Categories
Newsletter Newsletter N°2:

ITAC – an important contributor to the work of OECD’s ICCP Committee

By Jørgen Abild Andersen, Chair of the ICCP Committee

Given the rapidly changing technological, economic and social environment surrounding the Internet, multi-stakeholder processes have demonstrated the flexibility and global scalability required to address Internet policy challenges. The importance of effective participation by non-governmental stakeholders in policy work on the Internet economy was first highlighted in the OECD’s Ottawa Ministerial Conference on electronic commerce in 1998.

In June 2008, it was echoed in the Seoul Declaration, in which Ministers committed to “working collectively with all stakeholders.” The OECD Secretary-General highlighted the issue in his closing remarks in Seoul, where he called for a “process of formalising the participation of civil society and the technical community in the work of the OECD on the Internet economy.” And in its 2011 Recommendation on Principles for Internet Policy Making, the OECD Council called upon members to “Encourage multi-stakeholder co-operation in the policy development process.”

Through a process concluding in 2009 the Internet technical community joined civil society, business and labour representatives at the ICCP Committee meetings to assist government officials in grappling with many of the key policy issues raised by the Internet and new and emerging digital technologies.

ITAC is now a regular and highly appreciated contributor to the work of the ICCP,  weighing in on a range of issues that are essential to the healthy development of the Internet to the benefit of our economy and society, including the role of Internet intermediaries, cloud computing, ICTs and the environment, privacy, cybersecurity, identity management, and digital content, among others.

Recently ITAC has further increased its engagement with the work of the ICCP Committee, including by organising a roundtable discussion on cryptography policy at a meeting of the Working Party on Information Security and Privacy meeting in April 2013. It also co-organised with OECD a session on “Cybersecurity: throwing out preconceptions” at the 2013 Internet Governance Forum annual meeting in Bali.

The ICCP Committee and myself, as Chair of the Committee, look forward to a continued close working relationship and engagement with ITAC. This close working relationship will be especially crucial in the lead-up to the OECD Ministerial Conference on Internet issues being planned for 2016.

______________________________________________

Untitled1

 

Jørgen Abild Andersen is among the World’s most experienced government officials within the ICT area.

From 1991-2012 Mr Abild Andersen served as national telecom regulator in Denmark and he has in this capacity been responsible for implementing the liberalisation of the Danish telecoms market.

Prior to this he worked as Deputy Permanent Secretary in the Danish General Directorate of Posts and Telegraphs. During that period, he played a key role in the restructuring and privatisation of the Danish telecoms sector and in the establishment of competition within mobile communications.

With the establishment of the National IT and Telecom Agency in 2002, the portfolio of Jørgen Abild Andersen was extended to cover the whole policy range within the ICT area. His policy responsibilities included i.a. privacy, trust and security in the Information Society, eBusiness, eGovernment, eSkills, green ICTs, the national digital signature as well as broadband, DNS and radio spectrum.

Mr Abild Andersen gained a Masters of Law from the University of Copenhagen in 1975. He started his professional career as a civil servant in the Ministry of Public Works and for a three-year period he served as Private Secretary to the Minister.

From 2003 to 2004 Mr. Abild Andersen was chairing the European Commission’s Radio Spectrum Policy Group. In 2005, he served as Chair for European Regulators Group (ERG) and the Independent Regulators Group (IRG). From 2006 to 2012 he was Denmark’s representative at the European Commission’s i2010 High Level Group and the Commission’s Digital Agenda High Level Group respectively. In October 2009 he was elected Chair of OECD’s Committee for Information, Computer and Communications Policy (ICCP).

Categories
Newsletter Newsletter N°2:

The Commonwealth Cybercrime Initiative: A multi-stakeholder approach to capability building to combat cybercrime

By Dave Piscitello, ICANN and Lara Pace, Commonwealth Secretariat.

