IGF 2018 - Day 3 - Salle III - WS369 A BRIC hit the Web: Finding patterns in digital policymaking

The following are the outputs of the real-time captioning taken during the Thirteenth Annual Meeting of the Internet Governance Forum (IGF) in Paris, France, from 12 to 14 November 2018. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



     >> MODERATOR: Good morning, everyone.  Good to see everyone here on the third day, still fighting for Internet governance.  Is this reporting just fine?  Perfect.  It is. 

Well, I would like to thank everyone that made an effort to be here on this panel.  It is not easy to assemble such a diverse panel.  It is great to have everyone here.  This is an exploratory session.  We want to have a discussion, more than anything, see where we're coming from.  So where are the positions of the BRIC countries coming from?  We want to have that sort of discussion so we can try to better understand each other. 

And the way we'll do this, we'll go about, first, doing individual expositions, small ones, in which we will just discuss a little bit about our views on the sovereignty and internal policies of the countries.  And secondly, a debate on what we feel is the future of the cyber presence.  It will be fairly structured that way, but in the same time, we would like to invite if the debate portion your participation.  It is very welcome.  So with no further ado, I would like to have as our first speaker, Dr. Luca Belli, he's at the Fundacao Getulio Vargas Law School.  And he's starting a BRICs project now.  If he wants to put in a little word about that before his exposition, it would be a great pleasure to hear about it.  Please, Dr. Belly.

     >> LUCA BELLI: Thank you, Mark for putting together this panel and choosing this timely topic.  It is great to see, and politically speaking globally, the evolution of the first decade of the BRICs and what could be the evolution of the BRICs in the next decade.  IE, that is one of the reason, actually, why we decided to start this project called cyber BRICs.  If you are on Twitter and you look for the hashtag cyber BRICs and you will find out that we have a call for applications for researchers.  I'm hiring five researchers, one for each country to assess data protection and cybersecurity frameworks in the BRICs, which are some of the most important topics in the BRIC ‑‑ not only the political agenda of the BRICs, but for the development of e‑commerce and trade between BRICs and most have been either studying or approving translation in the protection over the past couple of years.  And the cybersecurity is not only a threat, but also a national product for the majority of them.  For instance, if we take the case of Brazil.  Brazil is very interesting because it is ‑‑ I think the only country in the world where the number of victims is as high as number of hackers.  Usually you have attacks coming from or targeting a country.  Brazil is super interesting because they're the only country where you have a lot of attacks and a lot of victims. 

I think it is primarily due to the fact that Brazilians are ‑‑ have adopted a lot of digital technology but still literacy level and digital literacy level are very low.  But there is a very young population that is interested in using technology and also hacking technology.  Which is kind of interesting.

Just to give ‑‑ I promise Mark I would give a brief overview of the Brazilian scene.  So just to set ‑‑ so that we are all on the same page.  Brazil is a republic, presidential system.  It means that the president is elected for four years, chooses ministers, and the role is elaborated by the Congress or the government steers policy.  Since the '80s ‑‑ 70s has tried to be autonomous in terms of the digital sovereignty difference, in terms of the national computer developer, cobra, (speaking non‑English language) to develop national hardware.  And that this became a little bit unsustainable when Brazil joined GAT and WTO in the '90s, the (?) was open and it was not sustainable when the product were performing and actually much cheaper.

With regard to data protection and cybersecurity, those are the things I guess we will discuss, those have been themes really dear to the Brazilian government and specifically in foreign policy, Brazil together with Germany was working with the main sponsor, the famous recommendation on the privacy in the digital age, but at the same time, there was the part of having been ‑‑ having (?) lobbying more privacy abroad, also primarily due to the Snowden revelation that targeted the Russian and Brazilian government.  But there is not a data protection legislation at home.  That has been discussed for almost nine years.  And finally, it has been approved in August.  But whether it is approved or mutilated.  (Chuckling) The reason why I mention before it is a presidential system is that to understand that although approximate is developed by the Congress, the one who poses the signature is the president that can also veto some norms.  For instance, the current framework ‑‑ not each current, the one that is adopted but we're entered and forced in 2003, there are sanctions that are not signed by the president.  And those are critical provisions.  It is the creation of data protection authority, which is essential to interpret the norms.  It has been sanctioned.  So far, it has been promised that an authority would have been created.  It is mentioned 50 times in the law to make you understand it is critical for law and for the implementation and also the correct interpretation.  Not only implementation.  Uniform interpretation.  In Brazil, it is a wide area with wide, very diverse thinking in terms of political thinking.  You may understand it could be interpreted in different ways, it may lead to several judicial problems.

The lack of this authority really at least makes us question how efficient would be this law.  And really lowers down the enthusiasm for having this new law, knowing it is a highly ‑‑ so far, it is highly unlikely that it will be correctly implemented.

Just to finish, a couple of words with regard to cybersecurity, there is ‑‑ the reason also why cybersecurity framework is not really ‑‑ I'll say, it is not really the best practice that you can find is ‑‑ I think on the one hand, it doesn't really ‑‑ it is not a deterrent for people that want to invade another system.  Because the sign you have may be increase from 3 to 12 funds, which is not really deterrent if you know you may gain from a single cyber attack sufficient money for leading five years.  If you have an honest job, you will find ‑‑ you will gain probably two or $300 a month.  So it is not a deterrent.  On the other hand, you have ‑‑ the reason why I say it is not really the best practice you can have is the majority of the cybersecurity is coordinated by the military.  Although this has been a necessity, let's say, due to the series of mitigated events Brazil had to face and we had to implement this kind of ‑‑ at least some kind of digital defense mechanism. 

