-
>> Good afternoon again
and welcome to GW.
-
My name is David Dolling and
I'm the Dean of the School
-
of Engineering and
Applied Science here
-
at the George Washington
University.
-
I don't think it would
be news to anybody
-
that there's been a lot of
documents out there recently
-
with respect to cyber security.
-
We've seen the White
House's executive order aimed
-
at protecting our
critical infrastructure.
-
We've seen a report from the
Security Company Mandiant
-
that exposed a Chinese
military hacking group.
-
And very much in the news
now although it's faded
-
after the press conference
yesterday afternoon have been
-
documents related
to NSA's prison
-
and telephone surveillance
programs.
-
Well today, we are
very fortunate
-
that have several
experts with us
-
to discuss their various
view points on surveillance
-
on cyber security and the
future of the internet.
-
As we try to be secure
while protecting privacy,
-
we do need to be guided by
knowledge from many disciplines
-
and in fact, this was stated
quite explicitly last December
-
at the launch of the GW
Cyber Security Initiative.
-
The initiative's chairman,
-
former DHS Secretary Michael
Chertoff spoke of the need
-
for university's
like ours and others
-
to give students an
understanding of the triad
-
of technology, business
policy and how they interact
-
to create difficult cyber
security challenges.
-
While I'm on the podium here,
I'd like to just take advantage
-
of a captive audience because I
know you all too polite to cheer
-
or get up and move out to say
a few things about the School
-
of Engineering and
Applied Science here at GW
-
which is a very thriving
and growing enterprise.
-
Our Department of
Computer Science
-
in fact anticipated
Secretary Chertoff's remarks
-
by launching last fall
the Master of Science
-
in Cyber security in our
Computer Science Department.
-
It's the first program
-
in Washington DC designed
specifically to respond
-
to the large and
fast growing need
-
for technical cyber
security experts locally,
-
nationally, and internationally.
-
Underscoring our commitment
here to cyber security education
-
and public service, our NSF
-
and DHS sponsored CyberCorps
scholarship programs.
-
These programs fund students who
are going to be future leaders
-
in the federal government
on cyber security
-
and indeed some of
them already are.
-
Each week, the CyberCorps
students meet in class often
-
with current or former
federal employees as well
-
as industry experts to learn
-
about the major cyber security
issues so they're prepared
-
to meet the challenges that
will certainly great them
-
after they graduate
here and take jobs.
-
This course which was
previously only available
-
to CyberCorps students is now
available to all GW students
-
as a hybrid cause
conducted mostly online
-
with the short intensive
-
in person learning
experience or the beginning.
-
Starting next year,
some doctor or students
-
in the graduate school
of education
-
and human development
here at GW on human
-
and organizational learning
will also be taking this class a
-
required part of their
cyber security focus.
-
Well, let me say that
today's event which looks
-
to be very well populated
and looks like it's going
-
to be very interesting
is sponsored
-
by the cyber security policy
in research institute.
-
We abbreviate that around
here to CSPRI of the School
-
of Engineering and
Applied Science.
-
In addition to overseeing
the CyberCorps program,
-
it facilitates and execute
into disciplinary research
-
in education in cyber
security across GW.
-
One example of this is its
work with the graduate school
-
of education in human
development supporting the
-
national cyber watch
center in a joint project
-
to develop the nation
cyber security workforce.
-
More information on that program
-
on CSPRI Cyber Security
Scholarships and School
-
of Engineering and Applied
Science can be found
-
in the material available
the registration desk.
-
We're happy to have
as a cosponsor
-
of this event today the internet
society and it's my pleasure
-
to now introduced Paul
Brigner, Regional Director
-
of the North American Bureau at
the Internet Society to come up
-
and tell you a few
words about it
-
and its role and
in today's event.
-
So, on behalf of GW, the
School of Engineering
-
and Applied Science,
CSPRI and the Department
-
Of Computer Science,
welcome to GW
-
and I hope you have
a great afternoon.
-
Thank you.
-
[ Applause ]
-
[ Pause ]
-
>> Thank you Dr.
Dolling and thank you
-
to the George Washington
Cyber Security Policy
-
And Research Institute
for partnering
-
with us on this event today.
-
And thanks to all of
you for joining us
-
and that means not everyone here
in the room but also to those
-
who are at a remote
hub in New York City.
-
That remote hub is
being sponsored
-
by the internet societies
New York chapter.
-
I know we don't have
a good view of them
-
with the camera right
now but what's going
-
to happen is they
will walk up to
-
that camera and ask questions.
-
And by the way, they've
been meeting
-
on this topic already
this morning.
-
They've had their
own meetings today,
-
so maybe that gives you an idea
of how passionate that group
-
of individual is about
the topics we will be
-
discussing though.
-
So, thank you to the New York
chapter for getting together
-
to join us as remote hub.
-
And definitely, thank you
to all those on live stream.
-
We have a very good crowd
already gathering on live stream
-
to watch us from
all over the world.
-
My first order of business today
is makes sure that you're aware
-
of the internet society.
-
If this is the first time you're
joining from one of our events,
-
we are a global nonprofit
cost driven organization
-
with a very straight
forward vision.
-
That is the internet
is for everyone.
-
We work to achieve that vision
-
by promoting the open
development evolution and use
-
of the internet for the benefit
-
of tall people throughout
the world.
-
Some of our key functions
involve facilitating the open
-
development of standards,
protocols, administration
-
and a technical infrastructure
of the internet.
-
Supporting internet education
in developing countries.
-
Promoting professional
development in community meeting
-
to faster greater
participation and leadership
-
in areas important to the
evolution of the internet
-
and fostering an environment
for international cooperation,
-
community and a culture
-
that enables internet
self governance.
-
Well, I saw staff lead specific
projects on these topics.
-
Much of our work is achieved
through the work of our members
-
and chapters around the world.
-
And speaking of chapters,
-
I would like to give
special recognition
-
to the local DC chapter.
-
I am very fortunate that our
headquarters is just not far
-
away in western Virginia so
I'm able to interact personally
-
with our DC chapter
on a regular basis.
-
And I can attest to the fact
-
that they are really a
first class group of people
-
that regularly hold very
interesting meetings related
-
to the internet societies
mission.
-
So, if you're a local
and you're not involve,
-
you're really missing out, I
do hope you will get involved.
-
And if the leaders who are here
-
from the internet society DC
chapter would stand briefly,
-
I just want to make sure
that you're recognized.
-
So, great.
-
So, you know who they are.
-
Please make a special
effort to talk
-
to them today during
this event if you'd
-
like to get involve
with the chapter.
-
[ Pause ]
-
One of my key functions
at the internet society is
-
to work closely with our
chapters in the region not only
-
to plan iNET events like this
but to assist with their events
-
and to have an open
dialogue on policy issues.
-
That dialogue in turn
helps me and my colleagues
-
at the internet society to form
our policy positions and help
-
to set the agenda for
our regional meetings
-
like the one we are
attending today
-
and that brings me
to today's agenda.
-
The topic of this iNET
has really been driven
-
by the interest of our members
-
in the North American
region and around the world.
-
It so happens today that one of
our panelist is the President
-
and Chief Executive Officer
-
of the internet society
that's Lynn St. Amour.
-
So, she will have
the opportunity
-
to address the concerns
of our constituency today.
-
Now, without further delay,
-
I would like to introduce
Professors Lance Hoffman.
-
He is the Director of the Cyber
Security Research and Policy--
-
I'm sorry, the Cyber
Security Policy
-
and Research Institute here at
George Washington University.
-
I first met Professor Hoffman
when he sponsored a debate
-
on PIPA and SOPA and
I knew that he was,
-
based on that experience, I
knew that he was game to talk
-
about some very controversial
topics.
-
So, I guessed right, he
was interested in talking
-
about this one as well and
it's been really a pleasure
-
to partner with him
on this event.
-
So, I want to sincerely
thank you for that.
-
It's really been a
great experience.
-
I'd also like to thank all
of our fantastic panelist
-
who have agreed to
speak here today.
-
We really have an all
star group of people
-
who have taken their time out
to share their views with you.
-
I'd like them all to come up
and take their sits on stage now
-
if they would and I
will turn this event
-
over to Professor Hoffman.
-
One thing I forgot to mention
is that if you want to Twitter
-
or tweet about this event,
-
please use the hashtag
iNET DC, iNET DC.
-
Thank you all over much.
-
[ Applause ]
-
[ Noise ]
-
[ Inaudible Discussion ]
-
>> Good afternoon everybody.
-
Let me add my welcome to that of
Dean Dolling and to Paul Brigner
-
and let me also thank the
internet society, our cosponsor
-
for this event for
their programmatic
-
and financial assistance
in making it possible.
-
I also want to thank from
CSPRI, my Associate Director,
-
Dr. Costis Toregas and our
intern and research assistance
-
who have worked on this and are
helping here today tray hair
-
[phonetic] Dustin
Benanberg [assumed spelling],
-
Jaime Moore [assumed spelling],
-
and Greg Ziegler
[assumed spelling].
-
My role today is to set the
stage for our excellent panel
-
and into moderate that panel
discussion on cyber security
-
in the future of the internet
given the recent revelations
-
about prism and other
surveillance programs.
-
The panelist of each degree
to summarize their thoughts
-
in a four minute statements
so we could have lots of time
-
for questions from the
audience including the audience
-
in cyber space.
-
After the audience question and
answer session in a short break,
-
participants will return for
a very interesting session
-
around table discussion where
we will see their world views
-
on this, where there
world views agree,
-
and where there are tensions and
talk about this in a round table
-
which will be informed by
their previous statements
-
and the audience
questions before hand.
-
I'm delighted that
for this event,
-
we will have an experience
moderator Professor Steve
-
Roberts leading the
round table discussion.
-
Many of the students and
faculty here may recognize Steve
-
as the superior professor
of media
-
and public affairs here at GW.
-
But others including
those viewing on this
-
on the internet maybe
more familiar with him
-
from his appearances
as a commentator
-
on many Washington
based television shows,
-
as a political analyst
on the ABC radio network,
-
and as a substitute host
on NPR Diane Rehm Show.
-
Another rule where he-- this
is material from experts
-
and clarifies it to facilitate
informed public discussion.
-
But before the round table,
-
let me identify the
participants on stage.
-
We will not have lengthy
introductions here
-
since their bio sketches have
been made available to you
-
in the brochure which you
have gotten or can get
-
at the registration desk.
-
But anyway, let me
introduce very briefly
-
and you see their name
tags in front of you,
-
Danny Weitzner is the
Director and Cofounder
-
of the MIT Computer Science
-
and Artificial Intelligence
Laboratory.
-
>> Not the whole lab.
-
>> Not the whole lab?
-
>> I'll explain.
-
>> OK. Lynn St. Amour
is the President and CEO
-
of the Internet Society.
-
Let's see, who's next.
-
Laura, Laura DeNardis
is professor of School
-
of Communication at
American University.
-
Melissa Hathaway is President of
the Hathaway Global Strategies.
-
Let's see.
-
Who's down there?
-
I don't have you on my list.
-
>> Oh no.
-
>> I apologize.
-
>> That would me.
-
>> Oh Randy, of course.
-
Randy from-- I don't have here.
-
I mean, OK.
-
Randy-- where are you from?
-
I'll let you introduce yourself.
-
I'm sorry.
-
[Inaudible Remark]
-
>> I'm the University
IT Security Officer
-
at Virginia Tech.
-
>> I didn't want
it to get it wrong
-
and say something
wrong-- wrong university.
-
Sorry Randy.
-
OK, let's see.
-
Leslie Harris is from Center
for Democracy and Technology.
-
And last but not the least,
John Curran, President and CEO
-
of American Registry
for Internet Numbers.
-
OK, so without further ado, I am
going to suggest to be each go
-
down the-- I have to
decide, I'm going to leave it
-
to I guess either Danny or
John on who wants to go first.
-
>> No, no, no.
-
Go ahead.
-
>> John?
-
>> OK.
-
>> OK?
-
>> OK John, go on.
-
Four minutes please.
-
>> Well, thank you.
-
I'm happy to be here and I
want to thank the opportunity
-
to present at this panel.
-
Keeping my remark short,
I will say that we're
-
in an interesting period of
time with respect to the future
-
of the internet and
how it's governed.
-
People may not realize
it but the fact is,
-
there is a coordination
function that's existed
-
since the earliest days of the
internet which is necessary
-
so that we can actually
use the internet
-
so that it actually functions.
-
For example, computers
-
on the internet have
unique identifiers.
-
Several, actually, one of
them is the IP addresses
-
which is part of what
Aaron [assumed spelling] is
-
involved in.
-
We can't have computers
using the same IP addresses.
-
Every computer needs
its own IP address.
-
Likewise, there's coordination
of things like domain names
-
to make sure that a
domain name is a sign
-
to one organization,
et cetera, et cetera.
-
This is called technical
coordination
-
and it's been a function of the
internet, necessary function
-
for the protocols
to work as designed
-
since the very beginning.
-
People may not realize that
this use to all be done
-
by one gentlemen, Dr. Jon Postel
who we no longer have with us
-
but was an amazing individual.
-
And in the late '90s, we
actually went about setting
-
up infrastructure to enable
this technical coordination
-
so that IP addresses and
domain names could be available
-
to everyone globally for
their use on the internet
-
but coordinated so that
they actually interoperated
-
so that they work as expected.
-
This structure involves
a lot of organizations.
-
Aaron is one, there're five
regional registries throughout
-
the globe.
-
Aaron is the one that handles
North America, so with Canada,
-
the United States and about
half of the Caribbean.
-
Though there are four
other regional registries
-
and then there is the DNS
coordination that goes
-
on through organizations
such as ICANN.
-
The international
coo-- [laughs].
-
Sorry. International--
[Noise] --
-
Organization for assigned
Names and Numbers.
-
So, the fact is that these
bodies all work doing technical
-
coordination is very important.
-
But, they've been doing it based
on a historical trajectory.
-
A trajectory that originated
with projects and programs
-
out of the US government
which have
-
since been increasingly
moved out to independence
-
but were not quite there yet.
-
In fact, some of you maybe aware
that these organizations were
-
under supervision somewhat
indirect but still supervision
-
of program such as NTIA in
the department of commerce.
-
And so, one of the things that
we now find ourselves facing is
-
that there is a unique
role in the US government
-
with respect to the internet.
-
And this unique role is one that
is based on-- it's experienced.
-
It's a steady hand,
behind the scenes,
-
helping the internet
mature and grow.
-
Recently however, we've now
seen that there's another hand
-
that maybe busy doing
other things
-
such as surveillance
in cyber security.
-
And so, the question that comes
up is how do we reconcile those?
-
How do we reconcile an open
global transparent internet run
-
for everyone with
the possibility
-
that there is also surveillance
going on and other things
-
that may not meet
the expectations
-
of global internet users.
-
And so, this is the
challenge in front of us.
-
It's particularly
highlighted because of the fact
-
that the US governments
unique oversight role in this
-
and it's brought
to the forefront
-
by the recent discussions where
we now say that it is not simply
-
for the benefit of
all the internet,
-
but there's also some
national priorities
-
and national initiatives that
the US government also pursues
-
over the same infrastructure.
-
I think that's the challenge
that we will now face more
-
so than ever in light
of the revelations
-
for the last few months and
the net result would be a lot
-
of the discussion in
forum such as this.
-
Thank you.
-
>> Thank you and I'll try
-
to make this iPhone
behave a little better--
-
>> OK.
-
>> Although--
-
>> I thought I was over on time.
-
>> Yes.
-
>> You were right on
time, you were great.
-
>> OK.
-
>> Leslie?
-
>> It's time, I guess.
-
So, I also want to get us out
of the DC bubble and the focus
-
on the rights of people
in the United States.
-
I've been talking about
that for the last six weeks.
-
And congresses about to
considering an amendment that's
-
going to reign in
the NSAs ability
-
to collect our metadata
from phones.
-
I want to pivot away from that
'cause I think there're three
-
other things that we ought
to be considering at least.
-
What-- and the reactions of
governments and internet users
-
around the world and what this
means with the architecture,
-
not just the governance, the
architecture of the internet
-
and also for the
protection of human rights
-
of global internet
users and that turns
-
out to be a very
thorny question.
-
Certainly for governments,
-
I think this entire kerfuffle
is reinforced the concerns
-
that the global internet has
undermined their sovereignty
-
in control over their citizens.
-
And it's further
illuminated this sort
-
of privileged position
of the United States.
-
Certainly, with respect
to ICANN and some
-
of the other critical resources,
-
we continue to have a
disproportionate share
-
of internet traffic, all
that's declining and obviously,
-
we have a dominance in our
global internet companies.
-
For some, and the EUs, I
think I have a good example,
-
this illuminates
left an inability
-
to protect the human
rights of their own citizens
-
and we have a major fight coming
up in the data directive there
-
about whether they're
going to allow data to come
-
to the United States at all.
-
At the same time, it's an
extraordinary opportunity
-
for authoritarian governments
to exert more control
-
over the people in data in their
own boarders and it's, you know,
-
rushes now dusting of a
legislation that has to do
-
with national servers.
-
You're going to see
that elsewhere as well
-
and I think it's fair to worry
whether this carefully honed
-
narrative as US narrative of the
why is trusted neutral stored
-
of the internet can
really hold and it's fair
-
to ask whether we're moving
towards the balkanization
-
of the internet as
government sees these moment
-
to impost local server
requirements or worse
-
and we saw some of these
proposals last year.
-
I know we're supposed to be
acronym free at the wicked.
-
I'll explain-- routing
requirements
-
to either avoid the
United States of literally
-
to direct the routing of traffic
-
and the worst outcome
being literally ring fans
-
to national or regional
networks.
-
If I were in Latin America and
notice that there was 80 percent
-
of my traffic still coming
from the United States,
-
I may start to wonder why
we're still relying on Miami
-
to reach most of the world.
-
Some of that might be
a weird salutary effect
-
that we finally get internet
exchange points in some places
-
that have not had them.
-
But I think governments becoming
involved directly in the rooting
-
of internet data would
opposed a profound challenge
-
to the open end-to-end internet
-
and I think all these things
are going to be on the table.
-
I think you are also kind of
expect to see a reexamination
-
of the world's relationships
-
with our cloud providers,
already seeing that.
-
You know, there's a Netherlands
provider and no prism,
-
no surveillance, no
government backdoors.
-
And finally, I think we may have
lost some of the rapprochement
-
that happened in the governance
wars in the last year.
-
There are number of important
forums and discussions coming
-
up about various treaties
-
and how much various treaty
buddies ought to be able
-
to impose their--
-
post themselves into internet
debates, I think we're going
-
to lose some ground there
-
and it could be I
think quite troubling.
-
Last point, global
internet users are furious.
-
They believe their human
rights have been violated
-
and I think they
don't yet realize
-
that it's not entirely clear
whether they have any recourse
-
for that.
-
There's a lot of ambiguity
in human rights law.
-
Human rights law are
pretty much applies,
-
if countries make commitments
to protect the human rights
-
of people within their
boarders or their control,
-
I don't think we began to
understand or have any clarity
-
on how-- who's responsible
for human rights
-
where there's non-physical
action
-
such as electronic surveillance.
-
And they're not going to be
happy when they understand
-
that FISA and all
the conversations
-
in the United States about
safeguards and minimization are
-
to protect our rights but
have absolutely nothing
-
to do with them.
