version: 16 june 2016 - ieee internet init.internetinitiative.ieee.org/images/files/resources/...7...

1

Version: 16 June 2016

2

ContentsExecutiveSummary..................................................................................................................................3Introduction:IEEEInternetInitiativeandIEEEETAPForumSeries..........................................................4DelhiIEEEETAPForumInvitedSpeakers.................................................................................................5KeynoteSpeaker:NitinDesai................................................................................................................5KeynoteSpeaker:ShriR.S.Sharma......................................................................................................7KeynoteSpeaker:RajendraPawar.......................................................................................................8PanelDiscussion...................................................................................................................................9

DiscussionsandNextSteps....................................................................................................................13Conclusion.............................................................................................................................................14AppendixI:Program..............................................................................................................................15AppendixII:Participants.......................................................................................................................20AppendixIII:Top11Issues.....................................................................................................................22AppendixIV:CombinedIssuesList,Delhi/Washington/TelAviv/SanJoseIEEEETAPForums...............23

3

ExecutiveSummary“UniversalAccessforSocialandEconomicInclusion”wasthemainthemeoftheIEEEExpertsinTechnologyandPolicy(ETAP)ForumonInternetGovernance,Cybersecurity,andPrivacyinDelhi,India,on4March2016.Thiswasthefourthinaseriesofregionalmeetings—“localconversationsonaglobalscale”—tobeorganizedbytheIEEEInternetInitiativetoconnecttechnologydevelopersandpolicymakersinauniquelymeaningfulway.Thetwosub-themesoftheDelhieventwere“SecurityandPrivacyUsingBiometrics”and“TechnologiesandPoliciesforLast-MileAccessandInclusion.”Governmentandindustryrepresentatives,legalpractitioners,andacademicsgatheredfromaroundtheworldatLeMeridienHotelinDelhifortheone-dayevent.Participantsheardkeynotepresentationsandpaneldiscussionsonchallengesandopportunitiesintechnologyandpolicy.Laterintheevent,theysharedspecifictechnologyandpolicyconcernsinarapid-firesessionthatconsideredthetopissuesidentifiedinpreviousIEEEETAPForumsandaddednewconcernstothelist.Thisdiscussionresultedinalistof12keyissues(seeAppendixIII),andparticipantsthenvotedtoconductin-depthbreakoutconversationsaroundthreeofthoseissues:

• ProtectingInternettraffic,managingmetadataanalysis,andhowtoimplementbothsecurityandprivacyatscale

• Multi-stakeholderInternetgovernance

• OptionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusionFollow-upactionswereinitiatedtofurtherrefinethescopesanddevelopwhitepapersonthetopicsofprotectingInternettraffic(encryptionbydefault)andoptionsandchallengesinprovidinguniversalaccess.ThenextregionalIEEEETAPForumgatheringsarescheduledfor17May2016inBeijing,China,and22June2016inTelAviv,Israel.

4

Introduction:IEEEInternetInitiativeandIEEEETAPForumSeriesWhiletremendousinnovation,economicgrowth,andsocietalgoodhavealreadyresultedfromInternetproliferationglobally,thebenefittohumanitythatisstilltoberealizedispotentiallyevengreater.AtransformationisunderwayaroundtheworldinthegatheringInternetofThings(IoT).WithmoreandmoreInternet-enableddevicesbeingnetworkedwithoneanother,thepossibilitiesfornewservices,improvedproductivityandefficiency,real-timedecision-making,andinnovativeuserexperiencesareexploding.Atthesametime,however,newissuesarearisingincybersecurity,privacy,andInternetgovernanceinmarketsaroundtheglobeastheIoTenvelopsmorenetworkedobjectsthatarecapableofsensingandcommunicating.Collaborationacrosstraditionalprofessional,technological,andgeographicborderswillbenecessarytosuccessfullyaddressthoseissuesandencouragesustainabledevelopment,ongoingeconomicgrowth,andpublicsafetyandsecurity.TheIEEEInternetInitiativefacilitatesatwo-waydialoguebetweenthetwohistoricallydisparateworldsoftechnologyandpolicy.JustasongoingInternetinnovation,sustainability,andmarketgrowtharedependentoninformedInternetpolicy,effectiveInternetpublicpolicyisdependentonsound,neutraltechnicalguidance.TheIEEEInternetInitiativeprovidesaneutralenvironmentforcollaborationamongengineers,scientists,industryleaders,andothersengagedinanarrayoftechnology,policy,andindustrydomainsaroundtheworld—tothecollectivebenefitofallstakeholders.Inthisway,theinitiativehelpsbothtoboostknowledgeabouttechnologyanditsimplicationsandimpactonInternetgovernanceissuesandtoimproveawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.TheIEEEETAPForumonInternetGovernance,Cybersecurity,andPrivacyprovidesauniqueplatformforthisconversation.OrganizedbytheIEEEInternetInitiative,IEEEETAPForumsareaseriesofeventsthatbringtogethertechnologydevelopersandpolicymakerstodiscussanddebatecurrentandfuturereal-worldissuesbeingconfrontedinpublicpolicyandtechnologyforcybersecurity,privacy,andmulti-stakeholderInternetgovernance—issuesthatimpacteveryoneonglobal,national,andlocallevelsalike.ThefirstIEEEETAPForumtookplaceinMay2015inSanJose,California,intheUnitedStates(http://sites.ieee.org/etap-sanjose/).ThenextIEEEETAPForumeventstookplaceinTelAviv,Israel,inAugust2015(http://sites.ieee.org/etap-israel1/)andinWashington,D.C.,USA,inFebruary2016(http://internetinitiative.ieee.org/events/etap/etap-forum-in-washington-dc),followedbythegatheringinDelhi,India,on4March2016.Asoneoftheco-moderatorsoftheeventinDelhi,DeepakMaheshwari,directorofgovernmentaffairsforSymantecacrossIndiaandASEANregion,openedthe4MarchIEEEETAPForumbywelcomingparticipants.HepointedoutthatIndiaishometothesecond-highestnumberofIEEEmembers,behindtheUnitedStates.“Here,thewholeideaintheeventistocreateaplatformfordiscussion,”Mr.Maheshwarisaid.“It’snotaboutcomingtoaspecificdecisionoraparticularstandardattheendoftheday.Yes,itcouldaswellbethestartofanewworkstreamwithinIEEE…butthewholeideaishowtohaveagoodinteractionbetweenthepolicymakersandthetechnologists.”

