Dear all Below are Highlights of the IGF held in Hyderabad sent to the mailing list last year. regards Mwende ---------- Forwarded message ---------- From: mwende njiraini <mwende.njiraini@gmail.com> Date: Dec 10, 2008 11:49 AM Subject: Re: IGF 2008 Highlights - Day 2 To: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> *Day 2: 4th December 2008* * * *Theme: Promoting Cybersecurity and Trust * * * *0930-1100 Panel discussions: Dimensions of Cybersecurity and Cybercrime* The internet was not originally designed with security features however with increased use of the internet security considerations arise. It is important to recognize regional, local and cultural issues that may affect cyber security and develop a relationship of trust in order to develop a framework that determines - what happens in a crisis, how to engage in law enforcement. This is important as security issues need to be addressed before there is a crisis and should be done at all levels. *Computer Emergency Response Team* * * The use of the Computer Emergency Response Team (CERT) at a regional and national level based on the framework developed by the Carnegie Mellon University (www.cert.org) as follows: 1. *Organisational * At an organisational level there should be a person responsible for security – the response to security threats need to be formalized – that is organizational incident response should be formalized. 1. *National* Formation of national CERT is necessary but not sufficient. Channels for relaying of information, mitigating threats need to be organised and tested on a regular basis. The national CERT should work with regional CERT as well as have links with law enforcement organisations. There is need for development of a strategy as well as testing of the system. Any incidents should be reviewed. The goals of CERT should include: - early detection, - short response time, - reduction of impact, - recognition of liability issues, - analysis techniques – which are forensically safe, need to be developed in advance not when time is of the essence - Alignment of with partners ITU-D study group 1 Q 22/1 is studying issues on: *Securing information and communication networks: best practices for developing a culture of Cybersecurity* The security should be implemented without damaging the nature of the internet, and protecting vulnerable groups *Introduction of cybercrime and terrorism* Traditional crime has moved online for example harassment and money laundering however there are new forms of crime in the virtual world including: - phishing, virus/malware, etc - Critical infrastructure threats – banking, transport, banking, energy, government and national security - Terrorist use of the internet to publish ideologies, raise funds, recruit new members The challenges in combating cybercrime and terrorism: - The crime scene and who is in charge with dealing with the threat. - Relevance of geographic distance - Investigative cost and the need to carry out real time investigations - Legal framework - Procedural legal problems - Complex search and seizure laws - Responsibility and data - It complex due to numerous operators involved *Questions and discussions* - Global issue – which needs coordinated effort and cooperation - in order to avoid the development of cyber havens. - Action, feedback and reaction necessary in order to update prevention mechanisms with regard to recent incidents - A relationship of trust important between the CERT and ISPs –ISPs need to provide data – this should a bottom up process - Organisations work in an eco-system –sharing of information – collecting statistics before, during and after an incident - Access (usage and querying) to the data base at the CERT should be controlled – because of privacy issues - A mutual Non-Disclosure Agreement (NDA) and formal structures should be created through a formal bottom-up process. - Network based crime raise issues associated with creating an appropriate balance between the needs of those investigating and prosecuting and rights and interests. - Need for coordination is a challenge to governments because of the lack of expertise – therefore have to rely on academia and private sector - The CERT should be an independent group of experts that should be fully empowered - Appropriate safeguards to protect the functioning of the organisation necessary as they give confidence and ensure business continuity during investigation - New institutional models based on hybrid frameworks – for example Sri-Lanka CERT was set up in June 2006 and involves government as well as skilled incident handlers (http://www.slcert.gov.lk/). - Need for increased cooperation as cyber crime is multi-jurisdiction issue – harmonization of enforcement processes and legislation approach such as that of the council of Europe. * * *Indian CERT* - The internet is used for numerous activities leading to an increase cyber attacks consequently there is a need for training on best practices and implementation. - India's legislation includes computer related offences and is currently being amended to be in line with the European cyber convention. - National CERT operates in partnership with Asia and pacific CERTs - The Indian CERT is a government lead industry initiative – that aims at creating awareness and compliance to best practices - Training of law enforcement officers on analysis of computer related crime a challenge and undertaken through PPP. - A secure national cyberspace – requires collaboration, research in technologies through a bottom-up process. - Areas of conflicting interest need to be addressed as cybercrime is a global phenomenal – these areas include conflict with individual rights, unnecessary censorship and society issues - Establishment of global alliances essential to ensure stability of internet - Sharing to data about cyber attacks is a challenge - Establishment of a CERT takes time – needs to include participation of private sector partners The ITU has identified five pillars with regard to internet security which include: 1. Legal issues 2. Technical procedural issues, Organisational structures including CERTs 3. Capacity building 4. International cooperation There is need for proactive approach to provide an early warning system for example that used in the event of natural disasters as well as need for organisation and cooperation between all stakeholders. With regard to initiating internet security measures – start with an issue where there is a common understanding for example child protection which was the basis of the launch of the child line protection. *Capacity building* *Issues* - Lack of capacity in of ISPs - Inter-south cooperation required as challenges and infrastructure similar - Retention of skilled human resources a challenge - Use of network operator groups for capacity building - Need to utilize the existing educational framework by integration of cybersecurity into curriculum – this creates sustainability in capacity building - Training should be relevant to the environment – appropriate use of technology, cost, concentrate on getting the maximum benefit – innovation in order to derive the maximum value will be based on training received - Need for collaboration platform – so as to continue sharing information - Need to focus on reality on the ground *Kind of training* - technical training - policy issues – IPv4/6 *Technical challenges* - operators need to be profitable – environment liberalized – however still certain monopolized areas – international connectivity – imbalanced competition – therefore profitability issue- cant invest in new technologies – limited investment in training *My comment*: Urgent need create of culture of cybersecurity (end-users, at organisation level and nationally) and establishment of national, regional CERTs. *14:30 - 16:00 Workshop 76 Neutrality Debate Important for You? (Network Neutrality Debate: The Implications for Development) * * * *Technical issues* All networks need to be managed High broadband connectivity principles ( http://www.tiaonline.org/gov_affairs/issues/internet_services_applications/d... ) - transparency - ability to attach any device - right to access any legal content - right to download any legal content *Economic issues* Net neutrality has significant micro and macro implications. Broadband investment influenced by the broad economic environment because of the massive investment required - Regulation is viewed more beneficial in view of the current economic crisis - More users create value to the platform - Optimal pricing structure – a possibility - may not want to charge content providers to contribute to access - Mandatory net neutrality/unbundling expected to depress investment in broadband plus may have a significant negative effect on investment NGN. - Centre for European Policy Studies – research titled: "I own