-
I don't think congress
is going to care.
-
But I think there's a
massive laws to respect
-
and when we're talking about
five zeta [inaudible] whatever
-
that is, a non-US
person data going
-
into a new Utah data center, I
think that the irony at the end
-
of the day will be that one
-
of the FISA permissible
activities is collecting
-
intelligence for foreign
affairs and foreign policy.
-
And I think at the end of
the day, we may see people
-
of the world uniting with
their governments around kinds
-
of restrictions and ring fencing
of the internet that will come
-
to both underlying rights
-
and undermine the
openness of the internet.
-
So, that is my anxious
persons guide to the--
-
to what's been happening.
-
>> Thank you Leslie.
-
Randy?
-
>> How many of you noticed
accounted how many surveillance
-
devices you've past
to get to this room?
-
Yeah. I just walked in from the
restaurant a couple blocks away.
-
I counted 22 surveillance style
devices just in the walk outside
-
of this building and there's
at least in this room right now
-
that not counting your
smart phones and all that.
-
I hope you all can find the six
-
because they're pretty
obvious as to what they are.
-
My point on all of this
is that as a practitioner,
-
I'm the Sisa for Virginia Tech.
-
My office is responsible for
monitoring and responding
-
to any attacks against
our network infrastructure
-
at Virginia Tech.
-
We have our main campus down
the Blacksburg, Virginia.
-
It's about four and a
half hours from here.
-
We have a Northern
Virginia campus right
-
across the river in Boylston.
-
And so my charge,
my office is charged
-
to monitor any attacks
from there.
-
Anybody who has ever managed
an internet infrastructure has
-
known since the very beginning
-
that the internet has never
been anonymous in the sense
-
of tracking a machine.
-
From day 1, we've
always been able to track
-
where our machine was.
-
We were not able to track
who is at the machine
-
with any reasonable
amount of accuracy
-
but we've always been able
to track where machines are.
-
The big thing was of course
data, storage capabilities.
-
We didn't have enough
data storage capabilities,
-
disk drives.
-
In 1992, when I've
got involved--
-
first involved with the computer
security stuff, you know,
-
we had a one gigabyte drive and
we thought that was, you know,
-
the entire disc storage
in the entire free world.
-
And, you know, nowadays, with
the huge disk forms that are
-
out there, that is allowing
this collection of data.
-
So, from our standpoint,
that's always been the case.
-
So, my challenge is,
you all let this happen.
-
You all let knew that this was
happening and you let it go on.
-
There is nothing new about the
prism stuff and all of these.
-
It's kind of ironic for people
-
in my world 'cause we all
sit back and we go, you know,
-
in 2010, the Washington
Posts, Dana Priest
-
and William Arkin wrote an
excellent series called Top
-
Secret America where
they're talking about all
-
of the built way companies
-
that are building the
surveillance technologies
-
that the federal government
and other entities are using.
-
All out there was an excellent
series on the newspaper
-
that I read it back then.
-
Newsweek came out in
2008 where they talked
-
about a whistle blower
who mentioned
-
about NSA's warrantless
wiretapping so to speak.
-
It was all out there.
-
If you go back and you look
through the press things,
-
there was always something
there and nobody reacted to it.
-
So, it's ironic from
my viewpoint
-
that everybody is having
this big flop about it now
-
because it's been there
and you let it happen.
-
So, my charge to you is don't
let it happen again, OK?
-
When you do read
about these things,
-
you need to influence your
legislatures about what's going
-
on 'cause they do not
understand the technology.
-
One quick example, in Virginia,
-
there's data bridge
notification laws
-
of social security is disclosed.
-
You know, somebody
gets a spreadsheet
-
and it explodes out there.
-
Yet I can go to a county
courthouse website and look
-
up public records deeds,
divorce decrees, whatever,
-
and what's on those documents.
-
Yet the kind of clerks can't
redact that information
-
because until recently,
the law forbid it, OK?
-
Everybody was in a rush for
eGovernment but never thought
-
about what's in those
documents that going there.
-
So, we need to be
able to influence
-
and educate the legislatures
who are--
-
who are building the policy.
-
So, this is the whole thing.
-
I'm a technologist and everybody
in here, the computer scientists
-
and all that, you all
learned in here with me.
-
We help build this
infrastructure.
-
We may have had a
misgiving where we thought
-
that as builders we could
control the people who use it.
-
But as, you know,
previous history shown
-
with the atom bomb development
and all these other things,
-
that's not always the case.
-
Builders do not control
the controllers.
-
That's my first point.
-
The second point is that, again,
you all have smart phones.
-
Actually I don't.
-
I have kind of a dumb phone
and people always laugh.
-
They go, "You know,
you're a technologist,"
-
and I just have a little,
you know, Samsung Integrity
-
with the nice little
flippy thing.
-
And I said, "Because the
guys in my lab have busted
-
into the smart phones
-
and tracked everybody
all over the place."
-
But actually the reason
why I don't this is
-
because the battery life is not
long enough for my taste, OK?
-
But a great quote, Lyn Paramore
[assumed spelling] wrote a great
-
article and in there quoted
things that are supposed
-
to make our lives easier.
-
"Smartphones, Gmails,
Skype, GPS, Facebook,
-
they have become
tools to track us.
-
And we've been happily
shopping for the bars
-
to our own prison one prison at
a time, one product at a time."
-
So, we're in the-- we're
to blame for all of this.
-
We are allowing that to happen.
-
The last thing I want to talk
-
about is this Federal
word play thing.
-
Whenever I confront a student
-
or a professor whose been
violating a university policy,
-
you let something
go out on the net.
-
And I go. "Why did you do that?"
-
And it's kind of like watching,
you know, a six-year-old.
-
"I don't know, you know, it
wasn't my fault," you know.
-
That type of stuff.
-
And you get this
word play, you know.
-
Richard Pryor, a long time
ago had an excellent thing
-
when his son broke something
and he asked his son happened.
-
And all the word play that his
son came out with, you know,
-
"Some invisible man came
out and broke the thing."
-
That's what we're seeing now.
-
We're seeing this when they
say we're not collecting data
-
on you.
-
Well, OK, your not collecting it
technically but you're buying it
-
from people who are
collecting it from us.
-
So, that's-- that's
one thing there.
-
The network companies that say,
you know, the data providers,
-
the Verizons, the Googles,
they say, "Hey, you know,
-
we're not willingly giving it
to the federal government."
-
Well, of course not.
-
You're being subpoenaed
for the document.
-
You're not giving it
willingly to the-- to there.
-
You know, Zack Holman
wrote a great little tweet.
-
It says, "We don't give
direct database access
-
to government agencies."
-
That quote has become the
new "I didn't inhale," OK?
-
And so the key word is direct.
-
Marketers are being collecting
information on us all the time.
-
And, in fact, that was
one of the big things
-
that helped us with 9/11.
-
On a positive side,
that did help us
-
in 9/11 identify the hijackers
when the marketing companies
-
and the credit card companies
realized that they could help
-
because they had that data.
-
So, we need to be sure that
things are done correctly.
-
Everybody says we're
doing it legally.
-
And that's correct.
-
The laws stated they can do it.
-
It's the creation of
that law that's the flaw.
-
And that's my surveillance guide
telling me it's time to quit.
-
Those are my points.
-
>> Thanks, Randy.
-
Melissa?
-
>> Thank you.
-
Well, I think it's
important to look
-
to our past to inform
our future.
-
And I'm going to take a
little bit different direction
-
than my colleagues.
-
The very first transmission of
the internet was October 29th,
-
1969 and it was an e-mail
between two universities.
-
And today we have more than 204
e-mails are sent per minute.
-
More than 1,300 new mobile
users are added per minute
-
to the internet, 47,000
applications are downloaded,
-
100,000 tweets, 1.3 million
videos are uploaded to YouTube,
-
two million searches to Google,
and six million Facebook views.
-
The internet is part of
every part of our life
-
and over the last
45 almost years,
-
we have embedded the internet
in every part of our society.
-
And it is the backbone of our
core infrastructure of every--
-
every country's core
infrastructure.
-
It represents e-government,
e-banking, e-health, e-learning,
-
the next generation of
air traffic control,
-
the next generation
of power grids
-
and every other essential
service has been concentrated
-
onto one infrastructure,
the internet.
-
And that is putting
our businesses
-
and our national
security at risk.
-
And I-- when I speak about
our, I'm really speaking
-
in as a global citizen.
-
If I were in France I would be
speaking about it in France.
-
If I were Iran or
Israel, it's the same way.
-
And so I think that
that has really began
-
to change the conversation
-
that we can't have any one
single point of failure,
-
economic failure and/or national
security failure to any one
-
of our-- of our core
businesses or infrastructures.
-
And so when we're talking about
cyber security and we're talking
-
about different government
actions and we wrap it all
-
into one conversation, I ask
you to start to think about it
-
as multiple conversations.
-
And it's not helpful
to bundle into one term
-
of cyber security
and/or surveillance.
-
So, I'd you to-- I'd like
you to think about it
-
in six different ways
of why our governments
-
and why our industry are
talking past each other.
-
The first is is when we're
talking about cyber security,
-
we're sometimes talking
about political activism.
-
Those who would like to bring
transparency to policies
-
and to our initiatives
that they don't agree with.
-
In the United States, one could
say that that was WikiLeaks
-
that brought about a great
amount of transparency
-
to US policies as they
leaked our information
-
into the internet.
-
All right, one could argue
that that was also Snowden.
-
But in other countries
political activism is being used
-
by Twitter, using Twitter and/or
Facebook to organize people
-
in these squares like Taksim
and/or in Turkey or Egypt
-
to express political
discontent with their government
-
with the intent to
overthrow the government.
-
Political instability.
-
And so when our governments
are starting to talk
-
about surveillance on the
internet and/or filtering
-
of the internet, some believe in
political democracy and freedom
-
of that speech on the
internet and others do not.
-
And it has different
mechanisms of how they're using
-
that surveillance
or the technology
-
around political activism.
-
Now that should not be
confused with organized crime
-
on the internet, the real modern
day bank robber who's stealing
-
ones and zeros which
is real dollars
-
out of your credit accounts
or out of your real banks,
-
and as being passed on as
a cost for our citizens.
-
We have many of our
governments who are talking
-
about the importance
of organized crime.
-
When I was just in Europe
just a few weeks ago,
-
it was 30 million dollars stolen
-
out of 45 different
cities in 30 minutes.
-
That's a real problem
for our banks.
-
It's a real problem
for our credit cards.
-
And we're having to deal
with that organized crime
-
and real theft of
ones and zeroes.
-
Now that should not be confused
with intellectual property theft
-
and industrial espionage.
-
That's very different.
-
And many of our government
leaders in the United States
-
and many government leaders
in Europe are talking
-
about the unprecedented theft
of intellectual property.
-
Thefts, meaning,
illegally copying the plans,
-
processes and/or next
generation technologies
-
out of our corporations
for the economic advance
-
of their companies
and/or countries.
-
And so the intellectual property
theft is then not the same
-
as espionage.
-
And there are governments
that are conducting espionage.
-
Most governments do to steal
the plans and intentions
-
of other governments and
know their capabilities.
-
In the United States, we
sort of bundled the two,
-
IP theft and espionage.
-
When were talking about it, in
fact, we're talking about it
-
as Pearl Harbor and other
very exaggerated terms.
-
If we are going to bundle
intellectual property theft
-
with espionage then we have
to be willing to put espionage
-
that we would walk from
it as a government.
-
And I don't see any
government willing
-
to walk away from espionage.
-
So, why don't we talk about
what's really the problem
-
and that's intellectual property
theft and/or the protection
-
of intellectual property
and patents, et cetera.
-
There are two other areas that
are becoming more concerning
-
for most companies and
countries that are--
-
the first is disruption
of service.
-
And this is the distributed
denial-of-services actually
-
degrading real services
in your e-banking
-
and your e-infrastructures
that are preventing our banks
-
from allowing you to actually
access those infrastructures
-
and/or capabilities.
-
And we just had a--
and a significant,
-
in the United States,
-
we're having a distributed
denial-of-service
-
against our financial
institutions
-
and so are many others
in Asia and Europe.
-
And then finally the
destruction of property.
-
There was just recently a
malware that was released
-
against Saudi ARamCo
-
which destroyed 30,000
of their computers.
-
And when we start to actually
think about destruction
-
of property and how one
might recover from that
-
that is a different set of
capabilities than you would deal
-
with from organized crime
and/or political activism.
-
So, as we talk about this
on our panel over the course
-
of the next hour, I ask
you to start to think
-
about which problem
are you talking
-
about because we're not
talking about the same thing
-
in each of our conversations.
-
I'd like to wrap up and that
-
over 100 countries have
these capabilities,
-
and they are using these
capabilities to deal
-
with these different problems
whether it's political activism
-
to overthrow government
or its political activism
-
to bring transparency
to policies they don't
-
like is different
than organized crime
-
or intellectual property theft.
-
And there are three strategic
things that are happening
-
in the global order of things.
-
First, some are using disruptive
technology like a Stuxnet
-
or a Shamoon to bring
down core infrastructures
-
or core businesses
around the world
-
or some are implementing
surveillance tools to bring
-
about transparency or to
show the vulnerabilities
-
for those infrastructures
to be brought down.
-
So, disruptive technologies
are being used.
-
Second, strategic alliances
are also being wielded
-
to actually gather that power
and control over the internet.
-
And that's playing out in
the UN and the ITU and NATO
-
and ACION [assumed spelling]
and other of the forum
-
where countries can
align against each other
-
for particular motives.
-
And then finally there
are strategic properties.
-
And I mean that in the
very sense of it is.
-
There are 25 internet
service providers
-
that control 90 percent
-
of information flow
on the internet.
-
There are internet
exchange points
-
that actually control the
flow of technology and/or ones
-
and zeroes from continent to
continent or within a continent.
-
And there are data aggregators
-
who have actually more
information on us like a Google
-
or a Facebook than any
foreign intelligence service
-
of any other country.
-
So, you have to think
-
about where are the
strategic properties
-
and how they're being used
-
by all governments not
just by one government.
-
Thank you.
-
>> Thank you, Melissa.
-
Laura?
-
>> Good afternoon everyone.
-
I'm very delighted to be here.
-
And I wish to thank the Internet
Society for the invitation
-
and for GW for hosting
it as well.
-
I view PRISM as an
opportunity to draw attention
-
to the implications of broader
global internet governance
-
conflicts that have
implications for economic
-
and expressive liberty.
-
I recently-- recently the
last two or three years spent
-
that time researching
-
and writing a new book
called the Global War
-
for Internet Governance.
-
And it's going to be
published later this year
-
by Yale University Press.
-
Now in this book, there are
approximately four pages
-
at the end of acronyms.
-
So, what I've done is I've
challenged myself today
-
to not use any acronyms.
-
So, what I would like to ask you
to do is to pound on the table
-
if I use an internet governance
acronyms, so pay attention
-
to that, and I know some
of you will do that.
-
But what I tried to do
-
in the book is describe
the various layers
-
of how the internet is
already governed and what some
-
of the current debates are that
I expect to shape the future
-
of freedom and innovation
in the coming years.
-
Now what is internet governance?
-
This panel has already
described it.
-
If I had to give one definition,
-
I would say internet governance
is the design and administration
-
of the technologies
that are necessary
-
to keep the internet operational
and then the enactment
-
of substantive policy
around those technologies.
-
But there is no single system
of internet governance.
-
John said it best when he was
describing the various roles,
-
names and numbers,
administration,
-
standard setting, private
interconnection, arrangements
-
between telecommunication
companies, the privacy policies
-
that are enacted by social
media, by search engines
-
and other information
intermediaries.
-
And, of course, cyber security
governance not necessarily
-
enacted by governments
but by entities
-
such as certificate
authorities that are handing
-
out digital signatures
and things like that.
-
So, those are just
a few examples.
-
So, we need to take this
conversation outside
-
of discussions about
just governance.
-
However, one of themes that
I do take up in the book
-
and in my work in general is
-
that internet governance
conflicts are the new spaces
-
where political and economic
power is working itself
-
out in the 21st century.
-
We see this with PRISM,
we see this with Stuxnet,
-
we see this with the
turn to intellectual--
-
to infrastructure
-
for intellectual property
rights enforcement,
-
with governments cutting off
access during political turmoil.
-
And as Mellissa said,
-
we had denial-of-service
attacks often used
-
to suppress human
rights and expression.
-
So, internet governance points
of control are really not just
-
about keeping the internet
operational although
-
that is absolutely vital.
-
But there are also a proxy
for broader political
-
and economic conflicts.
-
So, the fact that PRISM
draws attention to some
-
of these broader global
internet governance issues is
-
an opportunity.
-
But keep in mind that government
surveillance ad censorship
-
for that matter which is in my
opinion an even greater problem
-
around the world
is not something
-
that happens in a vacuum.
-
So, it's delegated and
it is made possible
-
by certain arrangements
of technical architecture
-
and by private ordering.
-
So, infrastructure governance
just to give you a few examples,
-
infrastructure governance is
directly tied to privacy issues.
-
So, I have an information
engineering background.
-
I am also a social scientist
who studies the politics
-
of technical architecture.
-
And I can say that, you
know, you probably could say
-
to use a Harry Potter analogy.
-
There are some dark arts
of internet governance
-
that have a good intention but
they can be used for other uses.
-
So, one of these, for example,
is the deep packet inspection.
-
I didn't use the acronym
so no pounding on the table
-
which is a capability that
allows network providers
-
to inspect the actual
content of packets sent
-
over the internet rather
than just the packet headers.
-
So, this can be used
for a variety
-
of very important function
such as network management,
-
detecting viruses and worms.
-
It could also be used for
customized advertising,
-
now getting outside of
the operational role,
-
or for surveillances
or for throttling
-
and blocking of traffic.
-
So, this is a very significant
development made possible only
-
by advances and processing
power and storage.
-
And we need transparency
and accountability
-
in issues like this as well.
-
So, another area of
infrastructure related
-
to privacy is the hidden
identity infrastructure
-
that makes possible business
models that are based
-
on online advertising.
-
So, this is a good thing
for freedom of expression
-
because there are free products
that we are able to use,
-
but we are almost at the
point where the prospect
-
for anonymous speech considering
this identity infrastructure is
-
almost impossible.
-
We have technical identifiers
at the level of hardware
-
like Ethernet cards at the level
-
of virtual identifiers
locationally via cellphone
-
location, wireless fidelity
AKA wifi, it's my one acronym
-
or global positioning
system and through things
-
like platform mediation and real
identification requirements.
-
So, if you put this all
together, this is at the heart
-
of business models that
we need at the heart
-
of online advertising, at the
heart of having free software.
-
But it also is the
technical capability
-
that can enable new
form, even newer forms
-
of surveillance in the future.
-
So, these are new
opportunities for surveillance.
-
Two other infrastructure issues
I'll mention I'll mention
-
quickly include a current
rethinking and redesign of the
-
"who is" protocol
which keeps track
-
of who is registering a
domain name and, of course,
-
also the issue as has
already been mentioned
-
of internet exchange points.
-
How these are governed and
how they are distributed
-
around the world is something
-
that is very related
to civil liberties.
