These are unedited transcripts and may contain errors.

Plenary session
13 May 2014
2 p.m.

CHAIR: Hello everyone, welcome after the lunch. It's my pleasure to introduce you to the second part of today, after you just take a seat in the most comfortable position we'll start with a session about Internet pervasive monitoring and increasing security, and then, after a half an hour's session, we'll have some panel. Let's give a warm welcome to Jari.

JARI ARKKO: Good afternoon, I'm going to talk about pervasive monitoring or surveillance and what can we do to strengthen the Internet against it, and this is something that I have worked together with my colleagues. Richard is here, by the way ?? he is going to be answering all the hard questions. And this is an update to what I was speaking about in the previous RIPE Meeting in Athens, and I'm going to cover some of the things that happened after that and then go into IETF activities that have been going on and are going on. Talk about some of the challenges, there are, of course, some challenges, the Internet security thing turned out to be not so easy after all. And also we'll talk about what we can do.

We'll begin with the review of things that have happened since RIPE 67. And this is basically a collection of some of the things I had in the presentation way back then, and then some events that happened after that.

So one of the things that we talked about back then was considering surveillance as an attack among others, and this was at the time our personal opinion, and, since then, it has been discussed extensively at the IETF, and we made a decision earlier this year that, actually, the opinion of the IETF as well, and that's an attack and I will need to deal with that as we deal with any other things. And actually this morning, at 3 a.m., the RFC came out. It's the PCP RFC 2758, pervasive monitoring is an attack. That's good.

The other things that we talked ?? in the Working Groups, and so forth, and we have, we had a very interesting Plenary in November in Vancouver, we were there to talk about this topic, among others, and we had an IAB W3C workshop in February/March this year. And a bunch of other things had been going on as well. We created one new Working Group on this, and several other Working Groups have been working on the topics extensively as well.

We also talked about, you know, it's not just about specifications, but we just need to start encrypting unprotected communications that we had not been doing as much as we should have been doing in the past. And that's not a specification thing, but it's a real world deployment thing and my perception of this at least is that there are many things happening in this front and we are moving to a positive direction, not just because of the Snowden revelations, but it's been going on for several years, people need more security for various reasons and various service providers are turning security on. This is a snapshot of a study that the EFF made of the most popular content providers and how they provide security and the details of this matrix don't matter, it just shows what different techniques the service providers use. But, the interesting part is, it gets greener as time goes by. So things improve and that's good.

So, but lots of companies are taking this very, very seriously and doing the right thing.

We also called for, you know, we had a concern for vulnerable standards, we needed to update the commissions and old algorithms, for instance, and we needed to do more review. Of course, there has been lots of review already but now that we understand better some of these threats, we need some further review, and there is many things have happened in this space, looking at the algorithms and so forth. I just want to highlight one thing which is that we also created a team to look at past RFCs and past Internet technology that is, but hasn't really been looked at from this perspective, privacy of the Internet and pervasive monitoring and so, the theme is in progress. If you are interested in contributing, please join the effort, contact Stephen for further information.

And those were good things, all of them, but there is also been not so good things. One of the items that I mentioned in Athens was that it could happen that it becomes this NSA envy in other intelligence agencies; hey, those guys are doing that cool thing, why can't we do the same thing? And sure enough, and unfortunately this example is from my own country, Finland, extensive surveillance in the draft Finnish cyber intelligence law. They want to do surveillance very broadly, and we'll see if that actually happens, some of us are fighting that quite a lot. Actually, if you are from Finland, contact me later and see if we can do a little bit more there.

My hope is that this effort will still be blocked. Technical industry at least is a little bit concerned that this hurts our activities rather than helps anything.

The other thing that we talked about was implementation back doors and how diversity of implementation helps, how open source helps, how additional review helps and I think we have been taking additional lessons in that space recently, and the lesson, basically, is that we are relying on these pieces of software for very, very important tasks and the amount of review and effort actually comes into this software, it may not be matching how much we need them in the world and now we realise that we need to have a better process, we need to be more careful about what things go in and be more careful about how things are reviewed. That's happening. It's a painful lesson but a good lesson.

We also talked about having a more diverse Internet, which is more exchange points, more cables, more sea cables, for services locally all over the place. All of that is good. But then we said that it would be bad if people started calling for more nationally controlled Internets. And, sure enough, I'll let you decide whether this is in the good or bad category. I would look at the details and the details do matter. But, a lot of the things that we discussed way back then have been kind of happening or ?? there is some progress but also some bad news.

Anyway, so that's the history thing or review of events up to now. Now, we'll move back to 2014, discuss where we are. And I just want to set the scope for this discussion in general. I'm not here, we're not here to have a political discussion, but we must understand how the Internet is evolving, we must understand what kind of threats it is facing in order to do credible engineering for the things that need to run on the Internet. And we really need to have an idea how the Internet technology should evolve to better support privacy. This isn't a general abstract statement that it would be nice to have this. A lot of this industry and organisations such as the IETF run based on voluntary adoption, and this is the case for this as well. So, I believe there are those who want better technology, that is more privacy and support us and other users in better ways. I hope you do, too. And this is for us and I believe there is demand for these types of solution. That's the reason why people are working on them.

I also wanted to point out that we're not here for the first time. We had similar cases in the past. We had, in the 1990s and early 2000s, some crypto wars, whether we can encryption technology in the Internet to begin with and whether it can be strong or weak. We basically decided at the IETF that we muffs encryption technology and it must be strong and that's the reason why we have somewhat credible system for e?commerce today and that's a good thing. In the early thousands, we talked by wire tap /all of interception. Basically ending up with the conclusion that that's probably reality but the IETF won't go out of its way to help that in any particular way. Of course that doesn't prevent that from happening but we're not making an effort to build particular support for T today's equivalent to these two cases is pervasive monitoring. So what can we do about it and how should we address that?

I also wanted to observe that we are kind of part of the problem in this IETF and other technical organisations. One particular issue is that it seems to be provided too hard to use secure solutions, or the security solutions are often difficult to use. And that's bad thing. There has been a programme, or ?? there is rumours about this programme by the NSA called BULLRUN that has, you know, that the intent of that programme was to deliberately weaken standards, so that they would be easier to crack. Now, we have had some discussion about whether that programme has had an effect. I think it's unlikely. That's my opinion. And more likely explanation for things like you know, some of our protocols have some issues or some implementations have bugs and not everything in the security space is easy to use. We have complex requirements. They come from like you have an enterprise situation, you want to solve your particular problem in a nice way but then you might compromise how easy it is for general?purpose user to use the same technology. Sometimes we have a lack of deployment experience for some of these things. We are now getting more of that, that's good. You know, in the whole world we have more experience of various kind of problems in there. And of course, some of these problems are hard. So it's not that it was trivial to solve the security problem to begin with. So I think we can and will and should improve, and the way to improve is by focusing on real large deployments.

So, what has the IETF been working on?

Overall, the Snowden affair has re?energised the communities to work more on security in general and not just for pervasive monitoring but for other purpose as well. With regard to pervasive monitoring itself, we started with the side meeting in Berlin IETF 87 last summer. We had a technical Plenary and a major discussion at IETF 88 in Vancouver. We had a strength workshop just before IETF 89 and the topic was discussed at many many meetings and BoFs, both at IETF 88 and IETF 89. We are seeing some results like that run RFC that I showed you and want to see more results from IETF 90 onwards.

