Cooperation Working Group
27th October 2022
2 p.m:
JULF HELSINGIUS: Good afternoon, I am one of your co‑chairs, together with Desiree and Acchilleas who is online and couldn't be here physically, this is the Cooperation Working Group session, so if that's not what you are here for, the other room is of course the other end so you get lots of exercise.
We have a very, very packed agenda today, we hadso many good presentations over twice, that we really went to a lot of effort trying to squeeze them all in which means we are being a bit unfair to speakers giving them short slot, it is what it is.
One thing I wanted to mention before we get on with the actual programme is something we have been discussing in the group and in previous meetings is this proposal for sender pays or fair charging on the network, there's been a lot of discussion, I wanted to inform you that there is a discussion paper coming out from the European Commission that's going to be open for open comments, so that's something you watch out for, and we might look at maybe getting RIPE NCC to officially respond to it as we might also want to respond to it as a community but we will ‑‑ we will try to keep you up to date on that on the mailing list. For the actual programme I am going to hand over to Desiree, who is going to introduce the speakers. Desiree, the floor is yours.
DESIREE MILOSHEVIC: Good afternoon, everyone. And thank you, Julf, for summing up the hard work of the Working Group co‑chairs to squeeze in so many good presentations. And therefore, we also are happy to announce that we have a couple of speakers from the region, from Serbia, and our agenda has shifted a little bit, so now, we will first hear from Dragana Ilic, she is a director of corporate affairs at CETIN which is a local telecom operator and following after her we will have Lauren Crean from the OECD, she is a policy economist and analyst, we hope to hear from Lucien Castex, together with his colleague I believe, it's Julien Rossi university 8, they will talk about the splinter net, they have published a paper on this topic and they will both be remote. After that we will hear from a researcher here in Belgrade from Share Foundation, a few words where is Serbia ranking in the freedom of the Net report to provide you some users' aspect of how digital freedoms work in this region and finally we will hear from Bastiaan and Chris Buckridge here, the update on the ITU Plenipotentiary, so with that, I will ask you to welcome our first speaker, who is Dragana Ilic, she will give us an insight into the regularly framework for telecom and ISP operators in Serbia.
DRAGANA ILIC: Thank you very much, hello everyone, good afternoon, it's a real pleasure to speak and to be here among you today, and have a chance to present Serbian regulatory framework. As announced, I am corporate affairs director in CETIN in Serbia and I will speak from my experience as public policy person and my legal background and of course as representative of one telco company which is not that traditional, one telco company that you think of. Why not traditional one?
So, we are all facing last couple of decades a kind of disruption in telecommunications sector and in digital economy sector and standard, well traditional telco operators had previously two major goals, one is to serve customer and to provide diverse services to end customers and the other one was to plan, build and operate big telecommunication network and of course costly.
So with the disruption that we are facing with new players, there are new obligations, there are exponential rates of data and of course increasing demand of consumers and, therefore, telco operator started with a new trend for dividing a portfolio of their business in one which is facing direct end customers, we call that serve co‑or come co‑and the other one which is providing network as a service to retail operators but also to other operators as wholesale service. So, here we are CETIN is established in Serbia mid‑2020 and not just providing network as a service to as mobile operator but also to operators, ISPs and other companies on Serbian market and in the region and within PPF telco group.
So, speaking about telco regulation, there is a scary table here, and it's not that scary at all. I have to say the beginning, that the most burden of telco regulation is on, well, telco operators covering nation, with nation coverage and especially mobile telco operator and other operators meaning ISPs and others do not have that many obligations and of course more obligations have telco operators facing, like retail telco operators than wholesale telco operators.
What is common is that they have one regulatory authority here in Serbia, this is national regulatory authority, and that all obligations for all operators are set in the electronic communication law, and that law covers almost all that we as operators have to do. Other things that are covered by other laws you can see there, are relevant to some of us; for instance, CETIN is just wholesale operator so consumer protection law is not relevant for us and for ISPs is not relevant and environment protection law regarding EMF and doing impact studies which is relevant just for mobile operators. So more or []less, RATEL can reach to all of us and RATEL is our regulatory authority and I will now speak about common obligations of all of us.
Some first thing to mention is that electronic communication law in Serbia is back from 2010, that means it is in line with regulation of Europe yen union from 2002, partly 2008, so there are services which are recognised here on the left part are rather traditional, not new services recognised under our law.
When it comes to, when it comes to obligations, majority of ‑‑ majority of services are under general authorisation regime means me both having a licence spectrum, both ISPs don't have specific regime which is just left for mobile telco operators having GSM, OMTS and LTE spectrum.
What are the obligations? I could briefly explain just dividing them into three labels. One is we have to notify that we want to have business under general authorisation regime and we have to report we have standardised report on our services, networks and services and revenues and investments and also we have other types of reporting from time to time when rattle demands from us.
Others is obligations that we have to obey in regards to our customers, which is cybersecurity, which is privacy and which is end user protection as customers, as consumers.
And I think that the third one I should mention, especially is related to other operators that we are on the market with. Because we have to have ability and willingness to provide access services to other infrastructure to other telco operators and other operators on the market, and this is especially important for operators with significant market power. As you can see on the next slide.
So, here, from RATEL quarterly report for second quarter of this year. RATEL does annual reports and quarterly reports, some rising what is the most important on the electronic communication market. So you can see from this report that Serbian market when it comes to media content distribution and fixed broadband Internet access and when it comes to mobile telco services rather concentrated market so you could see few big players and a lot of small players on the market.
On the other hand what could be interesting for you is access ‑‑ access to fixed Internet which is more and more fibre, still ‑‑ well, unfortunately still cable and XDSL are the major ones but fibre optic is going further and covering more and more customers and customers, because of that, have a quarter by quarter better speed and they have more and more speed which is more than 100 megabits per second.
Well, RATEL performs market analysis, at least once in three years and they did it this year, and everything is more or less the same as it was, so we have mobile and fixed termination as regulated market and local access. Here in Serbia telecom Serbia is incumbent operator so it is ‑‑ you can expect that telecom Serbia is operator with significant market power. What is new is bit stream access, it's just finish market analysis and that analysis pointed out that RATEL deemed that fibre optic access should be regulated as well, it was not in previous market analysis so it was not regulated market so far. And the other thing which is important for us is that second player on the market SBB is to be deregulated according to their market analysis. So we are left with one operator with significant market power, which is Telekom Serbia; others are not regulated so far.
So, according to this you could see Serbian market is a bit kind of deregulating from time being.