Addressing cybercrime on the Internet is a key requirement to ensure that the Internet remains a trusted space for interactions and growth in the digital economy. A multistakeholder approach is key to successfully address this challenge.  For example, The Commonwealth Cybercrime Initiative (CCI) is a collaborative effort of international organisations, governments, and the private sector to address cybercrime. Developed collaboratively with the COMNET Foundation for ICT Development, Commonwealth Telecom Organization, Council of Europe, Government of UK, and International Telecommunications Union CCI assists Commonwealth member states in building capacity to fight cybercrime.

CCI has adopted a unique and sustainable formula for operation:

  • Upon receiving a formal request from a Commonwealth member state, CCI sends a needs assessment team to conduct an in-country assessment. A typical team is composed of subject matter experts in criminal justice systems and information security, who assess the legal, technical, institutional and human capacity present in the requesting state.
  • The needs assessment team meets with a broad range of in-country agencies, private sector actors, and infrastructure operators and produces a thematic report that identifies areas where capability building is needed.
  • The requesting state reviews the thematic report and submits a further letter of request to COMSEC to help “fill the gaps” (assist in-country for the areas where capability building is needed).
  • CCI members cooperate to plan and execute on capability building. In this Phase two program, initiative members who have volunteered resources will work in-country to increase capabilities across a range of cybercrime-affected areas or operations, including national strategy and policy, legislative framework, criminal justice system capacity (including the training of law enforcement, judiciary, and prosecution), ICT infrastructure, establishment of Centres of Excellence and computer emergency response teams, public awareness campaigns, and facilitation of strategic partnerships with the private sector.

More than 30 organisations participate in CCI to coordinate available international resources, to extend assistance to member states, and to overcome mandate restrictions and funding limitations member states may encounter.  To date, CCI has carried out five needs assessments in the Caribbean and African Regions. Five governments have approved the thematic reports.

“Phase 2” programs are excellent examples of multi-stakeholder collaboration and contribution. For the Phase 2 program of work underway in West Africa, for example, the UK National Crime Agency is coordinating the delivery by Initiative members for criminal justice system capacity building, a public awareness program, preparation of ICT infrastructure to support cybercrime investigations, and legislative framework needs.

Consultations are currently underway in another four Commonwealth countries. It is expected that these will be launched in the first quarter of 2014.

_________________________________________________

PastedGraphic-1

 

Dave Piscitello has been involved in Internet technology for over 39 years. Dave serves as Vice president, Security and ICT Coordination, at ICANN, where he collaborates with the information security, DNS, and law enforcement communities on a diverse range of security issues related to the Domain Name System and domain name registration processes, including phishing, pharming, DDoS attacks, domain hijacking and other registration abuses. Dave serves on the Executive Management Committee for the Commonwealth Cybercrime Initiative.

Lara3

 

Lara Pace is Projects Coordinator for the Commonwealth Cybercrime Initiative. Previously, she served as coordinator of the Commonwealth Internet Governance Forum through which the Commonwealth Cybercrime Initiative was developed. Lara has been involved with (CCI) since inception and has formed part of the team that has driven the Initiative from concept to implementation. Currently Lara, coordinates all Country projects of CCI, liaising with both governments and Consortium organisations. She also facilitates the development of the Initiative into an established programme of the Commonwealth Secretariat.

Categories
Newsletter Newsletter N°2:

New Internet Domains on the Way

By Christine Willett, Vice President, gTLD Operations, ICANN

On October 23, 2013, ICANN delegated the first four new generic Top Level Domains (gTLDs) created under the New gTLD Program. This historic day marked the beginning of what will be the biggest change to the Internet since its inception. The day also represented the culmination of eight years of study, with extensive engagement with the Internet’s global, multi-stakeholder community, to bring these new gTLDs to market.

With the rollout, the Domain Name System (DNS) will expand from 22 gTLDs to possibly 1,300. These additional gTLDs will enhance competition, innovation and choice in the Domain Name space, providing a wider variety of organizations, communities, brands and Internet users with new ways to communicate and express themselves. The large number of applications received is testament to the enthusiasm for an expanded DNS.