So some of the things that have happened. We created this new Working Group called the UTA, using TLS for applications. The basic idea is to update PCPs how to use TLS in applications, XMPP, e?mail, one of the things that they want to do is document the practices that people have been using for doing sensible things. As an example, server to server e?mail, TLS appears rather broadly deployed, I don't have any numbers but, I mean, it seems that sadly in some cases it is out there, the real world is changing and it's becoming more secure, that's good. And for e?mail that, of course, means that there isn't necessarily someone in between who can look at your e?mail if you do that. At least if you trust the BoF end point parties. And the Working Group of course has only started and needs to do more work.

And then we had a discussion about this topic of do we consider pervasive monitoring an attack? And it's a long long debate, many different aspects of that were debated but we concluded that we do have a consensus that it is an attack. To me that's kind of an a no?brainer but luckily that was the conclusion.

And that kind of sets the basis for further actions, the RFC basically says you know, this is one attack among many and you need to consider it just like you consider other attacks. And it doesn't say that you have to solve the problem, in many cases technology isn't sufficient to solve all problems of the world. There is a similar situation, it doesn't even say that we have to do everything in our power. It just says that you have to consider it. So it doesn't say that you have to encrypt anything from now on or anything like that. It says, please, Working Group, consider this in your new work and decide what the want to do.

We also had a couple of BoFs at IETF 89, one on DNS privacy, if you can make your inquiries in a more private fashion, and then one on TCP encryption at the TCP layer.

There is also other other relevant IETF work going on. TLS 1.3 going on. It's a pretty major new version, it's a fairly big change. It is in development aiming for a better handshake encryption properties, protection of the identities of the two parties. Hopefully faster connection setup time which means more people could perhaps deploy TLS. And intends to learn from previous TLS problems. This is very, very important of course. We also have the HTTP BIS Working Group group developing HTTP 2.0 and this work has many given doles. It's, once again, a major, major update of this protocol. It's conceptually the same but a lot of the internals changed completely. Some of the goals include better efficiency you know for better multiplexing of things and faster setup again. But it also has been a major goal to look at ways to make security more ?? make TLS part of, a bigger part of web traffic than it is today and what can we do about that.

And I wanted to dive into that topic just a little bit because it has been somewhat controversial. So, I think I mentioned in several places last year that I personally would like to see us move more towards a default on security than default of security model, including the web traffic. We have discussed this topic extensively and decided against having the spec say you must encrypt everything. It doesn't say that it's completely up to what you want to do. Now, there is a couple of changes however, I mean in this sense the spec sense, the first bullet there, it's very much like the previous versions of HTTP, but there is a couple of important points to observe. So first of all, a couple of important browser brands have announced that they would like to do a secure only version, so they might go beyond what the spec says. And the second thing is that, technically, the spec allows the use of TLS for HTTP URLs as well, which means you start TLS hidden from the user, it's not visible, there is no key sign or anything, a lock sign in a browser screen but it uses TLS underneath, you know, for instance when it's available anyway for other things towards the same server and so forth.

And there is a couple of debates about this whole topic, so the first one is, I think kind of silly. There's been a question of whether the TLS mode for HTTP reduces deployment of HTTPS and I think that's probably unlikely that it has an effect to begin with. The idea of a dismode is that it's completely invisible to users, at least from users' perspective there is no visible impact, you know, it's a bit difficult to claim it up, but it's secure even though it's not really secure. Or as Stephen Farrell would put it this way in his e?mail today, it's utter [] bullocks that it would ?? it would have an effect. The other point is a bit more factual and this isn't just related to HTTP, it's related to more the trend in this Internet traffic particularly web traffic, and what this is doing is that it's ?? of course it's protecting us from things like spying, it's protecting us from things like people listening on, you know, open wireless LANs and all kinds of criminals can stay away. But, it also, it's making it more difficult to do caching, more difficult to do scanning for viruses, more difficult to do policy, more difficult to do optmisations, and, of course, that has caused some concern at some operators.

And that debate certainly continues to carry on and your input there would actually be useful.

So that's the IETF activities. I wanted to just very quickly at the high level go through what kinds of things we can do. First of all we can turn on crypto for both applications and between different parts of your cloud system, data centres, that's actually an important part of it. There's been some claimed attacks of that nature. And we have a bunch of current tools on that, TLS, IP Sec, DNSSEC. There might be some future tools, we can improve on the current tools and create some future tools. Some of the things that have been talked about, some privacy protection of DNS, TCP layer encryption. The other thing is that we should really look at data minimisation, because, remember, even if you have perfect communication security, it doesn't mean that you can trust the other part so if you minimise data you might be actually better off. And we are at the beginning there, we need to learn more here and there is some proposals on reducing the amount of data you send in DNS, for instance.

Of course we need to have better implementations, as we learned from the open SSLKs. And this morning, I was not there myself, but I understand there was a presentation on, you know, how you can actually turn on security and make sure you have the correct configurations and all of that. So that's really important, make sure that your crypto is properly on. The sponsor projects around doing better technology, ands won I want to mention here is cryptech, which is about basically building open source hardware designs can on within FPGAs and such and ones that you can actually trust and know that there is nothing sinister embedded in there. You can review them.

Of course make security/privacy administration easier. For users, target diversity. If we all use the same services it's going to be a huge target for someone to tap into, and they are, right, so diversity is good in many ways.

Discuss the issue openly. Well that's kind of clear. In whatever fora are relevant for you. We also all need to be responsible engineers and computer scientists and figure out what the impacts of our work are. When we are doing the work and afterwards when we realise some new things.

So, getting towards the end. I would characterise our situation as initially being very excited yes, let's go and solve the Internet security problem. Surprisingly that was no so easy perhaps, and now we are more into the hard work phase, but the good work is that the community is energised to actually do the hard work, lots of people who are actually looking at this and both in terms of specifying more things and more security as well as deploying more security which again is really, really important. We don't want to be specifying while no one actually looks at the specs. And this is all happening while debating the hard trade?offs. So things like you know what to do with caching and end?to?end security. And I have cleaned up the high rate of change in the web world makes some of these changes easier, I think we are at the, kind of like an inflexion point in some of this technology, lots of things happening. Web artists there is a huge change for realtime communications, HTTP 2.0 and TLS improvements, many thing happening. The Internet of things I think is moving towards the web model, so, now is a good moment to change if you want to change something.

So, the last slide is a plea for to you join the work. If you are willing and able of course. You know, any of these things that I mentioned of course are important, or your own things if you have something that is not yet on the agenda please bring it. But, in particular, two items I wanted to raise, send feedback to TLS and HTTP BIS Working Groups, what works for you and what doesn't. The other thing is we have these new 'F' words, maybe we can do something on TCP and DNS privacy, it would be really useful for you guys to look at if those things are actually deployable from your perspective or as operators and other participants.

Obviously the IETF runs some mailing lists, so you can join the mailing list today. Our next physical meeting is in end of July in Toronto.

So that's it. Thank you.


CHAIR: It seems they were listening. Okay. Any questions?

AUDIENCE SPEAKER: Martin Hutty from LINX, the London Internet Exchange. Can I congratulate you on the achievements of achieving that consensus on that statement of principle which I think is really important. I can only try to imagine how difficult it would have been to achieve that kind of consensus both on that point and it being in scope in a well known other international standards organisation.

