Surveillance, laws and governments vs. Internet rights – WS 07 2018: Difference between revisions

From EuroDIG Wiki
Jump to navigation Jump to search
No edit summary
(19 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Sessionadvice01}}
6 June 2018 | 11:00-12:30 | CENTRAL ROOM | [[image:Icons_live_20px.png | YouTube video | link=https://youtu.be/lvcb8zrzK6A]]
Working title: <big>'''Surveillance, laws and governments vs. Internet rights'''</big><br /><br />
<br />  
[[Consolidated programme 2018| '''Consolidated programme 2018 overview''']]
 
== Session teaser ==
== Session teaser ==
Until <span class="dateline">1 April 2018</span>.
Internet created new abilities and made development easier. Ether for realization, ether for violation of basic rights.
1-2 lines to describe the focus of the session.
Governments vs. Societies, Freedoms vs. Surveillance. Laws: inherited, newly developed, implemented, planned.
We'll make short review on current situation in Europe (and close neighborhood) and discuss possible reactions and developments.
<!-- Until <span class="dateline">1 April 2018</span>.
1-2 lines to describe the focus of the session. -->


== Keywords ==
== Keywords ==
Until <span class="dateline">1 April 2018</span>.  
Laws, Survellance, LEAs, Basic Human Rights, Internet Rights, Resistance
They will be used as hash tags for easy searching on the wiki.
<!-- Until <span class="dateline">1 April 2018</span>.  
They will be used as hash tags for easy searching on the wiki. -->


== Session description ==  
== Session description ==  
Until <span class="dateline">30 April 2018</span>.
Do government action and regulations harm our digital rights or do they protect them? Some advocate that, in tradition of the early Internet, regulators only bring harm to innovation and free exercise of digital rights and hamper key principles of the Internet. Others call for more regulation in order to fight crime and abuse in digital spaces and keep the Internet safe for its users. Some political systems approach the Internet more radically than others. If the truth is in a balance, the question remains, how to strike this happy medium. Is a productive dialogue between stakeholders realistic when it comes to laws? In this workshop we will debate opposing takes on the matter to provide a landscape of opinions about how government regulations positively or negatively, directly and indirectly affect our rights online
Always use your own words to describe the session. If you decide to quote the words of an external source, give them the due respect and acknowledgement by specifying the source.


== Format ==  
== Format ==  
Until <span class="dateline">30 April 2018</span>.
# Introduction by moderator
Please try out new interactive formats. EuroDIG is about dialogue not about statements, presentations and speeches. Workshops should not be organised as a small plenary.
# Two statements to spark the debate - one in favour, one against regulation (we don't have to deal in absolutes. Rather narratives of what works well and what or where it doesn't.)
# Q&A with key participants based on an set of questions we can define beforehand
# Open the discussion to the room
# Wrap-up


== Further reading ==  
== Further reading ==  
Line 30: Line 38:
'''Organising Team (Org Team)'''  
'''Organising Team (Org Team)'''  


'''''List them here as they sign up.''''' The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.
Farzaneh Badii,  Elisabeth Schauermann, Alexander Isavnin and WS7 mailinglist participants.


'''Key Participants'''
'''Key Participants'''


Until <span class="dateline">14. May 2018</span>.
{| class="wikitable tab2018" style="padding-bottom:1.5em !important; width: 100%;"
Key Participants are experts willing to provide their knowledge during a session – not necessarily on stage. Key Participants should contribute to the session planning process and keep statements short and punchy during the session. They will be selected and assigned by the Org Team, ensuring a stakeholder balanced dialogue also considering gender and geographical balance.  
|-
Please provide short CV’s of the Key Participants involved in your session at the Wiki or link to another source.
| Name
| Affiliation
| Short CV
|-
| Martina Ferracane
| Research associate @ ECIPE
| Martina is an policy advisor on digital transformation. Her interests include data Privacy, cyber security, cross-border data flows, internet governance and digital skills.
|-
| Natalia Goderdzishvili
| Ministry of Justice of Georgia
| As a lawyer and international relations specialist in the Data Exchange Agency of the Ministry of Justice of Georgia is interested in balancing privacy and other human rights with cyber security and data protection challenges  in nowadays digital governance models.
|-
| Alexander Isavnin
| RosKomSvoboda, head of International Cooperation
| Alexander Isavnin is network technology professional, interested in
protection and development of Human Rights in the Internet ecosystem
|-
| Peter Kimpian
| Data Protection Unit, Council of Europe
| Peter Kimpian working at the Data Protection Unit of the Council of Europe, having an interest in how the rights to pricavy and to data protection are balanced with law enforcement interests in different fields in the Digital Age.
|-
| Laurin Weissinger
| University of Oxford
| Researches IT-Security, notably trust relations, risk, and networks in defensive security.
|-
| Elisabeth Schauermann
| YOUthDIG
| Elisabeth Schauermann is a coordinator within the German project "Love-Storm - United Against Hate Online" and has been involved in digital human rights and Internet Governance since 2016. She co-organizes YOUthDIG.
 
|}


'''Moderator'''
'''Moderator'''
 
*Martina Ferracane/Alexander Isavnin
Until <span class="dateline">14. May 2018</span>.
The moderator is the facilitator of the session at the event. Moderators are responsible for including the audience and encouraging a lively interaction among all session attendants. Please make sure the moderator takes a neutral role and can balance between all speakers. Please provide short CV of the moderator of your session at the Wiki or link to another source.


'''Remote Moderator'''
'''Remote Moderator'''
 
*Elisabeth Schauermann
The Remote Moderator is in charge of facilitating participation via digital channels such as WebEx and social medial (Twitter, facebook). Remote Moderators monitor and moderate the social media channels and the participants via WebEX and forward questions to the session moderator. Please contact the [mailto:office@eurodig.org EuroDIG secretariat] if you need help to find a Remote Moderator.


'''Reporter'''
'''Reporter'''
 
*Aida Mahmutovic
Reporters will be assigned by the EuroDIG secretariat in cooperation with the [https://www.giplatform.org/ Geneva Internet Platform]. The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:
*are summarised on a slide and  presented to the audience at the end of each session
*relate to the particular session and to European Internet governance policy
*are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
*are in (rough) consensus with the audience


== Current discussion, conference calls, schedules and minutes ==
== Current discussion, conference calls, schedules and minutes ==
Line 61: Line 90:
Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.
Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.


== Get involved! ==  
== Messages ==
You are invited to become a member of the session Org Team by subscribing to the [https://list.eurodig.org/mailman/listinfo/ws7 '''mailing list'''].
*Private and public interests have to be balanced, respecting human rights.
If you would just like to leave a comment feel free to use the [[{{TALKPAGENAME}} | discussion]]-page here at the wiki. Please contact [mailto:wiki@eurodig.org '''wiki@eurodig.org'''] to get access to the wiki.
*The Internet should not be regulated in order to keep it free, and it should provide an enabling framework.
*There is a need for the publicity, transparency, and accountability of the activities of the government and private companies.
*There are various important approaches on different levels when it comes to surveillance, laws, and governments vs. human rights – which is why it is crucial to continue a multistakeholder dialogue.


== Messages == 
Find an independent report of the session from the Geneva Internet Platform Digital Watch Observatory at https://dig.watch/resources/surveillance-laws-and-governments-vs-internet-rights.
A short summary of the session will be provided by the Reporter.


== Video record ==
== Video record ==
Will be provided here after the event.
https://youtu.be/lvcb8zrzK6A


== Transcript ==
== Transcript ==
Will be provided here after the event.
Provided by: Caption First, Inc. P.O Box 3066. Monument, CO 80132, Phone: +001-877-825-5234, +001-719-481-9835, www.captionfirst.com
 
 
''This text is based on live transcription. Communication Access Realtime Translation (CART), captioning, and/or live transcription are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. This text is not to be distributed or used in any way that may violate copyright law.''
 
 
>> ALEXANDER ISAVNIN: I think that the whole session should run in the form of dialogue, so if you have something to say, please raise your hand, and you'll be given possibility to speak.
 
We will have some short presentation at the beginning of the session just to start our discussion because talks and ideas about possibility to discuss surveillance and national security and governments and its laws is really difficult, but, also, we should always mention that people have rights. There are fundamental human rights. Maybe some of these rights modified with appearance of Internet, so I hope we'll have a good discussion.
 
My name is Alexander Isavnin. I come from Russian Federation, a country where government and law enforcers do not like to have dialogue with Civil Society and with its citizens, they're just doing orders, so that's another reason why I'm willing just to participate in this dialogue and bring some interesting outcome back to my home. So let's start.
 
First of all, I should note that Internet was created by scientific community more than 30 years ago, and creation was funded by state, but there was no special requirements set up by government, so scientists did a very funny thing, which they liked and which developed, and now we -- every person's using it and we like it. No special laws was created at that time. There was no special international treaties like around telegraph and telephony, and ITU wasn't for us at that moment, so we still need a creation of new regulations and government interactions for this that maybe I want to have questions for our discussions. I've created some short -- and I don't think this is comprehensive -- list of pros and cons of government participation. Again, I'm from Russian Federation. I could speak about negative impact of Russian regulations and Russian law enforcement to Russian Internet for about five hours without limits, but now I will not do this.
 
So the possible objections against great governmental interference to Internet might be on this slide. Okay. First of all, Internet became successful without any governmental interference. We should remember this.
 
Internet and -- as information technology, brings a lot of new options for mass surveillance for states, so we could also discuss a bit later.
 
Governmental Internet regulations require -- may require excessive identification and data retention for you. Russia is also great example for that. You can go -- unlike here where you can connect to Wi-Fi instantly, in Russia you need to identify you somehow.
 
Some countries are implementing illegal and illicit content blocking. I think a lot of people have agreement of which content is illegal, but for different countries -- and even some services may not be welcome.
 
Internet allows law enforcers to imitate their activities. In pre-Internet era, they had to chase the criminal, to go outside, to do something. Now some of them prefer to sit at their offices doing queries, looking in Google Street Views and then trying to find somebody who they decide is a criminal. Or another point, for example, it's very risky in Russia to publish photos from the Second World War, even with Russian soldiers, because if some Nazi symbols went on those photos, it could be interpreted as Nazi propaganda, while differently, the whole picture is not.
 
If operators and businesses must apply content blocking or mass surveillance, it could lead to corruption for the interest of some companies who are producing such equipment. Russia is also a good example.
 
Some countries may implement Internet-related -- Internet business-related products and use them for their businesses.
 
I think the -- another issue which is con governmental regulations -- nearly all regulations have exceptions for law enforcements and governmental agencies.
 
Such exceptions, for example, exist for Russian personal data regulations. I think such exceptions newly discussed at GDPR also exists, but we'll discuss it later. We have presentation of this topic. Government regulations and laws from different countries are not compatible with each other. I just mentioned the Russian personal data laws. It's completely incompatible with GDPR, so in some cases, a Russian company might have issues because they can't implement GDPR and Russian regulations both at one time. That was some examples of cons.
 
We have pros. Only states have possibility to enforce something, and for Internet, it's enforcement of communication secrecy. It's very important. There were some scandals related, Facebook and Cambridge Analytica. It's just parts, not personal data but also communication secrecy. Only states could watch for consumer rights protection and consumer rights protection in the Internet might be one of the positive regulations which exists in Russia and works completely.
 
The states and governments might protect business development. Usually only states ask for national and international security, but, again, maybe -- there are a lot of businesses who cares for international security on the Internet, but maybe in some cases states should take.
 
We all know that states and ITU, like international organizations, cares for sustainable development. Businesses may not be interested, but states could have something related to this.
 
Another argument is Internet was developed more than 30 years ago, and the basic technologies behind the Internet are still the technologies. Maybe governments should make interference and start implementing something new.
 
In the name of our session of our Internet rights, you'll remember basic human rights, but Internet brought new forms of rights and new forms of realization of basic rights, so me, as a network engineer and the closest thing -- that's one of the fundamental rights is the possibility to have global IP connectivity, so wherever I exist -- wherever I reside, I could connect to somebody else wherever he locates himself.
 
Internet brings new options for expression, your opinion. You don't just go to Hyde Park and speak. Your opinion could be heard not just in center of London but everywhere.
 
And another right is the possibility to stay anonymous. If you're an opposition activist, a human right protestor in some totalitarian country, you may have to stay anonymous to avoid any punishments.
 
Another interesting right, the right to be forgotten. Previously, while we can forget Mr. Herislotos, so I think some people don't want such fame now. I would like to invite some speakers to give positive or negative examples of government regulations, so let's resume.
 
Now the representative of Georgia, please.
 
>> NATALIA GODERDZISHVILI: Good afternoon, ladies and gentlemen. I represent e-Government agency of Georgia, and I will make my speech in the angle of good stuff and how government is really protecting privacy and personal data in the same way of providing public goods and services.
 
To start with, what -- I will start with the definition of what, in my opinion, are the Internet rights. This is all those conventional human rights in the digital era in line with access to Internet and the use of Internet, and by the way, Georgia is one of the countries which defined -- which defined access to Internet as a human right in its constitution, but how it will be in practice, this is the second question, also Internet rights by many scholars are defined as the fourth generation of human rights, and government needs to take it into duly account while providing public goods and public services. We don't really argue nowadays that it is also our how many right and obligation, positive obligation of the state, to provide safety and security, to provide constitutional order, rule of law, and in this process, of course, government needs monitoring, surveillance, controlling, and law enforcement functions, but the borders and boundaries here, this is what matters, because if we -- without the oversight mechanisms and without the proper due process, there is a big temptation for the ultra-virus activities from the government, abuse of its powers, and mass surveillance.
 