the pipes, you call the tune: The net neutrality debate and its (ir) relevance for Europe" available at http://shop.ceps.eu/BookDetail.php?item_id=1755 – argues that the internet is not neutral – pro-neutrality rules/changes being proposed should be evaluated - The analogy of the roads and vehicles was used to describe net neutrality – the roads represent the pipes while the cars represent the packets/traffic – which are not regulated and may be of any shape or size. However there is regulation with regard to speed. - issue of convergence – important for users - internet to drive innovation and economic growth - activism issues are important to understand the issues - slowing down the traffic and packets on internet has a consequence of slowing down the development internet *Issues from a user perspective* - no consensus on the issues exists - Users do not necessarily want free/unlimited control – however what they want is: what they access should not be controlled - They do not want to be forced to buy their store brands or services of preferred service providers of the broadband connectivity provider. - There is no value in packaging/bundling of services – rather it is designed to sell services at a high price - Users question whether a free market would help as suppliers are out to make money – there is an economic motivation to invest – which means there is no one to look out for consumers - Need for establish anti trust/anti monopoly regulations - ISPs must be made to know that users are not willing to give up their rights thus should develop internet usage plans that are favourable to the users - suppliers must listen to consumers - Users have the power to demand what we want if only they demanded it - The investment on the internet should be allowed in all areas – core and edges without fragmenting it - networks should be built using open interfaces - end to end principle protection is significant - Users want the internet to encourage innovation - Use of restaurant analogy where the chairs, tables and food are outsourced - Users should have the ability to have access to the content they want as long as it is connected to open interfaces - Users have concern on the future of the internet; content equality and its ability to deliver content in different ways thus encouraging local innovation *My comment:* significance of net neutrality with reference to developing countries was not addressed – taking into consideration that the motivation for investment in broadband connectivity is socio-economic development thus deployment of both local and international for example submarine cable is being done by governments rather than the private sector. On 12/8/08, mwende njiraini <mwende.njiraini@gmail.com> wrote:
*5th December 2008* *930-1100 Panel Discussion Transition from IPv4 to IPv6* Based on several studies it is projected that IPv4 addresses will be globally exhausted by 2011 however address space will still be available at a local level. Seamless take up of IPv6 is expected with the exhaustion of IPv4 and there is on going discussion – to define policy to facilitate smooth transition for operators and ensure that new comers have minimum IPv6 address space allocation to start up business.
The following issues were discussed from different perspectives:
*Issues from operators' perspective*: - Deployment of IPv6 enabled equipment in the core networks should be done increment – however uptake is low because there is no extra revenue generated with the implementation of IPv6 i.e. the lack of commercial drivers. However this is expected to change with the as customer numbers grow.
- Need for upgrade – therefore operators from developed countries stand at an advantage as they have the resources and are nearly exhausted their local allocations.
- Getting operational experience is a challenge – there is need to invest in operational tools to run IPv6 in terms of software configuration utilities management and trouble shooting
- Participation in standardization – where users have equipment that supports only IPv4 – how do they access services that are available only on IPv6-based networks? The IETF is working on the transition mechanisms however the co-existence of both protocols is expected for a long time
- Operators are pushing for IPv6 support in customer premise equipment (CPE) as well as software that supports the new protocol version. However it is expected that legacy applications will be available in the foreseeable future
*Issues from a vendor perspective* - Transition has been going on for some time in the vendor world. The transition has been a long process for vendors and operators – in terms of getting the technology and standards ready
- As IP is the core of the internet – transition to ipv6 – is significant particularly with the increase of IPv6 enabled devices connected to the internet specifically mobile phones
- need to understand technology and therefore need for operational and implementation experience
- managing customer demand/expectations for IPv6 enabled services and devices
- cost of staff training
- there are mistakes that will be made – therefore need for mutual support in the implementation of v6
*Social and economic perspectives*- - Transition should be cooperative endeavour with social and economic and policy considerations
- Gradual implementation and interoperability between IPv4 and v6 expected so as to preserve the investment already made
- There is a general understanding that IPv6 will compliment and supplement the existing IPv4 as well as provide improved routing, multicasting, efficient infrastructure. The following questions however arise:
o The advantages that IPv6 offer are good reasons to invest in the new IP version. o Would transition be transparent and would backward compatibility required
- Users want the stability of the internet to be maintained and hope that IPv6 will offer opportunities for addition to personality features on the internet – this is what makes the business case
- In the India case there are a large number of service providers – and there is only a 1/8 usage – therefore demand is low – the need to enhance cultural diversity however provides opportunities to create demand through local content development including E-government programme and Info-tainment
- It is important to break the myth that IPv6 is a new internet - It is not a new internet rather continuation of the internet
- The main benefit is the address space addition- which may allow for efficiency
- There is no need to establish a deadline or regulate the implementation of IPv6 – as it will be market driven. Additionally users should have rights to use IPv4 and IETF is working on coexistence
*Policy perspective* - With the impending exhaustion of IPv4 – further implementation will be problematic – as not all players will support transition therefore it is important to examine measures – for continued use of IPv4 and possible migration of users to private IPv4 address space
- creation of action plan to be implemented by 2010 – for example offering of incentives such as tax exemption and capacity building
- examination of existing programmes and mechanisms
- establishment of taskforce of IPv4 exhaustion
- the messages of ISPs is that they must carry IPv6
- IPv4 scarcity and demand for more security are the 2 major challenges driving the uptake of IPv6
- Institution of market transfer or reclamation mechanisms of IPv4 resources not required by local internet registries to the regional internet registries when transition to IPv6 is implemented. However this would be a challenge as RIRs have no contractual authority this may create a grey market. This challenge may be overcome through a loose membership association that allows others to use others resources
- Institution of secure routing objects including PKI to authenticate users raises governance/control issues – RIRs have centralized control which may make it efficient and better able to address security issues this makes an RIR an central governance institution. Membership of security/government associations in the RIR would result in infiltration of technical, policy agendas that may make the transition to IPv6 complicated
- However it is argued that RIRs should remain neutral and trans-national institutions which: o maintain a homogenous technical group o maintain a bottom-up approach in policy making o guarantee the stability of the internet and business continuity of members
- main challenges in the deployment of IPv6 include: o lack of public education, information and skill o limited network policy decisions to make deployment happen o lack of incentive to deploy ipv6
*1100-1230 Workshop 59:Building a global capacity building curriculum framework and premier*
- Integration of IG capacity building in existing ICT and public policy courses was advocated.