-
The Internet Society and we'll
hear from next has really been
-
at the forefront of
this area which--
-
having more internet
exchange points,
-
looking at the criticality
of them for human rights
-
for infrastructure development
-
and as concentrated points
of information flows.
-
So, the truth is that global
internet choke points,
-
of course, exist.
-
And the internet is governed
not by any one entity
-
but multi-stakeholder governance
which I'm sure we will take
-
up in the roundtable later.
-
But that this governance
is not fixed anymore
-
than architecture is fixed.
-
So, the architecture
is constantly changing
-
and the governance is
constantly changing as well.
-
The basic theoretical
or conceptual framework
-
of my own work is
that arrangements
-
of technical architecture are
also arrangements of power.
-
So, it's critical for the public
to be engaged in these debates
-
because the future of
internet architecture
-
and governance is
directly related
-
to the future of
internet freedom.
-
So, I appreciate the opportunity
to discuss that here today.
-
Thank you very much
for listening.
-
>> Thank you, Laura.
-
Lynn?
-
>> Good afternoon.
-
This has been a very
comprehensive set
-
of speaking points, I
have to say to date.
-
So, the Internet Society is
a cause-based organization.
-
We advocate for an
open global internet.
-
In the recent revelations
-
about the mass scale
interceptions not only
-
by the US, the UK, but
many, many other countries
-
around the world have
serious implications
-
for the open global internet.
-
ISOC is an international
organization.
-
We have members, org
members and chapters
-
in virtually every country
-
of the world perhaps even
every country of the world.
-
We have headquarters in
just outside of D.C. here
-
in Western Virginia and
Geneva, Switzerland.
-
And we have a very senior policy
and technical staff in little
-
over 20 countries of
the world often times
-
in the same individual
which is more
-
and more the future in any case.
-
I spent 27 years in
Europe, just moved back
-
to the US a little
over a year ago.
-
And the one thing I'd really
like to do is to make sure
-
that here in D.C., in
this country's capital
-
that we recognize that this
is not just about US citizens
-
and it's not just
about the foreigners
-
that the US is surveilling.
-
This affects every
individual in the world.
-
It affects some of
them very directly
-
but it will affect the
internet we all have access
-
to going forward to tomorrow
and to generations to come.
-
If we are not careful, we will
actually rob both individuals
-
today, tomorrow and future
generations of all the freedom
-
and the benefit and
the innovation
-
that the internet has brought.
-
The Internet Society actually
deals an awful lot in principles
-
and the principles that make the
internet what the internet is.
-
First and foremost,
it's a platform.
-
It allows everybody to go out
and develop what they choose to,
-
to access what they choose to,
to innovate on material that's
-
out there and make
that available.
-
If we're not careful,
we'll loose all of that.
-
So, the-- in particular
recently,
-
the unwarded collection
storage and the ease
-
of correlation amongst all
the data that's collected.
-
And I actually don't
differentiate a lot
-
between metadata and content.
-
You can get so much
information from metadata
-
that we shouldn't kid
ourselves by saying,
-
"It's just metadata we're
collecting, it's OK."
-
That-- though the collection
that will undermine many
-
of the key principles
and relationships.
-
And in particular some of those
natural conclusions will start
-
to impact the physical
infrastructure
-
of the internet itself whether
it's using some of the IXPs
-
as choke points or
whether it's using some
-
of the technical
capabilities that exist
-
to help with surveillance.
-
Those are all things
we want to I think--
-
think through very,
very carefully.
-
One of the principles we argue
-
for is multistakeholder
dialogue.
-
And it's because so much of what
we're all facing whether it's
-
in a policy or a technical
-
or a social environment
has never been done
-
in the world before.
-
We're breaking barriers
every single day and we need
-
to bring everybody to the
table for a discussion
-
and move forward
thoughtfully and carefully.
-
That is even more so when we
look to governments particularly
-
in their role in
protecting citizens.
-
We believe that the internet
must be a channel for secure,
-
reliable, private communication
-
between entities
and individuals.
-
And surveillance without due
process is simply unacceptable.
-
And as some other articles
have said recently, frankly,
-
it's very creepy as well.
-
And if that makes it more
personal, this is good
-
because we need everybody to
care about what's happening now.
-
We also challenge the
view that policies
-
to ensure security
must always come
-
at the cost of user's rights.
-
I'd also argue with the fact
that we all know it was coming
-
so what are we concerned about?
-
Due process wasn't followed.
-
That's what were
concerned about.
-
Did most people that
pay attention
-
to this field understand that
you could do all these sorts
-
of things with the data?
-
Yes. Did we believe our
governments were doing it
-
without due process
and certainly
-
without an adequate
level of transparency?
-
I might answer yes
but hopefully--
-
hopefully we didn't
and [inaudible]
-
to happen as Frank said.
-
One of the things we'd actually
-
like to do is really
get everybody to focus
-
on the multistakeholder.
-
A lot of the principles
-
that have given us the internet
find new forms, structures
-
and processes to address that.
-
Don't revert back to we
need a new institution.
-
I don't think that is the answer
in almost every situation.
-
Some of the recent proposals
that have been put forward
-
to address some of these
aspects would call for treaties.
-
Treaties are largely
intergovernmental.
-
They don't allow for
the private sector.
-
They don't allow
for civil society.
-
And honestly I don't
know how you get some
-
of those private
sector companies
-
to sign on to a treaty.
-
So, I don't think treaties
are the answer either.
-
We're going to need to create
new processes and new forums
-
and certainly at the
core of all that ought
-
to be thoughtful
informed dialogue.
-
So, I think, you
know, it's our hope
-
that as these discussions
continue across the world
-
that we recognize and
come to agree again
-
on some other high
level principles.
-
Some of the ones I'd throw
out for further debate,
-
is it unwanted surveillance
even in the furtherance
-
of national security
is not acceptable.
-
Unwarranted surveillance
is not acceptable.
-
The disproportionate
surveillance is also
-
not acceptable.
-
That surveillance
without accountability is
-
not acceptable.
-
And further, turning
-
to something a little
more positive,
-
that there should be
transparency with respect
-
to policy and its
implementation,
-
that we should be harnessing the
expertise of all stakeholders
-
to discover better ways
to protect citizens
-
in a global community.
-
And most importantly,
encore to everything we do
-
that we uphold human rights.
-
And so I look forward to
the discussion for the rest
-
of the day, and thank you.
-
>> Thank you, Lynn.
-
Danny?
-
>> Thanks, Lance.
-
So, thanks to the Internet
Society and GW, Lynn and Lance,
-
for getting-- Paul for
getting us together.
-
And at the end of the
panel, I'm always reminded
-
of this very distinguished
member of Congress said
-
at the near the end of a very
excruciatingly long hearing,
-
everything's been said but
not every one has said it.
-
So, I subscribe to much
of what has been said
-
by many of my fellow panels.
-
I want to just make three points
-
about what I think we've
been experiencing as a result
-
of this surveillance
debate over the last month.
-
I think fundamentally what
we've had is a certain degree
-
of a crisis in confidence
and a crisis in trust
-
about the internet environment.
-
The question is, should
you trust it or not?
-
And as Mellissa noted,
it's, I think, useful to try
-
to breakdown to some extent
our current sources of trust
-
in the internet in particular,
in society in general.
-
I want to just make three
points about the institutional,
-
legal and political levels of
trust that we tend to look to.
-
To start with the
institutional, you heard from--
-
you heard from John and
from Lynn about some
-
of the institutions that
make the internet work.
-
You know, I think
it's interesting
-
when you look purely
technically at the internet.
-
People pretty much trust that
the pack is going to arrive more
-
or less in the right order.
-
And enough of them
will get there
-
that you could get your
message through it.
-
You can watch video.
-
We don't-- we don't have a
lot of debates about that.
-
I will note just as a kind of
a observation of the sociology
-
in a certain way of people
-
in the internet technical
community.
-
There is a sense in some
ways as Lynn suggested
-
that if any third party
can get in the middle
-
of a communication stream
between two parties,
-
but that is in a sort of
very idealized sense a
-
technical failure.
-
It's the internet
not working properly.
-
Now that's a narrow
technical view
-
of the internet environment.
-
We, of course, have a
broader legal and social
-
and political view of our
societies, and we do recognize
-
that that surveillance
and espionage will happen.
-
But part of the challenge, I
think, in closing the trust gap
-
that we have is to articulate
better what those sorts
-
of expectations are.
-
We do have administrative
institutions
-
like that run the
domain name service
-
and IP address assignment.
-
Thanks to people like John.
-
They just kind of worked--
-
people grumble about
I can't [phonetic].
-
But so far, you know, people
are getting new domain names.
-
They are being maintained.
-
Nothing has completely
fallen apart at that point.
-
What I think is more complicated
-
on the institutional trust
front is that in many cases,
-
we're used to looking
to government
-
to establish trustworthiness
in society.
-
And certainly governments
believe their job is
-
to establish trustworthiness
in society.
-
But as you've heard, many
of our sources of trust
-
in the internet are
actually not governmental.
-
They are working perfectly well
largely without governments.
-
And I'll come back
and talk about that.
-
But again because of that
somewhat unusual circumstance
-
that Lynn alluded to, these
multistakeholder processes,
-
we probably have to understand
that a little bit better
-
so that people can trust
those environments.
-
You know, on the-- when we
look at legal institutions,
-
we rely a lot on our
legal institutions
-
to establish trust in society.
-
We hope that our legal
institutions make it
-
so that most people and most
institutions mostly do the right
-
thing most of the time.
-
We don't expect perfection
-
but we do expect our legal
institutions to set standards
-
and that there are consequences
when they're not followed.
-
I think when we look at
the privacy issues raised
-
by the current surveillance
practices
-
that had been revealed, the
problem that we have, I believe,
-
is that every one would like
there to be a sense of privacy
-
in our communications
environment.
-
But I think we have a real--
-
a lot of confusion about
just what that ought to mean.
-
We tend to think about
privacy particularly
-
in the computer network
environment as being able
-
to keep things secret.
-
Well, I think we all understand
now that we don't have a lot
-
of secrets, and we rely
on lots of third parties
-
to maintain our information.
-
So, we don't keep secrets as
well as we may be used to.
-
And my own view is that that
means we have to start thinking
-
about privacy more as a question
-
of whether information is used
properly whether it's misused,
-
whether it's used
-
to discriminate unfairly
against people.
-
But that's going to require
certain amount of discussion.
-
Lots of people have
mentioned accountability.
-
We're going to need better
accountability mechanisms
-
for these more complex
privacy rules.
-
When privacy is not
a binary phenomenon
-
that is either it's secret or
it's not, we need mechanisms
-
to assure trust in the way
personal information is handled.
-
I think there's a very
simple analogy actually
-
that we can draw from
the financial world.
-
Huge parts of our economy,
-
huge parts of the
world's economy run based
-
on a pretty well understand
set of accounting rules.
-
We're used to looking at
balance sheets for corporations
-
and having some sense of trust
-
that those balance sheets
reflect what's actually going
-
on in the financial life
of the corporations.
-
We don't expect to see
all the transactions
-
in the general ledger in order
to look and get a picture
-
of whether the corporation is
profitable, not profitable,
-
paying its taxes
correctly, not, et cetera.
-
Now there are-- this doesn't
always work perfectly,
-
but I the analogy particularly
-
to the NSA surveillance
situation is quite strong.
-
We do as citizens of the
United States want to be able
-
to have a sense of confidence
-
that our intelligence agencies
are following the rules
-
that they say they're following.
-
My guess is they probably do
about 90 percent of the time.
-
But we want to know that
there's some accountability
-
to those rules.
-
I think we understand that
we're not going to be able
-
to send auditors, independent
auditors inside classified
-
environments and can have
them come back and report
-
on everything they found.
-
But if we follow this balance
sheet model, if we follow
-
to a methodology of assessing
how information is used,
-
we can get that sense
of trust back.
-
And finally, as a
matter of political trust
-
and by political,
I don't mean kind
-
of small P Washington politics.
-
I really mean politics
in the sense
-
of how we organize
ourselves as a society.
-
As people on this
panel have noted,
-
our sources of political
trust are complicated
-
in the internet environment
and unusual.
-
We are used to the
idea of states
-
of government's exercising
authority directly
-
on institutions often
on intermediaries,
-
but in the internet
world and we're--
-
and if you considered
the analogy
-
between telephone
networks in the past
-
and internet service providers
today, telephone networks,
-
broadcast networks were
really creatures of the state.
-
They were authorized by
the actions of legislatures
-
and therefore controlled in that
way at the local state federal
-
and even international
legal level.
-
The internet doesn't--
has not happened that way,
-
it was not a creature of the
state ever, it was really
-
in many ways a creature of
individual and voluntary action
-
by some people on this panel,
by others all around the world
-
who participate in making this
internet institutions work.
-
But now when we're
nervous about how they work
-
and how the state work
we have rethink some
-
of these relationships.
-
So, we're going to have
to get use to the fact
-
that governments-- I
would submit cannot reach
-
into these internet institutions
-
like the internet engineering
test force like I can--
-
like the worldwide
web consortium
-
and achieve exactly
the result they want.
-
But of course at the same time
governments will make laws
-
and rules about how individuals
and corporations act whether
-
for intellectual
property protection
-
or privacy protection
or anything else.
-
So, I think that what this--
-
the whole surveillance
experience has revealed is
-
that the rules and expectations
-
that we have are quite
a bit more nuanced
-
than the very binary
technical behavior
-
of the internet environment.
-
And I think our challenge
is now to do a better job
-
of articulating just
what we expected,
-
all these different
institutions at all these levels
-
and how we're going
to find accountability
-
to those expectations.
-
Thanks.
-
>> Thank you Danny and thank
you everybody on the panel.
-
I think what we'll do now,
I'm going to open up first
-
to the panelist for
five or 10 minutes
-
so they can ask questions
of their fellow panelists,
-
make further, you know,
comments, go some back and forth
-
that way for five or 10 minutes.
-
In the meantime if
you in the audience,
-
if you have a question would
you please if you're physically
-
in the audience here
at GW step up to one
-
of these two microphones in
either of the isles, form a line
-
and when your turn comes please
state your name and affiliation
-
and then ask your question.
-
If you are in the internet
world, if you're off
-
in the clouds somewhere and
want to communicate send it in,
-
Paul any other directions
on that
-
or you have some
questions already?
-
While you're waiting, I want to
give the panelist a chance first
-
but any other protocol?
-
>> So, they type the
questions into live stream
-
and I'll be reading them
here at one of these mics.
-
So, that's for the
live stream panelists.
-
In New York they can just line
up at their microphone there.
-
>> In New York they can
line up their microphone
-
and we'll see them
live up there?
-
>> We'll see them,
yes, that's right.
-
>> OK.
-
>> Very good.
-
>> All right.
-
This will be interesting.
-
OK, but first let's get to the--
-
give the panelists a chance
to ask questions, Leslie?
-
>> So, I want to ask a question
of Danny because talking
-
about the concern or persuading
people that, you know,
-
winning people of off
government is sort
-
of the governance structure
for the internet and trying
-
to educate them that it's
not really government,
-
it's all of these other
institutions and we do them
-
in a multi-stakeholder
way and many people
-
up here have spent
considerable time trying
-
to move people to that model.
-
It just seems to
me that the rest
-
of the world right now is going
to think we've been involved
-
in a slight of hand
-
that basically we're
saying governments stay out,
-
governments don't get
too involved here.
-
All these other into multi
stakeholder institutions are
-
really the core of
the internet and then
-
at the same time
building an environment
-
where the United States
uses historically--
-
historical dominance
-
to basically trump all
of those governance.
-
So, I hear what you're saying
but it was a hard argument
-
to make to the rest of
the world beforehand.
-
I'm just curious
whether you're continuing
-
to say it with a straight face.
-
But I'm having trouble.
-
>> It's a habit.
-
I guess what I would say
is the ability to make
-
that argument really
depends on--
-
as several people
have said the layer
-
at which you're making
the argument.
-
I don't believe that the NSA
surveillance changes one bit the
-
question of who should be
setting standards for TCPIP
-
or who should be determining
how domain names get assigned.
-
I do believe that as you
said Leslie that the question
-
of government espionage
activities whether it's the NSA
-
or GCHQ or MI5 or, you know,
the German Intelligence Agency,
-
the French Intelligence
Agency, anyone of them,
-
all of which you're doing
exactly the same thing.
-
I do believe that we now have
to have a more public discussion
-
about what our expectations are
-
for surveillance
including espionage
-
in the internet environment.
-
But that shouldn't get confused
with the question of whether all
-
of a sudden we need
a treaty about how
-
to set internet technical
standards.
-
And I believe that, you know,
I'm highly uncomfortable talking
-
about the rest of the world.
-
But I think that what we saw in
the internet governance debate
-
at the United Nations at the--
in Dubai where the proposition
-
from Democratic countries like
Iran and China and Russia was
-
to exert greater control
-
over the internet environment
was rejected not just
-
by the usual suspects, that
is the 34 OACD countries
-
who you could somewhat
expect to do that.
-
But by another 20 countries,
from Africa and South Asia
-
and different parts of
the world, that I think
-
at Brazil have recognized that
while we could always do better
-
with the current internet
governors arrangements
-
that they're working and
messing with them has a cause
-
for all those countries.
-
So, I think as long as we
keep these issues distinct
-
and don't confuse them
I think there's a way
-
to have both discussions
in a coherent way.
-
>> Well, so I agree with you.
-
>> I know you do.
-
[laughs]
-
>> But it seems to me
the opportunity here
-
for many countries to
combine them together
-
to not make them distinct.
-
The opportunity to
reclaim control
-
by basically bringing
this together.
-
>> Sure. So, what
did Russia say?
-
What did Russia say this-- you
know, Russia said in response
-
to the NSA we need more
government control--
-
>> Right.
-
>> -- of both the
internet infrastructure
-
and the internet companies.
-
It's a-- I mean, I think the
question is how does anyone say
-
that with a straight face
-
when the concern was undo
government intrusion?
-
But, yeah, I mean it--
-
people who want to make those
arguments will find ways
-
to make them.
-
>> I worry that many of those
in between are suddenly going
-
to become more persuadable
because of the outrage.
-
>> So, I have a question
for my fellow panelists.
-
And it's sort of following
what Danny just raised.
-
In December we had an
interesting conference,
-
the World Conference
-
on International
Telecommunications.
-
I'll use the acronym
WCIT not 'cause I want
-
to have the table bounded.
-
I explain the acronym first.
-
>> You did.
-
>> But you hear the
term WCIT so I want
-
to pronounce it as
you might hear it.
-
But the World Conference
-
on International
Telecommunications was look
-
at some treaty arrangements.
-
So, some tariffs.
-
Regarding interconnection
and there were number
-
of very interesting proposals
that shut up in Dubai.
-
And I'm struck by the
timing because that happened
-
and now we now have a lot of
events regarding surveillance
-
and then I say and
so on and so forth.
-
And I guess with my panelists
I'd ask the question,
-
does anyone care to speculate
if water had been reversed?
-
What the outcome
would have been?
-
Because I've had a
few people suggest
-
that that's an interesting
exercise.
-
I am not sure whether or not
the outcome that we had in Dubai
-
in December is what
we would be seeing
-
if in fact it was being
done instead next month.
-
>> Hold on, that was my concern.
-
That's my concern.