Since we had pandemics and then elections in Serbia that took quite a lot of time so I think eight months we haven't had the new government and now we just got it, we have new ministry of telecommunication and media so we are expecting regulatory activity to be accelerated, especially when it comes to new electronic communications law. The law should be in line with European Union electronic electronic communications code and it will bring us with, well, strong regulated NAT neutrality instead of soft regulated as it is now. We will have more focus on broadband and on average of all territory of Serbia with the broadband service, being that ‑‑ being that universal service or otherwise, and we will have new players which are not part of our traditional electronic communications market that could be using scarce resources as numbering is and we will have preconditions for 5G like small ‑‑ speaking about 5G we have delayed for time of pandemic and we expect auction to be until the half of next year and players which are interested to participate and bid are usual suspects here in Serbia, Telekom Serbia, yet he will and A1 and apart from them SBB is the biggest player for fixed network and is interested as well to enter mobile telco market.
One new thing that we have started recently is implementation of broadband cost direction ‑‑ cost reduction directive, and ministry just started with the first draft and we expect that to develop during the next year and to be implemented next few weeks because this is really important for all of us, for using infrastructure in the buildings and infrastructure of other operators but other ‑‑ other infrastructure holders like public sector is, and to have simplified permitting system of course which will allow us to build faster our networks especially 5G network.
And one important thing for all of us as well, as I mentioned rural broadband is one of goals so the government, they have state subsidies for deploying rural broadband, first phase finished and 400 settlements, 400 rural areas already got their operators that will build last mile network and will then use, for 25 years, mid‑mile network built by government.
The second call will be almost the same, with the difference that, in the areas where nobody is interested to participate, government will be ‑‑ will build mid‑mile and last mile, last mile network, so the citizens of all areas of country could have a decent fixed broadband.
And the last one that I wanted to mention is roam like at home, since we are not part of European Union so we have had to have something parallel in the pipeline so we organised ourselves and we already have roam like at home with the western Balkan six countries and now we are doing further steps in order to decrease prices of roaming, data roaming, not all roaming, but data roaming between western Balkan six countries and European Union countries. So, I think that during the next year, our new minister of telecommunication would have rather a lot of things to do and we will be really, really busy in shaping public policy and industry politics and of course our business model to new environment, regulatory environment and then to new business ecosystem that the environment will create.
That's all from my side. Thank you very much.
(Applause)
DESIREE MILOSHEVIC: As we don't have any roaming mic, please come to the mic if you have any questions for Dragana. If not, there's none online. Acchilleas, if you can tell us if we have any questions online as well.
ACHILLEAS KEMOS: No, there are no questions online so far.
DESIREE MILOSHEVIC: Thank you once again, Dragana.
(Applause)
So our next speaker is Lauren and shell be speaking about the policy role ‑‑ policy adviser's role in routing security, so please.
LAUREN CREAN: Thank you so much. Thank you for having me here today and also thank you, hello to our virtual participants, I remember you.
So I work for the OECD for which some of you in the room I thought I'd give you a brief primer. It stands for the Organisation for Economic Cooperation and Development, it's an international organisation based in Paris, France, with 38 member countries but we are going to expand that with some accession countries in the pipeline, spanning Europe, the Americas and Asia, we look at a lot of broad policy topics and I'm not going to go into all of them but the ones I will highlight today and I work on are connectivity issues under the digital economy. We also have colleagues that work on digital security and putting those two communities together our delegates asked us to have a look at securing communication networks and through that kind of ask we recently published two reports, one on the domain name system, the security of the domain name system, which I will be presenting to you today is the other on routing security and what's the role of policy makers in that.
So, when thinking about the report, we broke it down into three main questions. The first is what is the scope and scale of routing incidents? And you have to remember that for our audience policy makers may not be aware and so what you talk about in the technical community and what policy makers that you can might not always be the same language so this report was really aiming to provide an education and informational resource for policy makers on this more technical pop I can.
The second is examining what kind of security techniques have been proposed to address them and also how effective are they. And using those two to inform, thinking about policy, so what is the role of policy makers in securing the routing system?
So I have just, we will start with when we were looking at this report first, we thought okay, well, what happens when there's an incident in the routing system? What impacts do we feel? And those are kind of best illustrated with some anecdotal evidence so I have just put 3 on the slide of pretty recent events, I am sure a lot of you are familiar with them, one is last year October 2021's outage across Meta's application suite which was an outage related to misconfiguation in the routing system and the other two relate to attackers leveraging BGP vulnerabilities to ‑‑ on specific crypto currency sites.
But of course just looking at the big headline anecdotes doesn't give you the real story. We also tried to look into what available measurement of, at a broader scale, what was the scope and scale of routing incidents, it was a pretty tough ‑‑ it was a little bit challenging just because publicly available timescale data, there's not that much out there from a perspective that you can easily analyse so I've put two here and I will caveat that with the fact that we know that we'd like more but on the left ‑‑ at least my left, you can see an annual time series trend which is a bit short that's just from BGP stream, we have the grip platform aggregated by the MANRS observatory and then also BGP stream. So one thing I want to point out especially that you can see on the monthly BGP events is the discrepancy in the two, so it's quite difficult to make any sort of assumptions about what the actual rate of routing incidents, how much it occurs globally.
So moving to the second question in this report, we talked to our ‑‑ not only our own delegates from, who are mostly from communication regulators, communication ministries, security regulators but also we have stakeholders that participate in our working parties from the ‑‑ from ITAC which is the Internet Technical Advisory Committee and we also undertook informational interviews with technical experts, I don't know, some might be in the room. I know some are here in this conference. But with that, from these discussions, we tried to highlight some of the security techniques that are being discussed by industry and the technical community and to frame them in a way for policy makers to grasp the different areas that these techniques are trying to secure, what kind of vulnerabilities that they are trying to address and they are just origin validation, path validation and path causability are the three bundles we have. We mention others, of course filtering is very important, we mention other industry efforts at an ad hoc basis.
So moving to policy. Why do policy makers care about routing security? I think first of all, as evidenced by the fact that we were asked to look at this, I think it's something that is coming more at the forefront of policy makers' minds especially as the Internet is becoming so important for the economy and society so they are thinking about how to secure all aspects of that. I will just ‑‑ I just highlighted a few here, the United States had a notice in query that was published this year in Internet routing vulnerabilities, in Sweden they took a supervisory review of five stakeholders and assessed how they were mitigating and assessing and analysing some BGP's vulnerabilities and more dated perhaps now at 2019, ENISA's seven steps to shore up the BGP.
So with all of the analysis that was conducted in the earlier sections, we thought okay, so what is the role of policy makers? What can they do? This is difficult for ‑‑ obviously policymakers are only one stakeholder and we in the report we duly recognise the role of network operators and also the technical community in developing and implementing these techniques. However we thought there was some things they could do and four stand out here, promoting measurement, time series data would be really great to better understand the incidents of routing and routing incidents and also the effectiveness of some of the techniques put in place to manage them.
Second, leading by example. And promoting the deployment, that can be through their own IP addresses or asking ISPs that carry their traffic, trying to promote best practice there.