Would I actually like to ask you about the process that you went through to achieve that consensus because I think this community might want to learn something from that. There is something in this community that is certainly a topic of similar sort of controversy, analogous and that's the issue of attacks on the reachability of networks. That is whether it's DDos and so forth. But also attacks by states to attempt to prevent the reach reachability of things. Now, within this community it's been pretty well understood that ordinary criminal DDos is bad thing that we seek to control and I suspect that there is a large degree of at least individual consensus that the actions by states is undesirable as well. What there isn't yet ?? yet ?? is a consensus that it is this community's role to do what it can seek to do to attempt to limit that or to make it less, the choice that is we make or the recommendations that we offer are those that make it less susceptible to those sorts of inferences rather than more so. So, if we were to seek ?? if we were to consider that a similar analogous statement of principle that that kind of interference is an attack on the Internet and to the extent that when you were able to we would seek to make sure that our policies and recommendations made thing less susceptible, if we were to go down that route, what could we learn from the process that the IETF went through in achieving that fundamental statement of principle itself, particularly not in regard to the rightness of it but the fact that it's within scope.

JARI ARKKO: To begin with it was a very lengthy process for something I initially thought was relatively uncontroversial statement, but, of course, it turned out not to be, and, you know, the basics of it are of course that, you know, we can't really differentiate between the motives of people who are doing this to our Internet traffic and if we leave a hole it doesn't mean that just the good guy will catch whatever terrorists, or whatever, or maybe the next date who was not in such a good reputation will do other things and the criminals do some things and maybe my neighbour's kids will also eventually do ?? use that hole for other things. But, that the process itself, it's actually important that we stick to the usual IETF process, which is rough consensus and running codes. So, I think that was a good principle, so we didn't take any particular special process for this case. We considered opinions and it's actually a very good RFC Internet draft by Pete [Resnig], draft [Resnig] on consensus. You should read that, how you discuss in a community where you have differing opinions and it's not about voting like you know, you are the majority so you win, it's about understanding the minor positions and sometimes you actually end up understanding the minority position and deciding that that is not an issue, is handled. We use the rough consensus process and this particular e?mail for it was 700 messages long, so that night when I reread all of them, that was a pretty long night. But ?? I think the IETF consensus process worked for that. And, Richard, did you want to say something additional?

RICHARD BARNES: I'll second everything that Jari said. Plus once Jari said, the other thing I wanted to note is, I think, Malcolm, it sounded like you were implying that's not actually there. One of the things that's important about this statement, about this consensus statement is that it's still technical. It doesn't say pervasive surveillance by governments is bad. It says pervasive surveillance as a thing that occurs, as an action is ?? something that we regard in the Internet threat model as an attack. So that could be done by a corporation, where someone is running a network, it could be done by a Government, it could be done by an NGO, for all I know. The statement is that, you know, whoever is doing this, it's dangerous to the health of the Internet and we'll incorporate it in the threat models we build for in the Internet and so that's a technical statement and there is lots of interesting technical stuff about how that differs from the traditional threat model. At the same time, though, we have benefitted from the fact that a lot of the stuff that comprises this pervasive monitoring is largely stuff that we have already been thinking about, it's passive collection, it's active attacks on hosts it's just done on a much larger scale. And so to a large degree this statement was a rearticulation of our existing, or longstanding consensus that attacks on Internet hosts are attacks. It's logical. If you collect someone's traffic without their authorisation that's bad thing. This is just a reaffirmation of that and a reemphasis that doing this on a large scale is proportionately much worse.

JARI ARKKO: I wanted to add that during this discussion of this draft or proposal, the most of the debate was ?? I mean there was some bait about like you know whether this is a good thing or a bad thing and so forth. But much of the debate was on its effect to the IETF process and the concern was that if we made this new PCP that said you must these kinds of attacks, then it would be used by the steering group of the IETF to block some progress in some or publication of some RFCs from Working Groups that had not done enough, and hopefully we clarified that enough that it's not that you have to design this perfect system to solve all issues, but actually you have to consider this problem, and sort of of in an intelligent fashion rather than forget to deal with it.

CHAIR: Okay. I see no other questions. Now we'll move into the panel. Filiz, could you join us.

FILIZ YILMAZ: We will, we already started the conversation, but we will continue with a panel now, and I want to invite the panelists to the stage please: Patrik, Nurani, Maria, Desiree, Paul, Olaf... one of you will be slightly sitting ?? don't turn your back to me, I'm talking to you here.

So, well, welcome, all of you, we thought ?? see, there is some conversation that started already in regards to Internet governance and what it means, all those terms and buzz words that has been thrown on our plates for the last year or so, and there has been so many happenings recently, so we put our heads together with these wonderful people you see on the stage, and we thought maybe they can bring one piece from their involvements in these issues to give you a broader picture of all those moving components and what they mean, where they are going, and what we can expect in the near future as well. In that sense, this is, we call the panel the Internet Governance Landscape 2014. I know people like to use these terms for meaning different things too, sometimes, but that's also the beauty of things you know, we will hear different terms thrown, hopefully, by them. But what we are trying to do here, to give you a glimpse of things and we will open the mics so that then this can be interactive. These people all have day jobs, I believe. But ?? I do, too ?? but they are volunteers as well, and here in this panel they are bringing that effectively. Jari started with his IETF Chair role, anyways, the discussion. So, I will start very soon, and I will not get into the introductions much but I will briefly tell as I give the mic to them, what their involvement has been so far, what their tags are in the panel. So we will be talking about different terms, and you may hear, as we discuss just before this panel, multilateral versus multi?stakeholder processes, which, in fact, kind of links to the previous conversations, I think, which is good, and why they are important and what is it to you? What may it be to you and are you fully informed and aware of these happenings, and will they affect you somehow in practice actually, that's the most important thing, I guess.

So, I will start quickly with Jari as he just has been, you know, taken away from the mic, but we will follow a structure where I pick some certain events in the last year or so, and we will start with the Montevideo statement. I guess you guys heard of it but I don't know if you know what it is so we'll hear from Jari who signed that statement.

JARI ARKKO: So, the Montevideo statement is a short statement by the leaders of various Internet organisations, the RIRs, IETF, ICANN, W3C and basically expresses four things. Concern over surveillance relations, the statement came out early October last year, called for IPv6 transition to continue. It called for actually rating the globalisation of IANA and ICANN factions and it also underlined the importance of multi?stakeholder discussions in Internet governance space and I think there is probably a different view, I mean, these ten different organisations or their leaders signed this statement, and there is probably different views on everybody on why it actually came out. So, I had my own perspective on that. The organisations had been meeting for several years and discussing various topics, mostly not to surprise each other, but the first time that we made a public statement, and I think people may have assigned more meaning to this particular statement than it actually had, so from our perspective, when we were writing it, was actually like a factual statement. So, it's remembering the context of the the last day of September first day of October, we're talking about surveillance, and you know, there is hundreds of messages on e?mail as the IETF expressing concern over that, so of course we relayed that. We had discussed steps to make IANA more sort of globalised and all the IETF RFCs had been written in a fashion where the system had involved ?? or the Internet organisations systems had evolved to take on the roles that are needed to run the functions. So, to us, it was kind of obvious that you know, these things were desirable.

I should also clarify that the four topics are not necessarily related to each other, so, I think some people, after the fact, had tried to say that, oh, but this surveillance and this IANA thing are related, but technically they are not related at all. Surveillance and management of some number spaces has really nothing to do with each other.

FILIZ YILMAZ: Thank you, Jari. I know Axel was one of the other leaders that signed that document, and I know Paul Rendek is not Axel, but he is here. Maybe he can share some insights.