5

DelhiIEEEETAPForumInvitedSpeakersFollowingintroductionsandareviewbyJamesW.Wendorf,programdirectoroftheIEEEInternetInitiative,ofthepreviousthreeIEEEETAPForumgatherings,theDelhieventopenedwiththreekeynotespeakers:

• NitinDesai,specialadvisertoUnitedNationsSecretary-GeneralforInternetGovernance,India• ShriR.S.Sharma,chair,TelecomRegulatoryAuthorityofIndia(TRAI)• RajendraPawar,chairmanandco-founderoftheNIITGroup

KeynoteSpeaker:NitinDesaiNitinDesai,specialadvisertotheUnitedNations(UN)Secretary-GeneralforInternetGovernance,India,spokeonhisexperiencechairingthemulti-stakeholdermeetingsthatledtotheconveningoftheInternetGovernanceForum(IGF)in2006—“howwehandledtheissueofInternetgovernanceintheearlystageandhowit’schangedinthelast10years.”Mr.DesaisaidthatInternetgovernancepresentedanuncommonchallengefortheUN,inthat,typically,theUNhadaddressedissuesinwhichpolicymakingwasinthehandsofgovernments,andpeopleoutsidegovernmentsoughttohaveavoiceininfluencingthatprocess.“ThecasewiththeInternetwastheotherwayaround,”hesaid,withentitiesoutsidegovernmentcontrollingprotocolsandthedomainnamesystem,forexample,andgovernmentsseekingtobeheard.SotheUNtookamulti-stakeholderapproachtoInternetgovernance,inordertobringgovernmentsintoconversationwiththeindividualswhohadoperationalcontrolovermanagementoftheInternet,policysetting,andassignmentofdomainnames.

EstablishingGroundRules

Foursetsofstakeholdersweremarshalled:Internettechnicians,government,civilorganizationsinvolvedinaccessandprivacy,andcompaniesprimarilyinvolvedindevelopingtheInternetbackboneandsoftware.Then,focusturnedtosettinggroundrulesthatwouldengenderacultureoftrustamongparticipantsintheearlyIGFwork.Thefirstrule?“Noadhominemarguments,”Mr.Desaisaid.Ifoneparticipantdisagreedwithacontributionfromanotherparticipant,itwasnotpermissibletocitethecontributor’scountry,corporation,etc.inthereasonfortheobjection.Disagreementshadtobeairedandworkedoutstrictlyincontextofthesubstanceofthework.Initialdistrustamongtheplayerssubsided,Mr.Desaisaid,astheysawthat“90percentofthedecisionsweremainlyroutinethings,”withnopolitical/competitiveundercurrents.“Thatdroppedthetemperaturedown.Thenwegotdowntothemoreusefuldiscussionsonprivacyandsecurity.”Anothergroundrulewasequalfootingamongparticipants.WhilethetendencyinUNeffortswasto

6

privilegegovernments,theIGFconversationsregardedgovernments,non-governmentalorganizations(NGOs),technologists,industry,etc.asequalcontributors.Also,allparticipantswerechallengedtoactuallyweighin.“PracticallyeverymemberoftheworkinggrouponInternetgovernancecontributedsomethingpreparedinwriting,”Mr.Desaisaid.“Itforcedpeopletotrusteachother.”Thereweregapsinculture,behavior,andspeakingstyletobebridgedinorder“togettheponytailsandthesuitstoworktogether,”Mr.Desaisaid,and,movingforward,aftertheinitialIGFreportandformation,therewasaneedtoensurechurninpersonnelinordertoensurethatdifferentperspectiveswerereflectedinconversations.Inaddressingsecurityandprivacy,IGFfocuseddevelopmentonthreeareas:

• End-usereducation(“absolutelyvital…unlessusersareconsciousofrisksthatareinvolved,you’llnevergetanywhere,”Mr.Desaisaid)

• Morerobustsoftwareforhandlingmalware(“and,evenstill,therewillbecrimeandmisuse”)

• Policyforhandlingfraudthataddresseswherejurisdictionslie(“thatforcesgovernmentsto

focusattention”)Hedescribedthegroup’sthinkingabouttherelationshipbetweentheprobabilityofacybercriminal’sbeingcaughtandmagnitudeofpunishment.Tocreateeffectivedeterrent,“iftheprobabilityofbeingcaughtisverylow,thenthemagnitudeofpunishmentmustbeveryhigh,”Mr.Desaisaid.Consequently,thegroupreasoned,becauseit’ssohardtodetect,InternetfraudshouldbepenalizedhigherthanifthefraudoccurredoutsidetheInternet.

ThenandNow

Mr.DesaialsodiscussedtheevolutionoftheInternetgovernancechallengeoverthelastdecade.“ThebigdifferenceIseenowisthatthereismuchmoreconcernaboutcybersecurityincontextofinterstateconflictandterrorism,”hesaid.“Peoplearenowlookingatcyberspaceasaseparatetheatreofwar.”Oneoftheimplicationsofthisdevelopment,Mr.Desaisuggested,isthattherelikelyneedstobegreatercooperationbetweencybersecuritytechniciansandthoseprofessionalswhoarechargedwithmanagingtheuseoftheInternetforservicessuchasbanking,powertransmission,air-trafficcontrol,telecommunications,etc.Anotherchangeoverthelast10yearsisthatgovernmentsare“lessandlessconcernedaboutwhatothergovernmentsaredoingbutmoreaboutwhatmajorprovidersofInternetservicesaredoing,”hesaidofsearchengines,socialmedia,andotherapplications.“Iknowthatmanyoftheanswerswillhavetocomefromthecommunityoftechnologists,”Mr.Desaisaid,“butitrequiresaconversationbetweenthemandthepolicymakersandperhapsevenotherstakeholders.”