The third is facilitating information sharing, this could be through established bodies like the regulator or certs or just acknowledging what is already gone on in multi‑stakeholder and often international groups.
And finally, defining a common framework with industry to improve routing security and this can take kind of a range of different options. Which I will discuss on this slide.
I wanted to give you some practical examples of what we see OECD policy makers doing with regards to routing security. With the first recommendation on promoting measurement we see some good practice in the United States with their NIST RPKI monitor which is really helpful, it has some nice metrics there, over time. By leading by example and promoting the deployment a good example from the Netherlands who have implemented a comply or explain framework for implementing RPKI especially for public IP addresses on government IT systems.
Facilitating information sharing, Japan has some standards that try to set forth encouragement for network operators especially after incidents to come together and share information and find causes and mitigating actions.
And finally, the common framework with industry, so this, I have put a range there and we really see this across the OECD, we see on the one hand multi‑stakeholder collaboration with government, with industry, with civil society, working on this topic. We also ‑‑ that's an example from Brazil, for instance. Voluntary guidance so standards I mentioned in Japan, that's one example. And then we also see, moving to move legal actions, but still in a kind of broad sense, Switzerland has some general security guidelines for ensuring security of communication networks and then even in Finland we see some specific secondary legislation that includes measures targeted at a basic level of BGP security.
So the main take aways of the report are we know that routing vulnerabilities are there and I think that's something that's been going on for many, many years, but we still see that incidents are happening and they affect the availability, integrity and confidentiality of communications. So they are still something to think about.
The second big takeaway is only what gets measured gets improved and the OECD has a strong focus on evidence based policy making and if there's no evidence you can't make evidence based policy making so the importance of that data and also the effectiveness of different security techniques is really integral.
We see several efforts going on to secure the routing system, but we wanted to highlight for policy makers that there's no silver bullet out there, there's nothing they could say all of network operators have to do X, Y and Z and routing security will be finished so we wanted to highlight some of the challenges in doing so especially as routing security is a collective action and requires many, many stakeholders to implement certain techniques.
And time finally the report finds there's several actions governments can do to help stakeholders to improve routing security overall.
And with that, I leave the floor to questions if there are any, thank you.
(Applause)
JULF HELSINGIUS: Any questions? We have a microphone here.
AUDIENCE SPEAKER: Kevin from Internet Society but I am also the project leader of the MANRS initiative which was mentioned there. It's not really so much a question but to highlight you were speaking about trying to get empirical evidence and measurements‑based data that we are developing or we have developed the MANRS observatory platform which I guess you probably got the data from from the report, and that's something that we are aware there are some improvements need to be made to that measurement data but it is a good starting point and does provide a lot of evidence for the state of routing security on the Internet so I would encourage people to go and look at that and use this data for this type of thing.
LAUREN CREAN: Thank you very much and you are absolutely right, I think MANRS especially the work you have done to support the group platform is really great and we featured in the report, so thank you.
AUDIENCE SPEAKER: Martin, I work for NLnet Labs. I was wondering, on your remark about data‑driven policy making or evidence‑based policy making and I was wondering if the ‑‑ I saw that the report mentions Open Source in a number of occasions. Was any regard given to or did you come across good sources of the data which would be relevant to policy makers when they are thinking about this topic about the role of Open Source? Because you have mentioned providing ‑ to policy makers and I am somewhat concerned at this moment about the visibility of the role of Open Source within this space, so maybe you have ‑‑
LAUREN CREAN: I would say that we have thought about Open Source. You don't maybe get the full picture as I presented here because we have a whole work stream that looks at securing communication networks and one that is based more broadly, actually dealing with a lot of the topics more on communication network infrastructure, not specifically on routing security, and there we do talk about Open Source, we also talk about openness more generally and some of of the other trends that are impacting communication networks that we see. So we do talk about it but not as highlighted in this report.
GEOFF HUSTON: Hi. One thing the OECD has done for many, many years is promote the idea of open markets and open and deregulated markets in order to achieve ends and they have been a champion of this. I found it one of the few things in this report that was missing was actually an analysis of the economics of routing security, because certainly from where I sit, it's an economic disaster; it's a complete failure in terms of market. No matter how hard a network operator works, they can't charge their customers more if they have spent all this money doing it and on the application we are using RPKIs, we actually don't pay any premium to have our packet securely routed because we are doing everything we want and we are not going to pay any extra. So at what point other than grand words from policy makers, do we align the market with the incentives of investors to actually achieve secure outcomes, because without that, we are going to be having this conversation years onward because without those natural incentives very little gets done and a lot of words get said and that's it, have you given any thought to that?
LAUREN CREAN: Yes, unfortunately we have thought about this, it is a problem. So I will say that we mention it a little bit in the report in the sense it's a challenge because we see that as a challenge with exactly as you said, network operators would love to do this but it costs time and money, resources, sometimes it costs upgrading of hardware and software, that is not nominal. We pose that as a challenge and you are right, it is a big one and we also talk about it in my colleagues with digital security more generally do talk about that as how do we get consumers to value digital security enough to incentivise providers of anything, because they talk about it in a more general sense, to actually ‑‑ to put money in that and pay more for it and that's not something that they've managed to do in industry. Maybe others have more, I haven't seen very many examples but yeah, I totally agree with you, Geoff, and thank you also for your ‑‑ a lot of help in the report.
GEOFF HUSTON: A pleasure, thank you.
JULF HELSINGIUS: Chris, you look like you want to say something.
CHRIS BUCKRIDGE: I wanted to say ‑‑ from RIPE NCC. I wanted to say thanks, Lauren, for coming to speak to this. As people are probably aware the RIPE NCC along with the other RIRs and a number of other technical organisations have been engaged with OECD for more than a decade now, about 15 years, through this Internet Technical Advisory Committee and this was a really good example of a paper where the OECD secretariat, the researchers came in with a draft and talked to the ITAC people especially and we did see a fair bit of fact and forth and improvement to the paper and that's really valuable, I think it makes the paper more valuable for E OCD stakeholders, policy makers and it's great for the RIPE NCC and our technical colleagues to make sure that this is correct information that's going out to those ‑‑ that audience. So yeah, I really just wanted to make sure people are aware of that, this is something the RIPE NCC is continuing to engage in and yeah, look forward to working with you in the future.
LAUREN CREAN: Thanks, Chris and ITAC has been invaluable.
JIM REID: Speaking as a private individual, freelance consultant and general hype hanger on for a long, long time. Geoff was talking before about the economic incentives for trying to things done for securing the routing infrastructure. I am going to say something very provocative here, does things like the EU NIS directive not have any kind of impact on that?