The first four gTLDs delegated or introduced into the Internet’s Root Zone, the central authoritative database for the DNS, were:

  • شبكة (xn--ngbc5azd) – Arabic for “web/network”
  • онлайн (xn--80asehdb) – Cyrillic for “online”
  • сайт (xn--80aswg) – Cyrillic for “site”
  • 游戏(xn--unup4y) – Chinese for “game(s)”

Significantly, this first batch consisted entirely of Internationalized Domain Names (IDNs), which means they are written scripts other than the basic Latin alphabet. Delegating IDN gTLDs in the first wave was deliberate and a demonstration of ICANN’s efforts to create a globally-inclusive Internet, regardless of language or region.

At the time of writing, the number of new gTLDs delegated exceeds 30, with more domains being added each week in a measured rollout designed to avoid disruption of the DNS. The gTLDs from the Program will be introduced into the Internet securely and steadily over the next few years.

All Registries that operate these new gTLDs must pass a rigorous evaluation process and technical preparations and assessments to ensure the security and stability of the DNS is preserved. In addition, before the general public will be able to access these new gTLDs on the Internet, Registries still need to complete a final process built into the Program to protect trademark rights holders. Following this mandatory period, a Registry can make the new gTLD available to the general public at its discretion.

It is expected that the first gTLDs will become publicly available by the end of the year. For the latest information on the Program, please visit: http://newgtlds.icann.org/en/

___________________________________________________

ICANN_Christine Willett

Christine Willett is vice president of gTLD Operations for ICANN. With more than 20-years of experience in system integration, operations and client management, Willett joined ICANN in 2012 to oversee the operational rollout of the New gTLD Program.

Prior to ICANN, Willett co-founded and operated cobalt Professional Associates, a consulting firm in Southern California. Willett provided hands on consulting expertise on range systems implementation, internal audit, process reengineering, operational improvement, and other business needs.

Willett previously held positions in Program Management and Product Management at Viacore, Inc., delivering leading B2B process integration services. Christine launched her career by spending 11 year at Andersen Consulting (Accenture) where she specialized in large-scale, finance systems development and integration.

Willett has a bachelor’s degree in Materials Science Engineering from Northwest University.

Categories
Newsletter Newsletter N°2:

Open Standards and Innovation Empowerment

By Robert P. LaBelle, Senior Director, Strategic Innovation and Standards Solutions, IEEE Standards Association

For centuries, global standards have helped humanity achieve essential goals–enhanced public health and safety; technology innovation; market expansion and job growth; and the rollout of more sound and interoperable products at lower cost, among them. Global standards are underpinnings of innovation and social well being, and their value and necessity are coming into even sharper focus in the age of globalization.

Standards open new markets and applications and make broadly available proprietary knowledge for current and future innovative technologies. Globally open standards development forums help promote solutions and provide networking opportunities with and among cross national communities, creating vibrant, open ecosystems that provide multiple sources of readily available information and expertise.

As the global community strives to keep pace with technology expansion and to anticipate the technological, societal and cultural implications of this expansion, and as it faces the increasing intersection of technology with economic, political and policy drivers, embracing a market driven standards development paradigm that produces open standards and is inclusive of multi-stakeholders will help ensure strong integration, interoperability and increased synergies along the innovation chain.

The open standardization paradigm that enabled the success of the Internet provides a solid platform that enables participants involved and that addresses the challenges associated with increasing growth of a global marketplace, including the role that standards play in international trade and the inherent unpredictability of converging and emerging technologies on a global scale.

The globally open standards approach includes developing standards in communities that are grounded in universal openness and produced in a process that is open to the society of world experts without territorial restrictions. This open paradigm is driven by technical merit and harnesses global creativity and expertise through bottom-up collaboration. The approach results in the advancement of cutting-edge technology and empowers the rapid economic implementation of high-value, high-demand products and services with societal benefits. It drives technical innovation via processes that ensure direct, open participation, and which embrace different perspectives and interests to reach common goals. It produces standards developed according to accepted WTO principles, without borders to ensure a better future for all.