7

KeynoteSpeaker:ShriR.S.SharmaShriR.S.Sharma,whochairstheTelecomRegulatoryAuthorityofIndia(TRAI),spokeontheimportanceoftheInternetinIndia’snationalgoals.“Almostalltheprocessesareslowlymovingtotheonlineworld,andonlineworldinourcontextmeansInternet,”hesaid.“WemustleverageInternetinthedeliveryofgovernance.Thisisveryimportantforus.”HediscussedtheDigitalIndiaprogram,aflagshipprogramofthenationalgovernmentpremisedonthevisionoftransformingthecountryintoadigitallyempoweredsocietyandknowledgeeconomy.Hesaidthattheprogramisworkingtoencouragedevelopmentinthreeprimaryareas:digitalinfrastructure,softwareandservicesondemand,andcitizens’digitalempowerment.Theprogram’ssuccess,Mr.Sharmasaid,dependslargelyonexpandingconnectivity.Hesaidmobilecompanieshavemadeimportantstridesintermsofloweringratestothepointofbroad-scaleaffordability,resultinginroughly1personineachIndianfamilyhavingmobileaccess.“However,whatwedonothaveisbroadbandconnectivity,”hesaid.ThoughIndiahas300millionpeopleconnectedtotheInternet,manyofthoseconnectionsarelowspeed.“Thereisahugechallengeofinclusion,andourgovernmentisworkingtoleverageallmeanstoimprovetheInternetpenetrationinthecountry,”hesaid.ThereisaprogramtoexpandopticalfibertolocalpointsofpresencethroughoutIndia,andothertechnologyspaces(TVwhitespaces,satellite,etc.)arebeingexplored.“ThereisawholebouquetofthingsweproposetodotoimprovetheInternetpenetrationtoimprovetheinclusion,”Mr.Sharmasaid.

ASeatattheTable

Mr.SharmadiscussedIndia’smotivationandeffortstoplayalargerroleinInternetgovernanceanddecision-makingaroundissuessuchascybersecurityandprivacy.Withcyberterrorismandcyberwarfarehaving“acquireddimensionswhicharemuch,muchlarger”andthenotionof“bloodlesswarthatdoesn’tinvolvehumanbeings,justmachines”comingintotherealmofpossibility,nationalinterestandactionhavecoalesced.HesaidthatconcernshavegrownamongIndia’sleadershipthatthenationhastypicallynothadenoughrepresentationintheinternationalbodiesthatmakedecisionsabouttheInternet’sfuture.“We’reone-seventhofhumanity…we’reaveryimportantstakeholderinthisgame.”Mr.Sharmasaid,“ourlawsandlegalprocessesarereallynotequippedforthesetypesofcybercrimeissues,”makingthoseareasprimeforinnovation.Healsosaidcybereducationmustbeimproved.“Peoplegenerallythink,‘IfIlogontothis,thingsaresafeandsound,’”Mr.Sharmasaid.“Weneedtoworkveryhardtoseepeopleensurethatbasicprecautionsaretakenwhilepeopleareinthecyberworld.”

‘Aadhaar’

AsdirectorgeneralandmissiondirectoroftheUniqueIdentificationAuthorityofIndia(UIDAI),Mr.Sharmaoversawimplementationofanambitiousandchallengingprojectundertakenbythe

8

GovernmentofIndiaforprovidingitsresidentswithuniquedigitalidentifiers.Thereweretwobroaddriversforthe“Aadhaar”program,hesaid.First,millionsofpeoplehavenoformaldocument(suchasabirthcertificateorschoolcertification)forprovingtheiridentity.Second,hesaid,“inlast20years,Indiahasfocusedondelivering(social-assistance)benefitstoindividuals…Whathappenswhenyougivebenefits?Thereisthenadesireandpropensityforpeopletogamethesystembycreatingmultipleidentities.”Consequently,theneedtocreateasystemtoensurethatindividuals“areabletogetintoadatabaseonlyonce”alsoinformedAadhaar’sdevelopment.ThoughmuchofIndialackedconnectivityatdevelopment’soutset,Mr.Sharmasaidthatcreatingafuture-proofsystemthatwouldanticipatewidespreadaccessacrossthenationalpopulationwasapointofemphasis.Theidentificationsystemdoesnottakeeligibilityforentitlements,citizenship,etc.intoaccount.Rather,theunderlyingarchitectureprincipleisthatAadhaarperformsidentificationonlyandcanbepluggedintootherdomains.“Whenyougotoabank,thebankdoesthetransactions;identityisdonebyUniqueIdentificationAuthorityofIndia,”hesaid.“Andthenwebuiltinalotofprivacyprinciples,”hesaid.Forexample,identifiersarerandom12-digitnumbers,providinganumberspaceofmorethan100billionforlong-termscalability,andassigningnomeaning(gender,age,etc.)toanyofthedigits.Also,theAadhaarsystemdoesnotallowfordownloadingofdata—onlyuploading.Collectedinformationonusersiskeptofflineatthebackend;thebiometricdataassociatedwithanumberisnotaccessiblebyanyone,eventhegovernment.

KeynoteSpeaker:RajendraPawar Mr.RajendraS.PawarspokeprimarilyontheNationalAssociationofSoftwareandServicesCompanies(NASSCOM)CyberSecurityTaskForce,whichwasestablishedtobuildIndiaasaglobalhubforprovidingcybersecuritysolutions,developingbothacybersecurityR&Dplanandaskilledworkforceofcybersecurityexperts.ThetaskforceisstudyingtheIndiancybersecurityecosystemtoidentifyissuesandchallengesandcreateanactionplantoaddressthepriorityissues.Inadditiontohisworkaschairandco-founderoftheNIITGroup,whichhasplayedakeyroleinshapingthegrowthoftheIndianinformationtechnology(IT)sector,Mr.PawarischairingtheNASSCOMCyberSecurityTaskForce.“Wehavedonefairlydeepandwidediscussionsaroundthecountry,”Mr.Pawarsaid,seekingtoanswer,“Whatarethebigissuesweshouldlookat?”TheNASSCOMtaskforcehasorganizedtheirgleaningsintofourareasforneededdevelopment:

• Industry—“Howdowebuildanindustrywhichisservingarealneed?”Mr.Pawarsaid.“Industrywillsurviveonlyifit’sservingarealneed.”HesaidIndiahopestoincreaseitsshareoftheglobalcybersecurityindustryfrom1percenttodayto10percentin2025.Hesaidsuchgrowthprojectstoa$35billionindustryforIndia,yieldingcreationofabout1,000startupsand1millionjobs.Jobgrowth,hesaid,isthenation’sbiggestpriority.