- The training may be offered either online, offline or through short term executive courses.
- Collaboration between different stakeholders who have different needs is imperative in order create an understanding of the issues arising from increased used of the internet particularly those that transcend the geographical, and cultural borders.
- internet security awareness programme set up in India
- Presentations on the Diplo IG capacity building programme ( www.diplomacy.edu/ig) – including a demonstration of the online platform.
- The Diplo approach includes the training course (foundation and advanced), policy research, policy immersion and community interaction.
- The impact associated with the IG capacity building programme have been varied and impressive including the establishment of IG governance masters programme in Srilanka and the use of telecentres to disseminate IG related information.
- Diplo has successfully offered the training to professional worldwide for the last 4 years leading to the establishment of national, regional and global community
*1400-1530 Workshop 29: Building confidence and security in the use and security in the use of ICTs for African countries
*Main challenges in Africa - lack of infrastructure - lack of services
Therefore opportunity to learn from mistakes in developing countries and establish of computer emergency response team currently there is only one active CERT in Africa in Tunisia, South Africa is in the process of setting up a CERT with the deadline of 2010 before the FIFA world cup. While countries such as Morocco, Kenya and Ivory Coast are thinking about set in up CERTs.
The approach in dealing with Cybersecurity in developing countries
Success of Cybersecurity is based on 3pillars
1. *Technology pillar* – ICT/security tools –including: o PCs / networks, physical security tools, data tools (storage media and cryptography), availability of infrastructure and application (redundant servers and PKI)
2. *Methodology pillar* – policy, procedures and regulations on three levels: o managerial level (security policy, management procedures and capacity building, audit) Legislative level (law and regulation) o operational level (acces control rules, implementation plans, monitoring, watch, incidence handling) o continuity of services level ( business continuity plan, crisis management, drill exercises) - actors in this pillar include the government, security professionals and users
3. *Social behaviour pillar* – creating a culture of cyber security o cultivate culture of cyber security through continuous action of raising awareness using diverse media/channels o the target audience includes managers, decision makers, security, children, parents, teachers
*Case study: CERT-TCC - Tunisia*
*The functions of the CERT include*:
- Watch- collect information from different sources eg CISCO, HP. Microsoft, network of CERTs, community of hackers - Training - Coordination - Response - Incidence handling - Incident analysis - Awareness - Warning alert
*Key issues*:
• Information, warning and alert – carried out to in collaboration with ISPs, managers decision makers, internet community through mailing list, call centre, media
• Oriented campaign – utilizing prospectus, posters, email, radio, cartoons, video, attack simulation and guides
• Incident handling - training in new tools
• Coordination important in the effective functioning of the CERT – incident coordination procedures and information including regional CERTs, other CERTs within the country (for example Brazil has more than one CERT), ISPs and operators, vendors and integrators, and national authorities.
Need for the formation of CERTs in Africa however the challenges of lack of "know how" in IT security need to be overcome through: - capacity building - encouragement of the development of national solutions based on open source components - improved R&D capabilities and making it more responsive to urgent needs - encouraging academic research in the important topics of security (cryptography, methodologies…)
*The following questions and comments were raised*:
- the need for social engineering through the creation of a culture of cyber security to be addressed specifically because of the increased requirements by government to obligate to provide subscriber identification information
- how can African countries start up a cert- through collaboration for example with existing CERTs
- in establishing a culture of cybersecurity – consideration should be given to the fact that there are different social cultures in different countries however there is consensus on issues such as child pornography, identity theft
- how can a regional approach be developed where there are differences in level of ICT infrastructure and use of infrastructure in the delivery of services, what tools can be used to encourage decision makers to be involved in the issues of cyber security?
o It was recognised that funding and expertise was required for example AFDB, World Bank and Islamic Bank while ITU have regional workshops on cyber security
o As African countries build on infrastructure and services – there is an opportunity to learn from those that have already developed CERTs.
- How does the CERT monitor traffic: with the collaboration of ISP and operators as well as supporting legislation
- Regulators need to advice the government to use ICT in development – this is a manifestation of government commitment
- The role of policy making was emphasized – as it provides government commitment to using ICT for social economic development and governance and consequently support for cyber security initiatives – including the formulation of legislation.
- There should not use a piece meal approach to cyber security to prevent ineffectiveness for example Mauritius has electronic transaction act but PKI not yet established
On 12/5/08, mwende njiraini <mwende.njiraini@gmail.com> wrote:
Following our recent online discussions on Internet governance issues in Kenya, the Kenya IGF and East African IGF; you may wish to follow the discussion currently ongoing at the global IGF 2008 in Hyderabad India at http://www.intgovforum.org.
Below are highlights from workshops I attended on Day 1 December 3rd): *0930-1100 hrs Workshop 43: Legal aspects of governance critical internet Policy issues of public relevance* *1st presentation* The issues on that have legal implications include: • internet security intellectual property rights, infringement, privacy and protection mechanisms • IP domain name protection, conflicts arising out of data and content ownership privacy therefore increasing role of P2P in growth of internet 2 • Consumer status and rights in relation to e-commerce cross border and domestic online trade • Telecom issue viz backbone deployment and interconnection costs • Freedom of expression – the extent of censorship and control on online content
There is need for capacity building to create meaningful participation of individual and SMEs as well as increasing connectivity through building IXPs and local content development
The question was raised as to whether there a need of alternative institutional mechanism. The salient features of the MOU between ICANN and the department of commerce (DoC) include: - The affirmation of the role of private sector leadership - The role of DoC in ensuring transparency and accountability and effective GAC participation - Ensure accountability and publish by-laws and strategic and operational plans - Agreement can be terminated in 120 days
The MOU has been criticized because of the following reasons: - US governmental control on root server administration - Inconsistent with WSIS principle where no single government should have a pre-eminent role - Domain name allocation policies need better development - IPv4 address allocation have been imbalanced need to ensure IPv6 address allocation does not suffer the same effects -This assertion was however refuted as IP addresses allocation based on need. The need for prudent management and keeping barriers low for the transition to IPv6 was emphasised.