If we don't control the legitimate powers of the government, we may end up with the digital 9084 where really people behave with the control -- behave and think with the control of the government and where our minds are really in the digital freezer, so where is the boundary and how we can ensure on the one hand protection of Internet rights and the protection of safety and constitutional order on the other hand.
 
I will quote from the constitutional court's decision of Georgia, which states that effective protection of any right in this process is assistive to define the content and limits of the rights. Otherwise, there's a risk and temptation of both, disproportionate interference into the right and abuse of the right. The states should reasonably balance private and public interests while protecting and ensuring rights. This is the only way to achieve exercising of rights as well as specific public purposes. From this quotation, I just identified the core principles.
 
The first, there is a need of defining the content and limits of rights and purposes on the states at stake. It is important to have bylaw enacting boundaries, which will clearly define where our government power starts and where it ends. There is a clear need for the balance of the public and private interests. There is a -- really important to have a solid check and balance and oversight mechanisms in place, and in this process, we need check and balances not only within the state agencies and government entities but from the private sector.
 
We need publicity, transparency, and accountability of the government activities, and, of course, in each and every activity of the government, principles of proportionality, legitimacy and balance should be met. Just -- this is more theory, but how we do that in practice. I will take the examples from this. Cybersecurity Strategy and Internet Security Law of Georgia which states very explicitly that, of course, ensuring cybersecurity is the top priority for Georgian government and it is our national value and national security interest, but it should be done without prejudice to other human rights, without freedom of expression violation, without freedom of access to information rules, so these should be without prejudice to all fundamental human rights.
 
Also, Information Security Law of Georgia states that information security should be achieved only based on the risk assessment, and case-by-case, the government entity should decide where its powers goes and where it stops, and in all of these processes ensuring Internet rights should be adhered, and oversight mechanisms here is court legitimate powers stay there.
 
Another example, I said I come from the e-Government agency, and today I have to say that this is the time where IT personnel and lawyers sit together every day in defining new e-Services, and we, together with software developers, business analysts, and Georgian lawyers define how we are possessing personal data or business data of our consumers, how long we can retain this data, what is the proportion of data that we need to have in order to provide public goods and public services, and here again, this is how we interpret the law, and the second is, then, the authority of the personal data protection inspectorate and the court system, who will check if we are doing this in line, and e-Government agency's not only the one, all e-Government structures in Georgia work like this. So this is from my side. Thank you.
 
>> ALEXANDER ISAVNIN: Okay. Thank you very much. It's really interesting.
 
>> GRIGORI SAGHYAN: Can I ask a question?
 
>> ALEXANDER ISAVNIN: For sure, but be short. Yes, you may ask a question.
 
>> GRIGORI SAGHYAN: (Off microphone)
 
>> ALEXANDER ISAVNIN: But introduce yourself, please.
 
>> GRIGORI SAGHYAN: Grigori Saghyan, Internet Society, Armenia. You talk about cybersecurity and informational security, so could you please describe what is your understanding of difference of these two terms?
 
>> NATALIA GODERDZISHVILI: Thank you for the question. So in Georgian legal system, we have a law which has two distinctive parts, but they are very much interrelated. The law is called Information Security Act of Georgia, which has two parts, information security policy and cybersecurity part, so cybersecurity is part of the information security, so information security's much broader sense, much more broader definition, and cybersecurity becomes a part of that. And how we do that?
 
On the one hand, we ensure that any critical information systems or critical infrastructure has information security policies and standards in place. In any daily life, we are in the process of defining what is risk asset, what information approach we are conducting in terms of information management, and on the other hand, we are protecting technically security of these systems, and this is the stuff or the job of cybersecurity personnel, so the broad definition is information security, and cyber is part of that.
 
>> GRIGORI SAGHYAN: Okay. You mean -- where is the part which is related to content?
 
>> ALEXANDER ISAVNIN: Grigori, another short question. Do -- is it possible to read this legislation in English? Is it translated?
 
>> NATALIA GODERDZISHVILI: Absolutely, in English and in Russian as well. But, yeah, content is related to both, to cybersecurity as well as information security because asset management is the job of information security managers, but protection, technically, of this content is the cybersecurity job in short, but I will be happy to speak about the strategy and law in detail.
 
>> ALEXANDER ISAVNIN: Okay. Thank you very much. I'll hand it to another speaker, please. Martina.
 
>> MARTINA FERRACANE: Yeah. So I want to bring the trade perspective on the table because I think here it's not discussed enough in this kind of world. I will -- yeah, I wanted to ask first who knows what a WTO is, World Trade Organization, if you're familiar with WTO, anyone? Oh, yeah, two, three and a half. Yeah, you're familiar with the process of the WTO more generally or -- you know what it is? Okay.
 
>> AUDIENCE MEMBER: (Off microphone)
 
>> MARTINA FERRACANE: You know what the GATS is? Great. You know what the GATS exceptions are? More or less.
 
Okay. I will not use the slides actually, because they're quite technical, and I thought it would be a bit boring to present them, so I just wanted to give you really a trace perspective on how to approach restrictions on trade and in particular data flow restrictions in a trade environment, in a trade setting, such as the WTO, because -- and the reason I want to talk about this is the measures that we see today that apply on data flows might be subject to removal and be considered invalid under WTO, and, therefore, a country might be requested to remove this measure if it is violating WTO, so I think it's actually one of the most important tools -- probably the only tool we have internationally to require another country to remove a law that, for example, has impacts on freedom of expression, if this law does not comply with WTO. So for those who don't know what WTO is, it's the World Trade Organization, and it's an organization that regulates trade between countries, and there is over, like, 160 members. It's basically the entire world, and those countries who trade are in WTO today, and what we have in WTO is a commitment by Member States of the WTO to liberalize trade between countries in goods and also in services and also other kind of agreements that regulate the IP, et cetera.
 
So what countries do when committing to liberalized trading services is to decide which services -- there's a scheduled commitment -- which services they agree to let flow between countries, so, for example, many countries have committed to liberalize computer services between countries, so if a country is imposing a measure, a regulation, which is actually making it harder, more expensive to provide the service cross-border, this measure is subject to a procedure that can continue to measure as invalid and can request the country to eliminate and to remove this measure or to adjust it so that it doesn't create restrictions to trade.
 
And to give you an example of the Russian regulation on privacy, which requires data to be processed locally, for all private data to be processed locally, this measure can be seen as have a cost for business as well because any company who wants to provide a service to Russian consumers has to store data in Russia, and, therefore, this increases cost of providing services cross-border.
 
So it might be the case that this measure could be subject to a WTO dispute. For example, the U.S. could bring Russia to the WTO and say this measure you're imposing is actually creating cost for my companies, and, therefore, you should remove it. Now, the reason why you should remove is not that it's, for example, having implications on freedom of expression or et cetera, but actually it's for trade, but still, that's one important tool that we have -- we did it to facilitate trade.
 
And what happens when a country asks -- brings another country to a dispute settlement -- that's how the procedure is called -- there is a panel that is created in which it is discussed whether this measure is actually representing a restriction to trade or not.
 
And there are two types of exceptions the country has to justify imposing a restriction when this restriction restricts trade with -- a restriction on trade, so you have general exceptions and security exceptions.
 
So general exceptions have to do with privacy and public order, so what Russia could say is that this measure for me is necessary to protect privacy of my citizens, and, therefore, it is -- it falls under one of the exceptions of the WTO and I should keep it because it's protecting the privacy of my citizens, and what is done there is then the panel will need to check whether this measure is actually improving privacy and whether it is the least trade-restrictive option to protect privacy of the citizens.
 
And personally, what I will argue is that if there was a case like this, it would be very hard for Russia to prove that this measure is the least trade-restrictive way of protecting the privacy of the citizens.
 
And in the same way, when you look at the cybersecurity law of China, for example, which is imposed under the national security objective, it would be very hard for China in a WTO setting to prove that keeping data within China makes the country more secure from a national security perspective.
 
So if there was a case like this -- and there have been no cases so far on the digital -- on data flows. There have been a couple of cases on digital economy, but it's really -- we are still at the beginning of seeing cases around digital, but we have seen a few days ago the U.S. representative that just said that the GDPR is a restriction to trade, so we might see tomorrow the U.S. bringing the EU in a WTO dispute settlement and saying that GDPR is actually restricting trade, so if that happens, we will need to see how to approach this case. It will be an interesting tool to examine whether a measure is actually achieving the objective that the country's saying it is achieving, like national security or privacy, or if this measure is actually implemented for other objectives, which are, for example, surveillance or for simply benefiting local companies at the expense of foreign companies. So, yeah, that's everything I wanted to say.
 
>> ALEXANDER ISAVNIN: Okay. Thank you very much. It's very interesting approach about the harmonization of different laws, so may I ask to switch presentation to next one. Can you switch presentation?
 
Well, we will have the next presentation with example. No, no, no, it's previous. Martina spoke without slides.
 
>> (Off microphone)
 
>> ALEXANDER ISAVNIN: No, no, no, none.
 
>> PETER KIMPIAN: Yeah. I'm going to start. In the meantime, we'll find my slides. I really didn't want to talk about this, but as it has been brought up, I have to say in advance that my organization, the Council of Europe, has a completely different approach to the question raised by my colleague, Martina, and there is an ongoing negotiation, that's for sure, which is very tense within WTO and the GATS, but we as the Council of Europe, we have a more human rights approach to this whole question, and in my short presentation -- I hope to be short because it's very difficult to speak in five minutes on what Council of Europe is doing in terms of surveillance and protection of human rights and rule of law, but I'll try.
 
So to begin with, I'm going to maybe introduce you to some of the Council of Europe instruments because the whole organization was created after the Second World War and is promoting human rights and rule of law, so we have instruments, national, international instruments on this field, and -- which is very relevant to our topic today of the surveillance. We have -- I will cite two of them.
 
One is the Convention on Prevention of Terrorism, for instance, and the other one is cybercrime, which foresees the access to data by law enforcement in certain condition, but I also want to highlight that, for instance, the Committee on Terrorism has also worked very hard on recommendation on use, and it's the second recommendation, a soft law measure, but it's very much taken into account by our Member States on the use of special investigative techniques, and what is very good in our organization is that if a committee is working on a specific issue or consulting other committees, so this -- the use of special investigative techniques, which basically says that -- how wiretapping should be done, what are the conditions, how -- direct access to content should be carried out by police, we, as the Data Protection Committee, has been invited and we participated in all this.
 
This is the case also for the Cybercrime Convention, as you ma I have heard about it. Currently there is a -- quite an important work on the second edition of protocol, which we foresees a regime, a new regime, on the access to data cross-border by law enforcement authorities on cybercrime issues, so these are the examples from the rule of law branch or part of the house.
 
Where it comes to human rights, the Committee of Ministers in 2016 have adopted a recommendation which says the Convention -- the European Convention on Human Lights, which I'm sure you are very much familiar with, applies both online and offline. This is the first sentence. So although we don't have a specific instrument on the International treaty or convention related to the Internet and the rights of Internet, the recommendation says the whole convention applies to this.
 
In this period, the Data Protection Committee lately adopted a guide on the use of data by police, and if I have time, I'm going to speak a little bit about all this, but to be on the safe side, I'm always referring -- okay -- to the court. I have 30 minutes -- 30 seconds, so, okay. I'm going to wrap up --
 
>> (Off microphone)
 
>> PETER KIMPIAN: Sorry?
 
>> (Off microphone)
 
>> PETER KIMPIAN: Some. Yes, okay. No, I'm going to speed this up a little bit.
 
So the court, which is a unique court, an international court, which can make binding decisions on Member States has established the legal requirements for surveillance, and it started as of its first case, the matter in '78, and it was a class and others, and already in the class case it has established three very important criteria, which law enforcement action or operation has to comply with is that it has to be in accordance with the law, serves a legitimate purpose, and it has to be necessary in a democratic society. Of course, there are several parts of how we should interpret all those, and in further cases, the court itself has specified what does those mean.
 
You can see on the slide what are the requirements for the criteria in accordance with the law. In Malone vs. United Kingdom, we have several specifications how the law should look like in order to be -- to respond to the criteria of legitimate or lawful access to data. In the other cases you're going to see, and more importantly, in Weber and Saravia, you will have minimum safeguards to the law.
 
After came this -- the -- yeah, the -- it clarified what does the court mean on necessary and democratic society, and you see on the slide it has to respond to a pressing social need, it has to be proportionate to the legitimate purpose, and there is always a margin of appreciation, which has to be interpreted in an oral sense.
 
More recent cases, Zakharov, we have the Szabo cases, we've seen more specification on the conditions, so there is this criteria and requirements of reasonable suspicion, strict necessity, and judicial authorization, so you're going to have all this on the slides, what does those means, really. Would be, of course, glad to respond to further questions on this, and -- yeah, and maybe some new cases. One is being the Evashenko vs. Russia, which the court found there is no violation of Article 8.
 
And, you know, another case in the Benedik vs. Slovenia, they found there has been a violation of the data subject. Of course, they are very interesting but very difficult cases.
 
You can see -- you can have some references to those -- all those case law. Here I would be glad to respond to questions or speak to you more about the guide on which the Data Protection Committee adopted recently.
 
>> ALEXANDER ISAVNIN: Okay. Thank you very much. We are finished with examples from our team, so we have to start discussion with the audience. I think we came from many different countries. We have different examples. We came from different industries, so if you have some questions of those or maybe some notes on how things are going in your country. Yeah. But don't forget to introduce yourself.
 
>> LAURIN WEISSINGER: Okay. So I'm Laurin, and I do some research particularly on IT and cybersecurity with the University of Oxford, and I think I'll just bring in some observations. So I think Nata said something really important is that government can do a lot without listening to everybody's communications, for example. It can guarantee things like access to the Internet, a human right, making sure that the Internet is up-to-date and functional, so on and so on. You can also think about the government doing things along the line of pushing security per design so you don't just, you know, bolt it on at the end but actually support the -- like, products that do actually work securely or at least sufficiently securely when they come out.
 