PAUL RENDEK: Sure I can. The RIPE NCC was also one of the signatories. My director, Axel Pawlik was one of the names that signed this. I think when we take a look at the statements that are coming I have to agree with Jari that I think the statement was taken and thrown far further than was probably originally envisaged by anybody that was in that room. But if you take a look at the four points that are happening, those happened early in October when the statement came out and where we are now, because, I think it's important to note what are the steps we have taken or what have we operationalised from the statement that came from [Montevideo]. When that statement was made, this was one of the pieces when it came home to me I thought how many I actually going to operationalise what happened there with the directors meeting in this area. So if I take a look at some of these spaces. We look at the Internet governance arena. Certainly the RIPE NCC, even a lot of the RIPE community people are quite involved in what happens in, for instance, the Internet governance forum or even on a lot of different high?level panels, or what have you, that have been organised from that time until now. In specific, you know, we can see that the RIPE NCC has been active in the global IGF, in the Arab IGF, the EuroDIG, which is European IGF, the Azerbaijani, the Russian, so we have had a presence in this from the technical community perspective with our opinions there. So that's been quite positive. We have had that road moving forth. The globalisation of the IANA functions, ICANN and IANA, I think you can see from the statement and we will talk about that a little bit more in detail here and a little bit more on Thursday, there has been some news that has come out that that is pushed this probably quicker than expected. But this is no surprise what's actually happened, but the fact that it's come on board means we have to jump into this and operation lies this from the RIPE NCC perspective, but certainly from the community perspective on where they want this to go. And the other point is the IPv6. This was really pushed as a priority, as you can probably guess, there is no puzzle here. Of course, the RIPE NCC is quite on board with what's happening in IPv6 development.

FILIZ YILMAZ: Thank you, Paul. Now, I know some of these things like when we talk about IGF and Internet Governance Forum you tend to switch off part of this group but we still want you to pay attention because we hope to get somewhere and at this point I want to point to Nurani, who is a former IGF member, also she was in the Bali meeting in September, I believe, 2013, which came after these announcements happening, and some stuff happened there so can you give us a little part of what happened in relation to the technical community during the IGF meeting.

NURANI NIMPUNO: Well, quite a few things happened at the IGF but I'll try to keep it short because I want to have a good discussion about it at the end. Apart from it being very well attended meeting and actually a very good meeting I thought. I don't think all of the IETF meetings have been very good. And the issue of surveillance came up as well, and there was a fantastic discussion, I thought, on the last day, whether the US Government was sitting on the panel answering quite tough questions about surveillance. But in relation to this sort of a series of events that have happened from the Montevideo statement, there was also I don't know, if you are aware of the Brazilian President giving this quite strong and passionate speech in the UN about responding to these revelations about surveillance.

And there were a lot of things happening at the IETF, a lot of shuffling going on, and all of a sudden there was an announcement by the Brazilian Government that they were going to organise a Brazilian summit. A summit means that only governments are present and a lot of people reacted to this. They were also saying we are going to do this together with ICANN and the technical community. And what happened next was, I thought, very interesting, because all of a sudden there was sort of ad hoc meetings thrown together, where of course justifiably people asked what is this summit and area we participating in this and what is the purpose of this summit? And is there something that replaces the IGF, does it replate other Internet governance mechanisms? And a lot of people were very sceptical of this and I think what happens is kind of shows both the strength and the weakness of this system. The strength being that people decided ?? people in the technical community decided that let's use this as an opportunity to both listen to the concerns that we have, but also define something new and let's be part of that conversation instead of reacting to it afterwards. And there was some very good questions asked in the room and at the time people didn't really know what this summit was. It was a summit that then changed to the meeting in Brazil, that then changed to the non?summit meeting that happens to be in Brazil, etc., etc. So, as we were in the room, the definition of this was changing. And what followed then was basically a discussion with all the stakeholder groups about what this summit or this Brazilian meeting was or should be, who is taking ?? who should be part of it and how do we define it, how do we make sure that it involves everyone that it needs to involve? But also, how does this relate to all the other Internet governance discussions that we have. How does it relate to the IGF? And in a very, very short space of time, this meeting that then was called the NETmundial kind of shaped in many ways in a very bottom?up inclusive way. It doesn't mean that everyone was happy at every stage, so to speak. But I think what happened was quite exciting, if you can say that about Internet governance, in that it actually really stopped ?? there were less of the cliches and less of the political talk and actually some real talk about what do we want and in what way some people frustrated with the process that we have now. What can we do about it?

FILIZ YILMAZ: Great. Because we are going to jump into the, you know, beginning of the panel here, with those two gentleman. After that, straight come came the ICANN meeting and Olaf and Patrik are very involved in the ICANN circles, there are two moving parts about this issue relating to the ICANN meeting. Can I start with Patrik and move to Olaf to give insights from there on.

PATRIK FALSTROM: So, one of the players that participated both at the signing of the Montevideo statement and also in the discussion for NETmundial was the CEO of ICANN, and also the ICANN community took on the task of participating and thought like all different kinds of participation that you can get that is multi?stakeholder is a good thing, so that was sort of the general ?? the general view. But quite quickly, just like you pointed out, it was the ICANN community figure out that wait a second, we do have a well?defined way to find consensus within each one of our stakeholder groups, the supporting organisations like the ASO where RIPE participates or the advisory committees like the Security and Stability Advisory Committee that I am Chair of myself, or the Government advisory committee which also participates. But we don't really, in ICANN, have a very good process of how to merge the views from each one of those consensus building processes. The only thing that we have is something that are called cross?constituency working groups. So what happened quite quickly was that we found that, wait a second, it might be the case that we have a situation where ICANN is expected to have one voice. And the only really real way to have one voice from ICANN is that either the CEO was speaking on behalf of ICANN as an incorporated organisation or each one of the stakeholder groups are speak can like I can speak on behalf of F sack. So, what we did very quickly was arrange a meeting like 7 a.m. in the morning, it was like after working on various things until long after midnight so it was kind of an interesting morning meeting, but we decided to set up a cross?constituency working group on Government Internet issues. That group had been working on these issues since and we are working on, first of all of course in all these groups you work on the charter and that takes much longer time than working on the wash items, and then you check whether the charter actually matches what you actually did. But if we ignore that part, which is just comes back in every group like this, this group it is important to remember is is only work is focusing on discussion situations where ICANN are giving messages externally. We have on top of that, excluded from our charter anything that has to do with transition of the stewardship of the IANA function. That's a separate issue. So, both ?? so one thing that is sort of in the grey area has to do of course with what is said in external events, for example, at the IETF and at NETmundial that impacts or ?? that impacts, for example, the way ICANN is operating, so you have in each organisation, you have a consensus building process for what messages you are to convey in these processes, but then you also have to receive input from these external events that might impact your own change process. And that is what we're trying to separate from.

FILIZ YILMAZ: That is one component, though, where a community's response was put together within ICANN is fair. The other component is, though, where some kind of panels that were set beforehand and then they brought expertise, which you took part in, Olaf. What was that?

OLAF KOLKMAN: In the same time frame as that ICANN meeting that Patrik was just talking about, ICANN formed five panels ? four that were internal, looking at what is the evolution of the industry, how does ICANN as a business and an organisation need to evolve to adapt to those needs; and the fifth panel, as it was called at some point, more external?facing, what is the largest scale movement in Internet governance and how does the multi?stakeholder landscape actually involves. That panel was felt not to be a pure ICANN panel and [Fadi] reached out to two other organisations, the [Anneberg] Foundation, which is under UCSC, and the World Economic Forum, and those hosted a panel chaired by President [Els] from Estonia, and Vint Cerf. A bunch of big wigs, as the one press article called it, came together there, people from industry, people from technical community, people with governmental background, people with a background from other communities, so to speak. So, a very broad panel, to talk about what is this multi?stakeholder thing that we're talking about and what are the principles. The principles were fed into Brazil, and the panel, I think, found those principles incorporated in the NETmundial output and last week the panel came together for its final meeting to see we have these principles, there has been a meeting about it in Brazil, there is a community there that consents with those principles, there is a rough consensus around the NETmundial. How to take that forward. And the panel essentially looked at how does Internet governance work in the Internet industry, like the RIPE community, and how would you translate that into Internet governance for issues that are not purely technical. The report will come out in the course of this week, the 15th, as far as I know, is the time that it will be released. So, I think that at the moment that the report comes out, there will be a fair amount of XEGs, but we'll get to that when it comes.