To overcome this WGIG proposed 4 models: - Global policy council - Intenational internet council with leading government role to fulfil the ICANN/IANA functions - GAC to be strengthened with enhanced coordination function - Replace US govt role by general internet council or with world ICANN (in lieu of GAC)
The common features of these models were the overwhelming government lead and the presupposition of the possibility of international treaties. During the discussion the viability of these models was questioned given that speed is of essence in the management of internet resources. It normally takes a long time to negotiate international agreements; including treaties instead a set of principles should be endorsed.
The speaker recommended on the management of critical internet infrastructure should take into consideration the following • Treatment of technical resources of the internet and global economic, social and legal aspects arising out the internet should be at par • The development and implementation of polices and standards and solutions to various internet issues should be done in a coordinated manner for example telecommunication standard development is done in a hierarchical and predictable way. • New structure would be a supreme authority over internet
In conclusion the speaker asked: Does the internet as we know it need to be altered radically? Should the status quo be maintained? Should a Red Cross model of recognition by international community states be given to an international entity like ITU, INTELSAT. However fundamental change is not necessary as failure has not been identified.
*My comment*: this presentation was descriptive and despite the fact that an alternative model was proposed the principles, mechanisms that would need to be put in place in order to make it work were not discussed
*2nd presentation* The next speaker spoke about the ccTLDs in latin Amercia which are broadly organised into two main groups: non-governmental and governmental organisations. A contribution from the floor however clarified that the Brazilian ccTLD is a multi-stakeholder – coordinated by government – but on a day by day basis operates as a non-governmental organisation. The Indian ccTLD is managed by government and private sector – sovereign interest taken care of through government representation.
The rules and regulations under which the institutions that manage the ccTLDs are managed determinate legal framework under which they operate. Consequently ccTLDs are regulated under national law while ICANN regulates gTLDs – The possibility of self regulation is based on the assumption that private sector would act in the public interest.
In the discussions some felt that there was need for increased attention of government in the management of ccTLDs – as it was critical infrastructure while on the other hand other felt that there was the risk of excessive regulation with increased involvement of government.
*1130 -1200 hrs Workshop 36: Strategies to prevent and fight child pornography in developing countries* Child pornography in Brazil has grown out of the popularity of social networking. However the main challenge has been issues related to jurisdiction as content is resident in ISP based in the USA and trans-national ISPs like Yahoo, Microsoft and Google which have branches in strategic markets and have tailored the services for these markets in terms of language and content.
Brazil was therefore unable to deal with serious offences related to content – specifically child pornography - committed by Brazilians using Brazilian IP addresses. The government has been able to sign an agreement with Google to fight child pornography on Google's orkut social network.
The following are consideration taken in drawing up the agreement 1. Which criteria should be used to define the ability of a particular country to legislate over and sanction conducts committed on the internet? - Where the data is located? - International law principles (territoriality or nationality) shall be used to define the sovereignty of a state regarding – cyber space – which is a network of networks - Define some reasonable standard – for example managed by Brazilians and is local content and local language - Access points in Brazil, harmful conduct felt in the country – taken obligation under international law to take offence – country of origin approach would force thousands of users to unfamiliar rules and travel – offence under human rights therefore apply local legislation
2. It is legitimate to enforce the conduct of local office –as it impracticable to send legal request to the US.
New tools have been implement that have reduced number of images uploaded and increase in number of reported cases- subject to investigation. It was inspiring to listen to parliamentarian talk about the need to have legislators engaged in the process as they ultimately pass the laws. I appreciated the fact that in there is great cooperation between the parliament, government, police, civil society and private sector.
The main challenges are: • Lack of awareness and participation by parliamentarians who are critical in the formulation of legislation • how to obligate ISPs to provide information without infringing on freedom of expression and privacy, • what criteria should be used to deal with these offences • the creation of awareness of ISPs in developing countries of the need for judicial cooperation as well as social initiatives to deal with cyber crime. • Insufficient infrastructure to deal with this issue – law enforcement does not have the human resources and technology • Material produced to fight child pornography are not evaluated – they should be inline with the demand
*My comment*: I would have like to know if initiatives have reduced offences, what is the success rate registered in prosecution, ability of the law enforcement and judicial system to deal with offences. There was no mention of where initiatives had been launched to fight child pornography on the financial front.
*1530-1700 Workshop 45: Opening to diversity and competition of the DNS system*
There were 3 presentations in this session:
- *1st presentation* - alternate DNS system used in library systems
- *2nd presentation* - implementation of security in the Handle system
- *3rd presentation –* discussed the Net4D
Net4D- provides the technical solution to the political concern on the control of root servers. Net4D networks enable the following:
• Empower the second generation of the web: the semantic web.
• Multi-stakeholder governance of DNS
• Net4D classes should be open and interoperable
DNS 1.0 – was a monopoly of ICANN web 1.0 html with USA parentage and English only while DNS 2.0 is open allowing for competition including inter alia:
• Net4D semantic web
• Open coherent approach to linguistic diversity
• Allow technological innovation with value added services
Concern was however raised on the:
• Investment/implementation cost required to implementation of different DNS systems depending on the BIND implemented and root servers enabled
• relinquishing of the political control of root servers
• Value to end users
• Awareness and understanding of the issues by different stakeholders necessary – delivered in a way that they can understand
*My comment*: the session was technical – I hope the techies on the mailing list can help us understand the governance issues associated with the introduction of DNS competition and the impact on developing countries :)!
Kind regards
mwende
Thanx Mwende on the highlights of the Internet Governance Forum (IGF) meeting at Hyderabad, India 2008. Quite an overload I must say - buffer overflow in technical terms ;-) Hope u will be there tmrw morning @Jacaranda to verbalize all these in simpler terms and within 10-15mins... Regards. walu. --- On Tue, 4/14/09, mwende njiraini <mwende.njiraini@gmail.com> wrote:
From: mwende njiraini <mwende.njiraini@gmail.com> Subject: [kictanet] Fwd: IGF 2008 Highlights - Reminder To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Tuesday, April 14, 2009, 3:31 PM Dear all Below are Highlights of the IGF held in Hyderabad sent to the mailing list last year. regards Mwende
---------- Forwarded message ---------- From: mwende njiraini <mwende.njiraini@gmail.com> Date: Dec 10, 2008 11:49 AM Subject: Re: IGF 2008 Highlights - Day 2 To: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke>
*Day 2: 4th December 2008*
* *
*Theme: Promoting Cybersecurity and Trust *
* *
*0930-1100 Panel discussions: Dimensions of Cybersecurity and Cybercrime*
The internet was not originally designed with security features however with increased use of the internet security considerations arise.