-
Well, I think that if you
look at the World Conference
-
on International
Telecommunications,
-
it was an important treaty
negotiation, renegotiation
-
that hadn't been renegotiated
since 1988, is that right?
-
'88. And as Americans we look
at these negotiations as one--
-
as a one negotiation and I think
that that's a poor perspective
-
because the WCIT was really
-
about how does one monetize
the internet and to pay
-
for court infrastructure.
-
And it is one of a multi-series
of negotiations, the world--
-
there's another
telecommunications conference
-
on policy, WTPF, it
just happened in Geneva
-
and they'll be the world
summit on information society
-
that will be culminating
in 2014 I think, right?
-
2014, '15.
-
>> So on, yup.
-
>> And there will be 24
negotiations to go between now
-
and then that will ultimately
be where things will land.
-
And then from-- the world summit
-
on information society
will be the strategy
-
by which will be executed
in the WTPF for policy.
-
The WCIT for regulation and
in the internet standards--
-
in the international
standards organization
-
for the overall technology.
-
So, I think if you are a
person in the corporate world
-
and you're worried about these
things you shouldn't just look
-
at one of these forums
as one off.
-
And if you're worried about it
-
from a government perspective
it's not just the policy forum
-
where the regulatory forum,
it's all of this forum
-
and they're all interconnected.
-
So, I would say that yes, I
think you actually suggested
-
that it was a positive outcome
at WCIT in Dubai and I think
-
that the United States lost
in that negotiation but--
-
and I think that the United
States and many are going
-
to continue to lose and it's
going to be a quick erosion
-
of our stance not a slower
version of our stance.
-
>> I'll take one more
question from the panel.
-
Any other panelist has
a question before we go
-
out to the audience?
-
Going once?
-
OK.
-
>> Mike Nelson with
Bloomberg Government
-
and with Georgetown University.
-
I want to commend the internet
society for great panel,
-
we got the lawyers,
we've got the techies,
-
we've got the scholars,
we've got the activists,
-
and that's great but we
tend here in Washington
-
to talk about the policy.
-
And Danny I tweeted your--
-
a [inaudible] of your talk
which I thought was exceptional.
-
And that was--
-
>> You got it to 142 characters?
-
>> Less than that.
-
But you basically said, data
will flow, we can't really focus
-
as we used to on
controlling that flow,
-
we have to control the
misuse of that data.
-
Policy makers are starting
to understand that.
-
But I think we also
have to figure out a way
-
that techies can start
implementing systems
-
that reflect that.
-
And the first way to
do that is to make sure
-
that systems are more
transparent so that we can see
-
where data is being misused.
-
And I guess I'd challenge the
audience to think about privacy,
-
not to tell the audience
and the panel to think
-
about transparency by design.
-
We've heard about privacy by
design but has anybody thought
-
of examples of where we're
building in the transparencies
-
so its in the technology
and other places
-
where we could do that better?
-
Just an open question.
-
>> Laura?
-
>> OK. I think that's a really
great question and a good point.
-
I'll give one example of where
I think the transparency is
-
excellent and then
a couple of examples
-
where I think we need
more transparency.
-
What is one of the oldest and
most vulnerable institutions
-
of internet governance?
-
The internet engineering
taskforce jumps to mind.
-
So, this is the-- one
-
of the standard setting
organizations for the internet.
-
There are many others
but they have set many
-
of the core standards so they
have a tradition of being open
-
in three different ways.
-
They're open in the
development of a standard
-
and that anyone can participate.
-
Now, granted there are a lot
of barriers to participation,
-
it requires a lot of
technical knowledge,
-
it requires in many
cases money to go to some
-
of the events in time.
-
But it is basically
open to anyone.
-
They are also open
and transparent
-
in that the actual
specification.
-
So, a standard is
not really software
-
or hardware specifications
that are written down
-
and people can go
online and view them.
-
So, I would differ with some
of the panelists and say that,
-
"Oh the technology
is-- it is political."
-
So, the technology designers
make political decisions
-
in the design whether they
like to call it that or not.
-
So, sometimes privacy
is designed in.
-
Think about encryption
standards for example.
-
Think about unique identifiers
and the privacy implications.
-
Yet the specification is
open so there are some degree
-
of accountability where
people can view it.
-
It's also open in
the implementation
-
because it results in
multiple competing products
-
that are based on that standard.
-
So, that's an example.
-
In other cases we don't have a
lot of transparency and I agree
-
with you that we need more.
-
So, here is an example, how do
we look at interconnections?
-
So, this is an area where
I'm worried because of all
-
of the calls for greater
government regulation
-
of interconnection in an area
-
that has worked fairly
well up until now.
-
Well, part of the reason
we're seeing this calls
-
for a regulation is that we
can't really see what the
-
agreements are between
these private companies.
-
So, I think it would be more
helpful to have transparency
-
in an area such as that as well
as other infrastructure areas.
-
>> So, I want to go
back to Danny's premise
-
which you apparently
support which seems to be--
-
data will flow, everybody
will collect it
-
and we should only
focus on the uses.
-
And that's certainly a
discussion we've had on sort
-
of the consumer side
of the ledger?
-
You know, Google will
collect it and where we have
-
to focus our attention
is how they're using it.
-
I have to submit the government
is collecting information
-
and certainly the US government
collecting information really
-
to-- is subject to-- I mean in
our own country it's subject
-
to this little thing called
the Fourth Amendment and I know
-
of no case and I stand-- I'm
willing to stand corrected
-
that says, you can go in--
-
I mean, this is essentially
what the governments is arguing
-
in NSA collection.
-
And they're calling it
acquisition and not collection
-
that acquiring the
information is not collection.
-
And that any rights that
might attach don't happen
-
until you open and
look at the packets.
-
I don't know, you know, I've
never heard anybody come
-
into somebody's house, walk
away with their desk drawer
-
and say, "We're acquiring."
-
To let you know if we ever
get around to looking at it.
-
And so-- Danny and I have
some disagreement although I'm
-
getting persuaded
more and more by his--
-
by the question of use
in the commercial side
-
of this big data world.
-
But, I'm not willing to go
there in terms of governments.
-
And I think it's a really
dangerous thing to do.
-
>> So I-- just to
clarify, my observation
-
that data will flow is not
meant as a moral conclusion.
-
And I think the extension
which we choose to put limits
-
on how much data government
can acquire from those
-
who have already
collected it, right.
-
Because that's what
we're talking about here,
-
it's very important and I think
that historically we have relied
-
on technical barriers to large
scale information collection
-
as a way to limit how much
power the government has
-
and we don't have those anymore.
-
So, we're going to have
to get very explicit
-
about what limits we think
government should have
-
on both the collection
and the use front.
-
My only observation kind of
back to your point Mike is
-
that we are much
better technically
-
at managing collection
limitation
-
than we are managing
use limitation.
-
Just as a pure matter
of the kinds
-
of computer science techniques
that we have available
-
and I would submit
that's because, you know,
-
the computer security community
cryptographers have taught us a
-
huge amount about how
to keep data secret
-
and control access to data.
-
There's a whole other set
of disciplines developing
-
in computer science that try to
characterize information usage,
-
track information usage,
but it is a different--
-
but there is less progress
on that because I think
-
that that's not a
view of privacy
-
that computer sciences
have previously focused on.
-
So, I think you're
exactly right to point
-
out that we need
more work there.
-
>> I'd actually hear
from the techies.
-
Because I wasn't thinking
so much about transparency
-
at the institution
level at layer eight.
-
I was thinking more
the lower levels.
-
Well, like--
-
>> Oh, I'll give the--
let me give the--
-
>> -- like route to tracing,
you know, when we send an e-mail
-
to each other you can find out
where it balanced along the way.
-
>> Let me give the techies
about two minutes before we move
-
on to another question
because we will have a chance
-
to circle back in
the round table again
-
so we can take another
bite at the apple here.
-
>> Yeah.
-
>> Go ahead.
-
>> I just want to--
just very quickly.
-
Stealing is stealing.
-
It doesn't matter whether
it's in the physical world
-
or in the cyber world.
-
So, whatever the techniques you
have to collect data of a theft,
-
in the physical world you
can apply the same techniques
-
in the cyber world.
-
The difference is speed.
-
I mean it takes me
physically a long time to go in
-
and steal a laptop from
the gentleman's tester
-
but I can steal all the
information on his laptop
-
in a second, probably as long
as it took me to do it as long
-
as I can connect
it over the net.
-
So, the comment about
the government, you know,
-
and the search warrant in
the constitution, you should,
-
you know, that's why it's there.
-
That's why we have
the constitution is
-
to follow those laws.
-
And you can still achieve
the same goals and stay
-
within the constitutional
limits.
-
It's been done.
-
It's just that what's happened
is we got a bunch of people
-
at the policy level that
didn't understand what the
-
implications are.
-
And that's where-- everything
-
that they've done
has been legal.
-
It-- the law is the problem.
-
Not what whether
they're doing it or that.
-
>> I would question that.
-
>> But--
-
>> OK. I'm going to move
this along because I want
-
to give Joanne a chance and
I'm sure Steve is getting a lot
-
of farther for the round table
to come back to just later on.
-
>> So, I don't want
to pick up on thing
-
which is the internet has
a tradition or convention,
-
I wouldn't say tradition,
convention of protocols
-
which behave in an open manner.
-
And so, this is for
example, your--
-
when you're looking at how
packets flow, there are commands
-
like traceroute that let you see
how they go through the internet
-
and you can map them through an
exchange point most of the time.
-
When you look at mail headers,
you can look at e-mail headers
-
and you can actually see,
wow that's not my e-mail,
-
it got from point A to
point B and it's visible
-
and you can see those
most of the time.
-
When you look at a packet that
you've received you can look
-
at the source address and
say, "Oh, where is that from?"
-
And you can look it up and
find it most of the time.
-
Now, there is no
obligations that any
-
of this information is accurate.
-
It's all sufficiently accurate
-
to keep the internet
running or at least so far.
-
And we hope it will
just keep it running,
-
but there's no actual
obligations and you need
-
to be careful because while
there would be some benefit
-
to having an attribute that says
there's an actual obligation
-
to make this accurate, then
I see people emerging saying,
-
"Well, wait a second, now I'm
worried about my anonymity
-
because now you can trace my
IP, or you can trace my e-mail."
-
So, we have just a
convention of transparency
-
which has been enough to
keep the internet running.
-
There is a question on
whether or not that's going
-
to actually work long term.
-
The point that was made by
Randy which is that the rate
-
at which you can attack
something digitally is a lot
-
faster than physically.
-
And this means that the ability
to have an accountable internet
-
where we can actually figure
out who sent the bomb threat
-
or figure out who sent the
e-mail which cause the problem
-
at the school is
potentially a very large duty
-
and it may require us making
a tradeoff between anonymity
-
and curated anonymity in
order to have accountability.
-
Right now it's not
clear that one
-
or the other is the
right answer.
-
>> So, we may-- we'll circle
back to this in the round table.
-
Let me move on to the
next question over here.
-
>> All right, I'm [inaudible]
cofounder of Codex for Africa.
-
This is more to as
the techie side too
-
but at the same time
from a global view.
-
We represent thousand
of developers in Africa,
-
in the upcoming years it's going
-
to be more software
developers who're are going
-
to be creating thousands of
applications on mobile and web.
-
And one of the things is what
are the strategies there,
-
when you have emerging countries
or emerging economy jumping
-
on a bag of bandwagon of using
the internet to do transaction
-
with the US or the
western world.
-
What do you think what would
happen because I could be
-
in a country like Synagogue,
you know, do some hacking,
-
I can do anything I can because
you don't have access to the--
-
maybe the continent
level network.
-
But as well as the
western world,
-
what are your strategies
and all that?
-
>> Well, this is where
the law comes into play.
-
What we hear on the
techie side for instance is
-
of course there is laws
in hacking in the US,
-
but there is no laws
in hacking in China,
-
as we would understand it.
-
So, each country gets to define,
you know, what a hacking is.
-
Some may take it as an
assault against the government
-
if you are hacking, you know,
-
some might just say it's
a plain and simple theft.
-
So, you're going to have to-- I
would think you'd have to look
-
at each individual
country's definition
-
of what they considered to
be hacking in that case.
-
Now, on the other side, again,
if you're writing an application
-
for someone like that then
you're going to do logging,
-
you're going to do all of this
type of stuff because you want
-
to provide an auditor
if you will
-
if it's a financial
application with some record
-
of whatever transactions
your software handles.
-
So, there's always going to be
a record of something that you--
-
either your app did or
where your app went.
-
Whether it's accurate or
not that's another question
-
but there's always
going to be a record.
-
And again, metadata
analysis I can use that
-
and make some inferences
-
as to what you did even
though I can't see what you--
-
what's in your individual
packets if you encrypted them.
-
>> John?
-
>> So, that's an amazing
wake up call here.
-
So, we have this internet
that's remarkable.
-
It allows people to interact,
people in different countries
-
with different expectations
to interact.
-
And yet, the conventions
-
by which governments work
haven't evolved fast enough.
-
The idea that citizen in country
A is interacting with citizen
-
in country B and it might be
illegal in one country and not
-
in another is a whole
new concept
-
that governments are going
to take some time to try
-
to figure out how to deal with.
-
So, we have a problem.
-
We literally have an
internet that has capabilities
-
that governments haven't
come to grip on how
-
to handle their duties
and responsibilities.
-
I know governments
have feel very strongly
-
about protecting their
citizens against pornography
-
or against certain
types of content.
-
I know governments
in other countries
-
that feel very strongly that
that's up to each citizen.
-
But the reality is that that
intersection has now happened
-
because of the internet.
-
Two governments can have
very different views
-
on what their responsibilities
of their citizens are.
-
So, to answer your
question in a general case,
-
the internets move
faster than governments.
-
Governments literally do
not know how to interact
-
with the situation you describe.
-
On a practical matter, if
you end up doing something
-
of significance, something
that causes a lot of harm
-
or actually there's a very
nice list of types of attacks,
-
distraction of property, theft
of intellectual property.
-
There's different types
of extortion or DDoS,
-
if you actually do something of
a major magnitude you'll find
-
out that law enforcement does
cooperate between countries
-
and it works very well.
-
It's just not set up for
the scale of the internet.
-
And it's in the age
of the cooperation
-
between law enforcement
-
and various computer
response teams is one step
-
above fax machines ringing
and going back and forth.
-
We have the mechanism to
handle the really bad events
-
fairly slowly.
-
We don't have anything
to handle the scale
-
of automatic attacks
happening 24 hours a day
-
around the entire
globe which don't--
-
>> Let me move to Danny.
-
He wanted to say something
and then I'm going to move
-
on to the next question.
-
By the way, I can't
really talk to anybody
-
in New York once
I ask a question.
-
So, what they do I guess
they'll stand up or something
-
or else go through Paul.
-
Danny, go ahead.
-
>> I just want to make one
observation about the challenge
-
of international law
enforcement cooperation.
-
Most people in this room
are probably familiar
-
with the SOPA debate that was
proposed in United States.
-
In a certain sense we only
have that debate with all
-
of its cataclysm because of the
failure of current mechanisms
-
in international law
enforcement cooperation.
-
We have that debate, the
Congress was considering
-
that law blocking access
-
to websites outside
the United States
-
that might have infringing
content because people
-
in Congress were concerned
-
that US Law Enforcement didn't
have an effective way of working
-
with law enforcement
authorities from the countries
-
where the infringement
was actually happening.
-
I think that we have to get a
lot better as John is suggesting
-
at add enforcement cooperation.
-
There are realms where that
works reasonably well but it's--
-
the problem is it's mostly
cooperation in the form of how
-
to make a criminal conviction
against someone to stick.
-
Law enforcement cooperation
mechanisms are good
-
at exchanging evidence,
it make sure
-
that you have the information
you need to, you know,
-
bring someone to
trial but not good
-
at actually stopping
the behavior
-
that maybe harmful
as it's happening.
-
So, I think it's a
very big challenge.
-
>> All right, go to Paul for a--
-
>> I actually did see that
David Salmon [assumed spelling]
-
of the New York Society's
chapter president would
-
like to have a question.
-
So, why don't we go
to him if he will--
-
I think they have a
little bit of a delay.
-
So, he might just be
hearing this in a second.
-
>> OK David.
-
[ Inaudible Remark ]
-
>> OK, that's your cue David.
-
>> OK. I'll speak to the
camera then or-- yeah.
-
OK, so.
-
[ Inaudible Remark ]
-
OK, we have some delay here.
-
My question is what sort
-
of scenarios do our
panelists envision
-
and what would be some
alternative solutions
-
if our government specifically
Congress is unwilling or unable
-
to rain in agencies such as the
NSA in terms of surveillance?
-
If they can't do
it or choose not
-
to what would be
the consequences?
-
Are there technical solutions
or are there possible solutions
-
that could be implemented
without US government?
-
>> OK. The panelists are being--
the panelists are being asked,
-
is there a work around congress?
-
>> I would just to
speak to it just
-
as an individual not
as a panel member.
-
But if congress can't rain
-
in the government agency we
have a lot more serious problems
-
than what's going
on in the internet.
-
>> When was the last time
we passed a federal budget?
-
>> I mean, they are
government agency.
-
Congress has to do that.
-
Now, again, there is
classified information
-
and all this other stuff that
can influence how law is passed.
-
But quite frankly if congress
didn't have that power
-
to do it then we wouldn't see
General Alexander making a run
-
up to talk to members, I
think was it today or--
-
>> No, it's tomorrow.
-
>> Yeah, the vote is tomorrow.
-
So, you know, doing that,
-
so certainly I would think
congress has the ability to do
-
and should have the ability or
else we don't have a democracy.
-
>> OK, any other
panelist winging on that?
-
Lynn?
-
>> Well--
-
>> You can just say quicker
than I'm-- oh, I'm sorry.
-
>> No please.
-
>> That, you know, there
are ways for people
-
to manage their traffic.
-
I know I'm certainly certain
that would be even more ways
-
for people to manage their
traffic and choose the routing.
-
We actually are quite
concerned about that
-
because it will make the global
internet much less resilient.
-
It will-- putting something
in a box doesn't mean it's--
-
it maybe protecting it from
one country actually examine it
-
but it doesn't protect
the other country.
-
And so, I'm not quite sure
what David's question was but,
-
you know, if it's about
routing and the ability to route
-
around what you see as a
problem, I think we need
-
to be very, very
careful about what some
-
of those potential solutions are
-
and because I don't think
it will address the question
-
you're-- the problem you're
trying to route around.
-
And in fact it will overtime
make the global internet much
-
less resilient.
-
>> Paul?
-
>> OK, I have a question
from live stream.
-
It's from Garth Gram
[assumed spelling].
-
He asks, is the real
issue autonomy
-
and self determined
choice rather than privacy?
-
And if so, what is
the role of identity
-
in addressing the
issue of trust?
-
>> Well, I'll take
one step at that.
-
I think that in the
discussions of privacy
-
over the last 10 years or
so, maybe longer I think
-
that we've gotten a little
bit distracted by the promise
-
of individual choice as
somehow the key to privacy.
-
I think that a lot of
the privacy values--
-
and what I mean by that
is the dialogue box is
-
that everyone sees in, you
know, one website or another
-
where you have to click here
to accept the privacy policy
-
or swat away a dialogue
box to proceed.