FILIZ YILMAZ: Thanks, Olaf. So, these are all to some extent form will al structures but there are two forums that are talking about these issues and they seem to be formed up in a more different way, let's put it that way, and I want to turn to Desiree whose been waiting there quite patient enter to talk about One?Net, what is that. Apparently you are the steering committee over there. Can you tell us a bit about that?

DESIREE MILOSHEVIC: Thank you, Filiz. Just summing up briefly. It's a work?in?progress. But to really say a few words how it came about and what is the steering committee and what are the activities and what are the activities on the mailing list what are the main activities currently. I would say that the origin of the formation of One?Net platform was a need to have an open, a neutral platform to actually debate all the challenges that were mentioned in the Montevideo statement, so in 2013, it was obvious that the 2014 would be the pivotal year for the Internet governance and the Internet governance is at the crossroads. The question of the trust being broken for Internet users by disclosures of the pervasive monitoring Government surveillance has caused the Montevideo statement, and therefore, One?Net came together as a place to discuss these challenges, and the role of One?Net, it's been formed recently, just after the Montevideo statement, but it's currently a platform where we have 239 people participating in the mailing list. There are some trolls as well. One of the, I think, most frequent poster is Geoffey Moreton with 239. And posts to the list, the busiest month of the list was February, and it's not a surprise, I think as 17th March, we had about more than 700 posts to the mailing list because the NTIA has announced the intention to transition the role of the Internet key domain name functions and to transition their role so there was quite a lot of discussion going on that day.

And it is a very busy mailing list, and to say why it is unique: it's unique because this mailing list has members from civil society, which are members, they are participate in the mailing list with people from the technical community participate in the mailing list, and also we have business representatives. Hopefully, what's in there in future is a hope that also members of governments will start participating on the One?Net platform, whether it's a blog forum or the mailing list. The list has been the most quiet after the NETmundial and I think that's probably something that one could understand why as well.

So, with that, the call for members to join the steering committee was open. It sat in February, and now we have five representatives from the technical community, five representatives from civil society, five representatives from businesses and five representatives from academia. And when you compare that to the different mailing lists that discuss Internet governance challenges, usually it's just a civil society or an activist list or it's Internet technical community and collaboration or it's a business mailing list. So this is a work in progress prying to build consensus, trying to build a little bit more understanding of what are the challenges and what are the issues for all of the stakeholders, and statement, this mailing list is trying to really involve the multi?stakeholder participation, not just online but off line and that is one of the roles of us as representatives to engage with our respective communities and ask you to come and participate more and help throw some light at some of the issues and share some of your thoughts.

FILIZ YILMAZ: Thank you. Normally, I was going to ask Nurani about the inter collaboration forum, because that's I think the angle where the technical committee's input in this representative form, let's put it that way, but I want to come to that in the point about the NETmundial because they provided input towards so so let's move on for the sake of time too, and I will ask Maria about her reflections on the recent announcement that has been mentioned in regard to the IANA function, and I know ?? Maria is the corporation Working Group Chair and they are visiting that issue together with Paul Rendek I believe, so Maria.

MARIA HALL: Thank you very much. Actually, we are going to have a discussion on this on Thursday, but I would like to give the microphone first to Paul because he is going to give a background of what the IANA functionality is, and what the transition is actually going to cause, if if happens and I want to raise a few questions to you because I want to you courts pate at the corporation Working Group so I'll give the microphone to Paul.

PAUL RENDEK: Thank you. I think it's important when we take a look at what's happening, I think most of you in the room or all of you in the room have probably heard of word NTIA transition, some people are calling it IANA transition. I think I prefer to call it NTIA transition. It's very important to understand first of all what is happening here. Because I think that you could be mistaken very easily into thinking that there is something that needs to happen here that isn't going to happen here, so I'd like to set the scene, first. Obviously we're going to have a lot more time to discuss this in the Cooperation Working Group. Maria will cover that. I think a lot of you have probably seen the pages on the RIPE NCC website where we walk through what's happening and the engagement process that we want to have with our community, which is very important. But first let me just step back. I am sure almost all of you in the room note what IANA is, maybe for some of that you don't, IANA is responsible forth global coordination of the DNS route, the IP addresses and other Internet protocol resources.

The actual bit ?? so that what that means for the RIPE NCC or what that means for the RIPE community, in specific, certainly for the RIPE NCC, is the IP addressing and the autonomous system numbers. IANA actually holds the free pool of the IPv4 and IPv6 address space and of course the ASNs, and they distribute these to all the regional Internet registries. So, we receive our resource blocks from IANA. When we're talking a look at what's being discussed here, when we look at the NTIA transition we are not looking at the operations of IANA. We are actually looking at the oversight functions, and this brings us to a Government level and not necessarily anything here in the technical community. The oversight is currently held by the NTIA, the US Government, for IANA. In all of my years here at the RIPE NCC, I have never felt the hand of the US Government, ever, in any one of the deliberations we have had or any one of the discussions we have had in formalising any kind of policy discussions or any of the ways that the RIPE NCC turns these policies into procedure and works with its membership and its community. Although, and I'm sure many of you that have been around here for quite some time that saw the formation of ICANN, you probably saw that we, right away, as a community here, we already thought that the oversight function of the US Government could have walked away. We actually wanted to remove that. So this is really not a surprise for this community at all. I think what we're discussing now here is what will this oversight look like if the US Government is to walk away from this? So we're not talking about the operations of IANA or its accountability or ICANN's accountability. This is not the discussion we will be having on Thursday. It is purely the oversight function. All right? And I think that as far as accountability for how the resources are managed, I think we already have that very much in our hands by our policy development processes that are defined in the RIRs and also the global policy development process that happens in how IANA moves in its direction. So, it's important to ?? I wanted to actually state what is actually happening here and I think the question is, what do you want this oversight to look like, the community? And this is, I think, what we'd like to discuss on Thursday.

MARIA HALL: Thank you, Paul. And based on what Paul was saying actually, that raises a lot of questions, and one of the issues that Paul actually touched upon was actually the confusion of what it's actually about, this transition. I mean, we are not talking about the ICANN operational role actually we are talking about the functionality, or the IANA functionality, but even that one could be confused because it's actually three parts. It's the names, the numbers, and the protocols. So, what we actually could think about a little bit, what are the audit mechanisms for that today? And what will they change when or if the transition comes through? And also, is it going to be three different audit mechanisms or processes for these three different parts? And another thing which is also very important that we need engagement from the whole community here is actually how will that affect the RIRs? What will the RIRs role be in this new system or this new process? And actually, what I think about, of course, because I was working for the Swedish Government before and I was active in the GAC as a vice?chair, what will the Government's role be or maybe even GAC, it was so ?? I mean, you follow the very much highly interesting debate within the governments, within UTLDs. Of course we are talking about the multi?stakeholder system, so of course the Government might have a role, what could that be or will it be some kind of engagement for the Government in communities like that and is that going to be the way forward? So there are a bunch of questions and we are not going to be able to answer them here, we are not going to be able to answer them on Thursday either, but I invite you to come to the Cooperation Working Group, we'll go through it a bit more thoroughly then.