It is important to recognize regional, local and cultural issues that may affect cyber security and develop a relationship of trust in order to develop a framework that determines - what happens in a crisis, how to engage in law enforcement. This is important as security issues need to be addressed before there is a crisis and should be done at all levels.
*Computer Emergency Response Team*
* *
The use of the Computer Emergency Response Team (CERT) at a regional and national level based on the framework developed by the Carnegie Mellon University (www.cert.org) as follows:
1. *Organisational *
At an organisational level there should be a person responsible for security – the response to security threats need to be formalized – that is organizational incident response should be formalized.
1. *National*
Formation of national CERT is necessary but not sufficient. Channels for relaying of information, mitigating threats need to be organised and tested on a regular basis. The national CERT should work with regional CERT as well as have links with law enforcement organisations.
There is need for development of a strategy as well as testing of the system. Any incidents should be reviewed.
The goals of CERT should include:
- early detection, - short response time, - reduction of impact, - recognition of liability issues, - analysis techniques – which are forensically safe, need to be developed in advance not when time is of the essence - Alignment of with partners
ITU-D study group 1 Q 22/1 is studying issues on: *Securing information and communication networks: best practices for developing a culture of Cybersecurity*
The security should be implemented without damaging the nature of the internet, and protecting vulnerable groups
*Introduction of cybercrime and terrorism*
Traditional crime has moved online for example harassment and money laundering however there are new forms of crime in the virtual world including:
- phishing, virus/malware, etc
- Critical infrastructure threats – banking, transport, banking, energy, government and national security
- Terrorist use of the internet to publish ideologies, raise funds, recruit new members
The challenges in combating cybercrime and terrorism:
- The crime scene and who is in charge with dealing with the threat.
- Relevance of geographic distance
- Investigative cost and the need to carry out real time investigations
- Legal framework
- Procedural legal problems
- Complex search and seizure laws
- Responsibility and data
- It complex due to numerous operators involved
*Questions and discussions*
- Global issue – which needs coordinated effort and cooperation - in order to avoid the development of cyber havens.
- Action, feedback and reaction necessary in order to update prevention mechanisms with regard to recent incidents
- A relationship of trust important between the CERT and ISPs –ISPs need to provide data – this should a bottom up process
- Organisations work in an eco-system –sharing of information – collecting statistics before, during and after an incident
- Access (usage and querying) to the data base at the CERT should be controlled – because of privacy issues
- A mutual Non-Disclosure Agreement (NDA) and formal structures should be created through a formal bottom-up process.
- Network based crime raise issues associated with creating an appropriate balance between the needs of those investigating and prosecuting and rights and interests.
- Need for coordination is a challenge to governments because of the lack of expertise – therefore have to rely on academia and private sector
- The CERT should be an independent group of experts that should be fully empowered
- Appropriate safeguards to protect the functioning of the organisation necessary as they give confidence and ensure business continuity during investigation
- New institutional models based on hybrid frameworks – for example Sri-Lanka CERT was set up in June 2006 and involves government as well as skilled incident handlers (http://www.slcert.gov.lk/).
- Need for increased cooperation as cyber crime is multi-jurisdiction issue – harmonization of enforcement processes and legislation approach such as that of the council of Europe.
* *
*Indian CERT*
- The internet is used for numerous activities leading to an increase cyber attacks consequently there is a need for training on best practices and implementation.
- India's legislation includes computer related offences and is currently being amended to be in line with the European cyber convention.
- National CERT operates in partnership with Asia and pacific CERTs
- The Indian CERT is a government lead industry initiative – that aims at creating awareness and compliance to best practices
- Training of law enforcement officers on analysis of computer related crime a challenge and undertaken through PPP.
- A secure national cyberspace – requires collaboration, research in technologies through a bottom-up process.
- Areas of conflicting interest need to be addressed as cybercrime is a global phenomenal – these areas include conflict with individual rights, unnecessary censorship and society issues
- Establishment of global alliances essential to ensure stability of internet
- Sharing to data about cyber attacks is a challenge
- Establishment of a CERT takes time – needs to include participation of private sector partners
The ITU has identified five pillars with regard to internet security which include:
1. Legal issues 2. Technical procedural issues, Organisational structures including CERTs 3. Capacity building 4. International cooperation
There is need for proactive approach to provide an early warning system for example that used in the event of natural disasters as well as need for organisation and cooperation between all stakeholders.
With regard to initiating internet security measures – start with an issue where there is a common understanding for example child protection which was the basis of the launch of the child line protection.
*Capacity building*
*Issues*
- Lack of capacity in of ISPs
- Inter-south cooperation required as challenges and infrastructure similar
- Retention of skilled human resources a challenge
- Use of network operator groups for capacity building
- Need to utilize the existing educational framework by integration of cybersecurity into curriculum – this creates sustainability in capacity building
- Training should be relevant to the environment – appropriate use of technology, cost, concentrate on getting the maximum benefit – innovation in order to derive the maximum value will be based on training received
- Need for collaboration platform – so as to continue sharing information
- Need to focus on reality on the ground
*Kind of training*
- technical training
- policy issues – IPv4/6
*Technical challenges*
- operators need to be profitable – environment liberalized – however still certain monopolized areas – international connectivity – imbalanced competition – therefore profitability issue- cant invest in new technologies – limited investment in training
*My comment*: Urgent need create of culture of cybersecurity (end-users, at organisation level and nationally) and establishment of national, regional CERTs.
*14:30 - 16:00 Workshop 76 Neutrality Debate Important for You? (Network Neutrality Debate: The Implications for Development) *
* *
*Technical issues*
All networks need to be managed
High broadband connectivity principles
( http://www.tiaonline.org/gov_affairs/issues/internet_services_applications/d... )
- transparency
- ability to attach any device
- right to access any legal content
- right to download any legal content
*Economic issues*
Net neutrality has significant micro and macro implications. Broadband investment influenced by the broad economic environment because of the massive investment required
- Regulation is viewed more beneficial in view of the current economic crisis
- More users create value to the platform
- Optimal pricing structure – a possibility - may not want to charge content providers to contribute to access
- Mandatory net neutrality/unbundling expected to depress investment in broadband plus may have a significant negative effect on investment NGN.