• Technology—Mr.PawarnotedhowIEEEactivitiesarecontributingtotechnologyinnovations

9

thatareneededinIndia,andheemphasized“theroleofacademiaworkingcloselywithindustrytocreatenewindustryinlabandtakeittomarket.”

• Skills—Notonlywillskillsdevelopmentberequiredfortheprojected1millionpeopleserving

innewcybersecurityjobs,Mr.PawaremphasizedthenecessityofskillsdevelopmentandthreatawarenessamongInternetusers.“Cybersecurityisasweakasitsweakestlink,andeveryoneisalink,”hesaid.“Everyonewithamobilephonecreatesvulnerability.”

• Policy—Thusfar,Mr.Pawarsaid,theNASSCOMtaskforcehasdeliberatelyconcentratedonly

asmallpercentageofitseffortonpolicyneedsforanumberofreasons,includingthefactthatotherentitiesarealreadyatworkinthisspace.Still,“policywillhavestrongbearingonhowmuchofa$35billionindustrywecanachieve”incybersecurity,hesaid.“Theeffortsoftheleadershipofthenationtobuildnotjustpolicybutcybercommandwillhavehugebearing”onIndia’ssuccessincybersecurity.

NeedforEducationandCollaboration

Mr.PawarsaidtheNASSCOMtaskforceisplanningtoconfineitsworkto10categoriesofforthcomingrecommendations.AttheIEEEETAPForum,hediscussedtwocross-cuttingthemeshehasseenacrossthedevelopmentareas.Oneistheneedformoreeducationandawareness.“Inthiscountry,wedidbuildacapacitytocreatetalentfortheITsector…so,thereisconfidencewecandothatinthisspace,too,”Mr.Pawarsaid.HeespeciallyencouragedinputfromthegroupassembledinDelhiintheareasofeducationandawarenessneeds.Theotherthemeistheneedforcollaborationacrosstraditionalboundaries,inareassuchastechnologypolicydevelopment.“Weneedaveryintenseinteractionamongthreeentities:government,notjustforpolicymakingbutalsoasusers;academia,wheretechnologyhastobecreated;andindustry,andwe’relookingatstartupsasasymbolicaspect,”Mr.Pawarsaid.“Thesethreeinourcountry,asinmanycountries,arebigsilos.Infact,withingovernment,therearemany,manysilos—incountryaftercountry.”HepointedtoothernationalmodelsfromwhichIndiacanlearn.Forexample,Mr.Pawarnotedtheinterrelatedworkingsofeducation,themilitary,andindustryinIsrael,aswellasusing“publicfundsforprivategood”intheUnitedStates,suchasintheexampleofgovernmentfundingforstartups.“Wearebuildingaroadmap…thatwillhelpusveryquicklyputtogethertheissuesthatwillhelpusgetto35billion,”Mr.PawarsaidoftheNASSCOMtaskforce.

PanelDiscussionNext,PrasantoKumarRoykickedoffapaneldiscussionbynotingsomeadditionalcharacteristicsoftheInternetlandscapeinIndia.“AlmosteveryInternetsubscriberisessentiallyusingthemobile,”he

10

said.“Thewirelinebroadbandisalmostnegligible…so,essentially,theproblemisoneofmobiledataaccess,andmobiledataaccesshasawholerangeofissues,including,ofcourse,cost.”Hewentontoasktheaudiencetoconsiderthequestions,“Howisallthisinclusiongoingtohappen?…Inthenet-neutralregime,whatwillwedoforuniversalaccess?”Mr.Roythenturnedtheconversationtofourpaneliststoexploretheuniversal-accessquestionincontextofbiometrics,security,access,andprivacy:

• ChaimCohen,anIoT/cybersecurityconsultant• Dr.NeenaPahuja,DGERNET(EducationandResearchNetwork),anautonomoussociety

underDepartmentofElectronics&InformationTechnology• SubhoRay,presidentfortheInternetandMobileAssociationofIndia• OsamaManzar,founderanddirectorofDigitalEmpowermentFoundation(DEF)andchairof

ManthanandmBillionthawards

Biometrics

ChaimCohendiscussedhowbiometricsystemsassumeandrequireanintimaterelationshipbetweenpeopleandtechnologiesthatcollectandrecordthebehavioralcharacteristicsofpeople—andthatitisincumbentuponthosewhoconceive,design,legislate,anddeploybiometricsystemstoconsidertheethical,cultural,social,andlegalcontextsofthosesystems.Forexample,Mr.Cohenasked,“Ismoreimportantourpersonalnationalsecurity,orismoreimportantourprivacy,oursenseofselfrespect,protectingwhoweare,andtheidentitiesofourlovedones?”Failingtoattendtosuchconsiderationsandtheirimpacts,hesaid,notonlypotentiallydiminishesefficacyofsystemsbutalsocouldyieldseriousunintendedconsequences.Mr.Cohenexplaineda2002hotelbombinginIsraelanditsroleingalvanizingthinkingtowardcreationoftheIsraeliBiometricDataLaw,aswellastheongoingdebateovertheimportanceofthephysicalsecurityofapersonversustheperson’sprivacy.ThelawstipulatescollectionofIsraeliresidents’fingerprintsandfacialcontours,integrationofthatdataontoIsraelidigitalidentitycardsanddigitalpassports,andcreationofabiometricgovernmentdatabasetoallowforaccesscontrol,identificationofindividuals,andassistanceinlocatingindividualssuspectedofcriminalactivitybylawenforcementofficials.Thelawwaspassedin2010,andstagedimplementationcommencedwithapilotin2013.Mr.CohendetailedsomeofthetechnologiesthatarebeingusedinimplementationsoftheIsraeliBiometricDataLaw.Whilebiometricsystemscanbenefitsecurity,Mr.Cohenconcluded,potentiallylifelongassociationofbiometrictraitswithanindividual,theirpotentialuseforremotedetection,andtheirconnectionwithidentityrecordsraiseimportantissues.Suchmoral,ethical,social,cultural,andlegalconcernscanimpactasystem’sadoption,acceptance,andusage.Also,biometricrecognitionintroduceskeylegalissuesofremediation,authority,reliability,andprivacy.Thesefactorsmustbeaccountedforinthedesign,development,anddeploymentofbiometricrecognitionsystems,and,Mr.Cohencontinued,theIEEEETAPForumserieshasaroletoplayinprovidingeducationinsuchareas.