FILIZ YILMAZ: We need to move on, and I know everybody wants to say a few more things about these diverse topics including folks over there, so NETmundial and I'm going to be very strict about the time this time. So, one minute on those names that I'm going to be calling and I want to start with Olaf now. He was there. A few reflections on what was it about and ??

OLAF KOLKMAN: I was there and I'm not going to talk about NETmundial really. I'm going to ignore your question, because I think that it's important to get to the core. What is this arc that we're talking about? NETmundial is an attempt to demonstrate that multistakeholder can actually effectively and efficiently interact with governments that represent public policy aspect for their citizens. There is only one alternative to that type of multistakeholder bottom?up trying to make decisions at the places where the decisions actually have an impact. So making sure that IP policy is developed herein stead of elsewhere. There is only one alternative and that's a multilateral basis for decision making where perhaps you're invited. And that is what is at stake in this big arc going from the Montevideo statement to NETmundial to One?Net, it is demonstrating that there are places, including, by the way, the IGF, it's demonstrated that there are places where the dialogue can happen and people that have these policy, public policy issues are taken seriously, but also that the other stakeholders around the technical community, civil society feels they have a say in shaping the decisions. That's the big arc that I think should be on people's radar, and I also think that this community and the people in this hall have a role to play in that. But, that's for further discussion in a bit.

FILIZ YILMAZ: Yes, he is stealing my questions now actually, but, yes, Jari, can you also continue with that answering what you're reflections are from NETmundial together with how this community has an effect or impact or vice versa with that formation.

JARI ARKKO: Right. So Olaf said the wise words, I'll just comment very briefly on two things, that the process and the outcome from NETmundial. So, in my opinion, you know, a very good meeting and a result that indicates strong support for the multi?stakeholder model from almost everyone, the governments and you know all kind of parties. We're all parties are in there together and discussing. I think that was good.

There was also an outcome document, and on the whole that seems reasonable. It includes many, many good things, it emphasises multistakeholder obviously, a recognition of the role and rights of the end users, open standards, distributed Internet architecture and so forth. It also has weak points. I thought the text on surveillance was rather weak. There was no text whatsoever on network neutrality, and there is very little protection for intermediaries such as ISPs against you know things that are happening between end users and content owners for instance. So, also some work left to do I guess, but on the whole a good process, and I have always been of the opinion that it is, you know, whatever the topic is, whether it's this NETmundial type of meetings or One?Net or the IANA transitions, the community really should ?? we already have existing communities like this one or the IETF, or whatever, that those really should be in central role and those should be driving the ?? this community for instance should be driving the IANA transition or the NTIA transition rather than someone else.

FILIZ YILMAZ: On that point, I want to ask also your brains to start thinking, are the channels we have today, the mechanisms, efficient to deal with this inflation of happenings and recent events, all those things? And now I want to move to Nurani because in that inter collaboration forum, they produced Internet principles from the technical communities point of view and they presented to NETmundial. I think that was one bit where we could talk about how technical community were, was involved to some extent, but yeah, I want to open the mics with those questions to all of you, so, please keep it very short, one minute to a minute max..

NURANI NIMPUNO: I think one of the challenges in engaging in these processes have always been that we're a very loosely defined group, the technical community. So, how do you ensure that you get the input from the technical community into these processes, because these processes will affect you, and it doesn't necessarily mean that everyone in this room, or all operators, you know, on the Internet, need to get involved in all these issues, but there needs to be a dialogue there. You need solve some people who actually have the time and interest who can sort of push things in the right direction.

And the very early stages of these Internet governance discussions, some of these groups kind of formed quite organically and there was this sort of Internet collaboration group which consisted of various people an organisations from the technical community who wanted to discuss Internet governance things. But there was never a clear structure or a clear hierarchy, and I think in response to both having to interact in the IGF in a very sort of UN structure where you need to show representation and accountability, there was a need to try to define this group, and ?? but at the same time, you need to do that without introducing too much bureaucracy and without actually pointing these sometimes self?appointed representatives of the technical community. And so this Internet collaboration .org was formed and it was an attempt to try to define who the technical community was, who they are and how they work and etc.. and out of this, we also produced this principles document on Internet governance and other things. What we talked about some technical principles like open?end inclusive participation, consensus?based decision?making, permissionless innovation, collective stewardship and empowerment, transparency, pragmatic and evidence?based approach and voluntary adoption. And I want to stop there, but I'll just ?? I'm not going to stop there. I'm going to make one quick comment before I stop. I think that's actually one of the big challenges we have here: How do we ensure that things that happen in the Internet governance sphere, that will affect people in the operators community, how do we ensure that we have good people there who actually represent this community, who can speak for this community in a good way without necessarily creating this new hierarchy, this new job title of people who just want to do this to make a career, and how do we ensure that the stuff that goes on in the Internet governance spheres actually come back to this community? I think that's a huge challenge and I think this panel, it's an effort to do it, but it is ?? we need to do a lot, lot more. We are trying to cover so many complex issues here in an hour, and at the same time, I'd actually like to have a discussion with the people out there.

FILIZ YILMAZ: On that note. Let's move on. Patrik, you want to say something, one minute, and then Maria, and then we will open the mics. Please, think of your questions if you have any.

PATRIK FALSTROM: The big question, of course, to continue with what Olaf said is, what I think all of you should think about, and I think you should question whether the process that we have here for the policy development is open enough. I think it's really important to continue the evolution of the multi?stakeholder processes we do have already, because that evolution is something that I think, and I personally think is going too slowly. If it is the case that the RIPE NCC is one of the places where the policy of IP addresses is to continue because I presume that is what you want, the question is whether you believe that the policy development process here is stable enough to receive the input from all stakeholders in the world. Whether you believe that you have written enough papers and enough RIPE statements so that you can take over the responsibility of doing part of the audit of IANA, because there is a transition of the stewardship going on. If you don't think that you have done enough, the follow?up question is: Will you be ready in September 2015, given the amount of time it takes to write a paper in this community?

FILIZ YILMAZ: Thank you, Patrik. Maria.

MARIA HALL: I have a short comment to Jari. You said that this text from the NETmundial meeting, it lacked a few areas, and I was just thinking isn't the lack or the absence of a few areas in these kind of text also rather good?


FILIZ YILMAZ: All right. I'm not going to do ?? normally, we prepare for final remarks, but let's open the mics now and hear from the floor and that may hopefully trigger some thoughts. Great, we have already one volunteer. Please go ahead, Shane.

AUDIENCE SPEAKER: Shane Kerr. I assure you I'm only speaking for myself here. So, I guess from my point of view, a lot of activities that you guys discussed in the context of Internet governance have been kind of going on for decades, or at least since, you know, the early 21st century, trying to establish the relationship around ICANN and the IANA and this kind of thing. What's new to me, as far as things that are important and interesting for us as the Internet community, is, frankly, the Snowden stuff; is the NSA looking at my mail, right? And I know that's been touched on here, but I think it's also something that's different, because, historically, as far as I can tell, most technical communities, the IETF, RIPE, the other RIR meetings, but even like software development open source meetings have tried to stay as far away from governance and governments as possible and it's weird to say that because we have just heard a whole panel of people who spent a lot of time worrying about governance. I think for the most part people kind of wish it would go away. But, with Snowden, we can do things to protect ourselves from monitoring, and Jari talked about that from the IETF, from the technical point of view, but I don't think anyone would disagree that, really, in order to truly solve it and kind of take back and control the Internet, we actually need to start engaging in the political process. And I don't mean inventing new ways for multi?stakeholder things; I mean elections and marching and the old politics; like, who on the panel here is representing the Socialist Party or the Labour Party, or things like that? These are the people who pass the laws and appoint the officials who we want to join in this multi?stakeholder thing. So, I don't know how to get from where we are at today and I don't know if the RIPE community is really the right place to start engaging in old?fashioned politics, but I don't think there is actually a better place, so ?? anyway, I am done ranting. I'd like to hear what you guys have to say.