LAUREN CREAN: I would welcome your views on that. I think that's a discussion question that I would really love the views of this technical community because one thing when we were writing the report, it's ‑‑ it's a delicate balance because what we have seen is policy makers first of all shouldn't say okay you have to implement X, Y and Z because often times we hear from industry and technical community they don't really know what that actually entails, it might not be the right actions, if it's too hard line, and there has to be some sort of balance in that.
JIM REID: Yes. Seem to be some existing NIS provisions are enacted for things like DNS services so there's nothing in there where it tells the operators what software to use, if you have an outage of longer than X things will happen so maybe something along those lines rather than nitty‑gritty of MANRS or use RPKI, there's a stick that could be prodded when somebody does that. That might be an incentive, a lot of people would not like more regulation and ‑‑
LAUREN CREAN: You said it, not me, thank you very much that's an interesting comment.
AUDIENCE SPEAKER: David ‑‑ Germany. Congratulations on an excellent report on routing security and having a section on the signed Internet architecture in there and thereby acknowledging the contribution to improve routing security, a network that Swiss banks are using productively so thank you.
JULF HELSINGIUS: Thank you very much.
(Applause)
DESIREE MILOSHEVIC: So the next presentation we hope we have both of our panelists online is Lucien Castex and he is a researcher at the University of the Sorbonne and Julien Rossi, he is a colleague with university 8 in Paris. They have just published a document on the Splinternets, the EU scientific insight into Splinternets and they will dedicate ten minutes speaking to us so I hope you have some questions for them as well. Lucien, can you hear us? Julian?
LUCIEN CASTEX: Can you hear me?
DESIREE MILOSHEVIC: Perfect. Is Julian with you? You are the co‑chair for the society in Paris, in addition to being at the University of ‑‑ would you like to start or wait for a couple of minutes?
LUCIEN CASTEX: Well let's wait for one and start then.
DESIREE MILOSHEVIC: Certainly. We can see your slides and you can go ahead.
LUCIEN CASTEX: Thank you for giving us opportunity to present the study. Let me just get the slides myself. I will introduce the study quickly and give the floor to Julian to again and we will welcome questions if you have some, would be really interesting to hear about it.
So basically, as, you know, a number of recent events, technical or geopolitical, have increased concerns about potential fragmentation of the Internet. Fragmentation into a multiitude of disconnected networks, also called Splinternets, hence the title of the study. As a result, the panel for the future of science and technology, the panel from the European Parliament, asked us to study the phenomenon and to set out broad scenarios of policy for the EU to respond to the issue.
So work has been conducted into framework of the Internet and regulation research group of the centre for Internet and society which is in the CNRS in France and which I am co‑chairing with Julian. I would like to emphasise that the work obviously is a collective one and that's been done from the school of governance, Francesca and myself.
So, next slide, please.
It's been used, since access restrictions customisation for users have resulted in a number of divergencies in the way that we actually access to the Internet, with Internet content, to services that are available to users. And the fear of the Internet splintering is quite old; a number of research and policy papers to explore the phenomenon in the past ‑‑ splintering of the Internet either allowing geographical fault lines or commercial fault lines with silos and technology silos. As a process lead to landscape to autonomous Internet and break the initiative of the Internet. The aim of the study that we drafted is to truly explore the phenomenon in the context of the EU digital policy. As you know a number of policy initiatives has been developed in the EU from the Digital Services Act and markets act and NIS 2 directives, all discussed reform of geographical indications. The study also arose from several interviews of experts from private society, academia and technical communities and we also conducted a workshop with a number of experts to actually test the preliminary results with colleagues.
Turning to the European Union legislative agenda, the idea is to actually draw a line such that the phenomenon can be simultaneously a driver for positive opportunities but also a catalyst for the very same threat we identified as Splinternets.
I will give you the floor to Julian, if he can hear us to dig in a bit and we welcome your questions afterwards.
JULIEN ROSSI: Thank you for the introduction. I will give a general overview of what we did, where we started in this review and then how we concluded.
So, if we can go to the next slide, I think maybe I can do it myself, yes, apparently I can, so early in the process we were surprised to discover that Internet fragmentation, although it has been a recurring theme in Internet governance discussions for the many years already, was in a very early phase of agenda setting let's say, political agenda setting meaning the different experts and stakeholders we have interviewed did not have a common definition so you can have very strong definition that states it is when there are absolutely no possibility to communicate between two nodes of the Internet but we have decided to take the approach that the Internet was an infrastructure but also a public sphere which is enabled by the infrastructure and as such to the user being cut off from some parts of the Internet due to any reason and not just reasons which are technical at the transport layer, could be perceived as a way of fragmenting this public sphere. We identified based on the literature and discussions with different experts different types of fragmentations which are outlined in the report and which can be have different impacts and which can be due to different types of factors both, I mean, technical, political or commercial.
We looked at the EU's public policy by outlining initially three different scenarios; one was maintaining the status quo, two was embracing fragmentation, three was consistently fighting fragmentation at all costs. And because we were providing advice and expert to the European Parliament, that is to say to democratically elected officials, we concentrated, we focused our analysis on illegal analysis to see how these different scenarios would fit into the existing legal framework that the EU operates so that includes international trade law and, more importantly, fundamental rights.
What we saw is the first scenario was quite unlikely given the high number of policy initiatives in the sphere of the digital single market in the EU embracing fragmentation could lead to certain problems especially it could be conceived as a restriction to the Freedom of Information but also in the European Convention on Human Rights as also the right to access information by any means and without regards to orders.
Fighting fragmentation at all costs was also not possible given the case law of the European Court of Justice regarding the among other things, data localisation and personal data transfers and so this has led us to the conclusion that we need a framework where we can actually assess based on well known legal ‑‑ well known legal framework what kind of policy initiatives can be compatible with the European legal order and this is what has been called for a very long time now by the European Court of Human Rights the balance of interests where we look at whether a restriction to the rights such as right to Freedom of Information which supports a united Internet so whether any limitation to that right, that right to the unit of the Internet is as the court says necessary in the democratic society and this is where there is a well‑known legal methodology that we can apply and which is what we conclude in our report, basically, which is to say that the ‑‑ there are of course many different policy options that democratically elected decision‑makers can take but given the legal construction of the EU, it has to be taken into account that any restriction to the ‑ of the Internet has to be necessarily in democratic society, it has been ruled by the European Court of Justice for instance with regards to rules limiting restricting the free‑flow of personal data to country that do not have adequate measures protecting privacy rights of personal data report.
So, I think maybe Lucien you would like to add a few things, in a very short nutshell I have presented the main conclusions of the report but feel free to complete, thank you for your attention.
JULF HELSINGIUS: I guess we are now open for, open for questions. We have a question.
LAUREN CREAN: Sorry for hogging the mic again today but I had a quick question for you, I think it's easy but is your study actually available? Can you link to it somewhere? It seems like it's really interesting, thank you.
JULIEN ROSSI: It will also be available...