Working within a set of principles that advocates global cooperation and openness, provides for global interoperability and the building blocks for further innovation, and contributes to the creation of global benefit for humanity is core to unbounded market and trade growth and success through innovation. Globally open standardization processes and standards produced through a collective of standards bodies adhering to such principles are essential for technology advancement to ultimately benefit humanity, as the global expert communities address directly, in an open and collaborative way, such global issues of sustainability, cyber-security, privacy, education and capacity building.

_______________________________________________________

photo

Robert LaBelle is a Senior Director of Strategic Innovation and Standards Solutions at the IEEE, where he provides executive leadership to an elite team focused on technology ecosystems, technology lifecycles and emergent technologies and related strategic and innovation initiatives; providing a best-in-class portfolio of solutions to standards-related collaboration and consensus building communities; and dedicated to a superior experience for the diverse, global and multi-stakeholder constituency. Robert works to advance the technology and solutions footprint for the IEEE and drives efforts that result in a deep knowledge of and expansion of the organization into technology spaces, as well as related technology governance venues like those of the OECD.

 

Categories
Newsletter Newsletter N°2:

The Web of Applications

By Robin Berjon, HTML Editor, W3C

Over the past handful of years, the mobile application ecosystem has grown from a niche environment to become an integral part of the lives of many people. This opens up questions as to the value and place of the Web when so much apparent momentum seems to be directed at a competing set of solutions. Within this context, I was kindly invited last June to present on Open Web Standards at the OECD. I was happy to report there that news of the Web’s decline appear to have been largely overhyped.

To begin with, Web applications are very much with us. The HTML5 standard is on track to be finished in 2014 but is already massively deployed both on terminals and in content, and Web technology overall has benefited from impressive innovation velocity and high-paced competition between vendors.

In fact, Web applications are so mainstream that we have ceased to notice them. Facebook and GMail, to name just two of many, are undoubtedly applications and for the vast majority of their users accessed over the Web. Additionally, many mobile applications are, unbeknown to the user, built using Web technology. While that does not fully integrate them with the Web — for instance one cannot openly link into them — it does show how core the Web has become to our technological stack. It has matured to the point where major vendors such as Mozilla, Samsung, or Intel are now shipping operating systems entirely built on Web technology (FirefoxOS and Tizen).

On their side, mobile apps suffer from a number of issues. As described by GOV.UK in “We’re not ‘appy. Not ‘appy at all” (http://digital.cabinetoffice.gov.uk/2013/03/12/were-not-appy-not-appy-at-all/), while citizens massively use mobile services, mobile apps are rarely justified. The smartphone marketshare is such that even when going to the trouble (and cost) of targeting multiple phone systems, over half of the population remains excluded from information delivered through mobile apps. This makes them a particularly poor choice for PSI. Releasing an app has a higher cost for lower return, and the way app stores function distorts the market by instituting a tax on switching operating systems and enables privatised censorship.

That said, mobile apps do have an edge in specific areas. Some of those are rooted in regulatory issues, an example being the tangled mess that is the national and international payment regulations. It makes it far easier to funnel all application sales through a small number of large players and much harder to deploy an open payments system to counterbalance monopolistic accretion.

Other areas are more strongly technological. For those, the W3C is pushing to close the gap with mobile apps so as to continue advancing a Web for all, accessible and fully internationalized; a Web on everything, be it mobile, TV, automotive, or beyond; and a Web society supporting privacy and security for users and a level playing field of fair technology for innovative business of all sizes.

______________________________________________________________

robin-leidenRobin Berjon is a freelance expert in Web technology with over a decade’s experience in contributing to standards and open source projects. He currently works for W3C where he edits the HTML5 standard.

Categories
Newsletter Newsletter N°2:

IPv6 at the OECD

By Geoff Huston, Chief Scientist, APNIC

It was always intended that IPv6 would be fully deployed before we ever ran out of IPv4 addresses. We’ve managed to deviate from this plan. The regions of Asia, Oceania, and Europe have effectively exhausted their supply of IPv4 addresses, and we anticipate that North and South America will be in a similar position by the end of 2014.