FILIZ YILMAZ: It was a long intro for a question, but I think it's an interesting point where technical community as a technical community, are we well?prepared for these arenas who seem to be political now.

OLAF KOLKMAN: Shane, I think that you hit on a good point. This is where we, as engineers, can make the world a better place by protocol developers or people who develop technology, can make the world a better place. On the other hand, Wicket was sort of a wake up called ?? wicked the treaty ?? ITU treaty thing that happened in 2012, I believe it was ?? was sort of a wake up call where people said hey you Internet folk, we have all these issues with respect to spam and development and exchange fees and monetising and what have you, those are all ?? these things, because of the success of the Internet have become public policy issues, so this constant battle between publically policy and taking responsibility for what we do as technologists ??

SHANE KERR: A battle?

OLAF KOLKMAN: We collectively seem to fail to get the message through that we are doing things to cope with spam, that we are doing things to cope with these public policy issues. And I think that that conversation between what we do as technology gists and what the Socialist Party or the Pirate Party or the Liberals or the right?wing parties do for us, as civilians, to protect that open Internet that we do, that's two conversations to have. And I think that is sort of the value of this multi?stakeholder thing that you find each other and actually have that conversation. This is what we can do as technologists. This is what you can do as public policy, to drive public policy and if we meet in a room and we talk out of that room and we have an agreement of that is the right direction, we end up in a better place. And I think that's what we're sort of driving towards.

SHANE KERR: It still seems to me like you're trying to say that we should educate and inform the people who are actually making the decisions and I'm kind of suggesting that maybe we should be making those decisions.

FILIZ YILMAZ: Self?reflection. Do you want to touch on that? Let's go with Patrik first and then Nurani.

PATRIK FALSTROM: This is what he meant between the lines when I said is this process here really open enough? Do all stakeholder groups, also the non?technical community, feel that their ideas and their needs, including the public policy issues, can be included in the policy development process that is used here?

NURANI NIMPUNO: Three very quick points. One is that I think we need to recognise that all the different stakeholder groups actually have a role to play. I think we very ?? too often fall into this, but come on we're the technical community, leave it to us, it's worked so far and I mean I think, I'd much rather sit in a room with Patrik and discuss things because we kind of have the same view on a lot of things, but the Internet is not just, you know, for the technical community. It is part of national infrastructure now. And there are civil society aspects to that, governments have certain responsibilities. So, I think you know, point one, we need to recognise that all the stakeholders have a role to play and we need to talk to them.

Second point is, I think, again, we often also fall into this, do we want to have control of the, for example, IP policy process or do we want to give it to the UN? And I think while we need to be aware of the real threats that are out there, I think Patrik said in a good way, how do we make sure that the processes that we have are inclusive enough and actually work well enough to address these issues? How do we make sure that we have an IETF that not only respond to concerns of pervasive monitoring but actually does it work and how do we make sure that people know about that?

Third point, and I agree with you, Shane, I think ?? I believe in this multi?stakeholder model which has become a cliche for a lot of people and it's a very tough model if you look at it on the global scale and I think what you, as technical people have as part of the of of your responsibility is push this multi?stakeholder model at home, to work with governments and policy people and civil society in your countries to shape the policies in your country. I think ?? and companies, yes. But I think that is ?? the multi?stakeholder model is a very hard model to work in, but I think really good examples on national levels, where it works and where you get this informed discussions, you get governments who make wise decisions because they have actually talked to the technologists about how it works.

FILIZ YILMAZ: Thank you. Now, I'm going to close the mics now, because we are already having ?? Shane, sorry, ?? we'd better move on. People have been waiting.

SHANE KERR: I do want to just finish, I know it's evil of me to hog the mic. I would suggest that we have a way to find out if people are well represented, we ask them and the way we ask them are collections, so that's it.


AUDIENCE SPEAKER: Alexander, I am from Russian Federation. Okay, I was listening to you for an hour, and I was thinking I'm not a nurse, because, as all Russians now knows, the grateful host of Mr. Snowden, Mr. Putin informed that Internet was invented by CIA just to spy for everyone. You mentioned NETmundial, okay. Russian Minister of telecommunications, who was at NETmundial said that all Internet governance must be done by supervision of ITU and later that he made a press release that NETmundial that final documents were not transparent. So my question is: what are you going to do with all your good thoughts and ideas and everything when you have a huge hole in the Internet governance landscape, 1,000 kilometres away, what would you do? You have great ideas, but there are a lot of places on earth where your ideas are not accepted. The good ideas of representation of technical community is excellent, but if no one listens, at least it's Russia, okay you do not live in Russia, it's not your problem, but what would you do. What do you comment the Russians to do in this case? Because, okay, final statement, maybe: Russian Parliament Duma makes about 30 lows of what must be filtered on Internet. You are all talking about Snowden revelations, about pervasive monitoring and something like this, but now we have net problems, instant censorship actually working on the Internet without any supervision, what are you talking about?

FILIZ YILMAZ: Thank you.

PATRIK FALSTROM: Try to engage with the people that you feel are problematic. That's the only way of moving forward. I myself spent regarding about what you say about filtering, several hours with the Russian representative at ICANN to explain how to solve the problem the person has instead of doing what they are doing, because they have certain issues. I am ?? and many people in the room is trying to start a Persian IETF to have a multi?make shoulder discussion to have include technical community and other stakeholder groups and the Government of Iran, that is not easy, so we need to try to, like Nurani said, to sit down in the same room even though we have different views, because the people that do feel that they have public policy needs, which are the people that believe that they are elected, which goes back to Shane's argument, they want to and feel that they have to implement that needs in one way or another. And sometimes the best thing which can do, for example, from the technical community, is try to help them to implement whatever they have as a need in a way that is the best way possible for us. So engaging with these people is the best way of moving forward. I do know it's hard but it's the best thing we can do, unfortunately.

FILIZ YILMAZ: Ladies. On that corner.

AUDIENCE SPEAKER: Thank you. My name is Salam Yamout, I come from Lebanon, and I'm here to say that Internet governance is not going to go away. I have been been on both sides of the fence from the public sector point of view and from the private sector point of view and from civil society. I have seen it happening from the US point of view, from the small country where I come from point of view, and the problem is getting worse as a matter of fact. There is more and more attacks on the Internet who is going to govern in a way the Internet. And the dialogue is taking place, there are several foras are happening, except that there are a lot of people that feel that they are not allowed to play, that they are not included in the game. And the big elephant in the room, of course, is our Government going to be able to play? And, if so, what is the rule of their interference? So I'm here to just say that there should not be that wall between the technical community and the policy makers because at the end of the day the policy makers are going to come and they are going to ruin the game. So, picking up on Shane and other people who are talked today, the engagement, we have to as technical community, believe that we are the people who ?? we are the father or the mother of that Internet and it's up to us to engage all the people and in order to ?? in order for this ?? for the Internet to keep on working the way we want it to work.

FILIZ YILMAZ: Thank you. I'll move on with Izumi, just a reminder, the mics are closed and I'm going to steal five minutes from the coffee break, we don't get that much interest for this kind of thing from this community so let's move on.

NURANI NIMPUNO: We're always so good. There are lots of people ?? well, you know, behind the mics, do we have to stick to the time? Can we not ??

