> JENNIFER CHUNG: We should call him to this room. That's how he will help us solve the IGF renewal all of that.
Dennis, please go ahead.
>> DENNIS BROEDERS: A short comment on my neighbor. Sharing would be fantastic. I love sharing. It's very nice but institutionally many of these organizations are biased against sharing. They have no interest in sharing or they have interested in sharing certain things but not other things. So we have to realize that while some of these corporation have goodwill many are in the business of making profit and they will share what they need to share. What we increasingly see now is we have larger and larger companies doing things that traditionally were public utilities but we have put them in the hand of private corporations who do not have a public ethos. They have private, they're there to make money. We sort of let it happen. That's one thing, but to sort of rely on ethical frameworks and asking them to share and basically rely on their goodwill I think is not the way forward. We have seen time and time again that when push comes to shove they will go for the dollar and not for the public interest.
>> JENNIFER CHUNG: If I may actually ask a follow‑up question because in your previous ‑‑ well in first intervention just now you said incentives are not there for sharing, what incentives do you think could oblige or could be to incentivize this sharing I guess for different parts and different organizations?
>> I think it varies. I haven't thought the whole thing through but the ISEC example shows you where competitors are actually able to agree on some common ground. Okay we all benefit if the transactions between us are safe. That's something where they go okay these where we can cooperate.
On other things I think the general rule is when industry starts saying no we'll do it ourselves, self regulate, ethical framework that means they're afraid of regulation. That's the only reason they're stepping forward to do this. That means that regulation may be the way forward. So you can't expect private companies to fully embrace a public task in a public way, right? That's not what they're there for but we have a long history of having private companies subject to certain rules to make sure the public interest is safeguarded. Not a new thing. We have been doing this for centuries. A way of organizing this in public and private properties this is the public interest, this needs to be safeguarded. I'm afraid it's regulation.
>> That is definitely one answer. Regulation does answer certain things but probably doesn't encompass everything as well.
I'm going to use moderator progressive to come back to Dejan, being in the D and S industry being part of CCLD I'm wondering if you have some reactions regarding this because of course dot Asia is an agency operator. We have to follow what our jurisdiction, what the kind of laws that we need to follow when we have court papers or court orders to do certain things that's how we take action but perhaps from the Serbians point of view are there similarities do you have thoughts on on this?
>> I still believe the information sharing is important. I gave recent example from couple days ago so we receive compliance for some international organization or NGO. I'm not sure what the moment they are and they were sending us couple of e‑mails and notification they find out those website are selling illegal weapons and there are many of those. We can say to them send those e‑mails to legal police and do whatever you want. But we tried to discover our data correct and also use our contact and public prosecutor office maybe to do something. Without is that information we can't do nothing. Now we have ten websites down with illegal content. Without sharing information we couldn't do anything. I think it's still important and related.
>> JENNIFER CHUNG: Thank you, Dejan. I'm actually having trouble pressing it having it a hot mic the whole time but not being able to press the mic to actually speak is also back. Inherent tension again with voice.
I don't want to leave the question unanswered that we received online from Emanuel, but I'm wondering if Latty or maybe Lia would like to address that question. The question is what international framework do we have to empower law enforcement agencies in the global south? I'm assuming empowering law enforcement agencies I guess maybe he means how they can take action because I feel like law enforcement is pretty empowered everywhere so maybe an adjustment to his question.
>> From my point of view I don't like to recommend Budapest convention or maybe the UN convention because I have any consideration of each of these two tests actually I think that convention was curated like convention for European Union countries and some countries around the world have adapted their leader framework but for example the reality of the global south countries are not the realities on cybersecurity or cybercrime the European countries. I don't want to say you should follow the recommendation of Budapest or UN cybercrime conventions. I think that we should take the best of both documents and see what is better or what fits in our local legal framework.
>> JENNIFER CHUNG: Thanks, Lia.
And Latty did you want to add to this.
>> I think I share her sentiments but just on that maybe just briefly is that South Africa we participate in the global forum on cyber expertise. So I think maybe that could contribute answering the question.
>> JENNIFER CHUNG: Pressing the button to actually speak.
There is one question that we actually received in the Zoom room. So if I could just have Godsway read out the question or I think it's maybe a comment.
>> GODSWAY: What are the global implications to the varied approaches adopted within the AI posture across EU and US and implications to service provider certifications? So that was the first question.
And should I read all or go on to the other? I think this question is quite long.
>> JENNIFER CHUNG: It is quite long but maybe just read the entire thing with respect to time.