Instead of deploying IPv6, we appear to increasing our reliance on what was intended at the time to be a short term mitigation.  Much of the recent growth of the Internet has been supported using Carrier Grade Network Address Translators (CGNs) in IPv4, where IPv4 addresses are shared across a number of customer connections.  There are some serious concerns about the long term implications of an Internet that increases its reliance on CGNs in this manner. A recent study from OFCOM in the UK points to risks of an emerging picture of incumbent dominance and decreasing competitive pressure in the Internet Service Provider sector, and an emerging ability for access carriage providers to decide what applications and services that will be accessed by their users, and the consequent ability for the access sector to impose terms and conditions on content providers in order to reach their customers.[1]

Were we to actually experience these outcomes, it would pose some serious questions for public regulators and policy makers. The risks of a failure in the ability of the Internet to maintain its essential openness and decentralized nature could lead to the contemplation of the prospect of a market failure in the larger Internet economy itself. The risks inherent in such a scenario underline the importance of the commitment made by OECD Member Country Ministers in the Seoul Declaration on the Future of the Internet Economy on the need to: “Encourage the adoption of the new version of the Internet protocol (IPv6), in particular through its timely adoption by governments as well as large private sector users of IPv4 addresses, in view of the ongoing IPv4 depletion.” [2]

We have been active within the OECD’s Working Party on Communication Infrastructures and Services Policy (CISP) in highlighting the risks associated with a failure to complete a timely transition of the Internet to IPv6. We have prepared material for the Working Party that describes in some detail the current state of the Internet’s transition to IPv6, and provides a commentary on this situation. We have also taken the lead in drafting recommendations to the OECD on possible actions by OECD Member Countries, and others, that would hasten the deployment of IPv6.

 


[1] “Report  on the Implications of Carrier Grade Network Address Translators” http://stakeholders.ofcom.org.uk/binaries/research/technology-research/2013/cgnat.pdf

[2] http://www.oecd.org/sti/40839436.pdf

geoff

GEOFF HUSTON, B.Sc., M.Sc., is the Chief Scientist at APNIC, the Regional Internet Registry serving the Asia Pacific region. He has been closely involved with the development of the Internet for many years, particularly within Australia, where he was responsible for the initial build of the Internet within the Australian academic and research sector. He is author of numerous Internet-related books,. He served on the Board of Trustees of the Internet Society from 1992 until 2001, and was inducted into the Internet Hall of Fame in 2012. He was a member of the Internet Architecture Board from 1999 until 2005, and remains an active member of the Internet Engineering Task Force. His current research interests include Inter-Domain Routing, the DNS and Security. His blog can be found at www.potaroo.net

Categories
Newsletter Newsletter N°2:

The Evolving OECD Privacy Guidelines

By Christine Runnegar, Director, Public Policy , Internet Society

2013 marks the 33rd anniversary of the OECD Privacy Guidelines. It is also the year that the OECD adopted the Revised Privacy Guidelines[1]. Much has changed in 33 years. Even the OECD has changed in that time. Since 1980, the OECD community has grown to include new members: Chile, Czech Republic, Estonia, Hungary, Israel, South Korea, Mexico, Poland, Slovakia, Slovenia; and two new advisory committees: CSISAC and ITAC.

In 2010, the OECD recognised that it was time to revisit the Guidelines, and after careful research and consideration as to how the privacy landscape has evolved[2], consultation with privacy experts, and thorough deliberation, the OECD adopted the Revised Privacy Guidelines in 2013.

How have the Guidelines evolved?

A new part has been added explaining how the “Accountability Principle” should be implemented. In particular, the Guidelines provide that data controllers should have in place a privacy management programme, be prepared to demonstrate that their respective privacy management programmes are appropriate, and provide notifications of significant data breaches.[3] Additionally, the guidelines make it clear that the data controller remains accountable without regard to the data’s location.[4]

Accountability-based approaches to legal compliance are likely to continue to gain popularity as they offer the potential of a more flexible approach, as well as a way to bridge diverse legal regimes and shift the resource burden from enforcement to compliance.