11

IoTSecurity

Dr.NeenaPahujawithERNETIndiasaidthat,whenshestartedusingtheInternetin1993,securitywasnotevenamongherconsiderations.Andshewasnotalone.“IthinkwewereallexploringtheworldofInternet,whichwasabsolutelynewforallofus.”TheconversationaboutsecurityintherolloutofIoTisalreadyquiteadvanced,Dr.Pahujasaid.Already,shesaid,understandingexiststhat“noneoftheIoTproductswillworkwithoutsecurity…Theconsumerwon’thavecomforttousetheproduct.”Withoutsufficientsecurity,forexample,IoTsmart-homeande-healthapplicationscouldbehackedandmisusedforcriminalpurposes.Dr.PahujapresentedadiagramofsevenlayersenvisagedforIoT:peopleandprocess,applications,dataanalysis,dataingestion,globalinfrastructure,connectivity/edgecomputing,andthings(devices,sensors,controllers,etc.).Allsevenarepotentially“hack-able,”shesaid.“Thereisnothingthatahackercannotdotoday.”Still,Dr.Pahujaelaboratedonheroptimisminmeetingthechallengeto“ensuretheIoThasasecuritylayerfromDay1.”Hackerstypicallyareexposedbytheirpatternsofbehavior,andtheIoTalreadyhasanintegratedlayerfordataanalysisthatcanbeleveragedinquicklyidentifyingthosepatterns.Shesaidsheexpectsthat,whilenotgoingsofartoguaranteethatanyproductorapplicationis100-percentsafe,guidelinescanbecreatedthatcertainprovisionsbeincludedinIoTproductstoprotectagainstspecificthreats,andcanhelpcreateasufficientlevelofsecuritytosupportongoingIoTimplementationandinnovation.Dr.Pahujaalsoexpressedhopethatsolutionscanbecreatedthatappropriatelybalancesecurityandprivacyconcerns.

Access

OsamaManzarchallengedtheaudiencetoshifttheirfocusontheaccessquestionfrominclusiontoexclusionintermsofaccessinIndia.Insteadofmeasuringthesuccessofconnectinganincreasingnumberofcommunities,schools,microenterprises,healthworkers,etc.,thoseworkingontheseissuesneedtothinkmoreoftenaboutthenumberofthoseinstitutionsthatdonothavebroadbandaccessinorderto“knowtheintensityofexclusionforthepeoplewhoarenotconnected…Wearenowonthevergeofnegativegrowth.Halftheworldremainsnotconnected.”Heproposedemphasizing“verystraightforward,simplesolutions”inexpandingaccess:wirelesstechnology,utilizationofunlicensedspectrum,encouragingsingle-circle(servicearea)telecomorcircle-levelInternetserviceproviders,leveragingorganizationsalreadywithinroadstounconnectedmarkets,andexpandeddeploymentofwirelessbroadbandpublicaccesspoints.Mr.Manzaralsourgedpromotinginstitutional-levelconnectivityinordertoreachlargenumbersofusersandtoprovideameansforaccountability.SubhoRaynoted,“askewedviewof(alwaysgivingpriorityto)helpingthevillages...Ofthose1billionweneedtoconnect,500millionareincitiesandtowns.SoIwouldencourageeveryonetolookaturbanareas…Let’sshiftourfocusalittlebit.”Hesaidoneofthereasonsfordelaysinconnectingtheunconnectedhasbeenthat,“forthelongesttime,wehavenotbeensolvingforconnectivity…wehavebeensolvingfortheuserandadevice.”

12

Programsfocusedon,forexample,supplyinglaptopstounconnectedusers.“Usersalreadyhaveadevice;theydon’thaveconnectivity,”Mr.Raysaid.“Whenyouaretryingtoconnectpeople,youstartbyasking,whatdopeoplealreadyhave?Theyhavemobilephones…Andiftheyhavemobilephones,youhavetoprovidebroadbandtothat.”Mr.Manzaradded:“ThereisalotofsufferingthatIndiaisgoingthroughbecauseofthelackofhigh-bandwidthprovision.Weareanoralsocietyandcommunity…YouknowhowstronglywehavespreadtheTV,becauseit’saudial/visual.Youknowhowstronglywehavespreadthemobile;itisbecauseitisaudial.Itdoesnotrequireyoutobecomeliterateoreducatedtoreadandwrite.”

Privacy

Mr.Roy,Mr.CohenandDr.Pahujafollowedwithafewadditionalbriefcommentsonprivacy.Mr.Roytalkedaboutissueswithmobilefraudschemespreyingonilliterateusersandsmart-gridapplicationsbeingmanipulated,forexample,toidentifyhousesthatareunoccupiedatagivenmoment.Mr.Cohenmarveledathowmuchmoreandhowmuchmorequicklysearch-engineandsocial-mediaproviderscangeneratedataonindividualusersthancanstate-runintelligenceagencies.Henotedtheimportanceofencouragingsmarttechnologiststousetheirskillsforthepublicgood,andhewonderedaboutthepotentialofhiringexperthackerstohelpcreatemoresecuresystems.Dr.Pahujawarnedagainstsimplyaddingcomplexitytosecuritypolicies,foritcoulddiscourageuseofthetechnologiesandconnectivitythatdigital-inclusioninitiativesareintendedtospuron.