When it comes to regulation, though, I think the big question is how do we regulate, how does government regulate, so security, I would say, is a common good, so it's something, you know, if we then start factoring systems, that is, like, the perfect entry points for criminals, abuse actors, and so on and so on.
 
So I've done quite a bit of empirical research on IT and security regulation in particular, and what you hear from professionals when you kind of talk to them, when you survey them, they say, look, we need to have influence, we have to kind of say what's happening on the ground and this has to be addressed when regulation is happening. It has to be applicable to the work we do. It shouldn't be difficult to understand at a high level because we don't have the time and the ability to actually kind of deal with this, so I think this is one aspect where we definitely have to do a lot of work for this to function if we say, well, there is a role of regulation here.
 
The other thing I think is really -- which was also touched on, the question of how much can be done for what. So, for example, when we say take-downs, this may be stuff that's used by cybercriminals to do, you know, phishing, that's one, but take-downs are also, oh, someone took down your YouTube video because you played 30 seconds of a certain song and now it's owned in -- you know, not really owned but taken away from you by the rights holder. It happens automatically. Humans don't look at it until you complain.
 
The same as with the local processing, you know, can be good, right, in some cases, can mean that there is actually some level of audit going on that goes beyond box ticking on how these data are processed.
 
On the other hand, it can also be bad, depending on where you are because that means the state has got access or some other kind of regulatory agency, so to finish my comments, I just want to reiterate the question is how do we deal with this common good of, like -- of network security? It is good for all of us, it's important for the economy, it's important for us to communicate.
 
At the same time, though, if regulation works in, like, a problematic way, essentially, we may actually decrease the common good rather than increasing it.
 
>> ALEXANDER ISAVNIN: Okay. Any other comments? Peter again.
 
>> PETER KIMPIAN: Thank you. Sorry. First, it was a question that popped into my mind or rather a comment regarding your comments even yesterday, so I think the Internet is like an infrastructure, and it's -- in technical or legal terms, it's not very different to the road infrastructure, to air traffic infrastructure, to other infrastructure we have and we used to have. I mean, states, citizens, society, international community is dealing with that.
 
Of course, there is much more need for an enhanced cooperation on this in various levels, but I'd see it as an infrastructure, which is a critical infrastructure.
 
>> ALEXANDER ISAVNIN: Well, try to avoid words "critical infrastructure," because if you say something like "critical," governments pay much more attention.
 
Well, the main Internet principle for me is for engineer, and I want to share it with you because you are mostly lawyers, I think, do not create critical infrastructure, so Internet was intended to survive during nuclear bombings, so no part of which should be critical for running business.
 
A good example is the latest is the DDoS attacks with terabytes of traffic that we all heard, but I really doubt that we have more than two persons in the room who felt this great -- who was disturbed and its business was disturbed by this attack. It happened somewhere else, and we use it as a service, but to facilitate this discussion, we see really different points of view from different actors, and I feel that there are a lot of gaps in this discussion. We did not have much more -- we did not have many examples of possible regulations and possible negative impacts, so please participate because these questions are asked by government agencies, asked by academia, asked by Civil Society, and we still are not in touch with each other.
 
I really like approach from World Trade Organization, possible that there are mechanisms to harmonize regulatory things, so maybe just somebody from audience? Okay. May I call a person whom I invited to this workshop and who may have completely different point of view? We have former representative law enforcers who are now working for Internet Governance organizations. Please, could you tell us something -- well, on our subject on the importance of surveillance and enforce of laws as representatives of LEOs?
 
>> RICH LEANING: Hi. Rich Leaning from RIPE NCC, and as Alexander said, I'm an ex-law enforcement officer, and there's others in this room as well, so I'm looking at Virgil over there.
 
(Laughter)
 
It's an interesting discussion, and as known, in this EuroDIG environment, it's very high level and we're sort of moving all over the place on it.
 
My -- and I haven't been a law enforcement officer for about four years now, so I'm slightly out of date and it's not my day job, so I'm only speaking as an individual and not representing anyone at all.
 
It's an interesting topic because for me, as law enforcement, I had a mandate to make sure the public I served was safe, and that's in the real world and online as well, and I think the public want that. As Article 8 says, you know, everyone has the right to life, privacy, et cetera, et cetera, et cetera, and it's really challenging for law enforcement to investigate crimes on the Internet because of the way the Internet is, you know, the anonymity of it and it has no boundaries, et cetera, et cetera, et cetera, but the thing is that law enforcement don't make laws, that's the governments. If people are unhappy with -- if the -- the legislation, then they need to lobby the governments, not law enforcement. And here about mass surveillance and on this type of stuff, I find that quite weird because there's only one organization, agency that does mass surveillance of the Internet, and we all use it, and that's Facebook and Google and things like that. They're the ones that are doing the mass surveillance. They have far more data on everyone in this room than any law enforcement agency will have, but we all use it. We're all quite happy to use it.
 
You know, all the blogs in the last two days, everyone's posting Facebook pictures and thinking nothing of it whatsoever. When we're talking about mass surveillance, they're the ones you should be focusing on, not governments and law enforcement.
 
So, I mean, it's a challenging job, and law enforcement -- I'm not saying law enforcement have had it -- got it right every single time they've done it because it's new to them and maybe the balance was slightly in the wrong way, but it's a learning experience for everyone, and I know law enforcement want to work with everyone and be involved in the conversations. That's why law enforcement used to come to these and the IGFs and that's why we've got government representatives here as well, because it's new and we don't know what's going to happen in the future, you know.
 
>> ALEXANDER ISAVNIN: Okay. Thank you very much. May I instantly reply? The situation in our region is completely different in different countries. You mentioned you're not implying laws, but we had a conference about months ago where we invited a parliament member, and he said if FSB, the Russian specialists and security agency came to us with new legislation improving mass surveillance and gave them the right, we could not refuse, so development of Russian legislation on surveillance and powers of law enforcement, they're getting more and more and more power.
 
Another maybe point why we have this discussion here, because for the mass surveillance companies like Google, Facebook, and others, their reputation mechanisms are working, unlike for governments. It's difficult to change the governmental structure, but with Cambridge Analytica case with Facebook, a lot of companies left Facebook, like Elon Musk and other companies left Facebook, and it's kind of reputational. It's very difficult to change -- it's much more difficult to change of the governments in this case.
 
Okay. Martina and then Peter.
 
>> MARTINA FERRACANE: I want to just say two things. One is it's very different. Of course, the issue that Facebook holds a lot of data is a problem, of course, it's obvious, but it's very different the quality of having a private company looking at your data and using it for marketing purposes or a law enforcement agency that -- and a government having access to data that, of course, can have implications on the freedom of the individual in the country, so I think the fact that we have a big problem with Facebook does not mean that we should not focus also on the fact of law enforcement agencies have access to all this data.
 
And the second point that I wanted to raise is a question to everybody. The reason why we are fragmenting the Internet today is that we have our own -- each country has their own value and they want to have their values reflected on something that is actually shared by all countries. How do we solve this impossible dilemma? Do you have some suggestions? Something that always -- yeah, are there some examples of corporations, but, really, I would like to hear if you have some suggestions or examples on how to resolve this difficult question.
 
>> ALEXANDER ISAVNIN: Peter.
 
>> PETER KIMPIAN: This time I agree completely with Martina, so, yeah, this is for -- in my assessment, this is the difference that law enforcement is part of the executory, so the execution branch of the state, and it's under political/administrative direction, so they are following instructions, they are following political agenda, and this is something which is very interesting because you mentioned Facebook. Of course, Facebook, until it did what it did, of course, data protection community already was very critical and asked since the beginning more transparency from society like Facebook, which has built their business model on the exploitation of personal -- or the reselling of the personal data of their customers, but by the time Facebook got into some political activities which would -- which would affect our democracy, which would affect the voting system, which would affect our values, Mark Zuckerberg has to immediately go before senate, he has to become parliament, and he has to make overnight some very critical measures how they were process personally -- of course, as a data protection expert, I will not say that Facebook has become -- I don't know what it has become, it's unclear, but there is a threshold, and this is the political/sovereign issue where you are representing the state's sovereignty. That's a different story, and that is for a very good reason.
 
>> ALEXANDER ISAVNIN: Laurin.
 
>> LAURIN WEISSINGER: Thank you very much. I just wanted to comment on a few things. So you mentioned the infrastructure idea, so this is actually something I went into. So you mentioned air traffic. The interesting thing there is everything is tried to be standardized, right. Every time there is an incident, all the manuals get updated, everyone gets checked. It's really top down, and planes are essentially designed to be the same, particularly from the perspective of the air traffic control.
 
I think with IT infrastructures, it's a bit more like Lego. We have bits that are the same and that we all use, but then we combine them in different ways, so Alexander's networks and systems are different from the ones that I manage, and so -- I think this is what makes things more complicated, and I think that also ties into what Alexander said about, you know, should -- no element should be necessary for, like, the Internet to work, but I believe we are more and more going into the direction where there are a few so central key actors that if they went down, we would actually have an insane interruption of service going.
 
And then with the police, yes, public safety is obviously very important. The police can take action; usually private companies cannot, but that is what is also changing. We now have these, like, policing by private actors. I mentioned with YouTube, but it's also elsewhere, where essentially we're moving from, oh, yeah, this is, like, clearly phishing, obviously, let's take it down, to, oh, a rights holder claims this may be theirs, and that's enough to actually kill something off, and I think this is where the problem starts, not necessarily that we take down phishing sites. Thank you. Nata.
 
>> NATALIA GODERDZISHVILI: To start with, what is the purpose of lawmaking, just regulating or enabling, and this is the key difference there, that laws should be constructed in a way to enable humans to exercise their Internet rights and not just having boundaries where my authority starts and where it's finished, and it is the key in defining Internet human rights. The importance was that last year Georgia conducted e-Readiness survey, and 90% of the respondents say that privacy for them matters, so it's not the issue that I'm not doing anything wrong and I don't care whether I'm surveyed -- I'm under surveillance or not, but 90% of Georgian population cares about privacy, and this is one of the key factors whether -- what is the take-up of e-Services in Georgia because, as a Georgian citizen, is there trust in my government and whether I use e-Government services or not. That's when we are doing or constructing any new e-Service and we are collecting a lot of data, and you're absolutely true in saying that not just only law enforcement agencies but government agencies providing goods and services, we collect and process a lot of personal data, but the issue here is who controls how we are processing, whether I can just request information to civil registry during the last six months, how and when processed my personal data and get this information, and then if I'm able to then sue the agency who has done unproper job, to the court or to the personal data inspectorate. This is what matters, empowering the citizens how to use their Internet rights and how to control legitimate usage of the rights, and in many cases, unlike the law enforcement agencies, government is under more control, the e-Government agencies have more control from citizens about the usage and processing of the personal data than law enforcement.
 
This is the case from Georgia.
 
>> ALEXANDER ISAVNIN: Okay. And I want to reply to Laurin about interference by the states again. Internet was not designed to fulfill state functions, but one of the problems might be when the states comes to the Internet and then tries to enforce something or, for example, content blocking, Internet completely not designed to block content on the network in the core of the network.
 
The even really good legislations like anti-terrorist legislation or child abuse legislation could start breaking infrastructure. As we gave as an example, the first -- one of the first issues with Internet was the Morris worm. It was in 1986. I think not much people was born already -- from this room was born at that time, so they mostly are much younger, and Morris worm had stopped the Internet at all, so they had to deal with it for two days, and you were -- even with 1.7 terabytes, they have not stopped the Internet as whole, and not all people mention it, so Internet was developing, and the governments, even with such good intentions like protecting citizens, could infer the greater disturbance, so previously one case, it appears it's resolved, but governments and states are always here. They could push -- they could be as civilized as in Georgia or as police state as Russia, and in Georgia, it moves forwards and in Russia it moves backwards.
 
I want to ask our remote moderator, do we have any questions from online now?
 
>> REMOTE MODERATOR: We do not.
 
>> ALEXANDER ISAVNIN: Okay. Don't forget to introduce yourself.
 
>> AUDIENCE MEMBER: Of course, yeah. My name is Ouk Boss, and I'm here from Netherlands and I'm here in my own capacity. I want also to react to the comment you made. I guess the problem that other companies are trying to enforce really strictly is also a problem of regulation because if every country or every region makes its own strict legislation, the companies cannot adapt to every single legislation, so they will follow the most straight one and take down that content. Now, I think in some ways, regulation and -- or the legislation is a problem in that way.
 
On the other side, governments do have a privileged position because they make some way the legislation and they can decide themselves if they want to take down some content or just enforce in some way, so I think that's the difference between the companies and governments. Thank you.
 
>> ALEXANDER ISAVNIN: Yeah. Martina, I think -- yeah.
 
>> AUDIENCE MEMBER: Just quickly. I think you're very right, Alexander, with the -- you know, the infrastructure does allow access. The problem is I think most people nowadays do not use the infrastructure the way you're used to, but they use Facebook and YouTube and, you know, these channels, and as soon as it's not available there, it's not available to them, right, and that -- I think that is the problem that these key players have emerged where then this type of enforcement, be it by the state or in a lot of cases, actually private, is possible.
 
And, yes, I agree, like there is a problem with overregulating, right, and a lot of the stuff that is done, looking at my empirical data, is actually seen by practitioners as negative and problematic for their work in actually increasing security, and the only thing that they like and that seems to work is participative, like regulation, where people actually know what they're doing on the ground and are involved in the process.
 
>> ALEXANDER ISAVNIN: Yeah. Okay. Then Martina.
 
