[bestbits] RE: IGF plus

michael gurstein gurstein at gmail.com
Sun Aug 25 23:36:29 EDT 2013 

Hi Andrew,

 

I think before we start thinking about an IGF+ we need to be thinking about
getting some kind of "formalization" (democratization etc.) in the MS
processes that are at the core of the IGF etc. Until experiences like mine
with the selection process for the ECWG are worked through and some
determination is made as to what constitutes a "stakeholder" group  and
under what sort of governance/transparency/accountability structures those
operate within I think it is seriously premature to be thinking about an IGF
that is capable of working through to Soft Law or whatever.  This isn't to
say that we should be working in that direction but just to say that if the
fundamentals aren't taken care of, everything that follows is suspect.

 

M

 

From: bestbits-request at lists.bestbits.net
[mailto:bestbits-request at lists.bestbits.net] On Behalf Of Andrew Puddephatt
Sent: Sunday, August 25, 2013 7:38 PM
To: bestbits at lists.bestbits.net
Subject: [bestbits] RE: IGF plus

 

Hi everyone

 

I'm collecting material and ideas for the debate on internet governance that
is coming up.  One of the option that has surfaced at previous meetings is
that of an IGF plus - an IGF with powers to make Recommendations or
Declarations - soft law in effect.  I'm interested in whether anyone has
written a paper on this or has an material relevant to the idea and how it
would work in a multi-stakeholder environment (I'm assuming that, however
constructed, any recommendations/declarations would require consensus among
participants).  Anything out there I'm not aware of?

 

One model I'm interested in (in terms of mandate) is the World Health
Organisation (WHO) which acts as a coordinating body for global health
policy which is then implemented by national and international health
agencies. The WHO primarily makes recommendations and has no power to
directly intervene in national health systems but is widely respected.  It
monitors threats to public health and has its own projects and programmes.
But the WHO is governmental and frequently gets caught up in international
geo-politics although there are now calls for it to become multi-stakeholder
and involve philanthropic foundations, businesses, public/private
partnerships and civil society.

 

Any thoughts at this stage are most welcome.

 

 

 

And I guess a lot of you have seen this piece from the Financial Times re
the surveillance issue and a proposal from the IETF



Key architects of the internet have started to fight back against
<http://www.ft.com/intl/cms/s/0/a56b054e-fa58-11e2-98e0-00144feabdc0.html?si
teedition=intl> US and UK snooping programmes by drawing up an ambitious
plan to defend traffic over the world wide web against mass surveillance.
The  <http://www.ietf.org/> Internet Engineering Task Force, a body that
develops internet standards, has proposed a system in which all
communication between websites and browsers would be shielded by encryption.
In practical terms that would be akin to extending the sort of secure
communications that banks and retailers like
<http://markets.ft.com/tearsheets/performance.asp?s=us:AMZN> Amazon use to
protect their customers across the world wide web. While
<http://www.ietf.org/proceedings/87/slides/slides-87-httpbis-3.pdf> the plan
is at an early stage, it has the potential to transform a large part of the
internet and make it more difficult for governments, companies and criminals
to eavesdrop on people as they browse the web. At present, only a fraction
of all websites - typically those that handle financial information -
encrypt data when communicating with web browsers.

 

"There has been a complete change in how people perceive the world" since
whistleblower Edward Snowden disclosed the extent of US surveillance
programmes earlier this summer, said Mike Belshe, a software engineer and
IETF member who helped develop
<http://markets.ft.com/tearsheets/performance.asp?s=us:GOOG> Google web
browser Chrome.  "Not having encryption on the web today is a matter of life
and death," he said.

 

The IETF push for greater use of encryption comes alongside calls from top
internet and privacy groups for fundamental reforms of the laws governing
the web. In a letter to the FT published this weekend, top groups including
web founder Tim Berners Lee's World Wide Web Foundation call for a "reform
of the status quo" online. "Online privacy is being eroded at a breakneck
speed by blanket surveillance, and unless steps to reform are taken
immediately, the notion of free and secure online communications will be
relegated to the annals of history," they write. "Blanket government
surveillance by default, with laws enforced in secret, will always be
unacceptable." 

 

The IETF, which operates through the "rough consensus" of its members, has
been instrumental in shaping the technical infrastructure of the web since
it was founded in 1986.   While the body cannot force the adoption of its
standards, it is highly influential and its membership includes employees of
the world's biggest internet companies including
<http://markets.ft.com/tearsheets/performance.asp?s=us:GOOG> Google,
<http://markets.ft.com/tearsheets/performance.asp?s=us:MSFT> Microsoft and
<http://markets.ft.com/tearsheets/performance.asp?s=us:AAPL> Apple.  But at
its conference in Berlin this month, IETF members reached "nearly unanimous
consensus" on the need to build encryption into the heart of the web, said
Mark Nottingham, a developer who chairs the IETF working group on HTTP, a
data access protocol that underpins the web. "There are a lot of people who
want this to happen," he said.  

 

Mr Nottingham cautioned that it was "very early days" and said the proposal
would need to undergo extensive discussion within the broad web community
before it could be implemented. Exactly how the plan would work has yet to
be decided.

 

But at present the idea is to mandate the use of
<http://www.ft.com/intl/cms/s/0/d2e6a89c-5a0d-11de-b687-00144feabdc0.html>
Transport Layer Security (TLS), a cryptographic protocol, in the next
version of HTTP, which is planned for 2014.  It would then be up to
companies behind web browsers and web servers to put the new standards into
practice.  

Google and Twitter are among several big companies that have
<http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0250.html> long
called for more encryption of web traffic. Chrome, Google's popular web
browser, already allows people to  <https://www.eff.org/https-everywhere>
encrypt their activity when browsing any of the company's websites.

However, security experts said that while TLS encryption would make
surveillance more difficult, it was far from foolproof.

 

"If you're looking for a silver bullet to make people's personal traffic
impossible to break, this won't be it," said Sam Curry, chief technologist
at RSA, a computer security company.  Hackers, especially those with
substantial computing power, would find ways to crack the encryption or get
around it by exploiting other vulnerabilities in the network, he said.
Nonetheless, he added: "Anything that improves trust in the digital world is
a noble aim."

 

 

 

Andrew Puddephatt | GLOBAL PARTNERS DIGITAL

Executive Director

Development House, 56-64 Leonard Street, London EC2A 4LT

T: +44 (0)20 7549 0336 | M: +44 (0)771 339 9597 | Skype: andrewpuddephatt
gp-digital.org

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20130826/2869ddcb/attachment.htm>

More information about the Bestbits mailing list