13

DiscussionsandNextStepsNext,theDelhimeetingconsideredthetopissuesidentifiedinpreviousIEEEETAPForums,aswellasadditionalconcerns,formoreconcentratedattention.Participantsdiscussedlivestreamingofnewsbroadcastsandothercontentthattodayisdeliveredbyradioandtelevision.Implementationof5Gmobileservicesislikelytoencouragethepublictolistenandwatchsuchprogrammingliveonsmartphones.Whilethiscouldincreasethereliabilityandauthenticityof,forexample,importantnewsreporting,hackingoflivedatastreamingandaddingorreplacingunwantedinformationcouldinstantaneouslyspurunrestamongcommunities,groups,countries,etc.InthepresentTVandradiobroadcastingsystem,programsarechannelizedinahighlysecuremannerthatisinthecontrolofthebroadcaster;anyabnormalbroadcastmaybestoppedimmediately,toquellthepotentialofviolenceanddestruction.Similarsecurityforlivedatastreamingand5Gmobiletransmissionwillbenecessarysoasnottojeopardizepublicsafetyandsecurityuntilprotectionofahackedlivestreamingdatachannelisrestored.Thisdiscussionresultedinalistof12keyissues(seeAppendixIII).Participantsthenvotedforthethreehighest-prioritytopicsforfurtherdiscussion:

• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementbothsecurityandprivacyatscale


• OptionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusionOnthetopicofprotectingInternettraffic,theInternetArchitectureBoardhasrecommendedthatalltrafficbeencryptedbydefault.TheInternetEngineeringTaskForceistryingtodevelopastandard.RahulSharmaandPrasadMantrivolunteeredtoleaddevelopmentofawhitepaperonthepolicyandtechnologyimplicationsofprotectingInternettraffic(encryptionbydefault).Onthetopicofuniversalaccess,allaspectsofaccessibility—asdefinedbyW3CinWAI(WebAccessibilityInitiative)—shouldbeincluded.Qualityandavailabilityaremostimportant;accessibilitydoesnotneedtobefree.UniversalaccessshouldbetiedtotheUnitedNationsSustainableDevelopmentGoals(SDGs).Ofthe17SDGs,nineareheavilydependentonICTimprovements.SubimalBhattacharjee,PrasadMantri,SubratPrusty,andChaimCohenvolunteeredtoclarifyandrefinethescopeofawhitepapertobewrittenontheoptionsandchallengesinprovidinguniversalaccess.Duetolackoftime,thetopicofmulti-stakeholderInternetgovernancewasnotfurtherdiscussed.

14

ConclusionThenextregionalIEEEETAPForumgatheringsarescheduledfor17May2016inBeijing,China,and22June2016inTelAviv,Israel.

JointheConversation

TheIEEEInternetInitiativeworkstoinformdebatesanddecisionsinprivacy,cybersecurity,andInternetgovernanceandtohelpensuretrustworthytechnologysolutionsandbestpractices.Withtechnologypolicychallengesemergingincybersecurity,privacy,andInternetgovernancearoundtheworld,theIEEEInternetInitiativeconnectsengineers,scientists,industryleaders,andothersengagedinanarrayoftechnologyandindustrydomainsgloballywithpolicyexpertsinaneutralenvironment,forthecollectivebenefitofallstakeholders.TherearemanywaystoengagethroughtheIEEEInternetInitiative.Pleasevisithttp://internetinitiative.ieee.orgoremailinternetinitiative@ieee.orgformoreinformation.

15

AppendixI:ProgramTheIEEEExpertsinTechnologyandPolicy(ETAP)ForuminDelhi,India,on4March2016wasthefourthinaseriesofregionalmeetingstoadvanceaglobal-scalediscussionabouttoppublic-policyissuesincybersecurity,privacy,andmulti-stakeholderInternetgovernance.Diversestakeholdersfromaroundtheworld—governmentandindustryrepresentatives,legalpractitioners,andacademics—gatheredfortheone-dayeventorganizedbytheIEEEInternetInitiative.Location:NewDelhi’sLeMeridienHotelModerators:DeepakMaheshwariandPrasantoK.RoyDeepakMaheshwari

DeepakMaheshwariisdirectorofgovernmentaffairsforSymantecacrossIndiaandASEANregion.Apublicpolicyandregulatoryaffairsprofessional,hehasakeeninterestintheinterplayoftechnologicalinnovationwithsocio-economicdevelopment.Anoft-invitedspeaker,author,andcolumnist,hehasplayedapivotalroleinevolutionanddevelopmentofInternetpolicyanddigitalecosystemasanindustryspokespersonandthoughtleader.HeservedtwoconsecutivetermsaselectedsecretaryofISPAssociationofIndia(ISPAI)andco-foundedtheNationalInterneteXchangeofIndia(NIXI).HeisachartermemberofIEEEExpertsinTechnologyandchairstheBSAAsia-PacificPolicyCommittee.AnengineeringgraduatefromIndianInstituteofTechnologyaswellasalawgraduate,hehaspreviouslyworkedwithMicrosoft,MasterCard,HCL,andSify.

PrasantoK.RoyPrasantoK.Royisamediaanddigitalconsultantwhowritesandspeaksontechnology,digital,andgreenissues.HeisheadofmediaservicesforTrivoneDigitalServices.Atechjournalistforovertwodecades,hewaspresidentandchiefeditoratCyberMediaforovertenyears.HewritesforIANS,BBCNews,Al-JazeeraIndia,etal.,andisatechexpertonshowsforNDTV,CNN-IBN,HeadlinesToday,andothers.HeisajurymemberforvarioustechjuriesforNDTV,CyberMedia,Nasscom,DEF’smBillionth,andothers.HisSouthDelhihomeGreenOneisIndia’sfirstTERIGRIHAgreenhome.Mr.RoywasaphysicsmajoratSt.Stephen’s,Delhi.StartTime EndTime Program