>> MARTINA FERRACANE: I have a question, again, like on -- since the first one has not been answered by anyone about the future of the Internet. You were talking about the fact that also content blocking or regulation creates an impact on their infrastructure, so do you see the need to change the way in which the infrastructure is designed in order to respond to the needs of countries to impose their regulation on their -- within their -- the countries, and if so, if the Internet is to evolve, how can it evolve in a way that remains one?
 
>> ALEXANDER ISAVNIN: Well, really, it's really an interesting question. So how Internet needs to be changed to -- how it must change itself to comply to government requests.
 
Okay. The question -- well, my answer -- my personal answer is Internet need not to be changed, not because of governments but because its idea was to be global and not regulated, so Internet was not regulated from beginning, so that's why it's growth was so successful because we -- we had a guy this morning from ITU, and as far as I remember, ITU tried to create something like this, like packet switch network. They even invited some people from France, and they ran away because they could not fit in this because all the telephony protocols had to comply with those interests and those interests and we had telephony monopolies before Internet, nearly every state had its own telephony monopoly who had -- which had interconnections to -- telephony interconnections to other states, and because of those standards, why Internet have won? Because you had not to pay for implementation of standards, so you do not pay royalty if you do TCP/IP in your equipment, unlike ITU things and proprietary standards. And Internet was built on the things which worked, so even -- I see a set of protocols that comply with the model. Even if you buy one equipment from IBM and another from another producer, these two telecommunication devices could not work together. You had a chance that they will not work together, but for TCP/IP which brought the Internet its success, it worked. It worked in academia, and that's why it was selected.
 
And then I really thought that if we start applying interests of states, the Internet would not be Internet, it would be, again, public telephone network, and -- well, in my opinion, not as moderator but as person, our task is to bring this understanding to our states. In some cases, some states understand it; some states refuses it. It's dialogue. Grigori.
 
>> GRIGORI SAGHYAN: I think it's necessary to underlining the rule of such huge companies like Google and Facebook because they are more powerful, in some cases, than governments, and they have a policy for self-regulation. As an example of self-regulation, you can see that in each country, these companies are establishing their caching service, and it gives them rights to have different rules in different countries because they are using local proxy server in which they can adjust their policy with local -- with local regulation. It's necessary to remember about that, that not only American laws are acting in particularly this country, but these companies themselves, they are regulating themself without government influence in order to enlarge their business.
 
>> ALEXANDER ISAVNIN: (Inaudible)
 
>> AUDIENCE MEMBER: (Inaudible). I think what is role of government in this situation? Government has to teach citizens how to protect citizens' businesses and et cetera, how to protect themself, and also they have to make (Inaudible) what risk exists in Internet. We have to not regulate Internet because absolutely Internet's concept and idea is to be free.
 
So in this approach, citizens will identify risks and problems that exist in Internets and will be able to identify resources and solutions, how to protect companies and business sector. Law enforcement have to be ready for any case just to protect citizens and business security, and this approach was taken by Georgian legislation where the government is proposing components or not -- sorry, it's not mandatory for everyone, it's mandatory only for critical information system subjects, and the critical information system subjects, you have to implement information security policy, which means you have to know what information you are on, what is risk related to one, and this is to adopt controls to protect your infrastructure, and I think this is exactly the way to just safe Internet and also keep Internet as much as possible free and open for every citizen. Thank you.
 
>> ALEXANDER ISAVNIN: Okay. Nata.
 
>> NATALIA GODERDZISHVILI: Also, yes, government should not regulate Internet but provide the enabling framework where everybody, citizens, can freely use the Internet rights. At the same time, we came to the point that even last year we've seen so much interference of governments and governments abusing Internet in the democratic election processes and so much because it became the tool in the hands of governments to interfere in the big international politics and foreign affairs and such. That's why it's not just governments but self-regulation from the private sector as well as big international organizations have a role in better defining the roles and the obligations of each actors, state as well as nonstate actors, and if we want to have the open and unrestricted and safe Internet, there is a really big room for multi-stakeholder dialogue in this case because these are not just states but nonstate actors should have a big role in defining what is the future of the Internet.
 
>> ALEXANDER ISAVNIN: Okay. Peter.
 
>> PETER KIMPIAN: Thank you. I just wanted to raise one issue that we are throwing around and I heard government and what government should do or not do. I would suggest maybe to broaden this perspective as -- and divide it a little bit because the government, of course, has some roles and responsibilities into that, and from our perspective, there are a good variety and comprehensive net of international convention when it comes to Europe on that and to guide them and even to bind them to do things or not to do things, but when it comes to the protection of individual rights, it's not only the government. The government has the responsibility to develop or to put in place instances and authorities such as the enforcement authorities, which are not part of the government, such as the DPAs or media authorities. Those can have -- help protect your rights if it's infringed, and for countries belonging to Council of Europe, you can be sure that it has to be interpreted as it was a violation outside of the Internet, so it's the same.
 
And moreover, you have anti-discrimination authorities in several countries and the parliamentarian committees you can turn to and so on and so forth, and on top of this, you have the ACTHR, which I keep repeating, and maybe I -- I realize I forgot to show the audience this because I just clicked on my computer. Here is the Zakharov cases, for instance, and the Szabo cases are groundbreaking and are individual cases, and they changed completely the way governments and authorities are pursuing or are going along with surveillance measures, so I think there are possibilities already whether if it's sufficient and whether if it's enough. We can have discussion on this, but be sure there are already possibilities -- if your rights are infringed on the Internet, you have possibilities to challenge it.
 
>> ALEXANDER ISAVNIN: Okay. Jake.
 
>> JAKE: Yeah, I was just going to mention the problems that governments have is the Internet is global and you can't split it up because it wouldn't be the Internet that we have today, so, therefore, it has no boundaries whatsoever, and, therefore, that's the challenge for governments because they have sovereignty and they're trying to make regulation in their little square on something that they can't possibly do, so there's an interesting challenge and it's a challenge that's going to be there all the time, and I've heard discussions in my community about, you know, why don't we start our own Internet? Well, you can start your own Internet, but the Internet doesn't work that way. Who's going to come to your own Internet, you know, you'll just be left alone with no one coming to you.
 
So it's a challenge to find global norms that will make the Internet safe, and when we talk about the other examples of global norms, that's top down, and the Internet isn't that way, so unless we want a top-down Internet, that's another discussion. If we want to carry on the way it is, we're going to have to think of something else to do.
 
The problem I see is trust, and I think we're on the verge now of the Internet may be losing some trust from its users, and if we lose trust into Internet, then we're in serious, serious trouble, because I know you don't like the word "critical infrastructure," but there are critical parts of the Internet that is there, and the governments have to pay attention to because our lives are run on the Internet.
 
On Friday, last week I was flying back from a country and I was trying to use my Visa to get my bloody cappuccino, and I couldn't use it because the Visa system had gone down.
 
>> ALEXANDER ISAVNIN: But this is not Internet, this is informational systems.
 
>> JAKE: I understand that, but there's things like that that we use the Internet for that facility that if it went down, that little part of the critical thing that everyone uses, then that is really going to be focused in people's minds, so we just have to be aware that --
 
>> ALEXANDER ISAVNIN: Yeah, you mentioned trust. I forgot to talk about my introductory slides because one of the roles of governments and states is trust, of course, so we have to trust somebody to let them enforce in this case, but in Internet, on Internet, we also have a lot of trust anchors. Well, the well-known things is it's DNS key -- signing key is one of trust anchors. Another one is security certificates, which we are using for electronics and something, so we trust in them. It's one of the -- yeah. But I want to shift a little our discussion.
 
In my country, as I mentioned, the laws become tighter and tighter and added more obligations, but as far as I know, in Europe some data retention laws were canceled. Wi-Fi identification was canceled in some countries, so for me it would be interesting to listen and maybe to others also, how it works with, well, European government when the legislations get rolled back, when the governments and state sees that its regulation is too much, how it appears and that it needs to be rolled back. Maybe somebody could answer. Okay. Martina.
 
>> MARTINA FERRACANE: (Off microphone) and then make a question.
 
In this case, it's because there was a European Court of Justice ruling that was invited, the European directive on data retention, and the European Court of Justice considers -- invalidated this directive because it was considered to be nonproportional to achieve the objective of law enforcement, and what we're seeing, that so far in -- there has been already -- I think this ruling was -- I'm not sure, so anyway, the countries had a few years to remove these data retention laws and they are obliged to remove them, and still there are about half of the Member States that have not removed this and two Member States that have had new data protection laws, the UK and Germany, after the violation, so it's not like they were obliged to and they have not even done it, so it's not even realized that they had to --
 
>> AUDIENCE MEMBER: (Off microphone)
 
>> MARTINA FERRACANE: Yeah, they took inspiration.
 
>> ALEXANDER ISAVNIN: Peter.
 
>> PETER KIMPIAN: Yes. This is exactly -- if I can be so personal in my response, but this is, I think, a case where it shows that we have a lot to do. So we have a court case, we have clear instructions, and Member States are not following. Of course, it's not a Council of Europe case, but it's very relevant also for us. Yeah, so there's a lot to do.
 
>> ALEXANDER ISAVNIN: Any other opinions? Please, if you even sit not around this table, but for the -- share your experience. Okay. So let's wrap up. I think that our current dialogue shows that we need to continue it. There are too much subjects to discuss, too much subjects to -- again, to approach, so we have reporter.
 
>> REPORTER: Hello, everyone. My name is Ada. I'm here on behalf of Geneva Internet Platform Digital Watch Observatory. All of the sessions at the EuroDIG you can find after the event at Digwatch and on the EuroDIG Wiki page.
 
Now, what we have here are basically four messages that we tried to construct from what we heard, but you're going to get it in a more broader way during the -- in the summary report.
 
Now, what we're trying to do is to try to reach a rough consensus in the room. You can also show thumbs up or thumbs down. That's also fine.
 
So the first one is there is a clear need for the balance of the public and private interests.
 
>> ALEXANDER ISAVNIN: Anyone object? No.
 
>> REPORTER: Okay. Good. Internet should not be regulated in order to keep it free but provide enabling framework.
 
>> ALEXANDER ISAVNIN: Again, any objections?
 
>> REPORTER: Good. There is a need for publicity, transparency, and accountability of the government and private companies' activities.
 
>> ALEXANDER ISAVNIN: No objections.
 
>> REPORTER: Cool. And the fourth one, there are different and important approaches on different levels when it comes to surveillance laws and governments vs. Internet rights, which is why it is crucial to continue the multi-stakeholder dialogue.
 
>> ALEXANDER ISAVNIN: No objections.
 
>> REPORTER: I think there is one.
 
>> AUDIENCE MEMBER: Maybe not Internet rights but human rights.
 
>> REPORTER: Okay. We're changing the title a little bit, okay? Everyone agrees? Fantastic.
 
>> ALEXANDER ISAVNIN: We missed to discuss -- sorry, it's my failure as moderator -- that what Internet -- I stated it in introductory presentation -- how rights have changed with Internet, so does Internet add some additional rights, so -- but it's a reason to have -- to continue this discussion and maybe start from focusing not on surveillance but on what new Internet rights are because definition of basic human rights as far as I remember is 70 years of previous century, so maybe it's time also to shift definition of basic rights or Internet rights or something like -- it's another reason to continue. So we have consensus on outcome?
 
>> REPORTER: I would like to ask if we're keeping Internet or human rights. Human rights. Okay. I corrected it. Thank you very much.
 
>> ALEXANDER ISAVNIN: Okay. Any other interventions? Maybe somebody wants to say wrap-up words? Discussion, please. Don't forget to introduce yourself.
 
>> LEENA ROMPPAINEN: Leena Romppainen from Electronic Frontier Finland. So for me, the perspective of human rights and Internet rights, it used to be that we needed to discuss very separately of what rights we should have on online environments and Internet environments, but I think this is distinction is now vanishing. We are talking about human rights in a digital era, and I think it's easier to talk about human rights instead of bringing up the whole context of Internet rights.
 
>> ALEXANDER ISAVNIN: As far as I remember, in Finland Internet is considered just one of human rights now. That's why maybe the discussion should continue.
 
Okay. Maybe somebody would like to invite us to discuss these topics at other locations, other venues, other conferences. Should we continue discussing this maybe or -- not on this ground, on mailing list somewhere? Okay. Oxana, please
 
>> OXANA: (Off microphone)
 
>> ALEXANDER ISAVNIN: Okay. For the record, Oxana from Ukraine invites us to Ukrainian IGF in September. As far as I remember, Ukraine is a free country for Europeans and not as expensive as Netherlands for example, so everyone welcome. Any other wrap-up words? Martina.
 
>> MARTINA FERRACANE: Since we have five minutes, we have other points of view, but I just wanted to invite everybody. We have not arrived to a consensus or an agreement on the way forward for the Internet, whether we can actually make sure that countries regulate it but still the Internet remains one, and I think it's a really important question, not just for the Internet, for the future of humanity to think about a way in which we can make sure that the Internet evolves in a way that countries feel that they are making their job in ensuring the rights of the citizens and making sure that the citizens are protected, but in the same way, doing it in a way that the Internet is not fragmented into Internet, and we see a lot of proposals today from BRICS, from Russia and countries, and there is a serious discussion creating parallel Internets just for the sake of ensuring the rights of citizens, so I think it's the most important question to try to answer and discuss in other fora on how we make this happen without fragmenting the Internet and risking this amazing treasure we have of communicating each other disappears.
 
>> ALEXANDER ISAVNIN: Okay. Short reply and then another question. It's not BRICS proposal, it's Russian proposal. I have contacted other BRICS countries, and I get a very negative reply from all levels, even from levels of regulators.
 
