[governance] IGF substantial contributions - privacy aspects

Ralf Bendrath bendrath at zedat.fu-berlin.de
Fri Aug 4 11:44:11 EDT 2006 

Hi all,

the IGF secretariat has put online the substantial contributions they have 
received by now at 
<http://www.intgovforum.org/contributions_for_1st_IGF.htm>.

I have taken some time today to browse through them, with a specific 
interest in privacy and identity issues. Here's what I found.

Best, Ralf


1) ITU-T Study Group 17 work plan on Cybersecurity
<http://www.intgovforum.org/Substantive_1st_IGF/03%20-%20IGF-cybersecurity.doc>
--> refers to ID management infrastructures:
"(...) Security of identity in telecommunication network
• How to securely manage identity and federation among providers in
Telecommunication?
• Legal/Policy Considerations
• What are the minimum security requirements that regulators should
enforce on telecommunication providers and ISPs? (...)"


2) Council of Europe
<http://www.intgovforum.org/Substantive_1st_IGF/CoE%20submission%20to%20the%20IGF.doc>
--> Nice human rights fundamentals, along the lines of the Human Rights 
Caucus contrinbution (see below):
"(...) 21. However, much remains to be done and there are still many 
unanswered questions regarding the interpretation of rights in online 
situations which the IGF discussions could help to explore and map out. 
Important issues to address, and their human rights implications, include 
the privacy of correspondence or communications over the Internet (for 
example how a state should deal with third party interference) and the 
right to freedom of expression and information (for example censorship by 
non-state actors such as Internet service providers regarding their notice 
and takedown actions). Security and stability related issues should also 
continue to be examined from a human rights perspective. (...)"


3) OECD

- Task-Force on Spam
<http://www.oecd.org/dataoecd/63/28/36494147.pdf>
--> 115 pages thick and has a number of references t privacy and identity. 
One example related to our idea:
"(...) the Trusted Email Open Standard (TEOS) has been created by the 
ePrivacy Group. TEOS grew out of ePrivacy’s industry self-regulation 
program that aims to separate legitimate e-mail from spam. TEOS goes 
beyond authentication and creates a trusted identity for e-mail senders 
based on signatures in e-mail headers. Unlike the authentication 
signatures of DKIM, the TEOS signatures are visible seals in messages, 
certifying that the sender meets specified criteria. (...)" (p. 57f)

- They also provide a summary of OECD's work relevant to the IGF
<http://www.intgovforum.org/Substantive_1st_IGF/UpdatedOECD_CSA.doc>
"(...) E. Online Privacy
• The OECD Guidelines on the Protection of Privacy and Transborder Flows 
of Personal Data (1980) (...)
• The OECD Privacy Statement Generator  (...)
• The OECD Privacy Online: Guidance on Policy and Practice (2003) (...)"


4) ICC / CCBI: Several Contributions

- Employee privacy, data protection and human resources
<http://www.intgovforum.org/Substantive_1st_IGF/Employee.privacy.data%20protection.and.human.resources.pdf>
--> This is evil:
"Workplace monitoring is becoming acceptable and commonplace in many 
countries, although care needs to be exercised that the practice is 
consistent with local cultural values and traditions. Proportionate 
monitoring of electronic communications can be an essential part of 
corporate measures to foster the “culture of security” called for by the 
OECD Guidelines for the Security of Information Systems and Networks."

- Privacy Toolkit. An international business guide for policymakers
<http://www.intgovforum.org/Substantive_1st_IGF/privacy_toolkit.pdf>
--> old stuff from 2003, asking for a "flexible privacy protection approach"

- Standard Contractual Clauses for the Transfer of Personal Data from the 
EU to Third Countries
<http://www.intgovforum.org/Substantive_1st_IGF/Model.clauses.Toolkit.pdf>
--> nothing new, just the ICC's EU-approved clauses for data transfers


5) ICANN's Non-Commercial User Constituency (NCUC)
Privacy Implications of WHOIS Database Policy
<http://www.intgovforum.org/Substantive_1st_IGF/NCUC-IGF-Whois_privacy-2a.doc>
--> nice paper, supporting the GNSO Council position from May 2006:
"The purpose of the gTLD Whois service is to provide information 
sufficient to contact a responsible party for a particular gTLD domain 
name who can resolve, or reliably pass on data to a party who can resolve, 
issues related to the configuration of the records associated with the 
domain name within a DNS nameserver."