8:30am 9:15am RegistrationandNetworkingBreakfast

9:15am 9:30am WelcomingRemarks

DeepakMaheshwari

16

StartTime EndTime Program

9:30am 9:45am Self-IntroductionbyParticipants

9:45am 10:15am ReviewandReportingonFirstThreeIEEEETAPMeetings

• IEEEETAPSanJose2015• ETAPTelAviv2015• ETAPWashington2016

JamesW.WendorfJamesWendorfistheProgramDirectorofIEEE’sInternetInitiative,whichisdedicatedtoconnectingtheglobaltechnologyandpolicymakingcommunitiesonInternetgovernance,cybersecurity,andprivacy,toinformdebateanddecisions,andtohelpensuretrustworthytechnologysolutionsandbestpractices.ThroughtheInitiative,IEEEstrivestoimprovethestateofknowledgeabouttechnologyanditsimplicationsandimpactonInternetrelatedpolicyissues,andtoraiseawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.Previously,JimwasDirectorofIndustryConnectionsintheIEEEStandardsAssociation,wherehefacilitatedthebuildingofindustryconsensusandtheincubationofnewstandardsrelatedactivitiesinareassuchascomputersecurity,communications,SmartGrid,andcloudcomputing.PriortothathewasVicePresidentofStandardizationatPhilipsElectronics,wherehedirectedcorporatestrategyandparticipationinstandardsactivitiesfocusedonelectroniccontentdistribution,digitalhomenetworking,digitalrightsmanagement(DRM),andcontentprotection.PriortothathewasVicePresidentandSectorDirectorofSoftware,InteractionandConnectivityinPhilipsResearch,wherehemanagedandguidedthestrategicdirectionofacorporateresearchsectorfocusedondigitalcommunications,videoprocessing,andinteractiveservicesforconsumerelectronics.JimhasaB.MathincomputersciencefromtheUniversityofWaterloo,andaPh.D.incomputersciencefromCarnegieMellonUniversity.

17


10:15am 11:15am KeynotePresentationsNitinDesaiShriR.S.SharmaRajendraS.PawerNitinDesaiistheSpecialAdvisertotheUnitedNationsSecretary-GeneralforInternetGovernance,India.In1993,thethenUnitedNationsSecretary-GeneralappointedMr.NitinDesaiattheUnder-Secretary-GeneralleveltoheadthenewlycreatedDepartmentforPolicyCoordinationandSustainableDevelopment.In1997,Secretary-GeneralKofiAnnanappointedMr.Desaitocoordinate,andsubsequentlyhead,theconsolidationofthethreeeconomicandsocialdepartments.Mr.DesaiisalsotheconveneroftheExecutiveCommitteeonEconomicandSocialAffairs,whichbringstogethertheheadsofalltheUNSecretariatentitiesdirectlyconcernedwitheconomic,environmental,andsocialissues.BeforejoiningtheUnitedNations,Mr.DesaiwasthesecretaryandchiefeconomicadviserofIndia'sMinistryofFinance,andhewasthesenioreconomicadviserfortheWorldCommissiononEnvironmentandDevelopment(TheBrundtlandCommission).From1990to1993,Mr.Desaiwasthedeputysecretary-generaloftheUnitedNationsConferenceonEnvironmentandDevelopment.Mr.R.S.SharmabecametheChairoftheTelecomRegulatoryAuthorityofIndia(TRAI)inAugust2015.PriortojoiningTRAI,Mr.R.S.SharmaworkedasSecretarytotheGovernmentofIndiaintheDepartmentofElectronicsandInformationTechnology.HehasalsoworkedasChiefSecretarytotheStateGovernmentofJharkhand(India).HisotherassignmentsincludeDirectorGeneral&MissionDirectoroftheUniqueIdentificationAuthorityofIndia(UIDAI),wherehewasresponsibleforoverallimplementationofthisambitiousandchallengingprojectundertakenbytheGovernmentofIndiaforprovidinguniqueidentification(christenedas“Aadhaar”)toallitsresidents.Mr.SharmahasheldimportantpositionsbothinthegovernmentofIndiaanditsstategovernmentsinthepastandhasbeendeeplyinvolvedintheadministrativereformsandleveragingITtosimplifyadministrativeprocesses.Mr.SharmaholdsaMaster’sdegreeinmathematicsfromIIT,Kanpur(India)andanotherMaster’sincomputersciencefromtheUniversityofCalifornia(USA).Mr.RajendraS.PawaristheChairandCo-FounderoftheNIITGroup,comprisingNIITLimited,agloballeaderinskillsandtalentdevelopment,andNIITTechnologiesLimited,aglobalITsolutionsorganization.Underhisleadership,NIIThasplayedakeyroleinshapingthegrowthoftheIndianITsector,bycreatingskilledmanpowertodriveitsmomentum.HavingrevolutionizedtheITtrainingindustry,heisnowinvolvedinestablishinganinnovativemodelinhighereducation,thenot-for-profitNIITUniversity.Mr.PawarisaDistinguishedAlumnusofIITDelhi,FellowoftheComputerSocietyofIndia,FellowofInstitutionofElectronicsandTelecommunicationEngineersandhasbeenawardedanhonorarydoctoratefromtheRahulGandhiTechUniversity.AcknowledginghiscontributiontotheITindustryinIndia,hehasbeenawardedthecountry’sprestigiouscivilianhonor,PadmaBhushan,bythePresidentofIndiain2011.HeisontheboardsofIndianInstituteofManagementUdaipur,IndianSchoolofBusiness,ScindiaSchool,SMVDUniversity(J&K),andtheDelhiUniversityCourt.Mr.PawaristheChairoftheNASSCOMCyberSecurityTaskForcethathasbeensetupinresponsetoPrimeMinisterNarendraModi'svisiontoseeIndiaemergeasaglobalhubofcybersecurityproductsandservices.