JULF HELSINGIUS: We don't seem to have any more questions so we thank you for this excellent presentation, thanks for being able to participate.
(Applause)
DESIREE MILOSHEVIC: Thank you very much and we will try to send a link to our members in the chat room. The next speaker is Mila Bajic, from a not‑for‑profit organisation in Serbia, deal with privacy of data and protection of users online as well as their digital freedoms. So the topic is the report of the freedom of the Net and especially focusing on Serbia to give you a bit more taste how users here experience all these issues. Mila, welcome, and the floor is yours, you have about ten minutes,
MILA BAJIC: We work on some of the main points we work on is decentralising the Internet and keeping it free and open and one of the biggest things last year and this year doing freedom of the Net report, the last year was the first time and it was actually the first report that is kind of based in the western Balkans so it was pretty much ‑‑ it was a big deal and we just concluded the second report that spanned from June 1st 2021 to May 31st 2022. So, pretty much I think what would be interesting to mention is that, so this is ‑‑ so it's a freedom house‑produced report, the freedom of the Net report and it kind of goes through, it's a comprehensive report which ranks countries in order to see the ‑‑ determine the freedom of each individual country on the Internet. So currently in Serbia we are within the free category but I think it is important to mention that we are kind of on the threshold of going from free to partly free and there's a couple of reasons for this. The report is structured in three main categories and the first is obstacles to access and the technical capabilities and infrastructure limitations.
The second is limits on content online which is self‑explanatory. And the third one is violation of user rights which is actually the category where Serbia does lose the biggest amount of points, so I would kind of focus on going through this category and specifically talking about three indicators that kind of talk mostly about the ways in which Internet service providers and telecommunication companies and also the government itself has access to users, users' data and is it protected or not. I would start with saying the good news is that individuals in Serbia are not required to register with the government for uses of on‑line services, and that Internet service providers are largely decentralised in the country still so that's the good news but unfortunately, the not so good news when it comes to State surveillance of Internet activities telecommunications companies are obliged to retain communications metadata and there have been instances in which we have logged that, authorities have accessed this information through dubious legal means. What we have been doing in Share Foundation even prior to doing the freedom of the Net report is we have been kind of working with the commissioner for Freedom of Information and we have been exchanging the reports that the commissioner has been doing on a yearly level and kind of trying to see how many ‑‑ I am sorry, I forgot the word ‑‑ how many times there have been requests for access for information from telecommunications companies within the country, so an interesting thing that I would like to point out, when we were looking at Telenor's database which is now YETL, we saw that between March 2011 and 2012 police directly accessed more than 270,000 kind of ‑‑ had more than 270 thousand requests for access to Telenor, that is YETL's database.
And when it comes to data from 2020 which we worked with in the first freedom of net report, we saw that Telekom Serbia, which is the main operator that is kind of partially State‑owned received 1417 official access requests from the authorities. This was followed by YETL which received 422 and A1 Serbia received 122 requests. What is interesting to point out is that when we were independently a Share Foundation doing this research on the ways in which state authorities can access information from tell companies we saw there's an application for independent access which means these organs do not need to file a request ‑‑ an official request in order to get this data but they are kind of connected to the infrastructure of the telecommunication companies which allows them to just directly access the data itself. And it's a worrying trend because we have seen that as the years go by, these reports, these comprehensive reports that these companies should be submitting to the commissioner are kind of getting less and less, how can I say, comprehensive but they are, some of the telecommunication companies are just actually not even submitting them to the commissioner so we can't have complete information on what the amount of access to data that is ‑‑ that is being accessed by the commissioners, I am sorry I thought there was going to be a lot less people so I wasn't prepared for a crowd this big.
Anyways, I think I would only mention that one of the good things, one of the saving graces is Serbia does have a lot on personal data protection that is kind of aligned with the GDPR, which is pretty much word for word copied into the Serbian legislation and it has been in effect since August 2019 and the other thing that I would mention is the commissioner for information of public importance and personal data protection is very open to cooperation and we have had, as the non‑government sector, we have had very good cooperation with him and we were able to get information from him but also get him on our side when we were trying to lobby and advocate for, for instance, in these specific cases, for requests and access to citizens' metadata but I think there's still a long way to go because these questions are still not kind of in the public eye as much so it's very hard to kind of explain to people why they should care about this.
So, tentatively, we are on the ‑‑ in the category of free Internet users but I think it's a very slippery slope and thankfully now that we are doing the report we can kind of see what's going to happen in the next couple of years.
I think I would stop there and then if there are any questions, I'm here, thank you.
(Applause)
JULF HELSINGIUS: Somehow this group always seems to deal with topics that are slippery slopes. Questions?
RUDIGER VOLK: Retired. One thing I wonder, it's great to hear that say GDPR is kind of mirrored. A thing that seems to be not really that clear in the EU is the control of access to metadata, though the European Court has slapped say the German government or legislature on a couple of times on attempts for grabbing metadata and I wonder kind of how you would guess the metadata control here compares to you would expect from essentially the EU legal system going up to the court?
MILA BAJIC: That is a tough question. Unfortunately I am not a legal expert of of any kind so I can give you my amateur point of view but I do think it's very tricky because in the countries I already mentioned when we were doing our research which we did in 2015, we thought that there were multiple avenues that the State would take to kind of access metadata which weren't even ‑‑ which didn't need any kind of court process or submitting any kind of requests for access. So, I think it ‑‑ here, it would be very hard to even try and kind of argue with because there's no precedent that allows us because we have seen that actually not just metadata but also text messages of journalists have been leaked, they have been put into tabloids and it's very clear where they are coming from, but nothing is being done to kind of curb it, so I think there's a long way to go.
JULF HELSINGIUS: Thank you.
(Applause)
DESIREE MILOSHEVIC: The last two speakers are Bastiaan Gosling who is here with us and Chris who would tell us about UN developments so get ready for the questions.
BASTIAAN GOSLINGS: I joined the RIPE NCC public policy and Internet governance team in April. This is my first RIPE meeting as a RIPE colleague, so thanks for having me, I am very happy and proud to be on stage. Also I feel very honoured to have been given the opportunity to summarise once in a four‑year event that lasts three weeks and a couple of thousand government officials come together to negotiate.
I will attempt to do so in 15 minutes and I think we are nicely on schedule so that should give us some time for Q&A.
So just to start off, why the ITU?
I just want to, this has been shared before in other presentations but why exactly do we engage with the ITU? And how do we do so?
Well the ITU is international telecommunications union, that's a United Nations agency, involved in tell communications which obviously also includes the digital sphere and the Internet, and that also then touches upon the business that we as an RIR are into. So our objectives is to complement the ITU and the work it's doing but keep an eye on the fact that it continues to stay within its mandate and cooperate with organisations like the RIPE NCC but does not get involved in the actual work that we are doing or try to take it over. The ITU is not the place to develop Internet standards. Combined with that we are very proud to convey the message and share with governments how we development policy within the community, the multi‑stakeholder approach and combined with that supporting the open Internet model. And obviously we share the technical details of exactly what we do, what is within our remit, the technical functionalities that the RIR system performs on a global scale. We do so because ITU main consists of Member States by sharing technical expertise with Member States.