>> MARTINA FERRACANE: (Off microphone)
 
>> ALEXANDER ISAVNIN: Okay. Let's discuss it. And another question, actually, the minister from ITU got this question, but we did not, so I have to return it. We have representative of YOUthDIG here, more than one representative, so I want to ask Elisabeth or other colleagues, how do you feel about this discussion, because some of us have already retired, somebody will go retire in 20 years like me, but what -- Internet belongs to you, will belong in -- what do you think about this discussion?
 
>> ELISABETH SCHAUERMANN: Yeah. So this is Elisabeth Schauermann. I was co-organizing YOUthDIG. We were bringing together youth involved in digital rights and how it affects their livelihood and how they navigate their lives. So, I mean, a problem that might be there or, like, there's several issues with young people and human rights. One is a lack of agency, right? There's not a lot of young people in governments and regulatory bodies, yet, again, there's a lot of young people who are very interested in the topic and very on top of their activism, I'd say.
 
Just to give a quick example of my own experience, in the last German Youth IGF, we drafted a message that was very openly criticizing the quite recent law on platform liability in Germany, so the youth environment might give room to more controversy and more activism.
 
>> ALEXANDER ISAVNIN: What do you think about this discussion?
 
>> ELISABETH SCHAUERMANN: I think that we need to -- it was quite high level, I mean, in terms of many young people not having a human rights background, it might be necessary to give more education and tone it down maybe to some extent, but, yeah.
 
>> ALEXANDER ISAVNIN: So you're here. Don't hesitate to ask questions and send your colleagues to us. Also, as far as I remember, Oxana invited us to Ukrainian IGF. They also have IGF, so I think you already have one country invitation to discuss it.
 
Okay. We're nearly out of time. If no other interventions, let's close. Okay.
 
>> AUDIENCE MEMBER: Yeah, I do have one question off topic. If anyone is an expert in responsible disclosure, would you please approach me. Thank you.
 
>> ALEXANDER ISAVNIN: Okay. Thank you very much. I hope we'll be able to continue this discussion later on the grounds of EuroDIG and other governance forums. Thank you very much.
 
(Applause)
 
(Session concluded at 1230 GET)
 
 
''This text is based on live transcription. Communication Access Realtime Translation (CART), captioning, and/or live transcription are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. This text is not to be distributed or used in any way that may violate copyright law.''


[[Category:2018]][[Category:Sessions 2018]][[Category:Sessions]][[Category:Human rights 2018]]
[[Category:2018]][[Category:Sessions 2018]][[Category:Sessions]][[Category:Human rights 2018]]

Revision as of 16:42, 2 July 2018

6 June 2018 | 11:00-12:30 | CENTRAL ROOM | YouTube video
Consolidated programme 2018 overview

Session teaser

Internet created new abilities and made development easier. Ether for realization, ether for violation of basic rights. Governments vs. Societies, Freedoms vs. Surveillance. Laws: inherited, newly developed, implemented, planned. We'll make short review on current situation in Europe (and close neighborhood) and discuss possible reactions and developments.

Keywords

Laws, Survellance, LEAs, Basic Human Rights, Internet Rights, Resistance

Session description

Do government action and regulations harm our digital rights or do they protect them? Some advocate that, in tradition of the early Internet, regulators only bring harm to innovation and free exercise of digital rights and hamper key principles of the Internet. Others call for more regulation in order to fight crime and abuse in digital spaces and keep the Internet safe for its users. Some political systems approach the Internet more radically than others. If the truth is in a balance, the question remains, how to strike this happy medium. Is a productive dialogue between stakeholders realistic when it comes to laws? In this workshop we will debate opposing takes on the matter to provide a landscape of opinions about how government regulations positively or negatively, directly and indirectly affect our rights online

Format

  1. Introduction by moderator
  2. Two statements to spark the debate - one in favour, one against regulation (we don't have to deal in absolutes. Rather narratives of what works well and what or where it doesn't.)
  3. Q&A with key participants based on an set of questions we can define beforehand
  4. Open the discussion to the room
  5. Wrap-up

Further reading

Links to relevant websites, declarations, books, documents. Please note we cannot offer web space, so only links to external resources are possible. Example for an external link: Website of EuroDIG

People

Please provide name and institution for all people you list here.

Focal Point

  • Alexander Isavnin

Organising Team (Org Team)

Farzaneh Badii, Elisabeth Schauermann, Alexander Isavnin and WS7 mailinglist participants.

Key Participants

Name Affiliation Short CV
Martina Ferracane Research associate @ ECIPE Martina is an policy advisor on digital transformation. Her interests include data Privacy, cyber security, cross-border data flows, internet governance and digital skills.
Natalia Goderdzishvili Ministry of Justice of Georgia As a lawyer and international relations specialist in the Data Exchange Agency of the Ministry of Justice of Georgia is interested in balancing privacy and other human rights with cyber security and data protection challenges in nowadays digital governance models.
Alexander Isavnin RosKomSvoboda, head of International Cooperation Alexander Isavnin is network technology professional, interested in

protection and development of Human Rights in the Internet ecosystem

Peter Kimpian Data Protection Unit, Council of Europe Peter Kimpian working at the Data Protection Unit of the Council of Europe, having an interest in how the rights to pricavy and to data protection are balanced with law enforcement interests in different fields in the Digital Age.
Laurin Weissinger University of Oxford Researches IT-Security, notably trust relations, risk, and networks in defensive security.
Elisabeth Schauermann YOUthDIG Elisabeth Schauermann is a coordinator within the German project "Love-Storm - United Against Hate Online" and has been involved in digital human rights and Internet Governance since 2016. She co-organizes YOUthDIG.

Moderator

  • Martina Ferracane/Alexander Isavnin

Remote Moderator

  • Elisabeth Schauermann

Reporter

  • Aida Mahmutovic

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.

Messages

  • Private and public interests have to be balanced, respecting human rights.
  • The Internet should not be regulated in order to keep it free, and it should provide an enabling framework.
  • There is a need for the publicity, transparency, and accountability of the activities of the government and private companies.
  • There are various important approaches on different levels when it comes to surveillance, laws, and governments vs. human rights – which is why it is crucial to continue a multistakeholder dialogue.

Find an independent report of the session from the Geneva Internet Platform Digital Watch Observatory at https://dig.watch/resources/surveillance-laws-and-governments-vs-internet-rights.

Video record

https://youtu.be/lvcb8zrzK6A

Transcript

Provided by: Caption First, Inc. P.O Box 3066. Monument, CO 80132, Phone: +001-877-825-5234, +001-719-481-9835, www.captionfirst.com


This text is based on live transcription. Communication Access Realtime Translation (CART), captioning, and/or live transcription are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. This text is not to be distributed or used in any way that may violate copyright law.


>> ALEXANDER ISAVNIN: I think that the whole session should run in the form of dialogue, so if you have something to say, please raise your hand, and you'll be given possibility to speak.

We will have some short presentation at the beginning of the session just to start our discussion because talks and ideas about possibility to discuss surveillance and national security and governments and its laws is really difficult, but, also, we should always mention that people have rights. There are fundamental human rights. Maybe some of these rights modified with appearance of Internet, so I hope we'll have a good discussion.

My name is Alexander Isavnin. I come from Russian Federation, a country where government and law enforcers do not like to have dialogue with Civil Society and with its citizens, they're just doing orders, so that's another reason why I'm willing just to participate in this dialogue and bring some interesting outcome back to my home. So let's start.

First of all, I should note that Internet was created by scientific community more than 30 years ago, and creation was funded by state, but there was no special requirements set up by government, so scientists did a very funny thing, which they liked and which developed, and now we -- every person's using it and we like it. No special laws was created at that time. There was no special international treaties like around telegraph and telephony, and ITU wasn't for us at that moment, so we still need a creation of new regulations and government interactions for this that maybe I want to have questions for our discussions. I've created some short -- and I don't think this is comprehensive -- list of pros and cons of government participation. Again, I'm from Russian Federation. I could speak about negative impact of Russian regulations and Russian law enforcement to Russian Internet for about five hours without limits, but now I will not do this.

So the possible objections against great governmental interference to Internet might be on this slide. Okay. First of all, Internet became successful without any governmental interference. We should remember this.

Internet and -- as information technology, brings a lot of new options for mass surveillance for states, so we could also discuss a bit later.

Governmental Internet regulations require -- may require excessive identification and data retention for you. Russia is also great example for that. You can go -- unlike here where you can connect to Wi-Fi instantly, in Russia you need to identify you somehow.

Some countries are implementing illegal and illicit content blocking. I think a lot of people have agreement of which content is illegal, but for different countries -- and even some services may not be welcome.

Internet allows law enforcers to imitate their activities. In pre-Internet era, they had to chase the criminal, to go outside, to do something. Now some of them prefer to sit at their offices doing queries, looking in Google Street Views and then trying to find somebody who they decide is a criminal. Or another point, for example, it's very risky in Russia to publish photos from the Second World War, even with Russian soldiers, because if some Nazi symbols went on those photos, it could be interpreted as Nazi propaganda, while differently, the whole picture is not.

If operators and businesses must apply content blocking or mass surveillance, it could lead to corruption for the interest of some companies who are producing such equipment. Russia is also a good example.

Some countries may implement Internet-related -- Internet business-related products and use them for their businesses.

I think the -- another issue which is con governmental regulations -- nearly all regulations have exceptions for law enforcements and governmental agencies.

Such exceptions, for example, exist for Russian personal data regulations. I think such exceptions newly discussed at GDPR also exists, but we'll discuss it later. We have presentation of this topic. Government regulations and laws from different countries are not compatible with each other. I just mentioned the Russian personal data laws. It's completely incompatible with GDPR, so in some cases, a Russian company might have issues because they can't implement GDPR and Russian regulations both at one time. That was some examples of cons.

We have pros. Only states have possibility to enforce something, and for Internet, it's enforcement of communication secrecy. It's very important. There were some scandals related, Facebook and Cambridge Analytica. It's just parts, not personal data but also communication secrecy. Only states could watch for consumer rights protection and consumer rights protection in the Internet might be one of the positive regulations which exists in Russia and works completely.

The states and governments might protect business development. Usually only states ask for national and international security, but, again, maybe -- there are a lot of businesses who cares for international security on the Internet, but maybe in some cases states should take.

We all know that states and ITU, like international organizations, cares for sustainable development. Businesses may not be interested, but states could have something related to this.

Another argument is Internet was developed more than 30 years ago, and the basic technologies behind the Internet are still the technologies. Maybe governments should make interference and start implementing something new.

In the name of our session of our Internet rights, you'll remember basic human rights, but Internet brought new forms of rights and new forms of realization of basic rights, so me, as a network engineer and the closest thing -- that's one of the fundamental rights is the possibility to have global IP connectivity, so wherever I exist -- wherever I reside, I could connect to somebody else wherever he locates himself.

Internet brings new options for expression, your opinion. You don't just go to Hyde Park and speak. Your opinion could be heard not just in center of London but everywhere.

And another right is the possibility to stay anonymous. If you're an opposition activist, a human right protestor in some totalitarian country, you may have to stay anonymous to avoid any punishments.

Another interesting right, the right to be forgotten. Previously, while we can forget Mr. Herislotos, so I think some people don't want such fame now. I would like to invite some speakers to give positive or negative examples of government regulations, so let's resume.

Now the representative of Georgia, please.

>> NATALIA GODERDZISHVILI: Good afternoon, ladies and gentlemen. I represent e-Government agency of Georgia, and I will make my speech in the angle of good stuff and how government is really protecting privacy and personal data in the same way of providing public goods and services.

To start with, what -- I will start with the definition of what, in my opinion, are the Internet rights. This is all those conventional human rights in the digital era in line with access to Internet and the use of Internet, and by the way, Georgia is one of the countries which defined -- which defined access to Internet as a human right in its constitution, but how it will be in practice, this is the second question, also Internet rights by many scholars are defined as the fourth generation of human rights, and government needs to take it into duly account while providing public goods and public services. We don't really argue nowadays that it is also our how many right and obligation, positive obligation of the state, to provide safety and security, to provide constitutional order, rule of law, and in this process, of course, government needs monitoring, surveillance, controlling, and law enforcement functions, but the borders and boundaries here, this is what matters, because if we -- without the oversight mechanisms and without the proper due process, there is a big temptation for the ultra-virus activities from the government, abuse of its powers, and mass surveillance.

If we don't control the legitimate powers of the government, we may end up with the digital 9084 where really people behave with the control -- behave and think with the control of the government and where our minds are really in the digital freezer, so where is the boundary and how we can ensure on the one hand protection of Internet rights and the protection of safety and constitutional order on the other hand.

I will quote from the constitutional court's decision of Georgia, which states that effective protection of any right in this process is assistive to define the content and limits of the rights. Otherwise, there's a risk and temptation of both, disproportionate interference into the right and abuse of the right. The states should reasonably balance private and public interests while protecting and ensuring rights. This is the only way to achieve exercising of rights as well as specific public purposes. From this quotation, I just identified the core principles.

The first, there is a need of defining the content and limits of rights and purposes on the states at stake. It is important to have bylaw enacting boundaries, which will clearly define where our government power starts and where it ends. There is a clear need for the balance of the public and private interests. There is a -- really important to have a solid check and balance and oversight mechanisms in place, and in this process, we need check and balances not only within the state agencies and government entities but from the private sector.

We need publicity, transparency, and accountability of the government activities, and, of course, in each and every activity of the government, principles of proportionality, legitimacy and balance should be met. Just -- this is more theory, but how we do that in practice. I will take the examples from this. Cybersecurity Strategy and Internet Security Law of Georgia which states very explicitly that, of course, ensuring cybersecurity is the top priority for Georgian government and it is our national value and national security interest, but it should be done without prejudice to other human rights, without freedom of expression violation, without freedom of access to information rules, so these should be without prejudice to all fundamental human rights.