FILIZ YILMAZ: No, but I want to hear from the floor, so let's hear the questions and then all together if you have, we have time, we will come back to you to respond, okay.

AUDIENCE SPEAKER: Izumi from JPNIC, we are the national version of the Japanese version of what RIPE NCC does and I'm quite new to this area of Internet governance so I can really understand the comment that Shane has made as well as those people in the panel. And I think there are different various levels of how people can get involved. So the most committed way of giving contribution is of course directly getting involved in the discussions of Internet governance forums, but I think there are many misunderstandings of, or misconceptions of some of the issues related to spam or capacity building or training for developing countries where the technical communities already do so much work and it's just a matter of communicating to these people that we are already doing things. And so, we need, I think, some kind of, I don't know if that would be a document or some way of demonstrating that we do these kind of things, so maybe we can have like some people volunteering to gather information about the things that we already do, not necessarily joining the discussions on the Internet governance related forums and then we can also have people who actually join these forums in discussions and explaining what the technical community do, so that way people can choose how they want to be involved depending on, you know, the level of commitment that they want to have, and so that might be something that would be helpful. And one more point is, we tend to focus a lot on events, but it might be helpful to have information based on themes such as security and even within security there are various areas such as spam or ?? yeah, training for developing countries and what would be the kind of inputs that would be helpful to have from the technical community, would it be like giving comments on a certain event or would it be gathering expertise and summarising or, I think having these kind of things would be helpful. That's my personal observation.

FILIZ YILMAZ: Thank you. Daniel.

AUDIENCE SPEAKER: Daniel Karrenberg from the RIPE NCC, but speaking for myself this time. I'd like to make a plea for focus. All we discussed in the forum, the panel discussed, are quite important things for each of us individually to have in our consciousness and to have to influence our decisions. But I think we're here in the RIPE Meeting and RIPE has a quite broad scope but still a defined scope. And that's network operations and you could say the part of Internet governance that has to do with that. I see a number of things that are relevant to this group, one is obviously Address Policy and the global Address Policy and IANA's operations as far as this is concerned. There is a small little bit which is DNS route server operations which is being drawn into this whole discussion, I don't think it should be, but it's been drawn into this whole discussion, and the RIPE NCC operates a route server and takes guidance from this group. And, of course, we all have to do with DNS in one way or another but we definitely, as RIPE, have always decided to stay out of what Rob called the other day the casino part of the DNS game, we are looking at it from the ISP side. And I think what we should do and we also should do in the Cooperation Working Group that's coming up is concentrate on these things and I think what happens in the landscape in 2014 is the intention of the US Government of getting out of this game, they are getting out of this game in terms of oversight, but they are also getting out of this game in terms of contracting the operations. And that's where we, as a group, should actually concentrate to see, to speak with Patrik, are our processes good enough, you know, to also support this on the global scale? My personal opinion is that they are. We have not been doing this just in the 21st century; we have actually been doing this in the end of the 20th century already, because what we have built here with RIPE is a multi?stakeholder and very open environment. Anybody can walk oft streets, and we have governments walk in off the streets, both first informally and then formally in the Cooperation Working Group a little bit more, so I think we are in pretty good shape as far as our region is concerned, and I think we should concentrate here in this room and at this meeting in involving that.

All the things about pervasive monitoring, the problems our Russian friends have, and so on, are things that we can discuss ?? take into account individually and discuss during the beer, but I think we should concentrate on what RIPE is about and what the RIPE NCC does operationally.

FILIZ YILMAZ: Thank you, Paul. Thanks for waiting.

AUDIENCE SPEAKER: Thanks for the session. I just had a couple of remarks about terminology, I think one of the functions of this kind of session is to demystify terminology, but I think, in our communities, we also have to ? I will make up a word here ? we have to 'decynify', we need to get over cynicism and sarcasm over some of these terminologies, some of the concepts we're talking about here, because they actually are important and meaningful. I mean within this room, I'll admit that multi?stakeholder Internet governance is almost meaningless. I mean, Internet governance refers to everything about how the Internet is managed and developed and used and applied. It refers to actually everything that happens in this room. Multi?stakeholders means it's open to anyone with an interest. So what? You know, that's how we have been operating for 25 years. Nothing new there at all. So, it's not surprising that without looking a little bit further, that it sounds like a bunch of bullshit. But, you know, these terms were not actually made up for us, they were made up for that much, much broader community outside the room, that is both involved with and interested in how the Internet works and the terms multi?stakeholder and Internet governance actually represent discoveries, they represent discoveries of us and and of what is happening here, discoveries that were made about ten years ago back in the World Summit on the Information Society when governments were trying to work out how to best transition from industrial to the information society and the Internet was identified as a key part to that, and so, what was discovered there was this idea about Internet governance and all the complexity that is involved with actually keeping the Internet running and working and the multistakeholder model, it was given to Government for free and it was invented by and developed by a huge range of people, including us. And so those discoveries and they are real, they are the positive discoveries about how the Internet works, we should wear those badges with pride, because those discoveries are exactly that the Internet is the way it is because of multistakeholder Internet governance, but let's just remember the terms aren't for us; they are kind of really ho?hum inside this room but I think we need to get used to them and get used to using that terminology and get used to describing the Internet and our role in the Internet in those terms to people outside the room, because the terms, they really are not bullshit. We just need to get over the cynicism and the sarcasm about them and work out how to get outside of this room and represent what we're doing here. Thanks.

FILIZ YILMAZ: Thank you, Paul. Meredith.

AUDIENCE SPEAKER: I am Meredith Whittaker from Google, I'm speaking on my own behalf as usual and I'm standing between you and caffeine and sugar so I'll be quick. I think for very ?? with a very different view, I want to echo a little bit what Daniel is saying, so, I don't think that the only topics for discussion that are appropriate at RIPE are specific technical discussions of you know how we do a specific thing, right. The topics of how that impacts a broader world and creates the reality we all share are equally valid because there is you know responsibility there as well and I think that's where the term sort of policy and technical community conflate, it's basically two separate modes of creating a reality. Technology creates a policy by a de facto policy, what is built works and what is works forms the way we do things. So I think, what I do want to echo in Daniel's statement is that a lot of these, the stakes that are at play here, what could, over time, impact people's daily lives as operators, as technologists are not always clear in this discussion. Address Policy is a hugely broad term and sort of could mean anything from the way the e?mails are sent on the list announcing a new policy change to something very discreet, only one part of that could in fact could impact my daily life. So I think when these discussions are being held sort of with the intent of attracting technical buy?in and these sort of participation of the technical community, what are the stakes? How will your daily lives change if decisions that are being made now go the wrong way and what are those decisions? Because there is a lot of jargon and I'm easily bothered and not always able to understand the (bothered) import of these legalistic documents. I may not be alone. I think naming the existential threats and then naming what engagement you would like to see contra those would be a helpful way of generating more organic involvement.

FILIZ YILMAZ: With this panel, we are ?? we were trying to cover a lot at this point, I agree. But I thank you, all of you. I need to really clear the stage. I have been told that for the next session, we really need to close this off. As somebody suggested, we at RIPE meetings we have enough coffee as well as beer in the socials, so I invite everybody, go to these people and talk to them and vice versa for all those practical matters, how you can make it relate to your daily life too. Thank you.


AUDIENCE SPEAKER: I just want to make a quick announcement. For the next session after this heavy discussion, the next suggestion is going to be a fun session, celebrating 25 years of RIPE, and I'd ask you to here on time even though we ran over, you are going to have a speaker on video, so, please come back on time. Thank you.

(Coffee break)