In order to participate within the ITU you need to be some form of a member, well the RIPE NCC is not a Member State but we do have the opportunity to be a sector member. We are a sector member of both the ITU‑T and ITU‑D, the ITU‑T is involved in standardisation and ITU D involved in development and the way that we contribute to discussions is to be part of regional coordination groups, there are a number of study groups, I mentioned a couple of examples but they are more popping up, that we can contribute to a number of major conferences. Since Covid we had a few big ones one of which be talking about and there's some informal expert groups and where applicable we can contribute to those.
The Plenipotentiary 22 meeting, just to frame what this type of meeting is about, as I referred to briefly in the introduction this is held every four years. It's a main decision body, the Plenipotentiary conference of the ITU. It determines its overall directions. Four year strategic and financial plans. And combined with that, during this meeting the senior management positions are filled, people are elected amongst others, the secretary general and deputy secretary general, thousands of government officials come together from 193 Member States, if I am not mistaken, including ministers especially in the beginning of the conference participate as part of all the ceremonies that take place.
Many things are discussed there, amongst others a huge pile of resolutions, a number of which we tend to call so‑called Internet resolutions and I will be focusing on later where we participated in.
The negotiations that take place at a conference like this are between regions, it's most effectively to try and see if you regions can come with common positions and bring those to the conference in order to talk to other regions but also Member States in individual basis can submit proposals.
For the 22 edition that just took place, that was from 26th September up until 14th October. It took place in Bucharest, in the famous big parliament building by now, and basically it's not set in stone but the structure is more or less as follows: The first week, the elections take place at the end of the week, there's a lot of lobbying reading up to the elections themselves and a lot of networking involved, a lot of countries that are providing candidates organise receptions and coffee moments and lunch so I am guessing the colleagues who have been there during the first week must have had a great time it, I was not there.
During the second week, and in this case in practical it started a bit earlier but to give it some form of a division, during the second week so‑called ad hoc groups are formed, and those are the groups where the actual negotiations take place with regard to the resolutions. And the idea is that consensus is reached within a certain time frame and texts are finalised which then can be agreed in the Plenipotentiary plenary meeting.
So the idea is then in the last week to actually finalise all the ad hoc work, get agreement on text and they can be rubber‑stamped and agreed upon and we can celebrate we are finished and done, agreed upon and can look forward to another meeting in four years' time.
In general terms if there are disagreements and no consensus is reached, and we can all agree we don't reach consensus that means no change to text.
So leading up towards the conference itself, you have a three‑week peak of all these sessions there's a lot of preparational work leading up to those. The regional deliberations, I referred to to the fact that a lot of work is done within regions. We as RIPE NCC participate, at least I and Suzanne participated in the European region to work on Europe common proposals, Shafiq and others worked with the Arab states when they determined their regional propositions but the same happens in South America, North America, Asia, former Soviet Republics, they all come with with their proposals. These proposals have to be submitted before the conference there's a deadline for that and that gives you the opportunity to prepare for the negotiations because you can see what the other positions are and you can see what the gaps between our position and the colleagues' position, how can we define a negotiation strategy and what is our bargaining position and what are we prepared to give up in order to gain something else. In our case the RIPE NCC was not the only Internet present. The other RIRs had colleagues there, ICANN as well, ISOC and these are enters that we prepared leading up to the conference to share knowledge, experience, expectations, a number of them the other RIRs especially working within other regions could give us Intel with regard to what was happening there and we could do the same for the European region, for instance.
We have the ad hoc groups based on themes, I referred to the Internet‑related resolutions, those were the folks point for us because topics that are discussed in those potentially affect or directly affect the RIPE NCC RIR system, the RIPE NCC's business and just to be clear we are a sector member, I referred to that so that in this case means we cannot negotiate ourselves so we can be there and provide technical input and informal meetings we have a voice and can say something, we cannot vote and participate in the negotiating of the text.
We have all those regional positions made from other countries as well, single Member States and everything is put together in huge documents so you can see all the different proposals and actually what is done within those ad hoc groups through all those different proposals step by step people get the opportunity present their position and others to argue against those or support it, very time consuming and wordsmithing and it's extremely so different as opposed to what you normally are used to but the idea is that text we cannot agree upon and we can at least agree upon the fact there's a disagreement, you agree on that and existing text remains and it's very nice to see if people do agree upon new developments which deserve new text and we can say add that to those resolutions.
Besides the groups where these texts are negotiated and these sessions are also like online, available for people to follow and to participate in there is many, many informal one‑on‑one sessions in the corridors, in the hallways, but also sometimes organised if agreement cannot be reached between certain parties within an ad hoc group the Chair will say can the regional coordinators come together the two of them or three of them and these and these points can they talk about that in the hope that separately they can reach consensus and bring it back to the group again.
We had a number of WhatsApp groups with government officials on them and RIR colleagues depending on topics, a lot of traffic there, also during sessions to keep each other aware of what's happening.
So the Internet related resolutions, I just took out because there are more, I took the most relevant and obvious ones to us, and I put in the slide back that's available for download obviously, not only my notes are in there but there's more detail on the specific resolutions and text and links if you really want top see the actual resolutions and the final acts, everything that was agreed upon, you can find it there. I don't have the time to go in that now. But the resolutions you know that we were more closely following were Internet related Internet protocol based networks, those that had relations to either the domain name system to a lesser extent but for us the IP addressing distribution system, those were particularly relevant to us, also in terms of the ITRs discussions, are we going to organise a new world conference on international telecommunications, a new WCIT or not those were kind controversial, 180 with regard to IPv6 and the transition so‑called transition of IPv4 to IPv6 that was a very important one for us as well.