Also, Information Security Law of Georgia states that information security should be achieved only based on the risk assessment, and case-by-case, the government entity should decide where its powers goes and where it stops, and in all of these processes ensuring Internet rights should be adhered, and oversight mechanisms here is court legitimate powers stay there.

Another example, I said I come from the e-Government agency, and today I have to say that this is the time where IT personnel and lawyers sit together every day in defining new e-Services, and we, together with software developers, business analysts, and Georgian lawyers define how we are possessing personal data or business data of our consumers, how long we can retain this data, what is the proportion of data that we need to have in order to provide public goods and public services, and here again, this is how we interpret the law, and the second is, then, the authority of the personal data protection inspectorate and the court system, who will check if we are doing this in line, and e-Government agency's not only the one, all e-Government structures in Georgia work like this. So this is from my side. Thank you.

>> ALEXANDER ISAVNIN: Okay. Thank you very much. It's really interesting.

>> GRIGORI SAGHYAN: Can I ask a question?

>> ALEXANDER ISAVNIN: For sure, but be short. Yes, you may ask a question.

>> GRIGORI SAGHYAN: (Off microphone)

>> ALEXANDER ISAVNIN: But introduce yourself, please.

>> GRIGORI SAGHYAN: Grigori Saghyan, Internet Society, Armenia. You talk about cybersecurity and informational security, so could you please describe what is your understanding of difference of these two terms?

>> NATALIA GODERDZISHVILI: Thank you for the question. So in Georgian legal system, we have a law which has two distinctive parts, but they are very much interrelated. The law is called Information Security Act of Georgia, which has two parts, information security policy and cybersecurity part, so cybersecurity is part of the information security, so information security's much broader sense, much more broader definition, and cybersecurity becomes a part of that. And how we do that?

On the one hand, we ensure that any critical information systems or critical infrastructure has information security policies and standards in place. In any daily life, we are in the process of defining what is risk asset, what information approach we are conducting in terms of information management, and on the other hand, we are protecting technically security of these systems, and this is the stuff or the job of cybersecurity personnel, so the broad definition is information security, and cyber is part of that.

>> GRIGORI SAGHYAN: Okay. You mean -- where is the part which is related to content?

>> ALEXANDER ISAVNIN: Grigori, another short question. Do -- is it possible to read this legislation in English? Is it translated?

>> NATALIA GODERDZISHVILI: Absolutely, in English and in Russian as well. But, yeah, content is related to both, to cybersecurity as well as information security because asset management is the job of information security managers, but protection, technically, of this content is the cybersecurity job in short, but I will be happy to speak about the strategy and law in detail.

>> ALEXANDER ISAVNIN: Okay. Thank you very much. I'll hand it to another speaker, please. Martina.

>> MARTINA FERRACANE: Yeah. So I want to bring the trade perspective on the table because I think here it's not discussed enough in this kind of world. I will -- yeah, I wanted to ask first who knows what a WTO is, World Trade Organization, if you're familiar with WTO, anyone? Oh, yeah, two, three and a half. Yeah, you're familiar with the process of the WTO more generally or -- you know what it is? Okay.

>> AUDIENCE MEMBER: (Off microphone)

>> MARTINA FERRACANE: You know what the GATS is? Great. You know what the GATS exceptions are? More or less.

Okay. I will not use the slides actually, because they're quite technical, and I thought it would be a bit boring to present them, so I just wanted to give you really a trace perspective on how to approach restrictions on trade and in particular data flow restrictions in a trade environment, in a trade setting, such as the WTO, because -- and the reason I want to talk about this is the measures that we see today that apply on data flows might be subject to removal and be considered invalid under WTO, and, therefore, a country might be requested to remove this measure if it is violating WTO, so I think it's actually one of the most important tools -- probably the only tool we have internationally to require another country to remove a law that, for example, has impacts on freedom of expression, if this law does not comply with WTO. So for those who don't know what WTO is, it's the World Trade Organization, and it's an organization that regulates trade between countries, and there is over, like, 160 members. It's basically the entire world, and those countries who trade are in WTO today, and what we have in WTO is a commitment by Member States of the WTO to liberalize trade between countries in goods and also in services and also other kind of agreements that regulate the IP, et cetera.

So what countries do when committing to liberalized trading services is to decide which services -- there's a scheduled commitment -- which services they agree to let flow between countries, so, for example, many countries have committed to liberalize computer services between countries, so if a country is imposing a measure, a regulation, which is actually making it harder, more expensive to provide the service cross-border, this measure is subject to a procedure that can continue to measure as invalid and can request the country to eliminate and to remove this measure or to adjust it so that it doesn't create restrictions to trade.

And to give you an example of the Russian regulation on privacy, which requires data to be processed locally, for all private data to be processed locally, this measure can be seen as have a cost for business as well because any company who wants to provide a service to Russian consumers has to store data in Russia, and, therefore, this increases cost of providing services cross-border.

So it might be the case that this measure could be subject to a WTO dispute. For example, the U.S. could bring Russia to the WTO and say this measure you're imposing is actually creating cost for my companies, and, therefore, you should remove it. Now, the reason why you should remove is not that it's, for example, having implications on freedom of expression or et cetera, but actually it's for trade, but still, that's one important tool that we have -- we did it to facilitate trade.

And what happens when a country asks -- brings another country to a dispute settlement -- that's how the procedure is called -- there is a panel that is created in which it is discussed whether this measure is actually representing a restriction to trade or not.

And there are two types of exceptions the country has to justify imposing a restriction when this restriction restricts trade with -- a restriction on trade, so you have general exceptions and security exceptions.

So general exceptions have to do with privacy and public order, so what Russia could say is that this measure for me is necessary to protect privacy of my citizens, and, therefore, it is -- it falls under one of the exceptions of the WTO and I should keep it because it's protecting the privacy of my citizens, and what is done there is then the panel will need to check whether this measure is actually improving privacy and whether it is the least trade-restrictive option to protect privacy of the citizens.

And personally, what I will argue is that if there was a case like this, it would be very hard for Russia to prove that this measure is the least trade-restrictive way of protecting the privacy of the citizens.

And in the same way, when you look at the cybersecurity law of China, for example, which is imposed under the national security objective, it would be very hard for China in a WTO setting to prove that keeping data within China makes the country more secure from a national security perspective.

So if there was a case like this -- and there have been no cases so far on the digital -- on data flows. There have been a couple of cases on digital economy, but it's really -- we are still at the beginning of seeing cases around digital, but we have seen a few days ago the U.S. representative that just said that the GDPR is a restriction to trade, so we might see tomorrow the U.S. bringing the EU in a WTO dispute settlement and saying that GDPR is actually restricting trade, so if that happens, we will need to see how to approach this case. It will be an interesting tool to examine whether a measure is actually achieving the objective that the country's saying it is achieving, like national security or privacy, or if this measure is actually implemented for other objectives, which are, for example, surveillance or for simply benefiting local companies at the expense of foreign companies. So, yeah, that's everything I wanted to say.

>> ALEXANDER ISAVNIN: Okay. Thank you very much. It's very interesting approach about the harmonization of different laws, so may I ask to switch presentation to next one. Can you switch presentation?

Well, we will have the next presentation with example. No, no, no, it's previous. Martina spoke without slides.

>> (Off microphone)

>> ALEXANDER ISAVNIN: No, no, no, none.

>> PETER KIMPIAN: Yeah. I'm going to start. In the meantime, we'll find my slides. I really didn't want to talk about this, but as it has been brought up, I have to say in advance that my organization, the Council of Europe, has a completely different approach to the question raised by my colleague, Martina, and there is an ongoing negotiation, that's for sure, which is very tense within WTO and the GATS, but we as the Council of Europe, we have a more human rights approach to this whole question, and in my short presentation -- I hope to be short because it's very difficult to speak in five minutes on what Council of Europe is doing in terms of surveillance and protection of human rights and rule of law, but I'll try.

So to begin with, I'm going to maybe introduce you to some of the Council of Europe instruments because the whole organization was created after the Second World War and is promoting human rights and rule of law, so we have instruments, national, international instruments on this field, and -- which is very relevant to our topic today of the surveillance. We have -- I will cite two of them.

One is the Convention on Prevention of Terrorism, for instance, and the other one is cybercrime, which foresees the access to data by law enforcement in certain condition, but I also want to highlight that, for instance, the Committee on Terrorism has also worked very hard on recommendation on use, and it's the second recommendation, a soft law measure, but it's very much taken into account by our Member States on the use of special investigative techniques, and what is very good in our organization is that if a committee is working on a specific issue or consulting other committees, so this -- the use of special investigative techniques, which basically says that -- how wiretapping should be done, what are the conditions, how -- direct access to content should be carried out by police, we, as the Data Protection Committee, has been invited and we participated in all this.

This is the case also for the Cybercrime Convention, as you ma I have heard about it. Currently there is a -- quite an important work on the second edition of protocol, which we foresees a regime, a new regime, on the access to data cross-border by law enforcement authorities on cybercrime issues, so these are the examples from the rule of law branch or part of the house.

Where it comes to human rights, the Committee of Ministers in 2016 have adopted a recommendation which says the Convention -- the European Convention on Human Lights, which I'm sure you are very much familiar with, applies both online and offline. This is the first sentence. So although we don't have a specific instrument on the International treaty or convention related to the Internet and the rights of Internet, the recommendation says the whole convention applies to this.

In this period, the Data Protection Committee lately adopted a guide on the use of data by police, and if I have time, I'm going to speak a little bit about all this, but to be on the safe side, I'm always referring -- okay -- to the court. I have 30 minutes -- 30 seconds, so, okay. I'm going to wrap up --

>> (Off microphone)

>> PETER KIMPIAN: Sorry?

>> (Off microphone)

>> PETER KIMPIAN: Some. Yes, okay. No, I'm going to speed this up a little bit.

So the court, which is a unique court, an international court, which can make binding decisions on Member States has established the legal requirements for surveillance, and it started as of its first case, the matter in '78, and it was a class and others, and already in the class case it has established three very important criteria, which law enforcement action or operation has to comply with is that it has to be in accordance with the law, serves a legitimate purpose, and it has to be necessary in a democratic society. Of course, there are several parts of how we should interpret all those, and in further cases, the court itself has specified what does those mean.

You can see on the slide what are the requirements for the criteria in accordance with the law. In Malone vs. United Kingdom, we have several specifications how the law should look like in order to be -- to respond to the criteria of legitimate or lawful access to data. In the other cases you're going to see, and more importantly, in Weber and Saravia, you will have minimum safeguards to the law.

After came this -- the -- yeah, the -- it clarified what does the court mean on necessary and democratic society, and you see on the slide it has to respond to a pressing social need, it has to be proportionate to the legitimate purpose, and there is always a margin of appreciation, which has to be interpreted in an oral sense.

More recent cases, Zakharov, we have the Szabo cases, we've seen more specification on the conditions, so there is this criteria and requirements of reasonable suspicion, strict necessity, and judicial authorization, so you're going to have all this on the slides, what does those means, really. Would be, of course, glad to respond to further questions on this, and -- yeah, and maybe some new cases. One is being the Evashenko vs. Russia, which the court found there is no violation of Article 8.

And, you know, another case in the Benedik vs. Slovenia, they found there has been a violation of the data subject. Of course, they are very interesting but very difficult cases.

You can see -- you can have some references to those -- all those case law. Here I would be glad to respond to questions or speak to you more about the guide on which the Data Protection Committee adopted recently.

>> ALEXANDER ISAVNIN: Okay. Thank you very much. We are finished with examples from our team, so we have to start discussion with the audience. I think we came from many different countries. We have different examples. We came from different industries, so if you have some questions of those or maybe some notes on how things are going in your country. Yeah. But don't forget to introduce yourself.

>> LAURIN WEISSINGER: Okay. So I'm Laurin, and I do some research particularly on IT and cybersecurity with the University of Oxford, and I think I'll just bring in some observations. So I think Nata said something really important is that government can do a lot without listening to everybody's communications, for example. It can guarantee things like access to the Internet, a human right, making sure that the Internet is up-to-date and functional, so on and so on. You can also think about the government doing things along the line of pushing security per design so you don't just, you know, bolt it on at the end but actually support the -- like, products that do actually work securely or at least sufficiently securely when they come out.

When it comes to regulation, though, I think the big question is how do we regulate, how does government regulate, so security, I would say, is a common good, so it's something, you know, if we then start factoring systems, that is, like, the perfect entry points for criminals, abuse actors, and so on and so on.

So I've done quite a bit of empirical research on IT and security regulation in particular, and what you hear from professionals when you kind of talk to them, when you survey them, they say, look, we need to have influence, we have to kind of say what's happening on the ground and this has to be addressed when regulation is happening. It has to be applicable to the work we do. It shouldn't be difficult to understand at a high level because we don't have the time and the ability to actually kind of deal with this, so I think this is one aspect where we definitely have to do a lot of work for this to function if we say, well, there is a role of regulation here.

The other thing I think is really -- which was also touched on, the question of how much can be done for what. So, for example, when we say take-downs, this may be stuff that's used by cybercriminals to do, you know, phishing, that's one, but take-downs are also, oh, someone took down your YouTube video because you played 30 seconds of a certain song and now it's owned in -- you know, not really owned but taken away from you by the rights holder. It happens automatically. Humans don't look at it until you complain.

The same as with the local processing, you know, can be good, right, in some cases, can mean that there is actually some level of audit going on that goes beyond box ticking on how these data are processed.

On the other hand, it can also be bad, depending on where you are because that means the state has got access or some other kind of regulatory agency, so to finish my comments, I just want to reiterate the question is how do we deal with this common good of, like -- of network security? It is good for all of us, it's important for the economy, it's important for us to communicate.