- Centre for European Policy Studies – research titled: "I own the pipes, you call the tune: The net neutrality debate and its (ir) relevance for Europe" available at http://shop.ceps.eu/BookDetail.php?item_id=1755 – argues that the internet is not neutral – pro-neutrality rules/changes being proposed should be evaluated
- The analogy of the roads and vehicles was used to describe net neutrality – the roads represent the pipes while the cars represent the packets/traffic – which are not regulated and may be of any shape or size. However there is regulation with regard to speed.
- issue of convergence – important for users
- internet to drive innovation and economic growth
- activism issues are important to understand the issues
- slowing down the traffic and packets on internet has a consequence of slowing down the development internet
*Issues from a user perspective*
- no consensus on the issues exists
- Users do not necessarily want free/unlimited control – however what they want is: what they access should not be controlled
- They do not want to be forced to buy their store brands or services of preferred service providers of the broadband connectivity provider.
- There is no value in packaging/bundling of services – rather it is designed to sell services at a high price
- Users question whether a free market would help as suppliers are out to make money – there is an economic motivation to invest – which means there is no one to look out for consumers
- Need for establish anti trust/anti monopoly regulations
- ISPs must be made to know that users are not willing to give up their rights thus should develop internet usage plans that are favourable to the users - suppliers must listen to consumers
- Users have the power to demand what we want if only they demanded it
- The investment on the internet should be allowed in all areas – core and edges without fragmenting it - networks should be built using open interfaces - end to end principle protection is significant
- Users want the internet to encourage innovation
- Use of restaurant analogy where the chairs, tables and food are outsourced
- Users should have the ability to have access to the content they want as long as it is connected to open interfaces
- Users have concern on the future of the internet; content equality and its ability to deliver content in different ways thus encouraging local innovation
*My comment:* significance of net neutrality with reference to developing countries was not addressed – taking into consideration that the motivation for investment in broadband connectivity is socio-economic development thus deployment of both local and international for example submarine cable is being done by governments rather than the private sector.
On 12/8/08, mwende njiraini <mwende.njiraini@gmail.com> wrote:
*5th December 2008* *930-1100 Panel Discussion Transition from IPv4 to
Based on several studies it is projected that IPv4 addresses will be globally exhausted by 2011 however address space will still be available at a local level. Seamless take up of IPv6 is expected with the exhaustion of IPv4 and there is on going discussion – to define
smooth transition for operators and ensure that new comers have minimum IPv6 address space allocation to start up business.
The following issues were discussed from different
IPv6* policy to facilitate perspectives:
*Issues from operators' perspective*: - Deployment of IPv6 enabled equipment in the core
increment – however uptake is low because there is no extra revenue generated with the implementation of IPv6 i.e. the lack of commercial drivers. However this is expected to change with the as customer numbers grow.
- Need for upgrade – therefore operators from developed countries stand at an advantage as they have the resources and are nearly exhausted their local allocations.
- Getting operational experience is a challenge –
in operational tools to run IPv6 in terms of software configuration utilities management and trouble shooting
- Participation in standardization – where users have equipment that supports only IPv4 – how do they access services
IPv6-based networks? The IETF is working on the
however the co-existence of both protocols is expected for a long time
- Operators are pushing for IPv6 support in customer
(CPE) as well as software that supports the new
is expected that legacy applications will be available in the foreseeable future
*Issues from a vendor perspective* - Transition has been going on for some time in the vendor world. The transition has been a long process for vendors and operators – in terms of getting the technology and standards ready
- As IP is the core of the internet – transition to ipv6 – is significant particularly with the increase of IPv6 enabled devices connected to the internet specifically mobile phones
- need to understand technology and therefore need for operational and implementation experience
- managing customer demand/expectations for IPv6 enabled services and devices
- cost of staff training
- there are mistakes that will be made – therefore need for mutual support in the implementation of v6
*Social and economic perspectives*- - Transition should be cooperative endeavour with social and economic and policy considerations
- Gradual implementation and interoperability between IPv4 and v6 expected so as to preserve the investment already made
- There is a general understanding that IPv6 will compliment and supplement the existing IPv4 as well as provide improved routing, multicasting, efficient infrastructure. The following questions however arise:
o The advantages that IPv6 offer are good reasons to invest in the new IP version. o Would transition be transparent and would backward compatibility required
- Users want the stability of the internet to be
IPv6 will offer opportunities for addition to
internet – this is what makes the business case
- In the India case there are a large number of service providers – and there is only a 1/8 usage – therefore demand is low – the need to enhance cultural diversity however provides opportunities to create demand through local content development including E-government
networks should be done there is need to invest that are available only on transition mechanisms premise equipment protocol version. However it maintained and hope that personality features on the programme and Info-tainment
- It is important to break the myth that IPv6 is a new
a new internet rather continuation of the internet
- The main benefit is the address space addition- which may allow for efficiency
- There is no need to establish a deadline or regulate
of IPv6 – as it will be market driven. Additionally users should have rights to use IPv4 and IETF is working on coexistence
*Policy perspective* - With the impending exhaustion of IPv4 – further implementation will be problematic – as not all players will support
important to examine measures – for continued use of IPv4 and possible migration of users to private IPv4 address space
- creation of action plan to be implemented by 2010 – for example offering of incentives such as tax exemption and capacity building
- examination of existing programmes and mechanisms
- establishment of taskforce of IPv4 exhaustion
- the messages of ISPs is that they must carry IPv6
- IPv4 scarcity and demand for more security are the 2 major challenges driving the uptake of IPv6
- Institution of market transfer or reclamation mechanisms of IPv4 resources not required by local internet registries to
registries when transition to IPv6 is implemented. However this would be a challenge as RIRs have no contractual authority this may create a grey market. This challenge may be overcome through a loose membership association that allows others to use others resources
- Institution of secure routing objects including PKI to authenticate users raises governance/control issues – RIRs have centralized control which may make it efficient and better able to address security issues this makes an RIR an central governance institution. Membership of security/government associations in the RIR would result in infiltration of technical, policy agendas that may make the transition to IPv6 complicated
- However it is argued that RIRs should remain neutral and trans-national institutions which: o maintain a homogenous technical group o maintain a bottom-up approach in policy making o guarantee the stability of the internet and business continuity of members
- main challenges in the deployment of IPv6 include: o lack of public education, information and skill o limited network policy decisions to make deployment happen o lack of incentive to deploy ipv6
*1100-1230 Workshop 59:Building a global capacity building curriculum framework and premier*
- Integration of IG capacity building in existing ICT and public policy courses was advocated.