-
And I think certainly in-- it's
actually a remarkable point
-
of convergence between the
United States and Europe
-
in the last couple years
both the White House
-
and the Federal Trade Commission
issued major privacy policy
-
statements that noted
the limitations of this
-
so called noticing choice or
individual determination model.
-
The European certainly have
pointed that out as well.
-
A lot of the things
that we value associated
-
with privacy are
collected values.
-
We want to make sure
people can associate freely,
-
can engage in politics,
can engage in commerce,
-
can seek medical
care, et cetera.
-
And I think that giving
people the choices to opt
-
out of those things or
somehow control their identity
-
when they are trying to
speak to their doctor or make
-
up public political
statement really seems
-
to be exactly the opposite of
some of our core privacy value.
-
So, I think that
there are situations
-
in which individual
autonomy is quite important
-
but a little bit also to the
last question about the NSA.
-
I don't think we get ourselves
out of these privacy problems
-
by just giving people, you
know, 20K long encryption keys
-
to wield against everyone else.
-
>> Laura?
-
>> That's a really
interesting question and I want
-
to tie it back to something
-
that I think Danny said
before about data will flow.
-
And, you know, while
I agree with that,
-
that's also not necessarily
the case.
-
We have interconnection disputes
that have resulted in outages,
-
we've had countries
that have cut off access
-
for their citizens.
-
We have areas of the world
that have infrastructures
-
of complete censorship.
-
We have digital divide
issues, we have trends away
-
from interoperability where
we're going in the cloud
-
to more proprietary
protocols for example.
-
So, it's-- so data will
not necessarily flow.
-
But one of the things
that is required for it
-
to flow is this issue of trust
that the questioner brought up.
-
So, I think I can mention just
a couple of areas or maybe three
-
that are very important.
-
So, the trust has always excited
between network providers
-
to exchange information about
IP addresses that are either
-
in their control or that they
can reach on the internet.
-
But we have seen
examples that's done
-
by through a boarder
gateway protocol.
-
There have been examples
-
where false routes have been
advertised whether intentionally
-
or not and outages
have occurred.
-
So, there is-- our effort
is underway now to secure
-
that which are very necessary.
-
So, we have to build
trust into the network.
-
It's not something that
we can just assume.
-
It has to be designed in,
it has to be build in.
-
The same thing with how the
domain name system works.
-
We have servers located around
the world that resolve queries
-
of domain names like maybe I'm
up here looking at cnn.com,
-
I'm not but the domain
name server would resolve
-
that into its IP address
and route the information.
-
Well, that can be gamed also
-
and that there can be a
false return of a query.
-
So, having things like domain
name system security extensions
-
has to be continued
to be implemented.
-
You know, these are just
a few of the examples,
-
an answer to the question
that it has to be designed in,
-
same thing with website
authentication.
-
If I'm saying that correctly the
role of certificate authorities
-
and how they verify
through a digital signatures
-
that a website is who
the website says it is.
-
So, again, this is an
example of the politics
-
of the architecture, it's
no just about agreements
-
between people but about
designing this trust
-
and identity into
the infrastructure.
-
>> I'm going to move on
to the next question just
-
because I want to get the
audience as much opportunity
-
as I can because the
panelists are going to be able
-
to circle back on this
later on over here.
-
>> So, I'm Luke Wadman [assumed
spelling], I'm a student working
-
as a policy analyst intern,
-
analysis intern for
IEEE this summer.
-
I'm working on internet
governance issues.
-
And does the panel
think there is any--
-
would it be a good way to
frame the debate on privacy
-
and internet governance and
et cetera in economic terms
-
because if I've learned
anything in my time in DC it's
-
that catching the ear
-
of our congressional
representatives is easy
-
if you start talking about
jobs and job creation
-
and we've already talked a
little bit about the impact
-
of things like prism on US-based
IT companies like Google
-
and Facebook, particularly
in the EU
-
but also around the world.
-
One case is that Google isn't
really competitive in China
-
and that's probably going to
continue in that direction.
-
So, would that be a good way to
frame this whole conversation
-
and actually encourage some sort
-
of positive congressional
action?
-
>> So, I would never say
that I have any idea how
-
to encourage positive
congressional action.
-
I just want to put
that on the table.
-
I think it is true
-
that everything that's
happened this sort
-
of last six weeks inside this
sort of NSA bubble has happened
-
without any reference
as to what it might--
-
the impact that it might
have on US industry.
-
And I think it is possible
that the impact at least
-
in the short run maybe severe.
-
On the other hand a
lot of people may carry
-
on about being unhappy
about discovering
-
that the NSA is sucking
up their data.
-
Historically, when
the big comp--
-
if you look at the SOPA fight
-
which I think was
probably the first time
-
that US internet industry sort
of held hands with activists
-
and technologist, it does
get congresses attention.
-
I will say though that
National Security is different.
-
It is just always
different and the arc
-
of National Security has been
more, more, more since 9/11
-
and the question is whether
these revelations have sort
-
of pushed us beyond the
more and more place.
-
>> OK. Let's move over here.
-
>> Hi, I'm Susan Aaronson
with GW, I'm a professor here
-
and I work with the
Worldwide Web Foundation
-
on measuring internet openness.
-
And I want to ask you a
question that relates to trust,
-
the trust of policy makers.
-
So, in the last couple of
days we've seen [inaudible]
-
and Angle a Miracle [assumed
spelling] make these delightful
-
comments about sever locations
and threats in terms of privacy.
-
And again, I wonder
if there are--
-
so, they're basically saying
if the server can't be located
-
where we can control, where our
privacy rules dominate we might
-
not accept for example some
-
of the things the
United States wants
-
in the trade agreement or--
-
and we see similar things with
the Trans-Pacific Partnership
-
and I just wonder if you
could talk a little bit
-
about this now.
-
You know, you can always, for
national security reasons,
-
you can always say you have
a particular policy in place
-
and it's not protectionist.
-
But this is opposite
of that, right?
-
They're saying that
for privacy reasons,
-
they want to essentially
protect their citizens
-
from their information
being traded
-
by having the server
location in the United Stated.
-
If I may add one other
thing which is Frank La Rue,
-
who works for the-- who is
the UN Special Representative
-
on Freedom of Expression,
he has said basically
-
that the US' failure to protect
the privacy is a violation
-
of its human rights' obligation
-
because that is a
basic human right
-
under the Universal
Declaration, blah, blah, blah.
-
So I want to hear your comments.
-
>> Sure. I'll do this.
-
Pull it out there.
-
I'll-- the Trans-Pacific
Partnership
-
and the US Free Trade Agreement
is and always will have had
-
to address the data
privacy laws.
-
The Safe Harbor that
we had in place
-
in 2001 will actually
expire with the agreement.
-
And the United States, as you
know, has no national umbrella
-
for data breach and
data privacy.
-
We have 47 individual states
with their individual programs
-
and no national umbrella.
-
And so, if we're recalling
for congressional action
-
that had an economic, you
know, significant impact,
-
there are 52 pieces of
legislation currently
-
in 113th Congress
around cyber security,
-
about 10 of which
around data breach.
-
It would be wonderful
if we could get
-
to some bipartisan
agreement on that
-
so we could enable the
overall Free Trade Agreement
-
to move forward between
the two continents.
-
More specifically though, noting
the 47 different state laws
-
and noting the difference
between the Europe
-
and the United States,
cloud computing
-
and where the data is
stored follows the geography
-
and will always follow
the geography.
-
So if there's a data breach
here in the state of Virginia,
-
it follows a different
set of rules
-
than Massachusetts
and in California.
-
And a company, whoever the
company might be, actually has
-
to know all sets of laws
for that particular state
-
in this case in order to follow
the regulatory compliance,
-
et cetera.
-
That also is the same
for if it's stored
-
in the United Kingdom,
-
it follows the United Kingdom's
laws, and the Netherlands,
-
and Brazil, and you
pick the place.
-
And so when the EU and
the leaders of Germany
-
and elsewhere are talking
about the data protection
-
and data privacy, and they are
looking at the United States
-
and worried about how our data--
-
we're protecting
data and the privacy,
-
then it would be also important
understand how the European
-
companies are mirroring data
in other countries like Brazil
-
or South Africa or
Egypt or China or India,
-
et cetera because the data
always follows the law
-
of the geography
that it sits in.
-
>> I'll just add to that
that one of the things to--
-
I mean, obviously, the
NSA revelations have sort
-
of strengthened the EU's
hand in a discussion
-
that was going long before.
-
We have a particular view
of what privacy means.
-
It doesn't match up, going back
to this question earlier about,
-
you know, what economic kind of
motivation might move Congress.
-
One would think the US
companies would move forward
-
on a comprehensive
data protection regime
-
in the United States that
might be more flexible
-
and perhaps reflect the internet
more than the European one,
-
but I haven't seen them
step forward on that.
-
I think it would be interesting
for somebody to ask the question
-
about the various EU countries
in their surveillance regimes
-
because as much as I say
some very unpleasant things
-
about ours, I think you
would find that it--
-
with the exception
of our capacity
-
for the just incredible
scale of collection,
-
that the actual legal
protections are no better
-
at best and probably
a lot worse.
-
>> Just one comment on
the trade discussions.
-
Suzanne, I think
it's a very good,
-
it's a very important question.
-
I certainly think that,
you know, as you well know,
-
better than probably anyone
in this room, you know,
-
trade agreements have always
made exceptions for things
-
like national security,
public morals,
-
sometimes consumer
protections, things like that.
-
I think what we see now is
that simply pushing them off,
-
those issues off into the
exception category is not going
-
to work so we need
some kind of mechanism
-
that on the one hand
respects the fact
-
that governments do
have a legitimate
-
and important interest in
protecting their citizens
-
against unsafe products,
against human rights violations
-
if that's the way they do
privacy, against, you know,
-
security breaches,
what have you.
-
But tying that to the
location of data is, I think,
-
just an overly simplistic way
of accomplishing that purpose,
-
and I think, you know,
you can make fancy--
-
well, you can make fancy trade
arguments about why that's not,
-
you know, most favored
nation treatment.
-
But I think the bottom line is,
we used to have trade agreements
-
that were fundamentally about
tariffs and we've mostly dealt
-
with those issues, and now we
are going to trade agreements
-
that are fundamentally about
the non-tariff barriers
-
that exist between economies.
-
So we're going to have
to deal with that either.
-
I think that in the, you
know-- for some period of time,
-
I think the surveillance issues
will cloud those discussions
-
but we'll come back
to them at some point
-
and they will be
the same issues.
-
So-- and I-- the only thing I--
-
the only final thing I
would say, I think that one
-
of the big challenges
we're going to have
-
in the trade context on
internet issues is the challenge
-
that we found with ACTA,
that the ACTA was making--
-
[Inaudible Remark] Sorry, oh,
sorry, oh God, Steve is going
-
to throw that look at me.
-
So there was a trade agreement
involving intellectual property
-
enforcement whose
acronym is ACTA
-
and was very strenuously opposed
by civil society groups all
-
over the world because they
didn't know what it was,
-
they didn't know what was in
the agreement and they argued,
-
I think-- I thought,
quite legitimately
-
that if there are
going to be rules made
-
about intellectual property
rights that affect individuals,
-
there should be some
public discussion
-
of what those rules are.
-
Trade people believe they
somehow can't negotiate
-
in public.
-
And that's a sort of an article
of faith in the trade world.
-
They're going to have to learn
to be a little bit more public
-
if they're going to get anything
done on these issues is my deal.
-
>> Lynn, you got the last
word before the break.
-
>> Just quickly.
-
Not only-- it wasn't that they
wouldn't negotiate in public,
-
they would not authorize
a release
-
of the documents
post-negotiation.
-
They were not available
publicly.
-
>> So this sounds
like a thread going--
-
circling back to NSA and FISA
and all that, but I am sorry
-
that we have hit the point
where we promised we were going
-
to take a very brief five-minute
break that you're going
-
to have a chance to stretch
your legs, then we're going
-
to come back and people on the
panel will mix it up some more,
-
even better I suspect,
moderated by Steve Roberts.
-
But let's take a quick
five-minute break.
-
There will be one other
opportunity for you all to meet
-
and greet at least
most of the panelists
-
and there's a reception that
starts at 5:15 afterwards.
-
But for now, five-minute break,
we'll convene at 4 o'clock.
-
Thank you very much.
-
[ Inaudible Discussions ]
-
Well, thanks for
sticking around.
-
I know it's been
a long afternoon.
-
As Lance said, I'm
Steve Roberts.
-
I'm a professor here at
GW in the School of Media
-
and Public Affairs,
right across the street.
-
And my job is to try to
crystallize some of the issues
-
that we've been discussing
-
and [inaudible] some
conversation among
-
the panelists.
-
And I want to start by quoting
a couple of things I heard.
-
Lynn, for instance, said that
-
"unwanted surveillance
is not acceptable."
-
Leslie talked a lot
about human rights.
-
But there was a phrase
-
that I did not hear the entire
first hour and a half except
-
in passing, and that word
was "national security."
-
And so I want to pose this
question to the panel.
-
Isn't national security
a human right?
-
Isn't safety a human right?
-
Isn't the unwanted surveillance,
-
one person's unwanted
surveillance is another person's
-
protection from danger
and from terrorism?
-
So, I want to ask everybody,
what's the tradeoff here?
-
The whole idea in the first half
of this panel was the importance
-
of the freedoms in the internet.
-
But what are the limits,
-
and what are the
legitimate tradeoffs,
-
and how do we balance
legitimate human rights
-
against legitimate
rights to be safe
-
from terrorism and
other threats?
-
Who wants to start?
-
Go ahead, John.
-
>> So I'm going to almost answer
the question, but not quite.
-
It is true that the
governments have certain roles
-
and responsibilities.
-
And one of those roles is
there's a certain protection,
-
a certain defensive role
-
that a government feels
it has to provide.
-
And the question is how do
governments do what they see
-
as their obligations,
-
their actual responsibilities
given the internet.
-
The internet has not been
very good at this, OK?
-
So, --
-
>> Would you excuse me.
-
It's not just an obligation,
it's not just something
-
that they passing, this
is the first obligation
-
of government, is to protect--
-
>> Right.
-
>> -- people.
-
Isn't it the first obligation?
-
>> Ideal. One of the things that
[inaudible] does, of course,
-
is we're responsible for
maintaining a registry
-
of IP addresses and that
registry is often used
-
because someone does
something in cyberspace
-
and the first thing
law enforcement would
-
like to know is, where is
that in the real world?
-
Because real world has the
people in organizations
-
and the cyberspace has to do
-
with domain names
and IP addresses.
-
And so, governments
feel they have
-
to enforce laws for example.
-
And yet the internet wasn't
built with an interface
-
for government is saying, "If
you're trying to do your duty,
-
here's how you go about
finding that person.
-
Here's how you go about doing
what you see as an obligation."
-
So, I know a lot of
people look at this
-
and they go this entire area of
governments and what they want
-
to do with the internet and
they want to take control
-
and they want to
do surveillance.
-
If you turn it around
and look at it,
-
remember that from the
government's perspective,
-
in many cases, these governments
feel they have an obligation
-
and the internet is
actively preventing them
-
from doing something
they're required
-
by their citizens to do.
-
So, we need to not omit the fact
-
that the internet doesn't
provide a friendly interface
-
to government.
-
So, me people would see that
as a feature but it's a fact
-
that shouldn't be
overlooked in the discussion.
-
>> Tradeoff.
-
What's the tradeoff?
-
Leslie?
-
>> So, I want to back this up.
-
This is not a new question
and it doesn't have
-
to do with the internet.
-
I mean, we have a--
-
an international
human rights framework
-
that explicitly makes national
security an exception for--
-
exception for-- in
human rights treaties.
-
It is an obligation of
the countries themselves
-
to protect our national
security.
-
But we also have an entire
developed jurisprudence
-
about publicly enacted
transparent law,
-
proportionate law, fair
process, remedy and oversight.
-
And, you know, I think
we just throw this
-
into the internet context, we're
just missing, there's a bit--
-
you know, there's a basic--
there's bodies of law and norms.
-
And the question here is not
whether there's a tradeoff,
-
it's whether you
reach a balance.
-
And I think when you have
most of this process secret,
-
the judicial process
secret, the oversight secret,
-
the interpretation
of the law secret,
-
then you cannot achieve
that balance.
-
The question at the
end of day is balance.
-
I certainly would take
issue with the idea
-
that the internet has been
unfriendly to law enforcement
-
and it's always this, you
know, we're going dark
-
and we can't see anything.
-
I think if we learned anything
over the last couple of months,
-
it's that law enforcement
really has access
-
to much more information
-
and that there is
therefore a temptation
-
to use what technology
has created
-
to go beyond what a balanced
human rights frame would allow.
-
And I think that's
what our problem is,
-
not that they're not
supposed to be [inaudible].
-
It is a first order of
business for government.
-
They are supposed to
protect their citizens.
-
But Steve, if you look at this
framework that's been created,
-
it was framework that was
created on a battlefield in Iraq
-
to make sure that you had every
less possible bid of information
-
to make sure you would
know about the IED.
-
And this whole haystack
and needle analogy assumes
-
that collecting a
haystack is proportionate,
-
and I don't think it is.
-
>> But the President
has said this program
-
of surveillance is
essential, the Director
-
of national security said that
it's essential, the Chairman
-
of the Senate Intelligence
Committee,
-
a liberal former mayor
-
of San Francisco had
said it's essential,
-
what's your quarrel with this?
-
And how do you rebut their
argument of everybody
-
who has had access to the
secret, say this is justifiable.
-
I'd like other people
to deal with this.
-
>> Please.
-
>> Yeah. [Multiple Speakers]
-
>> OK. So, it's-- there's
-
so many portrayals
of this as a binary.
-
And, you know, I think
the issue is more one
-
of degrees [phonetic] and
a more granular issue.
-
But there are some
binaries here, right?
-
We either have a
constitution or we don't.
-
We either have a fourth
amendment or we don't.
-
But if you start looking
at the actual practices
-
and I don't think we have a full
picture of exactly what's going
-
on but based on some of the
things that we've heard,
-
there are ways to enact the
necessary national security
-
without crossing the lines
that would be unacceptable
-
to the majority of the people.
-
So, having low level-- so
layers of control and layers
-
of accountability in the
processes of surveillance,
-
right, so not just having any
low level analyst being able
-
to take a fire hose of
information and download
-
that unto their computer just
to exaggerate the point, right?
-
So, there's the granularity,
-
there's getting the
information that's necessary,
-
there's the process
of accountability,
-
there's the issue
of judicial review.
-
So, I think that there are ways
-
to enact the necessary
national security now
-
that our public's
fear is online and now
-
that we have the privatization
of that public's fear
-
without going to the extremes
-
of basically having
the fire hose analogy
-
and just downloading
whatever data about anybody.
-
>> Anybody else on the panel
who want to pick on this?
-
Please, go ahead.
-
>> So, you want us to talk about
tradeoffs but I actually want
-
to suggest that I think a more
accountable clear system is
-
better for national security.
-
I think what's happening
now where you have very,
-
very broad authorities that
are unclear is almost the worst
-
of all possible worlds
for both civil liberties
-
and national security
because you have--
-
you have policy officials,
other governments, activists,
-
et cetera, poking
around in the business
-
of the intelligence community,
and that's not a very good thing
-
for them frankly, they want
to able to do what they do
-
of quietly and-- but in
order for us to do that,
-
in order for that to happen,
there has to be a clear sense
-
of what the rules are.