The changes to the principles governing transborder data flows seem subtle, but they are significant. Firstly, they now cover flows to non-OECD member countries. Secondly, although the text is still framed as “refrain from restricting transborder flows of personal data” the circumstances in which flows are not restricted are, arguably, narrower. Member countries now need to be satisfied that the recipient substantially observes the guidelines or that sufficient safeguards exist before they refrain from restricting transborder data flows.[5] However, the restrictions that may be imposed have been confined by the introduction of a requirement that they be proportionate to the risks presented[6]. How this works in practice remains to be seen.

The revisions regarding national implementation reflect the changing perspective on how best to achieve privacy protection. For example, they underline the importance of effective enforcement authorities. They also introduce the notion of a national privacy strategy and the idea of complementary measures such as the promotion of privacy-protecting technical measures.[7]

International cooperation has been expanded to specifically incorporate the concept of “interoperability”, strengthen cross-border enforcement cooperation, and encourage the development of internationally comparable metrics.[8]

One significant area that remains essentially untouched is “exceptions” (including, for national security). With different timing, this might not have been the case. However, as it presently stands, the guidance is minimal, i.e. that exceptions to the Guidelines should be: “as few as possible” and “made known to the public”[9]. It is abundantly clear that more work is needed to ensure that there are truly effective constraints and safeguards, plus a commitment to follow them. Here is a clear opportunity for the OECD to lead the way.


[3] See OECD Revised Privacy Guidelines, Part 3

[4] See OECD Revised Privacy Guidelines, Part 4, paragraph 16

[5] See OECD Revised Privacy Guidelines, Part 4, paragraph 17

[6] taking into account the sensitivity of the data, and the purpose and context of the processing. See OECD Revised Privacy Guidelines, Part 4, paragraph 18

[7] See OECD Revised Privacy Guidelines, Part 5, paragraph 19

[8] See OECD Revised Privacy Guidelines, Part 5, paragraphs 20-22

[9] See OECD Revised Privacy Guidelines, Part 1, paragraph 4

______________________________________________________

christine

Christine Runnegar is Director, Public Policy at the Internet Society, based in Geneva, Switzerland. Her current areas of interest include online privacy, security and identity. Christine contributes to the OECD’s work on privacy through the Internet Technical Advisory Committee (ITAC) and APEC’s work on the Cross Border Privacy Rules (CBPR) System through the APEC ECSG Data Privacy Sub-Group (DPS). She also participates in the Internet Architecture Board (IAB) Privacy Program, co-chairs the W3C Privacy Interest Group (PING), and works closely with other Internet technical experts on privacy and provenance. Christine also led the pilot Internet Society Copyright Working Group and the development of the Internet Society’s paper entitled Perspectives on Policy Responses to Online Copyright Infringement – An Evolving Policy Landscape.

Prior to joining the Internet Society in 2009, Christine was a Senior Executive Lawyer employed by the Australian Government Solicitor. As a lawyer for the Australian government, Christine worked in a variety of areas, principally in competition and consumer protection law, but also in administrative law, taxation law, privacy and freedom of information law, corporate regulation and commercial law, information technology, and communications law (specifically anti-spam law).

Christine holds Bachelor degrees in Law and Economics, and is a qualified arbitrator and mediator. She is qualified to serve as a panellist to resolve .au domain name disputes under the .au Dispute Resolution Policy.

Categories
Newsletter Newsletter N°2:

Experience of an ISOC fellow at the OECD: Big Data

By Keisha Taylor, Senior Manager, Business Planning and Research for TechSoup Global’s Global Data Services Programme

 In October 2012, I had the opportunity to participate as an ISOC fellow to the OECD Foresight Forum. OECD Foresight Forums provide an avenue to collaboratively identify and address opportunities and challenges for the Internet economy posed by technical developments. The theme was Harnessing data as a new source of growth: Big Data analytics and policies an issue I have been working on for some time.