- The training may be offered either online, offline or through short term executive courses.
- Collaboration between different stakeholders who have different needs is imperative in order create an understanding of the issues arising from increased used of the internet particularly those that
geographical, and cultural borders.
- internet security awareness programme set up in India
- Presentations on the Diplo IG capacity building
www.diplomacy.edu/ig) – including a demonstration of
internet - It is not the implementation transition therefore it is the regional internet transcend the programme ( the online platform.
- The Diplo approach includes the training course
advanced), policy research, policy immersion and community interaction.
- The impact associated with the IG capacity building
varied and impressive including the establishment of IG governance masters programme in Srilanka and the use of telecentres to disseminate IG related information.
- Diplo has successfully offered the training to
the last 4 years leading to the establishment of national, regional and global community
*1400-1530 Workshop 29: Building confidence and security in the use and security in the use of ICTs for African countries
*Main challenges in Africa - lack of infrastructure - lack of services
Therefore opportunity to learn from mistakes in developing countries and establish of computer emergency response team currently there is only one active CERT in Africa in Tunisia, South Africa is in
up a CERT with the deadline of 2010 before the FIFA world cup. While countries such as Morocco, Kenya and Ivory Coast are
up CERTs.
The approach in dealing with Cybersecurity in developing countries
Success of Cybersecurity is based on 3pillars
1. *Technology pillar* – ICT/security tools –including: o PCs / networks, physical security tools, data tools (storage media and cryptography), availability of infrastructure and application (redundant servers and PKI)
2. *Methodology pillar* – policy, procedures and regulations on three levels: o managerial level (security policy, management
building, audit) Legislative level (law and regulation) o operational level (acces control rules, implementation plans, monitoring, watch, incidence handling) o continuity of services level ( business continuity
management, drill exercises) - actors in this pillar include the government, security professionals and users
3. *Social behaviour pillar* – creating a culture of cyber security o cultivate culture of cyber security through continuous action of raising awareness using diverse media/channels o the target audience includes managers, decision makers, security, children, parents, teachers
*Case study: CERT-TCC - Tunisia*
*The functions of the CERT include*:
- Watch- collect information from different sources eg CISCO, HP. Microsoft, network of CERTs, community of hackers - Training - Coordination - Response - Incidence handling - Incident analysis - Awareness - Warning alert
*Key issues*:
• Information, warning and alert – carried out to in collaboration with ISPs, managers decision makers, internet community
call centre, media
• Oriented campaign – utilizing prospectus,
cartoons, video, attack simulation and guides
• Incident handling - training in new tools
• Coordination important in the effective functioning of the CERT – incident coordination procedures and information including regional CERTs, other CERTs within the country (for example Brazil has more than one CERT), ISPs and operators, vendors and integrators, and national authorities.
Need for the formation of CERTs in Africa however the challenges of lack of "know how" in IT security need to be overcome through: - capacity building - encouragement of the development of national solutions based on open source components - improved R&D capabilities and making it more responsive to urgent needs - encouraging academic research in the important topics of security (cryptography, methodologies…)
*The following questions and comments were raised*:
- the need for social engineering through the creation of a culture of cyber security to be addressed specifically because of
(foundation and programme have been professional worldwide for the process of setting thinking about set in procedures and capacity plan, crisis through mailing list, posters, email, radio, the increased
requirements by government to obligate to provide subscriber identification information
- how can African countries start up a cert- through
collaboration for > example with existing CERTs > > - in establishing a culture of cybersecurity – consideration should be > given to the fact that there are different social cultures in different > countries however there is consensus on issues such as child pornography, > identity theft > > - how can a regional approach be developed where there are differences in > level of ICT infrastructure and use of infrastructure in the delivery of > services, what tools can be used to encourage decision makers to be involved > in the issues of cyber security? > > o It was recognised that funding and expertise was required for example > AFDB, World Bank and Islamic Bank while ITU have regional workshops on cyber > security > > o As African countries build on infrastructure and services – there is an > opportunity to learn from those that have already developed CERTs. > > - How does the CERT monitor traffic: with the collaboration of ISP and > operators as well as supporting legislation > > - Regulators need to advice the government to use ICT in development – this > is a manifestation of government commitment > > - The role of policy making was emphasized – as it provides government > commitment to using ICT for social economic development and governance and > consequently support for cyber security initiatives – including the > formulation of legislation. > > - There should not use a piece meal approach to cyber security to prevent > ineffectiveness for example Mauritius has electronic transaction act but PKI > not yet established > > > > On 12/5/08, mwende njiraini <mwende.njiraini@gmail.com> wrote: >> >> Following our recent online discussions on Internet governance issues in >> Kenya, the Kenya IGF and East African IGF; you may wish to follow the >> discussion currently ongoing at the global IGF 2008 in Hyderabad India at >> http://www.intgovforum.org. >> >> Below are highlights from workshops I attended on Day 1 December 3rd): >> *0930-1100 hrs Workshop 43: Legal aspects of governance critical >> internet Policy issues of public relevance* >> *1st presentation* >> The issues on that have legal implications include: >> • internet security intellectual property rights, infringement, privacy >> and protection mechanisms >> • IP domain name protection, conflicts arising out of data and content >> ownership privacy therefore increasing role of P2P in growth of internet 2 >> • Consumer status and rights in relation to e-commerce cross border and >> domestic online trade >> • Telecom issue viz backbone deployment and interconnection costs >> • Freedom of expression – the extent of censorship and control on online >> content >> >> There is need for capacity building to create meaningful participation of >> individual and SMEs as well as increasing connectivity through building IXPs >> and local content development >> >> The question was raised as to whether there a need of alternative >> institutional mechanism. >> The salient features of the MOU between ICANN and the department of >> commerce (DoC) include: >> - The affirmation of the role of private sector leadership >> - The role of DoC in ensuring transparency and accountability and >> effective GAC participation >> - Ensure accountability and publish by-laws and strategic and operational >> plans >> - Agreement can be terminated in 120 days >> >> The MOU has been criticized because of the following reasons: >> - US governmental control on root server administration >> - Inconsistent with WSIS principle where no single government should have >> a pre-eminent role >> - Domain name allocation policies need better development >> - IPv4 address allocation have been imbalanced need to ensure IPv6 address >> allocation does not suffer the same effects -This assertion was however >> refuted as IP addresses allocation based