11:15am 11:30am TeaBreak

18


11:30am 12:45pm PanelDiscussionPrasantoKumarRoy(moderator)SubhoRayOsamaManzarChaimCohenDr.NeenaPahujaSubhoRayhasbeenPresidentfortheInternetandMobileAssociationofIndiaforover10years.Hehas19yearsofexperienceinadvocacy,publicpolicy,andregulatoryaffairsinICTsectorsincludingsoftware,hardware,telecom,Internet,andmobilevalue-addedservicesinIndia.Previously,hewasDirector,IT&TelecomfortheConfederationofIndianIndustry.Mr.OsamaManzaristhefounderanddirectorofDigitalEmpowermentFoundation(DEF)andchairofManthanandmBillionthAwards.Heisanentrepreneur,author,speaker,editor,columnist,andnewmediaspecialistwhoisspearheadingthemissiontoovercometheinformationbarrierbetweenIndia'sruralsectorandtheso-calleddevelopedsocietythroughDEF,thenot-for-profitorganizationfoundedtoaccomplishthemission.ChaimCohenisanIOT/CyberSecurityconsultant.Hepromotesthecreationofinnovative,inclusiveapplicationsthataddressabroadrangeofissuesinmakingtechnologyavailable,accessible,andusablebyallpeoplewhatevertheirabilities,age,economicsituation,education,geographiclocation,orlanguage.WithabackgroundinIOT&neuropsychology,Chaimfocusesonintegratingtechnologytoempowerpeoplewithauditory,cognitive,neurological,physical,speech,andvisualchallenges.Asadeveloperevangelist,Chaimisactiveinhelpingmanagers,designers,developers,policymakers,andresearcherstobeawareandtakeintoconsiderationthemoral,ethical,social,cultural,security,privacy,andpoliticalaspectsofemergingdisruptivetechnologies.Dr.NeenaPahujaisDGERNET,anautonomoussocietyunderIndia’sDepartmentofElectronics&InformationTechnology.Dr.Pahujabringsinexperiencefromtheeducation,healthcare,manufacturing,andserviceindustriesintheareaofdigitizationandinformationsecurityandbusinesstransformation.SheisanalumnusofIITD.Shehasover30yearsexperienceandhasworkedinTCS,SAIL,USIT,Escorts,GECIS/Genpact,&MaxHealthcareinvarioustechnologyenablementroles.AspartoftheDigitalIndiainitiative,ERNETishelpingintheconnectivitytoandwithineducationinstitutes,corporations,andevencities.ERNETisprovidingsmartclassroomsolutionsforremoteeducationcenters.Dr.Pahujaisadditionallysupportingcreationofanational-levelpolicyforIoTatDeitY.SheisalsodoingR&Dprojectsontheusageofwhitespacesforlowcost,last-mileconnectivity.

12:45pm 1:45p.m. HostedLunch

1:45pm 2:15pm SynthesizeandSelectionofHigh-PriorityAreas

2:15pm 3:15pm BreakoutSessions—DelveDeeperIntoHighest-PriorityIssues

3:15pm 3:30pm TeaBreak

19


3:30pm 4:30pm ReportfromBreakoutSessions

4:30pm 5:30pm NextStepsandWrap-Up

5:30pm 6:30pm NetworkingReception

20

AppendixII:Participants

SunusiAbdullahiBala,academia

SanjayBahl,CERT

SubimalBhattacharjee,freelancer

SriChandrasekaran,IEEEstaff

LohithChowdaryChilukuri,AmritaSchoolofEngineering

ChaimCohen,IoT/cybersecurityconsultant

NitinDesai,specialadvisertotheUnitedNationsSecretary-GeneralforInternetGovernance,India

HaziqJeelani,GovernmentofJammuandKashmir

AmitKumarJha,DOT

KonstantinosKarachalios,IEEE

MoreshwarKatkar,VPCOEBaramati

MansiKedia,IndianCouncilforResearchonInternationalEconomicRelations

JohnKulick,Siemens

SurajKumar,NeetiFoundation

DeepakMaheshwari,Symantec

ReenaMalhotra,DoT

PrasadMantri,OracleIndiaPvt.Ltd.

OsamaManzar,DigitalEmpowermentFoundation(DEF),ManthanandmBillionthAwards

KarenMcCabe,IEEEStandardsAssociation,IEEEInternetInitiative

PrakashMeena,Govt.Engg.CollegeAjmer

LokeshMehra,Symantec

MuniruddinMohammed,IEEEIndia

NeenaPahuja,DGERNET

RajendraPawar,NIITGroup

RejiPillai,ISGF

SubratKumarPrusty,DOT

SrinivasanRamakrishnan,consultant

SubhoRay,InternetandMobileAssociationofIndia

21

PrasantoK.Roy,TrivoneDigitalServices

SomitraSanadhya,IIITDelhi

SanjayaSaxena,GraypeSystems

RahulSharma,DSCI

ShailendraKumarSharma,TEC,DoT

ShriR.S.Sharma,TelecomRegulatoryAuthorityofIndia

VatsalaShreeti,ICRIER

KarthikSiddavaram

AkhileshPrasadSingh

VipinTyagi,CentreforDevelopmentofTelematics

MaheshUppal,ComFirst(India)PvtLtd

JamesWendorf,IEEEStandardsAssociation,IEEEInternetInitiative

22

AppendixIII:Top12IssuesFromthelistoftopissuesfrompreviousETAPForums,andtheadditionaltopicsthatparticipantsidentifiedduringtherapid-firebrainstormingsessionattheDelhiForum,12keyissueswereconsideredfortargetedbreakoutdiscussions:

• Threatsandopportunitiesindataanalytics

• Algorithmicdecisionmakingthatexacerbatesexistingpowerbalancesandethicalconcerns


• Technology-policydevelopmentprocess


• End-to-endsecurityandprivacybydesign

• FragmentationoftheInternetanddatalocalizationduetolocalpolicies

• Userassessmentoftrustworthinessofdevices,enterprises,andgovernments

• Machine-readableprivacyagreementsandwhoenforcesthem

• Educatingusersaboutcharacteristicsofinformationsocietyandethics

• Optionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusion

• Personalvideoandpublicsafety

23

AppendixIV:CombinedIssuesList,Delhi/Washington/TelAviv/SanJoseIEEEETAPForums

Delhi


• Multi-stakeholderInternetgovernance• Optionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusion

Washington

• Datalocalization• Educationandethics• End-to-endsecurity/privacybydesign• Technology-policydevelopmentprocess

TelAviv

• Userassessmentoftrustworthinessofdevices,enterprises,andgovernments• Educatingusersaboutcharacteristicsofinformationsociety• Machine-readableprivacyagreementsandwhoenforcesthem?

SanJose

• Threatsandopportunitiesindataanalytics• Multi-stakeholderInternetgovernance• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementbothsecurity

andprivacyatscale• FragmentationoftheInternetduetolocalpoliciesandhowtoavoidit• Algorithmicdecisionmakingthatexacerbatesexistingpowerbalancesandethicalconcerns• HowtobestengageIEEEasaplatformforcontributingtotheresolutionoftheseandrelated

issues

version: 16 june 2016 - ieee internet init.internetinitiative.ieee.org/images/files/resources/...7...

Documents