Key takeaways (further developed in an interview on TechSoup Global) for me included :
1. The concept of liability for not using Big Data.
2. The democratisation of data through new tools and technology
3. How to innovate without jeopardizing privacy and with ethical consideration
Working as the Global Data Services – Senior Manager for Business Planning and Research at TechSoup Global, I am constantly thinking, researching and writing about ways that open data and big data can be used for scaled social impact. This includes considering how to ensure inclusion of and use of data by and for civil society organisations and civil society in general. Analysing ways this can be done sustainably is also a key part of this work. One of the projects TechSoup Global is working on is the very ambitious and potentially groundbreaking BRIDGE project. This is being run through a 4 organisation partnership of which they are a part and the aim is to create a unique ID for NGOs globally to help improve interoperability of NGO data. TechSoup Global is also developing an opensource, big data infrastructure for the social benefit and philanthropic sector, which will enable a “give and get” online marketplace for philanthropy and broader social impact. This will start off with TechSoup’s products and services and will subsequently add other services individuals or institutions want to provide or access. It is a really exciting project and some of the discussions on both opportunities and pitfalls of big data that occurred at the OECD Forum have already contributed to frame thoughts on this issue.
______________________________________________________________

Keisha-Colorsmall

 

Keisha’s interests lies in the use of technology and data for development, data communications, digital inclusion, and also data privacy and protection. She is currently Senior Manager, Business Planning and Research for TechSoup Global’s Global Data Services Programme. She was an Internet Society Fellow to the 2012 OECD Technology Foresight Forum, “Harnessing data as a new source of growth: Big data analytics and policies” and successfully completed the DiploFoundation’s 2010/2011 Internet Governance Capacity Building Programme. Data privacy and protection was one of the ICT policy areas which held her focus for the programme, during which time she wrote about “Intergovernmental organisations’ (IGOs) sharing and linking open and real time data for inclusive governance; development effectiveness and protection of privacy and security”. She has an MA in International Relations from the Universiteit van Amsterdam in the Netherlands and a BSc. in Sociology from the University of the West Indies in Trinidad and Tobago.

Categories
Newsletter Newsletter N°2:

Review of the OECD Security Guidelines: is the OECD Capable of Addressing Civil Society Concerns?

By Roger Clarke, Principal of Xamax Consultancy Pty Ltd, CSISAC member

The OECD is revisiting the Security Guidelines[1] that it first published over a decade ago. The Security Expert Group that is helping with the review of the Guidelines includes public interest advocates, coordinated through the Civil Society Information Society Advisory Council (CSISAC). Advocates have access to documents in advance, and at least some voice. On the other hand, physical participation in meetings is hampered by a lack of budget for the time and travel costs of the professionals who represent the interests of civil society.

To understand the OECD’s current security work, it is important to appreciate that many different scope definitions exist.  As explained in [2], security discussions can be carried on at the level of data, of an IT artefact, or of an organisation;  or they can take much broader views, including those of people affected by an IT artefact, industry sectors and segments (as occurs in discussions of critical information infrastructure), a local or national or regional economy, or a society – or indeed they can reflect the needs of the biosphere (thereby encompassing carbon markets and global warming).

The OECD’s 2002 Security Guidelines addressed only the lowest level of those alternative scope definitions. The revision is intended to have broader scope “by realigning their perspective and language with the high-level economic and social objectives pursued by governments, businesses and individuals in the development of cybersecurity policies”. But is the OECD moving far enough? Will its new approach have sufficient scope to serve the world’s needs for the next decade?

A meaningful dialogue cannot be achieved if each stakeholder clings to their own perspective, and insists on their security being paramount and everyone else’s security being secondary or even illegitimate. A particular concern during discussions has been the failure of the corporate and government participants to recognise the significance of the perspective of external users and usees. That stakeholder group lacks either institutional or market power, and its interests have suffered greatly during the period of national security extremism that has followed 9/11.

If the OECD’s revision of its Security Guidelines is to satisfy social as well as economic needs, it must:

  • reflect the many alternative scope definitions applicable to security discussions
  • recognise the complete set of stakeholders
  • recognise the legitimacy of each of their perspectives
  • ensure that each stakeholder group is empowered

Further, the process, and the product, need to respect the meta-principles of evaluation, consultation, transparency, justification, proportionality, mitigation, controls, and audit[3]. Current negotiations around the world variously fail all eight meta-principles (e.g. the Trans-Pacific Partnership process),  fall badly short on most of them (e.g. the Internet Governance processes within the International Telecommunication Union), and address all or at least most of them quite well (e.g. the Internet Governance Forum).