on need. The need for prudent >> management and keeping barriers low for the transition to IPv6 was >> emphasised. >> >> To overcome this WGIG proposed 4 models: >> - Global policy council >> - Intenational internet council with leading government role to fulfil the >> ICANN/IANA functions >> - GAC to be strengthened with enhanced coordination function >> - Replace US govt role by general internet council or with world ICANN (in >> lieu of GAC) >> >> The common features of these models were the overwhelming government lead >> and the presupposition of the possibility of international treaties. During >> the discussion the viability of these models was questioned given that speed >> is of essence in the management of internet resources. It normally takes a >> long time to negotiate international agreements; including treaties instead >> a set of principles should be endorsed. >> >> The speaker recommended on the management of critical internet >> infrastructure should take into consideration the following >> • Treatment of technical resources of the internet and global economic, >> social and legal aspects arising out the internet should be at par >> • The development and implementation of polices and standards and >> solutions to various internet issues should be done in a coordinated manner >> for example telecommunication standard development is done in a hierarchical >> and predictable way. >> • New structure would be a supreme authority over internet >> >> In conclusion the speaker asked: Does the internet as we know it need to >> be altered radically? Should the status quo be maintained? Should a Red >> Cross model of recognition by international community states be given to an >> international entity like ITU, INTELSAT. However fundamental change is not >> necessary as failure has not been identified. >> >> *My comment*: this presentation was descriptive and despite the fact that >> an alternative model was proposed the principles, mechanisms that would need >> to be put in place in order to make it work were not discussed >> >> *2nd presentation* >> The next speaker spoke about the ccTLDs in latin Amercia which are broadly >> organised into two main groups: non-governmental and governmental >> organisations. A contribution from the floor however clarified that the >> Brazilian ccTLD is a multi-stakeholder – coordinated by government – but on >> a day by day basis operates as a non-governmental organisation. The Indian >> ccTLD is managed by government and private sector – sovereign interest taken >> care of through government representation. >> >> The rules and regulations under which the institutions that manage the >> ccTLDs are managed determinate legal framework under which they operate. >> Consequently ccTLDs are regulated under national law while ICANN regulates >> gTLDs – The possibility of self regulation is based on the assumption that >> private sector would act in the public interest. >> >> In the discussions some felt that there was need for increased attention >> of government in the management of ccTLDs – as it was critical >> infrastructure while on the other hand other felt that there was the risk of >> excessive regulation with increased involvement of government. >> >> *1130 -1200 hrs Workshop 36: Strategies to prevent and fight child >> pornography in developing countries* >> Child pornography in Brazil has grown out of the popularity of social >> networking. However the main challenge has been issues related to >> jurisdiction as content is resident in ISP based in the USA and >> trans-national ISPs like Yahoo, Microsoft and Google which have branches in >> strategic markets and have tailored the services for these markets in terms >> of language and content. >> >> Brazil was therefore unable to deal with serious offences related to >> content – specifically child pornography - committed by Brazilians using >> Brazilian IP addresses. The government has been able to sign an agreement >> with Google to fight child pornography on Google's orkut social network. >> >> The following are consideration taken in drawing up the agreement >> 1. Which criteria should be used to define the ability of a particular >> country to legislate over and sanction conducts committed on the internet? >> - Where the data is located? >> - International law principles (territoriality or nationality) shall be >> used to define the sovereignty of a state regarding – cyber space – which is >> a network of networks >> - Define some reasonable standard – for example managed by Brazilians and >> is local content and local language >> - Access points in Brazil, harmful conduct felt in the country – taken >> obligation under international law to take offence – country of origin >> approach would force thousands of users to unfamiliar rules and travel – >> offence under human rights therefore apply local legislation >> >> 2. It is legitimate to enforce the conduct of local office –as it >> impracticable to send legal request to the US. >> >> >> New tools have been implement that have reduced number of images uploaded >> and increase in number of reported cases- subject to investigation. It was >> inspiring to listen to parliamentarian talk about the need to have >> legislators engaged in the process as they ultimately pass the laws. I >> appreciated the fact that in there is great cooperation between the >> parliament, government, police, civil society and private sector. >> >> The main challenges are: >> • Lack of awareness and participation by parliamentarians who are critical >> in the formulation of legislation >> • how to obligate ISPs to provide information without infringing on >> freedom of expression and privacy, >> • what criteria should be used to deal with these offences >> • the creation of awareness of ISPs in developing countries of the need >> for judicial cooperation as well as social initiatives to deal with cyber >> crime. >> • Insufficient infrastructure to deal with this issue – law enforcement >> does not have the human resources and technology >> • Material produced to fight child pornography are not evaluated – they >> should be inline with the demand >> >> *My comment*: I would have like to know if initiatives have reduced >> offences, what is the success rate registered in prosecution, ability of the >> law enforcement and judicial system to deal with offences. There was no >> mention of where initiatives had been launched to fight child pornography on >> the financial front. >> >> >> *1530-1700 Workshop 45: Opening to diversity and competition of the DNS >> system* >> >> >> >> There were 3 presentations in this session: >> >> >> - *1st presentation* - alternate DNS system used in library systems >> >> >> - *2nd presentation* - implementation of security in the Handle system >> >> >> - *3rd presentation –* discussed the Net4D >> >> >> >> Net4D- provides the technical solution to the political concern on the >> control of root servers. Net4D networks enable the following: >> >> • Empower the second generation of the web: the semantic web. >> >> • Multi-stakeholder governance of DNS >> >> • Net4D classes should be open and interoperable >> >> DNS 1.0 – was a monopoly of ICANN web 1.0 html with USA parentage and >> English only while DNS 2.0 is open allowing for competition including inter >> alia: >> >> • Net4D semantic web >> >> • Open coherent approach to linguistic diversity >> >> • Allow technological innovation with value added services >> >> >> >> Concern was however raised on the: >> >> • Investment/implementation cost required to implementation of different >> DNS systems depending on the BIND implemented and root servers enabled >> >> • relinquishing of the political control of root servers >> >> • Value to end users >> >> • Awareness and understanding of the issues by different stakeholders >> necessary – delivered in a way that they can understand >> >> >> >> *My comment*: the session was technical – I hope the techies on the >> mailing list can help us understand the governance issues associated with >> the introduction of DNS competition and the impact on developing countries >> :)! >> >> >> >> Kind regards >> >> mwende >> > > _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
participants (2)
-
John Walubengo -
mwende njiraini