At the same time, though, if regulation works in, like, a problematic way, essentially, we may actually decrease the common good rather than increasing it.

>> ALEXANDER ISAVNIN: Okay. Any other comments? Peter again.

>> PETER KIMPIAN: Thank you. Sorry. First, it was a question that popped into my mind or rather a comment regarding your comments even yesterday, so I think the Internet is like an infrastructure, and it's -- in technical or legal terms, it's not very different to the road infrastructure, to air traffic infrastructure, to other infrastructure we have and we used to have. I mean, states, citizens, society, international community is dealing with that.

Of course, there is much more need for an enhanced cooperation on this in various levels, but I'd see it as an infrastructure, which is a critical infrastructure.

>> ALEXANDER ISAVNIN: Well, try to avoid words "critical infrastructure," because if you say something like "critical," governments pay much more attention.

Well, the main Internet principle for me is for engineer, and I want to share it with you because you are mostly lawyers, I think, do not create critical infrastructure, so Internet was intended to survive during nuclear bombings, so no part of which should be critical for running business.

A good example is the latest is the DDoS attacks with terabytes of traffic that we all heard, but I really doubt that we have more than two persons in the room who felt this great -- who was disturbed and its business was disturbed by this attack. It happened somewhere else, and we use it as a service, but to facilitate this discussion, we see really different points of view from different actors, and I feel that there are a lot of gaps in this discussion. We did not have much more -- we did not have many examples of possible regulations and possible negative impacts, so please participate because these questions are asked by government agencies, asked by academia, asked by Civil Society, and we still are not in touch with each other.

I really like approach from World Trade Organization, possible that there are mechanisms to harmonize regulatory things, so maybe just somebody from audience? Okay. May I call a person whom I invited to this workshop and who may have completely different point of view? We have former representative law enforcers who are now working for Internet Governance organizations. Please, could you tell us something -- well, on our subject on the importance of surveillance and enforce of laws as representatives of LEOs?

>> RICH LEANING: Hi. Rich Leaning from RIPE NCC, and as Alexander said, I'm an ex-law enforcement officer, and there's others in this room as well, so I'm looking at Virgil over there.

(Laughter)

It's an interesting discussion, and as known, in this EuroDIG environment, it's very high level and we're sort of moving all over the place on it.

My -- and I haven't been a law enforcement officer for about four years now, so I'm slightly out of date and it's not my day job, so I'm only speaking as an individual and not representing anyone at all.

It's an interesting topic because for me, as law enforcement, I had a mandate to make sure the public I served was safe, and that's in the real world and online as well, and I think the public want that. As Article 8 says, you know, everyone has the right to life, privacy, et cetera, et cetera, et cetera, and it's really challenging for law enforcement to investigate crimes on the Internet because of the way the Internet is, you know, the anonymity of it and it has no boundaries, et cetera, et cetera, et cetera, but the thing is that law enforcement don't make laws, that's the governments. If people are unhappy with -- if the -- the legislation, then they need to lobby the governments, not law enforcement. And here about mass surveillance and on this type of stuff, I find that quite weird because there's only one organization, agency that does mass surveillance of the Internet, and we all use it, and that's Facebook and Google and things like that. They're the ones that are doing the mass surveillance. They have far more data on everyone in this room than any law enforcement agency will have, but we all use it. We're all quite happy to use it.

You know, all the blogs in the last two days, everyone's posting Facebook pictures and thinking nothing of it whatsoever. When we're talking about mass surveillance, they're the ones you should be focusing on, not governments and law enforcement.

So, I mean, it's a challenging job, and law enforcement -- I'm not saying law enforcement have had it -- got it right every single time they've done it because it's new to them and maybe the balance was slightly in the wrong way, but it's a learning experience for everyone, and I know law enforcement want to work with everyone and be involved in the conversations. That's why law enforcement used to come to these and the IGFs and that's why we've got government representatives here as well, because it's new and we don't know what's going to happen in the future, you know.

>> ALEXANDER ISAVNIN: Okay. Thank you very much. May I instantly reply? The situation in our region is completely different in different countries. You mentioned you're not implying laws, but we had a conference about months ago where we invited a parliament member, and he said if FSB, the Russian specialists and security agency came to us with new legislation improving mass surveillance and gave them the right, we could not refuse, so development of Russian legislation on surveillance and powers of law enforcement, they're getting more and more and more power.

Another maybe point why we have this discussion here, because for the mass surveillance companies like Google, Facebook, and others, their reputation mechanisms are working, unlike for governments. It's difficult to change the governmental structure, but with Cambridge Analytica case with Facebook, a lot of companies left Facebook, like Elon Musk and other companies left Facebook, and it's kind of reputational. It's very difficult to change -- it's much more difficult to change of the governments in this case.

Okay. Martina and then Peter.

>> MARTINA FERRACANE: I want to just say two things. One is it's very different. Of course, the issue that Facebook holds a lot of data is a problem, of course, it's obvious, but it's very different the quality of having a private company looking at your data and using it for marketing purposes or a law enforcement agency that -- and a government having access to data that, of course, can have implications on the freedom of the individual in the country, so I think the fact that we have a big problem with Facebook does not mean that we should not focus also on the fact of law enforcement agencies have access to all this data.

And the second point that I wanted to raise is a question to everybody. The reason why we are fragmenting the Internet today is that we have our own -- each country has their own value and they want to have their values reflected on something that is actually shared by all countries. How do we solve this impossible dilemma? Do you have some suggestions? Something that always -- yeah, are there some examples of corporations, but, really, I would like to hear if you have some suggestions or examples on how to resolve this difficult question.

>> ALEXANDER ISAVNIN: Peter.

>> PETER KIMPIAN: This time I agree completely with Martina, so, yeah, this is for -- in my assessment, this is the difference that law enforcement is part of the executory, so the execution branch of the state, and it's under political/administrative direction, so they are following instructions, they are following political agenda, and this is something which is very interesting because you mentioned Facebook. Of course, Facebook, until it did what it did, of course, data protection community already was very critical and asked since the beginning more transparency from society like Facebook, which has built their business model on the exploitation of personal -- or the reselling of the personal data of their customers, but by the time Facebook got into some political activities which would -- which would affect our democracy, which would affect the voting system, which would affect our values, Mark Zuckerberg has to immediately go before senate, he has to become parliament, and he has to make overnight some very critical measures how they were process personally -- of course, as a data protection expert, I will not say that Facebook has become -- I don't know what it has become, it's unclear, but there is a threshold, and this is the political/sovereign issue where you are representing the state's sovereignty. That's a different story, and that is for a very good reason.

>> ALEXANDER ISAVNIN: Laurin.

>> LAURIN WEISSINGER: Thank you very much. I just wanted to comment on a few things. So you mentioned the infrastructure idea, so this is actually something I went into. So you mentioned air traffic. The interesting thing there is everything is tried to be standardized, right. Every time there is an incident, all the manuals get updated, everyone gets checked. It's really top down, and planes are essentially designed to be the same, particularly from the perspective of the air traffic control.

I think with IT infrastructures, it's a bit more like Lego. We have bits that are the same and that we all use, but then we combine them in different ways, so Alexander's networks and systems are different from the ones that I manage, and so -- I think this is what makes things more complicated, and I think that also ties into what Alexander said about, you know, should -- no element should be necessary for, like, the Internet to work, but I believe we are more and more going into the direction where there are a few so central key actors that if they went down, we would actually have an insane interruption of service going.

And then with the police, yes, public safety is obviously very important. The police can take action; usually private companies cannot, but that is what is also changing. We now have these, like, policing by private actors. I mentioned with YouTube, but it's also elsewhere, where essentially we're moving from, oh, yeah, this is, like, clearly phishing, obviously, let's take it down, to, oh, a rights holder claims this may be theirs, and that's enough to actually kill something off, and I think this is where the problem starts, not necessarily that we take down phishing sites. Thank you. Nata.

>> NATALIA GODERDZISHVILI: To start with, what is the purpose of lawmaking, just regulating or enabling, and this is the key difference there, that laws should be constructed in a way to enable humans to exercise their Internet rights and not just having boundaries where my authority starts and where it's finished, and it is the key in defining Internet human rights. The importance was that last year Georgia conducted e-Readiness survey, and 90% of the respondents say that privacy for them matters, so it's not the issue that I'm not doing anything wrong and I don't care whether I'm surveyed -- I'm under surveillance or not, but 90% of Georgian population cares about privacy, and this is one of the key factors whether -- what is the take-up of e-Services in Georgia because, as a Georgian citizen, is there trust in my government and whether I use e-Government services or not. That's when we are doing or constructing any new e-Service and we are collecting a lot of data, and you're absolutely true in saying that not just only law enforcement agencies but government agencies providing goods and services, we collect and process a lot of personal data, but the issue here is who controls how we are processing, whether I can just request information to civil registry during the last six months, how and when processed my personal data and get this information, and then if I'm able to then sue the agency who has done unproper job, to the court or to the personal data inspectorate. This is what matters, empowering the citizens how to use their Internet rights and how to control legitimate usage of the rights, and in many cases, unlike the law enforcement agencies, government is under more control, the e-Government agencies have more control from citizens about the usage and processing of the personal data than law enforcement.

This is the case from Georgia.

>> ALEXANDER ISAVNIN: Okay. And I want to reply to Laurin about interference by the states again. Internet was not designed to fulfill state functions, but one of the problems might be when the states comes to the Internet and then tries to enforce something or, for example, content blocking, Internet completely not designed to block content on the network in the core of the network.

The even really good legislations like anti-terrorist legislation or child abuse legislation could start breaking infrastructure. As we gave as an example, the first -- one of the first issues with Internet was the Morris worm. It was in 1986. I think not much people was born already -- from this room was born at that time, so they mostly are much younger, and Morris worm had stopped the Internet at all, so they had to deal with it for two days, and you were -- even with 1.7 terabytes, they have not stopped the Internet as whole, and not all people mention it, so Internet was developing, and the governments, even with such good intentions like protecting citizens, could infer the greater disturbance, so previously one case, it appears it's resolved, but governments and states are always here. They could push -- they could be as civilized as in Georgia or as police state as Russia, and in Georgia, it moves forwards and in Russia it moves backwards.

I want to ask our remote moderator, do we have any questions from online now?

>> REMOTE MODERATOR: We do not.

>> ALEXANDER ISAVNIN: Okay. Don't forget to introduce yourself.

>> AUDIENCE MEMBER: Of course, yeah. My name is Ouk Boss, and I'm here from Netherlands and I'm here in my own capacity. I want also to react to the comment you made. I guess the problem that other companies are trying to enforce really strictly is also a problem of regulation because if every country or every region makes its own strict legislation, the companies cannot adapt to every single legislation, so they will follow the most straight one and take down that content. Now, I think in some ways, regulation and -- or the legislation is a problem in that way.

On the other side, governments do have a privileged position because they make some way the legislation and they can decide themselves if they want to take down some content or just enforce in some way, so I think that's the difference between the companies and governments. Thank you.

>> ALEXANDER ISAVNIN: Yeah. Martina, I think -- yeah.

>> AUDIENCE MEMBER: Just quickly. I think you're very right, Alexander, with the -- you know, the infrastructure does allow access. The problem is I think most people nowadays do not use the infrastructure the way you're used to, but they use Facebook and YouTube and, you know, these channels, and as soon as it's not available there, it's not available to them, right, and that -- I think that is the problem that these key players have emerged where then this type of enforcement, be it by the state or in a lot of cases, actually private, is possible.

And, yes, I agree, like there is a problem with overregulating, right, and a lot of the stuff that is done, looking at my empirical data, is actually seen by practitioners as negative and problematic for their work in actually increasing security, and the only thing that they like and that seems to work is participative, like regulation, where people actually know what they're doing on the ground and are involved in the process.

>> ALEXANDER ISAVNIN: Yeah. Okay. Then Martina.

>> MARTINA FERRACANE: I have a question, again, like on -- since the first one has not been answered by anyone about the future of the Internet. You were talking about the fact that also content blocking or regulation creates an impact on their infrastructure, so do you see the need to change the way in which the infrastructure is designed in order to respond to the needs of countries to impose their regulation on their -- within their -- the countries, and if so, if the Internet is to evolve, how can it evolve in a way that remains one?

>> ALEXANDER ISAVNIN: Well, really, it's really an interesting question. So how Internet needs to be changed to -- how it must change itself to comply to government requests.

Okay. The question -- well, my answer -- my personal answer is Internet need not to be changed, not because of governments but because its idea was to be global and not regulated, so Internet was not regulated from beginning, so that's why it's growth was so successful because we -- we had a guy this morning from ITU, and as far as I remember, ITU tried to create something like this, like packet switch network. They even invited some people from France, and they ran away because they could not fit in this because all the telephony protocols had to comply with those interests and those interests and we had telephony monopolies before Internet, nearly every state had its own telephony monopoly who had -- which had interconnections to -- telephony interconnections to other states, and because of those standards, why Internet have won? Because you had not to pay for implementation of standards, so you do not pay royalty if you do TCP/IP in your equipment, unlike ITU things and proprietary standards. And Internet was built on the things which worked, so even -- I see a set of protocols that comply with the model. Even if you buy one equipment from IBM and another from another producer, these two telecommunication devices could not work together. You had a chance that they will not work together, but for TCP/IP which brought the Internet its success, it worked. It worked in academia, and that's why it was selected.

And then I really thought that if we start applying interests of states, the Internet would not be Internet, it would be, again, public telephone network, and -- well, in my opinion, not as moderator but as person, our task is to bring this understanding to our states. In some cases, some states understand it; some states refuses it. It's dialogue. Grigori.