Where will the new OECD Security Guidelines lie on that scale? Will the OECD seek to sustain the dominance of governments and corporations over policy agendas, or will it point towards a better future in which the eight meta-principles are applied, and security’s many scope-definitions and stakeholder perspectives are reflected?


[1] OECD (2002) ‘OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security’ Organisation for Economic Co-operation and Development, at http://www.oecd.org/dataoecd/16/22/15582260.pdf

 

[2] Clarke R. (2013) ‘Whose Security? The Politics of Alternative Scope Definitions’ Xamax Consultancy Pty Ltd, 2013, at http://www.rogerclarke.com/EC/WS-1301.html

[3] APF (2013) ‘Meta-Principles for Privacy Protection’ Australian Privacy Foundation, April 2013, at http://www.privacy.org.au/Papers/PS-MetaP.html

_________________________________________________________

CanberraHyatt-061123-Crd

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in Cyberspace Law & Policy at the University of N.S.W., and a Visiting Professor in the Research School of Computer Science at the Australian National University.  He is Secretary of the Internet Society of Australia (ISOC-AU), and Chair of the Australian Privacy Foundation (APF).

 

Categories
Newsletter Newsletter N°2:

ITAC Member Spotlight: InternetNZ

By Jordan Carter Chief Executive of InternetNZ

InternetNZ[1] is a membership based non-profit organisation with a number of roles: it manages the .nz ccTLD, it advocates for an open and uncapturable Internet in New Zealand and around the world; it provides a platform for debate where New Zealanders can help shape the Internet’s development, and it provides community funding through grants and partnerships with others.

Established in 1995, the organisation has several hundred members. The .nz ccTLD is managed through two subsidiary organisations: the Domain Name Commission (the regulator and policy agency), and NZ Registry Services (the registry and DNS operator).

A major focus for InternetNZ is policy and advocacy work. The work we do contributes to public policymaking and Internet Governance matters in New Zealand and through global forums such as ICANN and the IGF.

Our policy perspectives are founded on a desire to protect and promote the open Internet, and ensure it is not captured by any particular sector or economic interest. Policy principles[2], which were developed with reference to the OECD’s Principles for Internet Policy-Making, guide all our work. The transparency this provides is welcomed by our partners and those interested in our work.

Policy matters discussed in recent years include analysis of the economic benefits of the Internet; advocacy for transparency and intelligent IP law in ACTA and the Trans-Pacific Partnership; pro-consumer regulation of telecommunications infrastructure; support of IPv6 rollout in New Zealand.

In developing its views, InternetNZ includes major Internet stakeholders, and often brings together a wide range of interests to debate and develop positions on topical matters. We do this with our members, and more broadly through NetHui, New Zealand’s national Internet Governance Forum. InternetNZ organises the event and substantially funds it. Along with other subject specific workshops and events, this provides a way for the public to help shape the Internet’s development.

Through community funding initiatives – grants for Internet projects and research, and strategic partnerships for like-minded organisations (for example, the NZ Network Operators Group, or NetSafe), we support the development of the local Internet ecosystem.

By participating in ITAC, InternetNZ aims to contribute its wide range of perspectives and expertise in the work of the  Committee for Information, Computer and Communications Policy (ICCP), and contribute to the work of the OECD on Internet issues.


[2] Available at https://internetnz.net.nz/content/Policy-Principles

________________________________________________________

jordan-carter_0

Jordan Carter was appointed as Chief Executive of InternetNZ in August 2013. His background as an Internet policy expert was developed at InternetNZ in previous roles (most recently as Policy Director 2009-2011), and as a private consultant in Wellington New Zealand up until 2013. His main specialist expertise is in telecommunications regulation, while his focus at InternetNZ is understanding and sharing the gains the Internet can offer to the country’s and the world’s economic, social and cultural life.