-
One sense I which-- I
largely agree with Leslie
-
but the one sense in which
I think this is an internet
-
problem is it's really
kind of a 9/11 problem,
-
and then I think a lot of
what's going on is going
-
on under the kind of exceptional
basis that we've handled a lot
-
of national security
issues post 9/11.
-
And to quote the President
again, ironically enough,
-
just a few weeks before this
whole surveillance story broke,
-
the President went to the
National Defense Universities,
-
you know, and gave a
speech saying, number one,
-
it is bad for a country
to be perpetually at war,
-
and number two, that
the threat level
-
from Al Qaeda was basically
below the level that it was
-
at 9/11, and that we should--
-
and that we should start
treating that threat,
-
that national security threat
as part of the norm not
-
as an exception that
we have to respond
-
to with these kinds
of exceptions.
-
This whole surveillance
program was created
-
as the President's
surveillance programs, you know,
-
as an exception, and
that's its problem.
-
If the problem is not--
-
>> Although continued by
a democratic president--
-
>> Yes, that will-- that's
right but I think that it needs
-
to be continued on a more
clear accountable basis.
-
And so I don't tend to accept
that the issue gets solved
-
by saying more surveillance,
less surveillance.
-
I think that the issue
is surveillance according
-
to what rules and with
what accountability.
-
>> Lynn I quoted [phonetic]
you-- please, your turn.
-
>> Yeah. I mean, I'll come
to my point [inaudible]
-
but just [inaudible] said
unwarranted surveillance.
-
I recognize the difficulty
in unwanted thief
-
in the perspective
of the individual.
-
So, it's very much
an unwarranted.
-
>> Thank you.
-
>> But-- And I just
really wanted
-
to echo the three comments
-
that have been made here
very, very, very strongly.
-
When-- In a system
like the internet
-
which is breaking all barriers
where we're so interconnected
-
and so interdependent, we
have to change our paradigm
-
of looking at this and move
it to one of managing risk.
-
We can talk about in the context
of tradeoffs if you like.
-
But we really do
have to look at--
-
>> Wasn't that the only context?
-
Or isn't tradeoff is the only
legitimate way to talk about it?
-
Because we-- isn't that
what we do everyday?
-
>> I think tradeoff
is legitimate way
-
but I'm not sure we're
making the right tradeoffs
-
and I think we continue to
focus on national security
-
and quite often run
by flagrant abuses
-
than we're conflating the issue
or we're not pulling it apart.
-
It's not about national security
and what is the best way
-
to protect national security.
-
From my perspective, you know,
-
what our members
are actually upset
-
about is the flagrant
abuses and the lack
-
of transparency and the secrecy.
-
>> Yes, please.
-
>> And I think part of
the problem that I have
-
with hearing what they've said
-
for giving the reasons is
we haven't heard the reason
-
that makes sense.
-
It's-- why are you
collecting the data,
-
it's like the equivalent
of your mom
-
and dad saying well,
because I said so.
-
You have to give it something
behind that, you know, to--
-
is there a credible threat
at whatever level there is.
-
I think Danny is right.
-
I think the threat level from
what we've read in previous,
-
you know, speeches
by the President is
-
that the threat level is a
lot less than it was at 9/11.
-
Well, if it's a lot less
than it wasn't 9/11,
-
why do we need to expand this?
-
Give us something to look at.
-
But I think when I hear
them talk about these things
-
and give these reasons as
somebody who does this type
-
of metadata analysis
and, you know,
-
just as for my own
infrastructure was certainly
-
in my own infrastructure I
can do a lot of that analysis.
-
But there's an uplink to me.
-
And those people that
control that infrastructure,
-
my infrastructure,
your infrastructure,
-
they can do the same
type of analysis
-
and it trees all the way up.
-
It's-- So, why?
-
You have to give us
a credible reason.
-
>> But was running through a lot
-
of your comments is a basic
mistrust of government.
-
I mean you've been told--
-
public has been told by
the Intelligence committees
-
which have in brief that this
is a very valuable tool PRISM
-
and other surveillance are
very valuable to the President.
-
Duly elected democratic liberal
president had said it's a very
-
valuable tool, the
liberal chairman
-
of the Senate Intelligence
Committee has said it's a very
-
valuable tool and everyone
of you is doubting it.
-
So, what is the source of your
suspicions and your mistrust
-
of what you're being told?
-
>> So, I actually
don't, you know, when--
-
there's no way for us to
know if it's a valuable tool
-
or not a valuable tool.
-
So, you could take them at face
value that it's a valuable tool.
-
Collection of data
is a valuable thing.
-
It's just not the only analysis
in a democratic society.
-
And I think-- so, I mean, I--
-
and that's I think
the problem here,
-
we live in a democratic
society where we're supposed
-
to have proportional laws
that more than a small number
-
of people are able to know
about to assess that balance
-
between liberty and security.
-
We really don't have that.
-
I mean, if this was a discussion
-
that they were tasking
these companies
-
with specific request
based on articulable facts
-
about specific individuals
-
or even several hundred
individuals,
-
we might be having a different
discussion about the balance
-
between liberty and security.
-
But we're having a
discussion about the value
-
of basically collecting
the data potentially
-
on everybody in the world.
-
I mean, we don't know the set.
-
So, it's not about trust
of government or not.
-
You know, I think you could
probably come, you know,
-
device a program where you
know everything about everybody
-
in the world and claim
it makes you safer,
-
maybe it makes you safer.
-
But we no longer are
following either the values,
-
the constitution
or the norms of it.
-
>> Well, we see you're not
following the constitution.
-
These laws were passed by
democratically-elected Congress.
-
>> Well, having been there.
-
Yeah.
-
>> Yeah, right.
-
>> Having been there,
-
they didn't know what
they were passing
-
and they didn't know
what [inaudible].
-
>> So, [inaudible] to that, you
just said the issue wasn't trust
-
and you now you just say, well,
-
they didn't know what
they were passing.
-
>> They didn't know--
they didn't know--
-
>> If you believe well-- well,
let me ask you the question.
-
If you believe in a democratic
system, now you're saying,
-
I don't believe
-
in the democratic process
that's passed these laws.
-
>> No.
-
>> That they were
misinformed and we know better?
-
>> No. The laws have been
after the fact, stretched
-
and manipulated in ways
the Congress didn't intend.
-
And that's where-- and that's
where we've gone off the rails.
-
Nobody who is in Congress
at that time, Section 215,
-
the metadata law
that we're talking
-
about which is aimed
specifically US citizens.
-
In making the changes they
were making, nobody believed
-
that relevant data meant
everybody in the United States.
-
>> Let me ask you--
-
>> So, you know, this is--
so this is ultimately--
-
yes, it's a question
of trust in so far
-
as the people implementing the
law have made it as elastic
-
as possible without it
completely exploding
-
and it might not be exploding.
-
>> John.
-
>> I've expressed no view
on whether it's desirable
-
or undesirable or whether
it's illegal or legal.
-
Neither of those questions
are really interesting to me.
-
When it comes to
the internet though,
-
the question is there's
a set of events going
-
on regarding surveillance,
-
and the internet is
global in nature.
-
We have allies and
trading partners
-
and organizations globally,
other governments who want
-
to understand what's going
-
on because they may
have the same desire.
-
There may be another government
that wishes for its reasons
-
to engage in surveillance of
communication in its country.
-
And it wants to understand
what is the framework
-
by which this is occurring
and how does it happen
-
in the internet, how was it's
supported, how does it go
-
on because they have their
own national interests
-
and they may pass laws in their
region that are perfectly fine
-
and acceptable according
to their processes.
-
So, we now have this
framework that says,
-
there are circumstances during
-
which surveillance is
apparently an accepted part
-
of the architecture.
-
What we don't have
is a transparency
-
about where that's occurring and
how that occurs and what happens
-
if another 130 countries
also do it.
-
I believe that if we're to have
equitable internet governance,
-
it's necessary to have
a fully articulated
-
and transparent framework.
-
I do not know whether
or not everyone is going
-
to like what their country
chooses for what it does
-
with surveillance or not.
-
That's a different question.
-
That's a question of laws
and governance structure.
-
But if this is going to go
on, we need to understand
-
where it occurs and how
it occurs and the fact
-
that it could be occurring
in a lot of places.
-
And that should be understood
and documented as part
-
of a clearly transparent
recognition
-
that this is part
of the internet.
-
>> Let me ask you
all this question.
-
You said you're not
interested in legality.
-
But one of the key debates
here is the legal framework
-
for PRISM and the FISA law.
-
And there's not much
debate about whether
-
or what's been taking places
legal or not under the law,
-
but there's a big debate about
whether the law is the right law
-
and whether the framework
should be altered.
-
If you all were to testify
before an intelligence
-
committees and others
on the Hill and asked,
-
how should this law be change
-
to advance the values
your talking about?
-
What would be some
of your suggestions?
-
Go ahead.
-
>> I think we have to start
by walking out the changes
-
that we made in the
records law because we took
-
out all the words that
make it proportionate
-
and make it targeted
and transformed it
-
into a broad collection statute.
-
And I, you know, I think
the ways to walk it back
-
that allows substantial
collection of targets
-
and information related to
that targets and backs it
-
out of this broad relevancy
standard that allows it--
-
if one to be collected
on anybody but also not--
-
it just takes out the whole
national security purpose.
-
Basically, you no longer
have to be collecting data
-
because of a particular
terrorist
-
or particular intelligence
activity.
-
You only have to be
collecting in order
-
to be protecting
the United States.
-
And that is simply to fraud
and to likely to abuse.
-
It is harder for me to
note what have changed 702
-
because we still don't
understand what they're doing.
-
>> And [inaudible] going
to thought about these--
-
>> Except for the transparence--
except for greater transparency.
-
>> 'Cause this is-- this
is going to be debated
-
in the weeks and months ahead.
-
It's a very important question.
-
>> But the traditional method
-
of before the haystack
love [phonetic],
-
if you allow me to call it that.
-
Before that was placed,
the traditional methods
-
of law enforcement
worked, and they would work
-
with whatever the
internet had to provide.
-
You needed to identify somebody.
-
You usually identify them
through a non-technical aspect.
-
You had an informant
somebody tell you, "Hey,
-
I think that you were doing
something illegal," and that--
-
that puts the focus on you.
-
From there, you would use
your traditional tools whether
-
they're on the net or
not to find, you know,
-
to find out what's going on.
-
Collecting data when there's
no evidence of a crime is kind
-
of counter intuitive and
kind of productive in a way
-
because it's sitting there.
-
So, if it were me and I was an
adversary of the United States,
-
I would find where those--
that database was being stored
-
and I would go after it to
collect all that information
-
because I can do the same
type of metadata analysis
-
that could be done that way.
-
The third thing is--
the reason why we--
-
you've mentioned earlier that
maybe we've mistrusted is
-
because we know what can be
done with that data and we know
-
when somebody-- we know
-
when somebody has given
us a [inaudible] answer.
-
Because I know that if I
control my infrastructure,
-
I know the power that I
have doing in my office,
-
I have to act responsibly
and within, you know,
-
the laws and all that.
-
But I know what can be done
-
if there's no oversight
on my position.
-
And that's why I
think you hear--
-
>> But there is oversight.
-
It is, you know, I mean they--
-
>> It would be if you were-- if
you were the oversight committee
-
for what I would do technically,
do you have the technical skills
-
to know what I'm doing?
-
[Inaudible Remark]
-
>> So I'm going to
leave the legal--
-
so the legal policy
questions, I largely agree
-
with what has been said.
-
I don't think that we
have adequate oversight.
-
And if I were-- I was talking
to Congress about what to do
-
to increase the trust
in this environment,
-
I would say that that Congress
-
and the FISA court
needs a more effective
-
accountability mechanism.
-
There is no way that the FISA
court judges or the members
-
of the Intelligence
community are looking
-
at every single query--
-
>> Right.
-
>> -- that NSA analysts
are performing
-
on these enormous
amounts of data.
-
It is technically possible to do
-
that to Mike Nelson's [assumed
spelling] earlier point
-
to actually evaluate whether
when Bob led the general counsel
-
of ODNI says, "Yeah, we have
the whole state haystack
-
but we only ask questions
based on certain predicates."
-
I know Bob and I more
or less trust him
-
but I think it's outrageous
for the government to say
-
to its citizens,
"Don't worry, trust us."
-
We give the government
considerable authority
-
but we need mechanisms
to make sure it's being
-
used responsibly.
-
And none of the oversight
mechanisms that exist
-
that you've mentioned are
able to provide that kind
-
of accountability
other than to call
-
up a responsible
person like, you know,
-
Mr. Ledin [assumed
spelling] say,
-
"Are you following the rules?"
-
And he says, "Yes, we're
following the rules."
-
He doesn't even know what
every single analyst does
-
in the agencies that's
responsible for it.
-
>> Let me ask you about one of
the proposals that has been made
-
and why they debated
in Washington.
-
And so, a lot of people
pointed out one of the flaws,
-
critics had pointed
out one of the flaws
-
in the FISA process is there's
no adversarial mechanism
-
within the FISA system that the
government comes in and asks
-
for permission and there
is no counter voice.
-
There is no adversarial
proceeding.
-
And in most legal systems, there
is a mechanism for challenging.
-
So, a number of legislative
proposals have been advanced
-
in one form or another.
-
Is this one of the mechanism set
that Congress should be looking
-
at to try to reorder
this balance that many
-
of you think is out way?
-
>> Yeah. I actually think
this question of some kind
-
of a public advocate and
I think it's probably--
-
we figured it out how to give
private lawyers the ability
-
to look at classified
information
-
and criminal procedures.
-
We ought to be able to come up
with this table of those people
-
who litigate the
national security state,
-
who can stand in for the public.
-
And, you know, I think it's one
of many potential points of sort
-
of strengthening oversight here.
-
I think it's-- I think
it's critically important.
-
I think different levels of sort
-
of reporting back
to the FISA court.
-
I think part of the
problem and the reason
-
that people are responding
is, I mean,
-
it's interesting FISA was
a civil liberties measure
-
when it was adopted in 1978.
-
And, you know, it's basically
my mentors were the civil
-
libertarians who
proposed this crazy idea.
-
And the world is really
different from the ones in 1978.
-
And being in contact with
a foreign person, I mean,
-
you know, there was
an iron curtain.
-
If you were-- if they
could actually figure
-
out you were communicating
with a foreign person,
-
it probably had some
significance.
-
We now live in this
world where 20 percent
-
of us are first generation,
-
where our corporations
are global,
-
where we travel all the
time, and where we--
-
people don't identify
themselves in that the same kind
-
of we-them way and
yet we have a law
-
and a designation
of foreign persons.
-
That really is a Cold
War era and almost has
-
to be reconsidered
all by itself.
-
And the law can't
be working very well
-
because it's not
supposed to sweep
-
up American's communications.
-
And all you have to do is read
the minimization guidelines
-
to understand how much of our
communications [inaudible].
-
>> Hal Berghel wrote
an interesting article
-
that just came out in
IEEE Computer magazine.
-
It's called "Through
the PRISM Darkly".
-
And there's a quote
in there that says,
-
"The Foreign Intelligence
Surveillance Court has an
-
approval rate of 99.93 percent
of all surveillance requests.
-
While this might not meet
the strict definition
-
of a kangaroo court,
it seems to fall
-
within the marsupial family."
-
So--
-
[ Laughter ]
-
The point of it is is that there
are, you know, there are two
-
and he calls them cyber urban
myths that deal with this.
-
One is that you do need
to all of this, you know,
-
information to do it
and that there's not--
-
there's sufficient oversight.
-
And I think we all agree,
-
there's not sufficient
oversight.
-
You wouldn't ask me to be on
a medical oversight committee
-
to review surgical procedures
-
because I'm not a
doctor, I'm not a surgeon.
-
I don't have that
expertise in that area.
-
And so, I think that's the--
-
I think that's the thing
-
that bothers the technology
people is we know it is a small
-
community of the actual people
that know the nuts and bolts
-
about technology security
from that standpoint.
-
And if we don't know
each other by--
-
personally, we know each other
by reputation and whatever.
-
And so when you look and
you query your other peers
-
and they have the same
misgivings that you do,
-
then it makes you
wonder what's going on.
-
>> I just want to make one
other point about the people
-
who are being swept up in
this-- in this surveillance.
-
I think one of the reasons
-
that more fine-grained
accountability is really
-
critical is we don't know
-
but I think it's a safe
assumption that, you know,
-
somewhere north of 90 percent
of the people who are on any
-
of these terrorism watch list
who were the targets of any
-
of this surveillance
are Arab-Americans
-
who have some connection
to the Middle East,
-
many of whom are
probably Muslims.
-
In this country, we don't
have a great history
-
of treating minorities
perfectly fairly.
-
And part of the reason we
have oversight mechanisms,
-
part of reason we have open
courts, part of reason we try
-
to have due process with public
visibility is to make sure
-
that we actually do
our job and really--
-
and really treating people
fairly and not discriminating.
-
And again, I don't--
I don't think--
-
I think it's really interesting,
you hear this panel,
-
you hear the public discussion.
-
I don't think through
that many people saying,
-
"Stop the Surveillance."
-
People are not saying that I was
-
in Boston during the
marathon bombings.
-
People are clamoring for the
instillation of more cameras.
-
You know, the question
I really believe is not
-
about whether law enforcement
should have these tools.
-
It's about whether
we can feel confident
-
that they're using
them responsibly.
-
>> One of you made
the point that--
-
actually, this is
not a new issue--
-
that just a few years ago,
Washington posted an expose,
-
a very lengthy one, Diana Press
[assumed spelling] and others.
-
And there was not anything
like the same kind of reaction
-
that there's been lately.
-
And I'm wondering why you
think what's the difference,
-
why has there been such--
why are we having this panel
-
and not three years ago.
-
Why is there so much
conversation now
-
about this issue
when, in fact, when--
-
at least some of this
was made known through--
-
to post another mechanisms
some years ago?
-
>> Smartphones.
-
>> We didn't have the numbers,
we didn't have the numbers.
-
I mean, from the Verizon
order, we now know.
-
It's-- I don't remember
how many millions
-
of people's records were--
-
tens of millions of people's
records were collected.
-
We had-- we have
general outlines
-
from the post reporting,
from, you know, from all kinds
-
of things but we did-- it was
not dramatized with numbers.
-
And I think and now we know
it's basically everyone's data.
-
We never actually knew
that was happening.
-
>> Right. I think that's right.
-
I also think there was an uproar
-
when the warrantless
wiretapping was first revealed.
-
We had a very big
battle in Congress.
-
People were really
worried about it.
-
People who were not
following it closely
-
and they passed an amendment
might have actually thought
-
that what we wound
up with was some kind
-
of additional procedural
protections.
-
Instead, we wound up-- what we
wound up with was a ratification
-
of that program, immunity
-
for the providers,
and not much more.
-
And so I, you know, I
think a lot of us knew some
-
of this was going on but
I think we didn't know.
-
One of my colleagues, Jim
Dempsey who's on the Privacy
-
and Civil Liberties Oversight
Board wrote an article saying,
-
"Did they just approve
a vacuum cleaner?"