>> GODSWAY: The second one: What does this mean for global south consumerism of these variable certified services? The implications of this AI posture on the cybersecurity and cybercrime posture is critical for global south.
So I think the first question is ‑‑ second one is based off the first one.
>> JENNIFER CHUNG: Thank you.
So while our speakers and others in the room think about this I want to see if there are any other questions online and in the room? Okay, please go ahead.
>> There is a lot of frameworks. Maybe we can jurisdictional but in issues like electronic comment of cybersecurity we need a legal framework from United Nation for example and they have several committees that works on specializes on these kind of things. So even that the law is jurisdictional with Africa restricted to one country we need a legal framework and some of the parties worked all the time providing this kind of legal framework.
Thank you.
>> JENNIFER CHUNG: Carlos, I don't see anymore hands or questions in the room. Nazar.
>> I just wanted to add on the Interpol it's called Interpol cybercrime directorate for the ‑‑ there are so many and even the ITU has one for the ‑‑ has one framework for the ‑‑ that can assist the local enforcement agencies, for example. The Interpol cybercrime directorate is one of those and I think Interpol for interregional and it plays a part in the local context as well.
>> JENNIFER CHUNG: Thank you for sharing that and reminding us about that. I think I'd like to ask our speakers in reverse order. So in the reverse order that I initially asked to you speak to just do a very quick wrap and really just one take away that you want us to really take away from this session. So I will begin with Latty, please.
>> I think maybe we've also seen from the question that was posed is that it is a need for harmonization. We need to harmonize our laws. We need global and regional collaboration in doing that and need to ensure there is inclusive governance. I feed maybe to leave us with one thing. Something that I mention before is that we need to prioritize human rights when talking cyber crimes, when talking cybersecurity because if we don't we risk widening the digital divide and maybe weakening human dignity. So let's not undermine as a globe and regions and countries.
>> Thank you, Latty.
Dennis, one take away?
>> DENNIS: Yeah, maybe I'll stick with my theme of information exchange. I mostly focus on the national level but if we look at the international level there is a lot to be gained. I think there really is a lot to be gained. We know it's possible. We have a global community of C certificates that are exchanging information and in a trust based system. I don't know if ISECs for example talk to each other in a sectorial way in a broader sense. This morning I heard a speaker from Albania saying they're really invested in sort of getting more information exchange in a regional way but I think getting that going and also find ago way to sort of get more private information into that mix that would be really good albeit not necessarily easy.
>> Jennifer: Thank you tennis. Leo.
>> I want to remark that capacity building and regulation is not enough. It's like they're not ‑‑ two topics that we should work separately. We should still increasing the capacities and the population from kids to the older generations and that in some countries any conventions or any reregulation that works that didn't mean that the regulation they're also going to work in your region or country we should take consideration politically geographically and economically before to adapt or cad adequate a regulation in any region of the word.
>> JENNIFER CHUNG: Thank you, Lia.
Dejan?
>> DEJAN; Thank you. I believe that permanent activities on improving security of systems and structure and following actual threats is a good approach. So also raising the awareness together with relevant partners on local and international level who bring them ‑‑ of course is important but usually very slow. So all of us have to do more before regulator find out the solutions.
Thank you.
>> JENNIFER CHUNG: Thank you. And I guess I'll leave the last word to Carlos.
>> CARLOS: Thank you. I'm not ‑‑ it's not easy for the ‑‑ to get the shaded process from government from international organizations, but we the citizens have not to forget that we are the boss really. If the government doesn't have the capacity to share the responsibility, their accountability and the decision‑making process, we can change the government. And if the company doesn't work observing the right condition of the consumers, we can change the company. We cannot buy their service. So we have a real power. We are not only passive actors. We are active actors and we have to use our power to also be part of the decision in these kind of things.
Thank you very much for everything.
>> JENNIFER CHUNG: Thank you, Carlos.
I do note that perhaps the person who asked the remote question didn't actually hear an answer to his question or her question but we're happy to take this to the NRI mailing list hopefully to get further experts to answer this. I'm not going to attempt to summarize which has been a very rich discussion especially on the many many issues that ‑‑ and many, many ways that different NRIs, different jurisdictions, countries are tackling cyber crime and on all the mitigation efforts inherent tension of info sharing the actual practices of, I guess, ccTLDs and registry operators and especially I would say most importantly with my bias on we need to make sure it's an inclusive governance we need to make sure the underserved the voices that always get left behind are not further left behind in this conversation about mitigating, about combating cybercrime and looking at best practices. So with that, I thank you all for your time. Thank you to the panelists. Thank you to the questions. Thank you to all in the room for a great session.
[APPLAUSE]