>> GRIGORI SAGHYAN: I think it's necessary to underlining the rule of such huge companies like Google and Facebook because they are more powerful, in some cases, than governments, and they have a policy for self-regulation. As an example of self-regulation, you can see that in each country, these companies are establishing their caching service, and it gives them rights to have different rules in different countries because they are using local proxy server in which they can adjust their policy with local -- with local regulation. It's necessary to remember about that, that not only American laws are acting in particularly this country, but these companies themselves, they are regulating themself without government influence in order to enlarge their business.

>> ALEXANDER ISAVNIN: (Inaudible)

>> AUDIENCE MEMBER: (Inaudible). I think what is role of government in this situation? Government has to teach citizens how to protect citizens' businesses and et cetera, how to protect themself, and also they have to make (Inaudible) what risk exists in Internet. We have to not regulate Internet because absolutely Internet's concept and idea is to be free.

So in this approach, citizens will identify risks and problems that exist in Internets and will be able to identify resources and solutions, how to protect companies and business sector. Law enforcement have to be ready for any case just to protect citizens and business security, and this approach was taken by Georgian legislation where the government is proposing components or not -- sorry, it's not mandatory for everyone, it's mandatory only for critical information system subjects, and the critical information system subjects, you have to implement information security policy, which means you have to know what information you are on, what is risk related to one, and this is to adopt controls to protect your infrastructure, and I think this is exactly the way to just safe Internet and also keep Internet as much as possible free and open for every citizen. Thank you.

>> ALEXANDER ISAVNIN: Okay. Nata.

>> NATALIA GODERDZISHVILI: Also, yes, government should not regulate Internet but provide the enabling framework where everybody, citizens, can freely use the Internet rights. At the same time, we came to the point that even last year we've seen so much interference of governments and governments abusing Internet in the democratic election processes and so much because it became the tool in the hands of governments to interfere in the big international politics and foreign affairs and such. That's why it's not just governments but self-regulation from the private sector as well as big international organizations have a role in better defining the roles and the obligations of each actors, state as well as nonstate actors, and if we want to have the open and unrestricted and safe Internet, there is a really big room for multi-stakeholder dialogue in this case because these are not just states but nonstate actors should have a big role in defining what is the future of the Internet.

>> ALEXANDER ISAVNIN: Okay. Peter.

>> PETER KIMPIAN: Thank you. I just wanted to raise one issue that we are throwing around and I heard government and what government should do or not do. I would suggest maybe to broaden this perspective as -- and divide it a little bit because the government, of course, has some roles and responsibilities into that, and from our perspective, there are a good variety and comprehensive net of international convention when it comes to Europe on that and to guide them and even to bind them to do things or not to do things, but when it comes to the protection of individual rights, it's not only the government. The government has the responsibility to develop or to put in place instances and authorities such as the enforcement authorities, which are not part of the government, such as the DPAs or media authorities. Those can have -- help protect your rights if it's infringed, and for countries belonging to Council of Europe, you can be sure that it has to be interpreted as it was a violation outside of the Internet, so it's the same.

And moreover, you have anti-discrimination authorities in several countries and the parliamentarian committees you can turn to and so on and so forth, and on top of this, you have the ACTHR, which I keep repeating, and maybe I -- I realize I forgot to show the audience this because I just clicked on my computer. Here is the Zakharov cases, for instance, and the Szabo cases are groundbreaking and are individual cases, and they changed completely the way governments and authorities are pursuing or are going along with surveillance measures, so I think there are possibilities already whether if it's sufficient and whether if it's enough. We can have discussion on this, but be sure there are already possibilities -- if your rights are infringed on the Internet, you have possibilities to challenge it.

>> ALEXANDER ISAVNIN: Okay. Jake.

>> JAKE: Yeah, I was just going to mention the problems that governments have is the Internet is global and you can't split it up because it wouldn't be the Internet that we have today, so, therefore, it has no boundaries whatsoever, and, therefore, that's the challenge for governments because they have sovereignty and they're trying to make regulation in their little square on something that they can't possibly do, so there's an interesting challenge and it's a challenge that's going to be there all the time, and I've heard discussions in my community about, you know, why don't we start our own Internet? Well, you can start your own Internet, but the Internet doesn't work that way. Who's going to come to your own Internet, you know, you'll just be left alone with no one coming to you.

So it's a challenge to find global norms that will make the Internet safe, and when we talk about the other examples of global norms, that's top down, and the Internet isn't that way, so unless we want a top-down Internet, that's another discussion. If we want to carry on the way it is, we're going to have to think of something else to do.

The problem I see is trust, and I think we're on the verge now of the Internet may be losing some trust from its users, and if we lose trust into Internet, then we're in serious, serious trouble, because I know you don't like the word "critical infrastructure," but there are critical parts of the Internet that is there, and the governments have to pay attention to because our lives are run on the Internet.

On Friday, last week I was flying back from a country and I was trying to use my Visa to get my bloody cappuccino, and I couldn't use it because the Visa system had gone down.

>> ALEXANDER ISAVNIN: But this is not Internet, this is informational systems.

>> JAKE: I understand that, but there's things like that that we use the Internet for that facility that if it went down, that little part of the critical thing that everyone uses, then that is really going to be focused in people's minds, so we just have to be aware that --

>> ALEXANDER ISAVNIN: Yeah, you mentioned trust. I forgot to talk about my introductory slides because one of the roles of governments and states is trust, of course, so we have to trust somebody to let them enforce in this case, but in Internet, on Internet, we also have a lot of trust anchors. Well, the well-known things is it's DNS key -- signing key is one of trust anchors. Another one is security certificates, which we are using for electronics and something, so we trust in them. It's one of the -- yeah. But I want to shift a little our discussion.

In my country, as I mentioned, the laws become tighter and tighter and added more obligations, but as far as I know, in Europe some data retention laws were canceled. Wi-Fi identification was canceled in some countries, so for me it would be interesting to listen and maybe to others also, how it works with, well, European government when the legislations get rolled back, when the governments and state sees that its regulation is too much, how it appears and that it needs to be rolled back. Maybe somebody could answer. Okay. Martina.

>> MARTINA FERRACANE: (Off microphone) and then make a question.

In this case, it's because there was a European Court of Justice ruling that was invited, the European directive on data retention, and the European Court of Justice considers -- invalidated this directive because it was considered to be nonproportional to achieve the objective of law enforcement, and what we're seeing, that so far in -- there has been already -- I think this ruling was -- I'm not sure, so anyway, the countries had a few years to remove these data retention laws and they are obliged to remove them, and still there are about half of the Member States that have not removed this and two Member States that have had new data protection laws, the UK and Germany, after the violation, so it's not like they were obliged to and they have not even done it, so it's not even realized that they had to --

>> AUDIENCE MEMBER: (Off microphone)

>> MARTINA FERRACANE: Yeah, they took inspiration.

>> ALEXANDER ISAVNIN: Peter.

>> PETER KIMPIAN: Yes. This is exactly -- if I can be so personal in my response, but this is, I think, a case where it shows that we have a lot to do. So we have a court case, we have clear instructions, and Member States are not following. Of course, it's not a Council of Europe case, but it's very relevant also for us. Yeah, so there's a lot to do.

>> ALEXANDER ISAVNIN: Any other opinions? Please, if you even sit not around this table, but for the -- share your experience. Okay. So let's wrap up. I think that our current dialogue shows that we need to continue it. There are too much subjects to discuss, too much subjects to -- again, to approach, so we have reporter.

>> REPORTER: Hello, everyone. My name is Ada. I'm here on behalf of Geneva Internet Platform Digital Watch Observatory. All of the sessions at the EuroDIG you can find after the event at Digwatch and on the EuroDIG Wiki page.

Now, what we have here are basically four messages that we tried to construct from what we heard, but you're going to get it in a more broader way during the -- in the summary report.

Now, what we're trying to do is to try to reach a rough consensus in the room. You can also show thumbs up or thumbs down. That's also fine.

So the first one is there is a clear need for the balance of the public and private interests.

>> ALEXANDER ISAVNIN: Anyone object? No.

>> REPORTER: Okay. Good. Internet should not be regulated in order to keep it free but provide enabling framework.

>> ALEXANDER ISAVNIN: Again, any objections?

>> REPORTER: Good. There is a need for publicity, transparency, and accountability of the government and private companies' activities.

>> ALEXANDER ISAVNIN: No objections.

>> REPORTER: Cool. And the fourth one, there are different and important approaches on different levels when it comes to surveillance laws and governments vs. Internet rights, which is why it is crucial to continue the multi-stakeholder dialogue.

>> ALEXANDER ISAVNIN: No objections.

>> REPORTER: I think there is one.

>> AUDIENCE MEMBER: Maybe not Internet rights but human rights.

>> REPORTER: Okay. We're changing the title a little bit, okay? Everyone agrees? Fantastic.

>> ALEXANDER ISAVNIN: We missed to discuss -- sorry, it's my failure as moderator -- that what Internet -- I stated it in introductory presentation -- how rights have changed with Internet, so does Internet add some additional rights, so -- but it's a reason to have -- to continue this discussion and maybe start from focusing not on surveillance but on what new Internet rights are because definition of basic human rights as far as I remember is 70 years of previous century, so maybe it's time also to shift definition of basic rights or Internet rights or something like -- it's another reason to continue. So we have consensus on outcome?

>> REPORTER: I would like to ask if we're keeping Internet or human rights. Human rights. Okay. I corrected it. Thank you very much.

>> ALEXANDER ISAVNIN: Okay. Any other interventions? Maybe somebody wants to say wrap-up words? Discussion, please. Don't forget to introduce yourself.

>> LEENA ROMPPAINEN: Leena Romppainen from Electronic Frontier Finland. So for me, the perspective of human rights and Internet rights, it used to be that we needed to discuss very separately of what rights we should have on online environments and Internet environments, but I think this is distinction is now vanishing. We are talking about human rights in a digital era, and I think it's easier to talk about human rights instead of bringing up the whole context of Internet rights.

>> ALEXANDER ISAVNIN: As far as I remember, in Finland Internet is considered just one of human rights now. That's why maybe the discussion should continue.

Okay. Maybe somebody would like to invite us to discuss these topics at other locations, other venues, other conferences. Should we continue discussing this maybe or -- not on this ground, on mailing list somewhere? Okay. Oxana, please

>> OXANA: (Off microphone)

>> ALEXANDER ISAVNIN: Okay. For the record, Oxana from Ukraine invites us to Ukrainian IGF in September. As far as I remember, Ukraine is a free country for Europeans and not as expensive as Netherlands for example, so everyone welcome. Any other wrap-up words? Martina.

>> MARTINA FERRACANE: Since we have five minutes, we have other points of view, but I just wanted to invite everybody. We have not arrived to a consensus or an agreement on the way forward for the Internet, whether we can actually make sure that countries regulate it but still the Internet remains one, and I think it's a really important question, not just for the Internet, for the future of humanity to think about a way in which we can make sure that the Internet evolves in a way that countries feel that they are making their job in ensuring the rights of the citizens and making sure that the citizens are protected, but in the same way, doing it in a way that the Internet is not fragmented into Internet, and we see a lot of proposals today from BRICS, from Russia and countries, and there is a serious discussion creating parallel Internets just for the sake of ensuring the rights of citizens, so I think it's the most important question to try to answer and discuss in other fora on how we make this happen without fragmenting the Internet and risking this amazing treasure we have of communicating each other disappears.

>> ALEXANDER ISAVNIN: Okay. Short reply and then another question. It's not BRICS proposal, it's Russian proposal. I have contacted other BRICS countries, and I get a very negative reply from all levels, even from levels of regulators.

>> MARTINA FERRACANE: (Off microphone)

>> ALEXANDER ISAVNIN: Okay. Let's discuss it. And another question, actually, the minister from ITU got this question, but we did not, so I have to return it. We have representative of YOUthDIG here, more than one representative, so I want to ask Elisabeth or other colleagues, how do you feel about this discussion, because some of us have already retired, somebody will go retire in 20 years like me, but what -- Internet belongs to you, will belong in -- what do you think about this discussion?

>> ELISABETH SCHAUERMANN: Yeah. So this is Elisabeth Schauermann. I was co-organizing YOUthDIG. We were bringing together youth involved in digital rights and how it affects their livelihood and how they navigate their lives. So, I mean, a problem that might be there or, like, there's several issues with young people and human rights. One is a lack of agency, right? There's not a lot of young people in governments and regulatory bodies, yet, again, there's a lot of young people who are very interested in the topic and very on top of their activism, I'd say.

Just to give a quick example of my own experience, in the last German Youth IGF, we drafted a message that was very openly criticizing the quite recent law on platform liability in Germany, so the youth environment might give room to more controversy and more activism.

>> ALEXANDER ISAVNIN: What do you think about this discussion?

>> ELISABETH SCHAUERMANN: I think that we need to -- it was quite high level, I mean, in terms of many young people not having a human rights background, it might be necessary to give more education and tone it down maybe to some extent, but, yeah.

>> ALEXANDER ISAVNIN: So you're here. Don't hesitate to ask questions and send your colleagues to us. Also, as far as I remember, Oxana invited us to Ukrainian IGF. They also have IGF, so I think you already have one country invitation to discuss it.

Okay. We're nearly out of time. If no other interventions, let's close. Okay.

>> AUDIENCE MEMBER: Yeah, I do have one question off topic. If anyone is an expert in responsible disclosure, would you please approach me. Thank you.

>> ALEXANDER ISAVNIN: Okay. Thank you very much. I hope we'll be able to continue this discussion later on the grounds of EuroDIG and other governance forums. Thank you very much.

(Applause)

(Session concluded at 1230 GET)


This text is based on live transcription. Communication Access Realtime Translation (CART), captioning, and/or live transcription are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. This text is not to be distributed or used in any way that may violate copyright law.