-
And lots of people then
responded with, "Oh,
-
you know, that's ridiculous."
-
Well, no, in fact, they
approved a vacuum cleaner
-
and we didn't know it.
-
>> Laura? Laura.
-
>> I agree with those points.
-
I think it is a matter
of scale in this case.
-
But I think there are
few other points, too,
-
that are a little
bit more subtle.
-
So, one issue is that this came
-
after Hillary Clinton's
internet freedom speech
-
and this entire mean
[phonetic] that has been created
-
and I think rightly
replicated around the world
-
about internet freedom.
-
So, this is a very important
issue and what this does is it--
-
it's providing an opportunity
for people to challenge
-
that notion of the internet
freedom and to point
-
out what they're
calling hypocrisy.
-
So, that to me is a problem.
-
It can also be an opportunity
if it's addressed appropriately.
-
Another issue is that individual
citizens are living their life
-
online to a much greater extent
-
than they did five
years ago even.
-
It's really amazing
if you think.
-
I mean, I'll just give you
an example I was talking
-
about today.
-
So, five years ago, I was--
-
I would read the paper
in the morning and now,
-
I'm completely connected to
my smartphone all the time
-
and I am posting information,
I'm communicating in it.
-
So, the public sphere
is what's at stake here.
-
The public sphere is online.
-
And I think that
that is much greater
-
than during these last
instances a few years ago
-
that were mentioned.
-
So, scale, the issue of
people being more cognizant
-
about how their internal
private life is lived
-
out in the digital
realm and also the mean
-
that has been fairly successful
-
about internet freedom
has ensued
-
in these intervening years.
-
>> I think those were
grilling [phonetic] points.
-
>> Yeah. [Multiple Speakers]
-
>> I was just going
to say quickly
-
that technology makes lots of
things possible and it was clear
-
at the time of those articles.
-
It's clear today.
-
It doesn't mean that
it's eminently minable
-
but that's done outside
of due process.
-
And I think those are the things
-
that are getting
people excitable.
-
It's not technology and it's
not what's technically possible
-
or even what's technically
feasible.
-
It's actually ultimately
the full mining
-
and then the lack
of public scrutiny.
-
>> What about the argument
that you hear from some people
-
that not only are we three
years farther away from 9/11?
-
Several of you made
the point that a lot
-
of these original
processes were passed almost
-
in a battlefield mentality,
one of you used that phrase.
-
And that there were extreme
circumstances with the value
-
of national security
-
in protecting the
homeland very much
-
in the forefront
of a public debate.
-
So you got three years later
but some people would argue--
-
there's almost a
contradiction here.
-
Certainly the intelligence
community would say, "Well,
-
actually people are more
relaxed now and less concerned
-
about the threat because
our systems have worked
-
and that you shouldn't
be dismantling systems
-
which have actually made
people more secure."
-
How would you answer that?
-
>> Let's concentrate to what
the President has said though.
-
I mean, what the
President has told us--
-
>> Although he has said
he's in favor of the system.
-
>> Yes. And he said that
the capability is necessary.
-
He's in no way precluded
additional oversight.
-
I think he's actually
welcomed the discussion of--
-
>> Sure.
-
>> -- of what kind
of oversight we need.
-
But he said we're living
it in a lower threat level
-
and that we need to make
changes as a society
-
and as government
in response to that.
-
So, not the other way around.
-
>> Edward Snowden, to some
people he's a traitor.
-
To some people, he's a hero.
-
What do you think?
-
>> Everybody, on your clearance
you signed a document that says,
-
"If you disclose secrecy,
there's a penalty."
-
So, from that standpoint,
you clearly violated
-
that document and, you know,
I don't have a problem with--
-
with being prosecuted
because of that.
-
On the oversight--
-
>> Because it this contractual--
-
>> Because it is contractual.
-
I mean, it states, "Anybody
who has a clearance."
-
You have that-- it's in
your-- in the agreement,
-
and it says clearly that you,
you know, 25 years in prison
-
or whatever it is that--
-
>> You actually read that?
-
>> No, it's-- yeah.
-
It happens when you come from
a family of lawyers, you know.
-
>> It's privacy policy.
-
>> No. I mean, you look-- yeah,
I mean, if I'm going to go
-
to jail, I want to know
what I have to say, right?
-
And, so I think-- I think
from that standpoint, yes.
-
I think the rest of the
community is still trying
-
to divide it as to whether
or not the information
-
that is disclosed is a problem.
-
And some people go back kind
-
of like what I was saying
is there have been articles
-
about this for, you
know, a long time.
-
You know, you can go
back into the '70s
-
when NSA had the ECHELON
program, in the mid-'90s
-
with Omnivore and
Carnivore, you know,
-
all of those type of things.
-
You've had this type
-
of electronic surveillance
for quite sometime.
-
So, we're not quite sure what
it is and not having seen all
-
that is disclosed but we're
not quite sure of what it is
-
that he's telling the world
that we don't know already.
-
And so from that stand point,
I think part of my community,
-
we're not sure about
the content.
-
But certainly he violated an
agreement and he, you know,
-
that's what they're going
to go after him for.
-
>> So I have mixed views
about Snowden because I think
-
that whistleblowing in a
free society and a right
-
to know is critically important.
-
And if you go back
to Pentagon Papers
-
and terrible things did not
happen with the publishing
-
of the Pentagon Papers.
-
[ Pause ]
-
So-- so, part of--
-
>> I'll cover the
Pentagon Papers story and--
-
>> I'm sure--
-
>> -- cover Daniel
Ellsberg's trial.
-
So, I'm--
-
>> And Ellsberg's trial.
-
>> Yes.
-
>> And Ellsberg is very,
-
very out there right
now about Snowden.
-
I was kind of right with him
-
until he started keeping away
the US cyber security strategy
-
with respect to China
while he was in Hong Kong.
-
And then I started to wonder
exactly what he's motivations
-
were, you know.
-
And so, I do feel like
there's a level or recklessness
-
that worries me and although
it's hard for me to really know
-
if there's damage to national
security because I've set
-
in some of these meetings
with national security people
-
who I've held up the
minimization guidelines
-
and said, "Is there anything
-
in here that's really
secret or should be?"
-
And they said, "No."
-
The existence of
these programs sort
-
of have been broad-brushed
some people knew.
-
So, if at the end of the day,
-
it's that the public
finally knows
-
that it's happening
'cause I'm not sure
-
if any thing's been revealed
that will allow people
-
to somehow evade all of this,
that, I think, you know,
-
society has to make
room for whistleblowers.
-
I just wish we had
whistleblowers
-
who were a little less reckless.
-
>> Well, you know,
as a whistleblower,
-
he appears to have
delusions of grandeur.
-
>> Well, right.
-
>> I mean, the first
couple of days, he had--
-
he'd made statements
such as saying--
-
such as that he could order
a wiretap of the President
-
and he could, you know,
had all the locations
-
of all the NSA stations.
-
Pretty unlikely, that said,
I guess the, you know,
-
I think that his disclosures
have done a public service.
-
I think he's a whistleblower
in that sense.
-
I actually agree.
-
It seems like he
just broken the law
-
and doesn't seem
very complicated.
-
What I find confusing and--
-
is that somehow the
traditional notion
-
of civil disobedience seems
to have been lost track
-
of in what he's doing.
-
I mean, I wish-- I mean, look,
-
he's obviously has put his
life at total risk and--
-
>> Although traditional
idea is you pay the penalty
-
for having broken the law.
-
>> You pay the penalty and
you [inaudible] having a trial
-
and you expose-- you expose the
things that you're concerned
-
about and you expose
them, further look at me.
-
He's a civilian.
-
He wouldn't be tried in a
court martial the way Bradley
-
Manning is.
-
>> Right.
-
>> He could've staged
a public trial
-
and a big public discussion that
he chose not to and I, you know,
-
again, it's not for me
-
to say how people should put
their lives at risk as he'd has
-
but I think it's a-- I think
it's an incomplete active
-
civil disobedience.
-
>> Anybody else want
it, got a view on that?
-
Let me ask you another question.
-
One of the things that
Dan said that the--
-
are the very interesting
analysis when he talked
-
about the internet not being
a creature of the state,
-
how earlier forms
-
of communication whether
it's telephones and telegraph
-
and so many of them grew up.
-
Television spectrums,
I mean, they were sold
-
by the government,
right, and still are.
-
So, there was an inherent
regulatory legal organic
-
connection between earlier
forms of communication
-
and government regulation which,
as you point out is missing
-
in a large part in this
particular system we've all been
-
talking about.
-
>> But it's more than a legal
question it seems to me,
-
it's also a cultural question,
that a lot of you being soaked
-
in this culture and committed
-
to this culture have evinced
skepticism of government
-
and of regulation and yet at
the same time, you're grappling
-
with the notion of how do you
bring some order to a system
-
that continues to cry out
for some kind of regulation.
-
I'm interested for you
to use a little bit
-
about the contradiction between
sort of the historic origins
-
and the culture of this
system and the need
-
to bring some order
and regulation to it.
-
It seems to me there's an
inherent conflict that's worth
-
talking about.
-
Start.
-
>> I'll kick off the
discussion about that.
-
I think sometimes when
you go to a workshop
-
that discusses internet
governance,
-
it descends into a question
such as who should grab the keys
-
of internet governance, right?
-
So, the question of--
-
so if question were asked
-
such as should the United
Nations control the internet
-
or should the United
States control it
-
or should Google control it?
-
Like those kinds of
questions don't make any sense
-
in their first instance.
-
And part of that is because
there is no monolithic system
-
of internet governance.
-
It's highly granular,
it's multi layered.
-
There are-- there are
so many different levels
-
of internet governance.
-
I mean, I-- my book is very long
-
and I only get into
some of them.
-
But the issue here is
multistakeholder governance
-
and what that means.
-
So, internet governance is very
interesting because it is not
-
about governments necessarily
but that doesn't mean
-
that there's not a
role for government
-
in many different areas.
-
So, if I have identity theft,
I'd like the government
-
to step in and help me.
-
I expect antitrust enforcement.
-
I expect laws about--
some laws about privacy.
-
I expect some laws
-
about intellectual
property rights enforcement.
-
I expect certain national
statute on any variety
-
of things related to
trade, child protection.
-
So, there are many places
for the government to be
-
in internet regulation
and governance.
-
But most functions
that are related
-
to the operational
stability and security
-
of the internet have
not been the purview
-
of traditional governments
-
but they have been enacted
by private industry.
-
And I think that that's
a very important point.
-
Now, tying this back
to the PRISM issue,
-
one concern that I have is
that the one separate area
-
of how the internet is
being used in the data
-
that can be collected
and gathered will bleed
-
into this other area of
the operational stability
-
and security of the internet.
-
So, we can expect to see
this issue used as a proxy
-
for governments that are
interested in gaining control
-
in certain operational
areas of the internet.
-
I guarantee that
that will happen.
-
So, we'll see that in some--
-
once he calls for
international treaties.
-
Again, that leave
out private industry.
-
That leave out civil society.
-
We'll see it in additional
calls for bringing
-
in a more multilateral control
-
of some critical
internet resources.
-
So, I think one bleeds
into another.
-
But that it's really not
about private industry
-
versus governments
or civil society
-
versus private industry,
for example.
-
It's about the more
contextual question
-
of what governance is
necessary for what--
-
which particular area.
-
So, in certain cases, it's
completely appropriate
-
for only the private
sector to be involved.
-
In other cases, it's the
purview of government.
-
So, it has to be asked
in a contextual area,
-
and that's what multistakeholder
governance is.
-
It's not everybody in charge
of every-- it's granular area.
-
That's not it.
-
It's about what's
the appropriate form
-
of governance in
a particular area.
-
>> John?
-
>> So the one thing
we do know is
-
that the internet
evolves very quickly.
-
I was involved 25 years of
it and it changes rapidly.
-
What was dial-up
modems and just Telnet
-
and FTP quickly became
circuits and high speed fiber.
-
Yeah, OK, sorry.
-
[Inaudible] And the web--
-
>> My work here is done, yeah.
-
>> The fact is that that
evolution doesn't work well
-
with government regulation.
-
Having been involved in
the telecommunication side
-
of the industry as opposed the
internet side, I also dealt
-
with a lot of [inaudible]
regulations.
-
And generally, we're dealing
with regulations that were three
-
to ten years behind the
time trying to drag them
-
into current circumstance,
and it was inevitable.
-
The process of regulation
doesn't work well
-
with a forward-looking
rapidly evolving internet.
-
So, when we start
thinking about--
-
about the non-governmental
nature of the internet,
-
as the internet grows up, we
find ourselves in a conundrum
-
because the internet
is no longer optional.
-
The internet is intwined
in everyone's life.
-
Governments are looking at
their economies and going,
-
"Some percentage of my
economy is tied to this?"
-
You can say I have a choices
to whether or not I'm going
-
to participate but I don't.
-
I have to be involved.
-
So, governments are now
realizing they have no choice,
-
they need to be involved.
-
They look at their duties,
their responsibilities.
-
And they go, "How do I
affect what I'm required
-
to do in this new media?"
-
And it's a big challenge,
folks, because the protocols
-
and the operational conventions
-
that hold the internet
together have to be global.
-
They have to interoperate
on global basis.
-
But governments are
used to acting
-
on a national basis
occasionally regional,
-
occasionally bilateral,
multilateral, but generally,
-
they act on a national basis
-
and you can easily break
the internet by attempting
-
to regulate it without the
idea of a global context
-
in which it operates in.
-
This is really what's
been opened
-
up in the last five years.
-
In the last five years,
-
governments are realizing
they do need to get involved,
-
they don't understand
the framework
-
by which they can do so safely.
-
In general, this has resulted
to not much regulation
-
but that's not necessarily going
to be the case going forward.
-
And it's-- the internet
community and I say
-
that being the operators,
the various entities
-
that operate pieces
-
of the infrastructure
aren't exactly forthcoming
-
to government saying, "Here,
-
this is how to safely
regulate the internet.
-
That guide book has
not been written."
-
And so, without a meeting
of the minds on this topic,
-
we run the risk that governments
are going to make regulations
-
that make no sense or break
portions of the internet.
-
Until this an understood
common framework
-
for this, we're all at risk.
-
>> Lynn, do you wanted to talk?
-
>> Yeah, very good comments
both from Laura and John,
-
and I just want to make sure
that we're left with a myth here
-
that much of the internet
committee believes
-
that there's no rule
for governments.
-
We've been engaging
with governments
-
and certainly we could have
done it better over the years.
-
But, you know, for many,
-
many years when ISOC had a very
small staff of seven people,
-
I was going to [inaudible]
and spending weeks
-
because you don't go to United
Nations meeting for two days,
-
you'd go for two
and three weeks.
-
That's a significant investment,
-
and we went because
we wanted people
-
to understand how the
internets actually worked.
-
And I-- it's like a slight
disagreement with John
-
and nobody has the answer
but how we regulate for a lot
-
of this new environments.
-
It's not because we think
there should be no regulations
-
because we can't
figure out what sort
-
of regulation there should be.
-
And to John's other point,
it is because of the pace
-
with which the internet changes.
-
And it is to the fact
that it has broken
-
so many global boundaries.
-
You can do it within
any single context.
-
So, it is a very,
very complex world.
-
And we continue to advocate for
dialogue discussion, thoughtful,
-
let it take the time it needs.
-
We need to pull apart lots
of different complexities
-
and let the right thing emerge.
-
That is not the same
as saying no rule
-
for governments but
it often gets--
-
>> And another dimension of
this is not all governments are
-
the same.
-
Because you can talk about China
being a pretty malign force
-
in terms of internet freedom
to say nothing of Iran
-
which uses the internet to roll
up all networks of descent,
-
where in Tahrir Square,
-
the internet is a
mechanism for expression.
-
So, part of it, you can--
-
part of the problem
is government even
-
as a concept is subject to
many different definitions.
-
Yeah.
-
>> It is Steve but that's
probably why the western
-
governments that operate
in democracies with legal
-
and constitutional frameworks
-
that it's particularly
important.
-
And one of the reasons people
are particularly unhappy
-
about this particular
surveillance is if we're trying
-
to come up with this
nuanced role
-
about where government belongs,
-
we haven't exactly
sent the right message
-
to the rest of the world.
-
And I think that's part
of the problem here.
-
>> I just want to offer a
kind of a friendly amendment,
-
I hope to John's view, you know.
-
I think John correctly
points out that attempting
-
to regulate the internet
infrastructure whether it's the
-
institutions that
operate and design it
-
or the actual operators
is very [inaudible]
-
because it changes
very quickly and it has
-
to work on a global basis.
-
That was the experience of the--
-
of SOPA, the Stop
Online Privacy Act,
-
was that policymakers
thought they could reach in--
-
>> Piracy.
-
>> -- sorry, Piracy Act.
-
>> [Inaudible] is the stop--
-
>> That's right.
-
Thank you, thank you, thank you.
-
Right, you know, governments
thought they could reach
-
in to the internet
infrastructure
-
to solve a problem
that is really
-
about human behavior
and violating laws.
-
However, at the same time
there are plenty of legal rules
-
that actually work incredibly
well on the internet.
-
You know, the FTC is still using
the Fair Credit Reporting Act
-
from 1970 which was one
of our first piracy laws
-
in United States to stop very
advanced sophisticated online
-
services from harming people.
-
That's not causing
John any problems.
-
He's not-- he [inaudible]
even think about it.
-
And so I think there's-- I think
that it's when governments try
-
to do this sort of
shortcuts that they were used
-
to doing is you were suggesting
with the broadcasters, you know,
-
say, "You guys have to behave
this way in order for us
-
to achieve a broader
policy goal."
-
That's where we really
have problems
-
in the internet environment.
-
>> You know, number of you have
used the word privacy as a value
-
and as a very curious
[phonetic] value.
-
But I want you to
play with the idea
-
that perhaps we're
actually really ambivalent
-
about the question of privacy
because in fact in many ways,
-
the wide availability of data is
actually an enormous convenient.
-
Every time you go to
a website and you put
-
in your e-mail address
and up comes your password
-
and all your credit
card information
-
and at one stop shopping
at Amazon, right?
-
We all love it but isn't that--
-
>> But we've made a decision
to share that with them, so.
-
>> Well--
-
>> Wait just a minute.
-
I want a-- I want a--
I understand that.
-
But I want to pose a question
about whether at some point,
-
aren't we really ambivalent
about this question
-
that we actually like people
to have information about us
-
when it serves our purposes of
convenience and accessibility.
-
And that there was a certain--
-
I understand your
point about voluntary.
-
But this will mark [phonetic]
a point here as well.
-
>> I think part of
the problem is--
-
is the public is
realizing that the people
-
that are storing the
information that we give
-
to them aren't doing a good
a job in protecting it.
-
I could go to my local bank--
I grew up in Falls Church.
-
I used to go to the local
First Virginia Bank right there
-
in Falls Church.
-
I gave them all my
information when I opened
-
up my first account
when I was a teenager.
-
And I had a reasonable
expectation
-
that the only way they
were going to get that--
-
anybody else is going to
get that information was
-
if they actually went in and
rob the bank and stole the file,
-
you know, the file
cabinet or whatever.
-
>> Or if anyone in the
government wanted it?
-
>> Or if anyone in the
government want it?