With regard to a number of controversies and I put them together a number of them you will see are enclosed in more than one resolution, but I want to start off here in terms of what can we agree upon and only the controversies, I think that one of the the things the ITU is focused on in these area is to see to it eventually everyone can get an Internet connection which is framed as connecting the unconnected, of course if you see the amount of people are on‑line it's amazing what happened in those decades but there's still billions of people who do not have the opportunity use these services and not on a daily basis, I think we can all agree upon to see more people get connected. And obviously the ITU is one of the oldest UN organisations as far as I know and it is an important a role to play and it's very beneficial that they can operate with the other Internet organisations. A lot of Member States are not aware of a regional Internet registry or what another organisation might be able to do for them, by default go the ITU and it's very helpful if ITU can link Member States to Internet registry to help operators can IPv6 address space for instance, people don't know with the talks ‑‑ how the policies work so they definitely have a role to play there in cooperating with others. Helping Member States and in terms of pointing to best practices information that is available in data and also getting to see how can data be made ‑‑ turned into useful information. But what does that mean, in practical terms what is the ITU going to do, how does it translate into a mandate in a fitting role within the entire ecosystem and it becomes controversial in terms of what is the limit or the mandate of an organisation like the ITU and what should the resolutions call for. One of the things ‑‑ it's in 101, 180 as well, I think also 133, the position of Internet organisations like RIRs, in the existing text we will refer to in a footnote, certain countries our regions for the fact that should be more prominent, be visible in the main text, others obviously said these organisations should be removed entirely from the text so that was quite a heated debate. Related to that, the reason to ‑‑ as it stands in existing text for the ITU to cooperate with these organisations, is actually to increase the role of Internet governance so of course obviously countries that will say we don't want top increase the role of ITU in Internet governance. The council ‑‑ a Working Group within the ITU that determines what the direction is of studies and other work that is done in Internet‑related areas, only accessible to Member States, there's an option for others, other stakeholders to provide input during a consultation but at the end of the day it's Member States and this proverbially we would like to see opened up, other stakeholders, that was quite a heated discussion as well.
I have referred to the ITRs, a number of people think we have been debating this back and forward for years, it's not going anywhere, let's get rid of it, no need to change the ITRs, others disagree. What end up in summary for a number of resolutions.
Resolution 1 actually, nothing really changed. No additional remit for the ITU in IP‑based networks.
Same thing for 102, mostly no change. There was some additional language with regard to sustainable development, best practices, the role that the ITU could provide there in terms of information sharing, fostering cooperation, all these nice things they ended up in there so that's probably a good thing.
There was a bit of a weird discussion with regard to 133 internationalised domain names, countries were arguing for statements and text actually they didn't even really know what the term meant or what the term universal acceptance stood for so that made it kind of a blurry discussion. Anyway that didn't lead to anything, there was no consensus there either, that meant no change. Some new text and then explicitly also calling for ICANN activity to be reported more explicitly to council, there's an ICANN liaison towards the ‑‑ start reporting better, that makes sense.
Resolution 180, no real change there either. But it's probably a good thing that we decided to ‑‑ the consensus was to get rid of adopting ‑‑ of IPv6 and facilitating transition to IPv4 ‑‑ from IPv4 to IPv6, so the title of the resolution changed to promoting deployment of IPv6, some new text, very benign. All in all, I think quite good.
Essentially, we were concerned and that's the attitude you have when you go in there but yeah, I think at the end of the day we can be happy no, no fundamental changes. A number of countries explicitly this is going to come back, we don't agree, we wanton renegotiate it during the next Plenipotentiary, OK. Fine, we have something to look forward to. Maybe the idea that new IP or IPv6 plus related topics would be put on the agenda, would be discussed. Not explicitly, but that doesn't mean they can pop newspaper study groups which they to some extent are already doing. Think of study group 5. And we made ‑‑ I think ‑‑ not we, I think it's somewhat of a compromise with regard to the referral to the Internet organisations, there's no change there, they didn't end up in the main texts of the resolutions. And the same for council Working Group on Internet it's still only accessible to Member States and other stakeholders can provide input during consultation.
On a high level, that was my overview. I hope it's useful. If there are any questions, I am available.
JULF HELSINGIUS: I think we will leave the questions until Chris is done.
BASTIAAN GOSLINGS: That makes sense.
JULF HELSINGIUS: Go ahead, Chris.
CHRIS BUCKRIDGE: I am just waiting for the slides to go. So thank you, I am going to keep this very short and encourage you to all have a look at the slides, I don't have many slides but there are ‑‑ there are three slides that I could speak to for five minutes or speak to for half an hour very easily.
The IT touch. Is a UN agency even though it predates the UN itself. But it's just one part of the UN that's involved in Internet governance and in some ways a lot of the agreements, the refusals, the refusals to comprise that take place in ITU make sense in the context of this larger UN discussion going on about Internet governance so I wanted to make a couple of points here because I think the real key takeaway I want now is not the moment to take our eye off the UN, this is a really significant couple of years in terms what have UN decisions might be made about Internet governance or what the UN is more commonly now referring to as digital cooperation. So digital cooperation it's a really high priority for the UN. That has become very clear in recent years, you will see in the next slide some evidence of that. But what it's resulted in a lot of different activities and initiatives taking place across different UN agencies and bodies, a lot of the time not always very well coordinated and that's hampering particularly the ability of non‑State stakeholders like ourselves to really effectively engage there, because the full back position for a lot of UN participants and Member States is that multi‑lateral negotiation which kind of shuts out non‑state actors like technical community, like civil society.
The real key event I would say we are looking to which takes place in 2025 is the 20‑year review on the world submit of the information society. The reason I think this is so key, Bastiaan mentioned ‑‑ there are very few things as powerful in the UN setting as previously agreed language. I think Bastiaan made some reference to that in the ITU Plenipotentiary setting where if you can't agree you go back to the language you agreed last time. At the WSIS event in 2003‑2005, they produced what's called the Tunis agenda, one of the agreements was support for a multi‑stakeholder approach to Internet governance. And in so much of the participation and the engagement that we have had with governments, with the UN, we looked back to that agenda and say you agreed that multimulti‑stakeholder is the way to do Internet governance, we are going to hold you to that. A 20‑year review on that actually allows for opening up that commitment, reevaluating that commitment and I think there is a possibility that there will not be the solid commitment to a multi‑stakeholder approach that we saw previously, so making sure that that survives this WSIS plus 20 is really important.
Across the UN we are seeing geopolitical tensions play out particularly in the case of Russia and its engagement with UN, we saw it in the ITU, we are seeing it in a number of other UN discussions and that's definitely flavouring the negotiation and the discussion.
But what we are also seeing is a lot of people pushing for opportunities for non‑state actors to contribute and I think the really key thing is we need to seize those opportunities because we are not always going to get them and yeah, we need to take that opportunity.