6) WSIS Civil Society Human Rights Caucus
http://www.intgovforum.org/Substantive_1st_IGF/HR_Athens.doc
"(...) the HR Caucus proposes that the IGF establish a task force on Human 
Rights and Internet Governance. The task force would particularly address 
current and future internet governance mechanisms for compliance with 
freedom of expression, privacy, and the rule of law (most notably due 
process and effective remedy). (...)"


7) Swiss Internet User Group: Internet Quality Labels
<http://www.intgovforum.org/Substantive_1st_IGF/SwissInternetUserGroup.txt>
--> based on the privacy seals concept, but also covering net neutrality 
etc., with some elaborated ideas on multi-stakeholder accountability.


8) Spanish Experts Group on Internet Governance and of Telefonica 
Foundation and Politécnica Madrid
<http://www.intgovforum.org/Substantive_1st_IGF/Sostenibilidad%20y%20Gobernanza%20IGFConference2006.pdf>
--> has a section on "Seguridad, Privacidad Y Confianza En Internet" 
(Security, Privacy and Confidence In Internet), but unfortunately, I can't 
read Spanish...


9) Vittorio Bertola

- The Internet Bill of Rights
<http://www.intgovforum.org/Substantive_1st_IGF/The%20Internet%20Bill%20of%20Rights.doc>
--> not directly discussing substance or even privacy here, but the 
history of past efforts and the pros and cons of an "Internet Bill of 
Rights". He's also preparing a workhop for the IGF on this AFAIK.

- An Introduction to Trusted Computing
<http://www.intgovforum.org/Substantive_1st_IGF/An%20Introduction%20To%20Trusted%20Computing.doc>
--> good summary of TC developments and governance issues.
"Privacy: TC systems are uniquely identified and recognizable, when 
performing the remote attestation mechanism; thus it is possible to track 
which software a specific PC is running, and perhaps also acquire further 
information. Potentially, if TPMs are not implemented in a publicly 
screened way, they could communicate back to manufacturers and other 
parties any kind of information and data from the user's PC, without the 
user even knowing it. This could allow manufacturers and other parties to 
spy what the user does with the device."


10) Misc contributions on security

Some other contributions are refering to security. I have not looked into 
them deeply, as I am more interested in privacy and identity management at 
the moment. Here's the list:

- Proposals of the Russian Federation to the Agenda of the Internet 
Governance Forum
<http://www.intgovforum.org/Substantive_1st_IGF/Proposals_RF_Agenda_of_Internet_Governance%20Forum.pdf>
-> "information security" again...

- The ITU-T Study Group 17 work plan on Cybersecurity
<http://www.intgovforum.org/Substantive_1st_IGF/03%20-%20IGF-cybersecurity.doc>

- Overview of ITU-D Mandate and Activities in Cybersecurity
<http://www.intgovforum.org/Substantive_1st_IGF/08%20-%20IGF-ITU-D%20Overview-cybersecurity%2021JUL06.doc>

- Government of Quebec
<http://www.intgovforum.org/Substantive_1st_IGF/gouvduquebec.pdf>

- Japan Business Federation
<http://www.intgovforum.org/Substantive_1st_IGF/proposals_for_igf_nippon_keidanren.doc>
--> "we strongly hope the following 6 issues preferentially discussed at 
the 1st IGF (...): Internet Security, Protection of Privacy, Spam, 
Capacity building, Balance of freedom of expression and regulation of 
contents, Multilingual support"

- European Information Society Group: Policing the Internet. 
Democratically accountable partnerships or self-protection groups?
<http://www.intgovforum.org/Substantive_1st_IGF/EURIM_IGF06paper.doc>
--> Scary but pretty smart stuff...
http://www.eurim.org.uk - who are they?

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list