-
I mean that-- I mean
that, you know, that--
-
that's a reasonable thing.
-
But nowadays when we find
-
out that you have all these
massive data leaks, you know,
-
and when you examine
the root cause of what--
-
what the leak was from
a tactical standpoint,
-
I should have been
fixed 15 years ago.
-
You know, some of these attacks,
I do a talk now if they ask me,
-
you know, I guess it's because
I had gray hair and I've been
-
in the security business
for 20 years.
-
I think I noticed something
-
but I do [inaudible]
that the contract--
-
>> It's because of the ponytail.
-
>> I think it is.
-
You know, it's the-- it's the
same attack methods that we saw
-
in the early '90s are
still effective in 2013.
-
And so my question to the
technical community was,
-
what have we been doing
this last 20 years?
-
I mean, you know, I in the SANS
Institute that I was a part of,
-
we drew up a top
ten threats in 2001.
-
I pulled it out and today
in 2013, every single one
-
of those top ten threats from
2001 is still affecting today.
-
So, what have we been
doing to protect ourselves?
-
And I think it's that type
-
of thing that's causing this
rumble about, you know, well,
-
private industry isn't
doing anything about it,
-
individuals aren't
doing anything about it.
-
So, that only leaves
a government
-
to do something about
it, you know.
-
And so I think that's why
we're seeing that pushing
-
that direction, 'cause
historically when you look
-
at it, the same things
are still affecting us,
-
it's just that what's
happening now is back in 2001,
-
the scope of a data breach
was much less than the scope
-
of the data breach now.
-
>> Sure, sure.
-
>> And just one last
aside [phonetic].
-
The iPhone, I think,
I looked it up,
-
is five years old
today-- this year.
-
So, to answer your question
about why the difference from--
-
>> Hold on just a second.
-
John and Leslie, you want a-- is
there a point you wanted to make
-
about the voluntary
submission of data.
-
>> I don't think so.
-
I think every point has been
made by everybody quite well.
-
>> OK. John?
-
>> You thought-- say that maybe
people don't value privacy
-
over convenience, and that
that we give up privacy
-
and there's no outrage
about that.
-
Why is there an outrage
in some cases?
-
And I guess the question
that comes up is,
-
a lot of people voluntarily
give up privacy
-
because we want the convenience.
-
We want to click the button
and get the order done.
-
We want the website
to know who we are.
-
We want to fill out
all the information
-
on the airline profile because
it just makes traveling a little
-
easier and anything
that makes it easier--
-
>> And who can not remember all
those damn passwords anyway,
-
right?
-
>> So there are times
we do that.
-
But the reality is that there's
also times when you consent
-
to losing your privacy
in situations that aren't
-
for your convenience but
you're going to anyway.
-
Next time you're
going to your doctor,
-
pick up that HIPAA form
and look at it, OK?
-
It says, "We're going to
share your data with the CDC
-
because if there's an
outbreak of something,
-
we're going to do that, OK?"
-
It's not for my convenience,
hopefully, I'm not relevant,
-
but the fact is they're
going to do what--
-
and we consent with because
well, we knew about it.
-
We understand--
-
>> And there's a public
interest involved because--
-
>> There's a public
interest but also as annoying
-
as that form is, they
took the time to tell us.
-
I do think that's a
different question
-
when there's surveillance
is going on
-
and you don't know
about it at all.
-
And I think that might be the
angst behind a lot of this.
-
>> Leslie?
-
>> Well, I also think
that there's difference
-
between surveillance
by the government
-
and surveillance by companies.
-
I mean I think they've
become more joined together
-
because they are now the
source of all the information
-
that the government
is collecting.
-
But I think at least in
the constitutional system,
-
not in Europe where they're
making a distinction.
-
Having that government who has
the capacity to impose penalties
-
on people and make choices about
who is going to be prosecuted,
-
et cetera, is entirely different
matter than whether I like
-
or disliked it, you know,
-
Google Profiles keep
sending me the same crib
-
for my pregnant daughter
over and over again.
-
I'm annoyed, I'm
extremely annoyed.
-
But I also think--
-
>> They knew she was
pregnant before she did, yes?
-
>> Yes.
-
>> Well, they probably
did, but they knew
-
that I did this thing once
and it's following the--
-
it's literally following
me around the world.
-
I mean it's became
kind of a joke.
-
But I find that annoying and
I'm somebody who knows how
-
to set my privacy settings.
-
So, you know, in one-- in
one circumstance it's a loss
-
of some measure of control,
we ought to have more control,
-
it's one of the reasons we
ought to have a baseline build
-
to give us some fair
information practices.
-
In the other, you know, the
government has the capacity
-
to make very important
decisions about us.
-
And we have a constitution that
says they have to follow rules.
-
And so we do react differently
to the crib and to the NSA.
-
>> Yeah.
-
>> The one thing I would
say about our tension
-
between convenience and
privacy is-- I just think that--
-
I think privacy has always been
a kind of a contested concept.
-
I mean, it's not an absolute.
-
I don't think there's
anyone hardly in the world
-
who thinks it's-- it's
an absolute condition.
-
But we know, as Leslie
is saying,
-
we have different
privacy expectations.
-
We want different privacy
results at different times.
-
And some of the-- some
of the privacy promise
-
that we have [inaudible]
-
like seeing the same
crib too many times.
-
Others have real consequence
-
like if you're credit
report is wrong
-
and you can't get a mortgage,
you're really, you know,
-
it really-- or you don't
get a job, you know,
-
it really makes a difference.
-
And I think that-- I think
in a way the phrase--
-
I think categorizing privacy
-
as a single right is what
makes the conversation a little
-
confused because it-- the
reality is it's a number
-
of concerns wrapped up into one.
-
>> But in this day and age,
isn't it a little naive to say,
-
I'm going to give my
information to Amazon?
-
Or I'm going to give my
information to Google
-
for my own purposes because I
choose to, and somehow I'm going
-
to be able to control--
-
>> Oh, yes.
-
>> -- all the use
of that information.
-
>> Yeah, that's not--
that's not doable,
-
and I don't think any
privacy law we would pass
-
in this country would
change that.
-
>> It is naive but I think--
-
I think the problem is I don't
mind giving you any information
-
you ask about me if you tell me
ahead of time what you're going
-
to do with that information.
-
So, what John was talking
about in the HIPAA thing
-
when they say, "We're going
to give it out to the CDC,"
-
and you tell me ahead of
time before I give you
-
that information, that's much--
-
that's a much different
environment than giving it here
-
and then buried in [inaudible]
fine print is a little click
-
thing that says,
"Oh, by the way,
-
we're going to just give
this to anybody we want."
-
>> We only have few
minutes, and I want to--
-
you've mentioned out, a number
of you, the fact that we're--
-
we're dealing with a very
complex system as Laura said
-
with a lot of stakeholders here.
-
And one of the stakeholders are
these providers whether it's
-
Google, whether it's Yahoo,
who take that information.
-
They don't warn you in some
ways that they're going
-
to give it away because they're
not voluntarily giving it away.
-
They're being subpoenaed,
-
they're being ordered
to by the government.
-
And they are caught.
-
We have-- this institution,
-
these huge institutions
are private institutions,
-
but as we've learned
through PRISM
-
and all the revelation
subject to government orders
-
and government warrants.
-
And many of them are fighting
this at least fighting
-
to be able to be more
transparent because they have--
-
they're stakeholders, too.
-
And-- and they are worried
that their brands are going
-
to be tarnished by
being swept up in this.
-
And to talk a little bit
about the special role
-
of this institution, these
intermediary institutions,
-
the Apples, the Microsofts,
the Googles who are
-
on one hand are getting
pulled by the government
-
to release information.
-
On the other hand, they're being
pressured to keep it private.
-
>> Yeah.
-
>> Yeah, that's a really
important question.
-
And if you look at-- Let me
just back it up to before PRISM.
-
If you look at even just the
Google transparency reports
-
which probably don't have
everything and I think
-
and even Google says that
national security isn't--
-
not everything is reflected
in the transparency reports.
-
But when you do look
at something like that,
-
you can see that there
is a very big disconnect
-
between what governments
are asking information
-
intermediaries to do and
what they actually do.
-
So, you can see that--
just to give an example.
-
Maybe they disclosed data about
an individual in 37 percent,
-
37 percent of the time in--
to the Brazilian government
-
or 47 percent of the time
to another government.
-
Do you see what I'm saying?
-
There is a disconnect in that
differential between the request
-
to turn over user data
and the actual instances
-
of turning over the data.
-
That's where they have this
special governance role.
-
And that's an important
point the make.
-
But they also bear a burden
in carrying out a request
-
such as the more
recent revelations
-
because there is a
public relations hit.
-
There is the cost of hiring
numerous attorneys to deal
-
with the fallout from this.
-
And there's the possible
economic impact
-
of having trouble doing business
in other parts of the world
-
that might be suspicious
towards those companies.
-
>> Yeah, you might be thanking--
they might be thanking Snowden
-
for the revelations
because and, of course,
-
by the national security
letters.
-
They're not allowed to--
-
to let anyone know that
they collected the data.
-
So, now on the other
hand, you have the--
-
the Snowden revelations
which were saying, "Hey,
-
these guys had to
give out the data".
-
So, you know, and
now that's come out.
-
What they should have
said is instead of trying
-
to back [inaudible]
been saying, "You know,
-
trying to save their
reputation."
-
We said, "Look, you
got subpoenaed,
-
we know you got subpoenaed,
-
you gave up the data
because it's a law."
-
But I think that that
piece of it is the secrecy,
-
not being able to say why
something was collected,
-
you know, and not being able
to even say anything about it.
-
Lesley?
-
>> Well, the question raised
is this bigger question
-
when we talk about players
in the internet echo system.
-
The intermediaries
are a critical part.
-
And we have-- under our law, we
sort of provide them with a lot
-
of special protections
because they can't be liable
-
for everything that's going
on in their platforms.
-
And yet there under
enormous pressure,
-
this national security
revelation is one small piece
-
of this very complex
environment where when you ask
-
about governments and government
is trying to regulate,
-
the first place that governments
go in trying to solve anything,
-
a social problem is to
try to figure out how
-
to get the intermediaries to
take on that responsibility.
-
So, this has been sort of
a tension that's existed
-
since we actually had any
kind of powerful intermediary.
-
So, that's one side, and the
other side is the amounts
-
of power they have as
a governance entity
-
to set the rules of
[inaudible] for the internet.
-
And so--
-
>> And one of the
interesting variables here is,
-
I noticed just recently that
several of the big players,
-
Microsoft, Google, Yahoo,
-
I think three have
all filed suit--
-
>> Right.
-
>> -- in an attempt to be
able to be more transparent
-
about the role and the-- and
the requirements they're under.
-
I think in part because of
the point Laura was raising
-
that they themselves, given the
culture that they're part of
-
and the stakeholders they have,
-
they are taking a big public
relations in branding hit
-
for this kind of cooperation.
-
>> And they also have
real leverage here
-
which they have exercised
on occasion, you know.
-
Many of the big intermediaries
Google, Twitter,
-
others have at times gone to
court to challenge subpoenas
-
and other kinds of court
orders they receive saying
-
that they're too broad.
-
I mean, Google had been--
-
had been under order to
turnover large volumes
-
of search log data, this
was just a criminal case,
-
it's not [inaudible] cases.
-
>> Right.
-
>> And they've challenged
those and they, you know,
-
so the intermediaries have
a really important role
-
because at least until
there's a change in the law,
-
they are often the only ones
who can actually bring any kind
-
of challenge to the
scope of the--
-
of the authority that the
government is claiming.
-
>> This is nothing new
because in World War II,
-
the federal government used to
look at the telegraphs at RCA
-
and look at the phone system
for records and stuff like that.
-
I mean what's changed
is the number of players
-
because back then it was
just those two, I suppose,
-
plus maybe some minors.
-
Now you have you know multi--
-
multinational groups
all over the place.
-
But the technique, I mean,
the tactic of government going
-
to a provider and getting the
information they need, it's--
-
it's [inaudible] been there.
-
>> I would assume the
Egyptian government did
-
that when the communications
were chiseled, you know,
-
letters chiseled
on stone tablets.
-
>> I'm going to-- We
have five minutes left.
-
I'm going to give each
you one minute to--
-
we've had a long day,
-
very attentive audience,
lot of issues.
-
But I want to give each of you
a chance to make a final point
-
after this conversation.
-
You started with
your initial remarks.
-
But what do you want the
audience to be left with?
-
What-- in each of your mind
is something significant we've
-
talked about today, an issue
that you want to reinforce?
-
I want to give each you
a chance to do that,
-
and since we've started
with you earlier,
-
I'll start with you this
way and we'll go down.
-
>> So as contentious
this processes is,
-
I think it's incredibly
important,
-
the dialogue that's happening
in the United States.
-
Hopefully, we can do more than
just, you know, have battles
-
in the newspapers and on panels
like this and really look
-
at our legal system and make
sure that it has the kind
-
of accountability
that we needed.
-
Laura said, you know,
the problem here is scale
-
and I really agree with that.
-
Courts have been good
-
at supervising electronic
surveillance [inaudible] one
-
wiretap on one phone number
or a handful of phone numbers.
-
The scale of intrusion here is
such that we can only manage it
-
and have it a proper oversight
with using exactly the same kind
-
of computational tools
and analytic tools
-
that are being used by the
intelligence agencies to try
-
to mind this data to begin with.
-
And the one other thing I
would just say is, this is--
-
as several people said,
this is a global discussion.
-
The US is obviously an important
part of the internet environment
-
but we are not the only
country on the internet
-
and we do not control the whole
internet and I think that just
-
as we are examining the behavior
of our intelligence agencies,
-
I think it's very important
that other countries
-
that have democratic values
that believe in transparency
-
and due process really look
very hard at their intelligence
-
and surveillance
practices as well.
-
>> Thanks, Dan.
-
Lynn.
-
>> I guess I'd start with saying
-
that everybody's voice is
extraordinarily important,
-
not only here in the US
-
but every individual
around the world.
-
And we need attention
and we need voice
-
to every issue whether it's
this particular set of issues
-
or it's United Nation's
expressed interest
-
in some portions of
the internet ecosystem.
-
And I think specific
to this issue,
-
the only thing I would say is--
-
[inaudible] we're all
very interconnected
-
and very interdependent.
-
And when we think about
things such as security
-
or managing risk or trying
to manage those tradeoffs,
-
we actually need
to do that in a--
-
with both sides of the dialogue.
-
One actually looking at what
we can actually do to protect
-
and ensure things that
support economic prosperity
-
and social development
while trading off
-
against preventing
any perceived harm.
-
I think we're far too much to
[inaudible] over in the side
-
of preventing perceived harm,
-
and that we don't quite
have the balanced rate yet.
-
>> Laura.
-
>> I think it's important not to
take the stability and success
-
and the security of the
internet for granted.
-
So, we're used to it working for
the most part because of efforts
-
like John's organization and
others and it is working,
-
but we also have examples
of problems with denial
-
of service attacks, examples
-
of government is
cutting off access,
-
examples of interconnection
problems.
-
We have trends away
from interoperability
-
which I think is a
really big problem.
-
We have trends away
from anonymity
-
which changes the nature of
the technical infrastructure.
-
So, point one is that we
cannot take the stability
-
and security for granted.
-
It has required a
tremendous amount of effort
-
on the parts of many,
many people.
-
And it's something that concerns
me everyday when I see some
-
of the trends away from
interoperability and security
-
and interconnection
security, basically.
-
So, that's point number one.
-
The second point
is if we believe
-
that we have the public sphere
in the online environment,
-
if we believe that there's
a technical mediation
-
of the public sphere,
then we have to think
-
about what that means.
-
What does the democracy look
-
like when the public
sphere is now digital?
-
So, we know historically that
possibility is for anonymity
-
or at least traceable anonymity
have been closely linked
-
to democracy.
-
So, I think it's important
to just ask the question
-
of what does democracy look
-
like when we have this technical
mediation of the public sphere
-
and the privatization of
conditions of civil liberties
-
where private companies are
getting a request delegated
-
from governments or carrying
out their own governance
-
of these infrastructures.
-
So, don't take the
internet security
-
and instability for granted.
-
Remember that we have
the technical mediation
-
of the public sphere
and the privatization
-
of conditions of
civil liberties.
-
And the final point is that
internet governance is something
-
that is-- that the
public can be engaged in.
-
We've seen examples of
civil society action
-
of private action, civil
liberties advocates involved
-
in decisions about
internet governance.
-
There are many avenues
to do that.
-
That the-- I do have an
engineering background
-
but the technology
is not that hard
-
that people can learn the
technology, learn the issues
-
and get engaged in these
debates which are very important
-
because as goes internet
governance,
-
so goes internet freedom.
-
>> Randy?
-
>> All of you here that are
attending this panel discussion,
-
you all have stake in what
we've been talking about.
-
And so I would challenge you
guys to not only make sure
-
that your peers understand
what some of the pressures are
-
and what some of the
pitfalls and what are some
-
of the disadvantages are of
working with the internet.
-
But also, you guys are
probably going to be on a track
-
where you're going to be
working with legislators
-
and policy makers
and things like that.
-
And make sure that they
understand the implications
-
of whatever it is that they're
trying to write up or implement,
-
both on the legal side
and on the policy side.
-
That's to me what I see your
contribution to the whole thing.
-
It's going to be
very incremental.
-
It's going to take a long time.
-
You know if some people talk
about the fact that it's
-
like when the automobile was
first introduced at the turn
-
of the century and it took us
25 years to come up with the set
-
of laws and procedures
to make things work
-
when we didn't do that.
-
But you guys are the ones that
are going to be talking to
-
and down the road
influencing policy and laws.
-
And so, you know,
take the challenge,
-
do it and influence
what you can.
-
>> Leslie.
-
>> So I'm just going
to make one point.
-
And that's that those of us
who are Americans or people
-
in the United States have
a voice in this debate
-
that we need to exercise.
-
But we need to exercise
it with more
-
than our own rights in mind.
-
If-- the interesting thing
about the internet and the lack
-
of a government control is the--
-
it's also very unclear
about who's responsible
-
for the human rights of people
in the online environment.
-
And we-- I think the NSA example
that we have data flowing all
-
over the world, states
have obligations to people
-
within their borders, and
a few other kinds of places
-
that the law has developed.
-
We're not sure who has the
obligation for the rights
-
of internet users in
this kind of environment.
-
And it's a conversation
that really needs to happen
-
because the-- our lives,
some significant part
-
of who we are is now online
and flowing through these wires
-
and who ultimately is
responsible to make sure
-
that basic privacy and free
expression rights are honored
-
has become increasingly complex.
-
So, people need to
take that on as well.
-
>> Last word, John.
-
>> It's a global internet.
-
There needs to be an
equally global discussion
-
about the principles
by which we operate it.
-
And part of what's occurred
-
over the last few months will
help encourage one aspect
-
of that discussion.
-
So, it's a probably
a good thing.
-
>> I want to thank all
of you for being here.
-
I want to thank the
Internet Society.
-
I want to thank the GW
Engineering Department
-
and their [inaudible]
Lance Hoffman's Institute.
-
Long afternoon, thanks
for your patience.
-
I hope you learned something.
-
Come back again.
-
Thanks a lot.
-
[Applause]