Sorry, are you all on slide 2 now, I am hoping my slides are changing now. I am not going to explain everything here. What I was trying to do with this slide and if I had a little more time to explain is look at some of these new activities, developments, processes that are spinning up in the UN, we are seeing this come to the office of the secretary general and come from the general assembly, so that IGF we talk about a lot, that is one cog in a much, much bigger machine and the relationship between all of these different parts is often very unclear, particularly with most of them as you can see here having spun up in the last year or two. But we are moving towards that WSIS plus 20 and towards something called Global Digital Compact which the UN secretary general has asked the UN Member States to agree. So last slide here and I can let you all go, one thing I wanted to highlight is that there are opportunities for us to engage and as I said we need to seize those opportunities. One is relating to that Global Digital Compact and the office of the tech envoy, which is a UN office recently established has an open consultation on that seeking input from all stakeholders on what should be included there so I would encourage you to have a look at that and see if there's a possibility to provide some input. There is an ad hoc committee which is working to draft UN cybercrime convention which is going to be a big deal if it makes it through and there is an intercessional event happening on 4th November, so next week. If you have a chance to follow that one of the areas of discussion there is the role of the private sector in fighting cybercrime so that's talking about expectations, obligations on private operators that may be agreed at the UN level here. And the final thing is the IETF MAG Working Group on strategy, I am co‑chair on that, is currently developing an IGF action plan for WSIS 20 so what that community feels needs to be highlighted and prioritised. We have public calls every two weeks, that link will take you to sign up to the mailing list and, yeah, please reach out to me if you have any questions about that. That's my presentation, I don't know if we have time for questions but I will throw back to the Chairs. Thank you.
(Applause)
JULF HELSINGIUS: We now have, do we take questions and get told off afterwards for running over time or not, I think we are okay with a few questions.
JIM REID: Hanger on and frequent attender. I don't have any any questions for the comms team. First of all, we should all be very, very grateful to Chris and his colleagues especially Suzanne and Bastiaan for the great work they have been doing especially at Plenipotentiary in the last couple of weeks there, it's a thankless job and very important that the Internet community is represented somehow at these meetings and our voice is heard even if has to be relayed through cooperative and friendly Member States as it happens at Plenipotentiary. You do a great job and I think it's under‑appreciated by a lot of people so hats off to you.
(Applause)
JIM REID: The other quick point I wanted to make was in relation to Plenipotentiary the elections of the new officials for the new secretary general so she has been involved in the former development of the development sector, she is a US citizen and I think we are going to see much more cooperative environment coming out of the ITU than we have seen in the past now because the previous regime seemed to be more interested in trying to encroach on the territory of the Internet and I think that will change, we will need to say but I think this sounds encouraging.
MARTIN WINTER: Speaking for myself. You talked about the different resolutions and basically about no changes done so it seems to be no changes impacting at least this community. I am more curious after discussions which went on which didn't get through this time but at the risk the next time this happened may have an impact to us.
CHRIS BUCKRIDGE: I don't know if Bastiaan is there. One thing I would say, there's a bit of discussion about the fact that the OTT resolution in ITU was no change this time and that's a good thing. But I think thing there thing with that is that the OTT resolution is very much related to that idea which first came through, not first came through but came throughout in the WCIT conference in 2012 about the sender pays model and that actually we have seen that kind of proposal now coming back as Julf mentioned at the beginning so it's perhaps a case of energies being diverted away from let's try do in the ITU to in the European Commission and elsewhere around the world so I think it's good that there are ‑‑ a lot of these issues didn't ‑‑ were no change in the IT touch. It doesn't necessarily mean the danger is gone or the issue itself is not still live and being played out elsewhere.
MARTIN WINTER: Thank you. The report, the resolutions I was trying to get them online with the remarks unless you are sector members you cannot get them. Is there any chance RIPE can make them accessible to the community
CHRIS BUCKRIDGE: I was saying in the chat there is a full and final acts restricted now but it is restricted because it's only provisional, I presume that means there needs to be a final sign‑off from some state but the final acts will be public at a certain point.
JULF HELSINGIUS: I am closing the queue after Maria.
AUDIENCE SPEAKER: So I think that our community is grappling with something that is called, I called it ITU scare syndrome and since I started my career and that's a long time ago, I was young and I am now in my late 30s, we were scared that the ITU is going to come up with some resolution that's going to one day affect us in and and affect the Internet and every time that there is a meeting coming up we are ‑‑ we are hypothesising about all these risks that we are going to lose the governance of the Internet to this financially unstable Euro machine and that has not happened. So, I just ‑‑ I think that in the future and I'm not saying that we shouldn't participate but I think that in the future we need to have some criteria or yardstick of how we are like making changes and in ITU or if we should pay attention and in what areas we should really pay attention and what the effect of this participation really is. So that we can make it evidence based decision whether we should pay attention to this institution ‑‑ to this organisation. Thank you.
CHRIS BUCKRIDGE: I do think there is a case that we need to manage expectations with the ITU and with the processes like this Plenipotentiary. The example I would give there is, the success, the big success that happened 12 years ago and it's still talked about is getting the mention of the RIRs and ICANN into a footnote in these Internet resolutions. Now that's ‑‑ what is that? That's nothing. It's a footnote, would it change the work that any of us do if that footnote wasn't there? Probably not. But I think there is a need to particularly for those who are used to the mindset or the paradigm of developing RFCs or technical policy, diplomatic agreements like the resolutions agreed at the Plenipotentiary are very different, it's just a different ball game and I think we need to measure the impact, the significance quite differently than we do in looking at say a RIPE policy document.
RICK NELSON: On resolution 206 there was verbiage about fraudulent use of OTT applications that impact the revenue of operators. Was there any clarity as to what exactly that means?
JULF HELSINGIUS: Bastiaan, do you want to try to answer that one?
BASTIAAN GOSLINGS: That is not tax ended up ‑‑ that did not end up in the resolution. What does it mean? This basically comes from ‑‑
JIM REID: It's over the top ‑‑
BASTIAAN GOSLINGS: Sorry, my apologies. Over the top services.
RICK NELSON: Much. The question wasn't about OTT obsolete telecom term, it was the words "fraudulent" and "impact the business".
BASTIAAN GOSLINGS: This boils down to lots of revenue for traditional telecommunications services ‑‑ that's where it came from and they called that fraudulent.
Rick Nelson: So what's happened is fraudulent?
BASTIAAN GOSLINGS: You manage to convince your Telcos that this is fraudulent and regulate it as such.
Rick Nelson: Is this abuse or applications ‑‑
BASTIAAN GOSLINGS: Thank you for taking note of this.
JULF HELSINGIUS: My take on it it is abuse, it's abuse of legislation.
MARIA HALL: I am part of the secretary board but also here talking in my own capacity. I want to say as I have been to this ITU meetings and these text ‑ exercise that could end up in a success with a footnote, it's a lot of work, so you are putting a lot of work and I just want to say thank you so much, it's important, not only RIPE NCC I know other persons from the technical community taking part and contributing to these discussions and these text ‑ which is very important and so thank you for very much for that and I want to thank the co‑chairs for the Cooperation Working Group for having these sessions to be able to have these discussions between the technical community and the players and the governments and so on. So keep up the good work. Thank you.
BASTIAAN GOSLINGS: Thank you very much.
(Applause)
JULF HELSINGIUS: We went 15 minutes over time, so that's life. Thank you, everybody, and see you next time.
LIVE CAPTIONING BY AOIFE DOWNES, RPR
DUBLIN, IRELAND