My opinion, there is not a sufficient overview from the bodies and the legislator that should have more overview and a higher possibility to assess, not only which kind of activities are enacted but also how they are implemented.  And with this, I just close my remarks.  And let you moderate.

     >> MODERATOR: Thank you, very much, Luca.  It was very interesting how you recall that Brazil made a big push for national production of computers for a while there.  And that kind of fizzled out.  But now I think the country is making a big come back in terms of software, you see a lot of development on that view.  It does seem that even though the hardware side of it did go a little under, it is very promising on the software side.  To continue this position, I would like to follow the BR order.  We have Ilona Stadnik, the co‑proposer of this panel, has been an incredible, incredible help.  She's Internet governor researcher at the Saint‑Petersburg State University and currently visiting at the Georgia Institute of Technology.  Ilona, if you could give us an exposition about the Russian views are, please.

     >> ILONA STADNIK: Thank you so much.  Thank you for having me here.  Today, I will talk about economic dimension.  Because I think everyone in the room is pretty much well known about the Russian cyber powers, especially offensive ones.  But actually, I want to draw attention what is happening inside the country regarding the digital economy and digital policies and the whole.  Because I think it is pretty much escaped in the mass media coverage outside of our country.

Basically, I must say that the government was not so pretty much interested in Internet until 2010.  10 or 11.  There were different triggers for that.  I don't want to stop here, but since 2011, 12, 13, 14 government, governments start to start to cover the data protection.  So maybe pioneers before the emergence in protecting the personal data of our citizens.  The digital data.  Maybe it is the worst thing because our regulation is not so perfect, still.  But until 2015, there was no kind of digital economy topic inside the government.  And on that year, I will have a big conference called Internet economy.  It was kind of a signal because the ‑‑ among the attendance is our president, president Putin.  He literally said it is time for government to think how to regulate the digital economy in order to not be leave behind the most developed countries.  Because Internet has big potential for economic development.  And since that year, we have established the institute of Internet development.  Basically, it was a platform for people from the industry who is inside the topic of different sectors.  And there was a dialogue between them and the government authorities in order to elaborate steps of what should be done in the different sectors.  The next year, 2016, you have plenty of conferences.  So basically, they were designed like this.  They were called Internet plus, and plus sovereignty, plus medicine, plus education, plus smart city, plus finance, plus media.  And the outcome of all these events, they also get industry and government, people who is responsible for the areas.  It was the creation of the national program called digital economy

It was started in 2017.  We had a special autonomous noncommercial organization called digital economy, too.  It was very unique in its creation, because basically, it was pretty much multistakeholder.  And so the main idea was that this organization, it has several ‑‑ several fields.  It was stuff in education, information infrastructure.  Information security.  Information 20.  Some regulative ‑‑ regulatory developments.  This was special groups comprised of big businesses and representatives from the government. 

So basically, they were ‑‑ the business was defining the strategy.  How this national program should be implemented.  And the government on each side was just approving what should be done.  And process the actual regulation.  Still, the developments undergoing, and for this year, for 2018, the governments leveraged the status of the program.  Now it is national white.  And it causes some drawbacks, actually.  Because now, the government said that business has done its part.  It is okay.  We define understand the strategy, what should be done.  But now we should turn ‑‑ we should pass the (?) to government, to industries in order to coordinate how the budget funds should go for the authorization of the program and also how the external investments should be also spent on this.  And now, our expert community said that business is kind of done to understand what is going on and what is his role now.  But still, we have an interesting novelty.  Each will have its own minister for the international program.  Maybe I should stop here, because we have other questions regarding the data security protection.  Okay.  Thank you.

     >> MODERATOR: Thank you very much, Ilona, it is refreshing to hear about the Russian perspective, not coming strictly from what we usually hear in the media.  This is actually very valuable information, especially considering cooperation.  It is quite, ultimately outside, it looks very complex.  So I think this debate does help very much in intervention. 

Going on, a very big person and I will summarize the key points.  Dr. Govind served in the Internet of India and has a vast history in the positions of the department of I.T.

has been a key player in the deployment of dot‑IN.  It is an IPV6 deployment, and all kinds of great things for the Internet.  It is a great pleasure to have you here.  If you could give us a few words about India.

     >> DR. GOVIND: Thank you, thank you for giving me the opportunity to speak on this big panel.  I would like to take you to the India stance on the digital footprint in the sense that India is very much in the India program for making digital infrastructure as a utility to every city, governance and services on demand and digital empowerment of cities.  Some numbers, like we have a 1.5 billion mobiles right now in the country.  1.2 billion unique identification number, which we have inside, the name is (?).  And we have 500 million Internet users, again, only after the China.  And we have this year there is a hundred million directions, the digital dissections.  You can imagine the kind of numbers we are gaining year by year.  The push the government is giving to the digital empower, directions and infrastructure.  The mission is to (audio skipping).  Promoting the inclusive and ‑‑ of the I.T. services, India the main software ‑‑ global software provider for the various companies, more than 3/4 of the fortune 500 companies have a footprint in India.  Enhancing the role in the government discussions, developing a multiprong approach with human resources, promoting innovation and efficiency in the digital services and a secure cybersecurity.  You can see how the government is working and now we don't want ‑‑ with the digital revolution, like the Industrial Revolution we missed earlier.  Government has revised the digital ‑‑ reaching out through digital means is the only means now to reach out to the have‑nots in the population of the country, which is a huge number. 

Digital India is a program to prepare India for the knowledge base.  It brings together huge number of thoughts for each seen as the larger good.  All kinds of industries together, agriculture, finance, industry, commerce, legal, so we have a very cooperative organization to work toward the digital focus.

It is to realize I.T. Indian talent and I.T. information technology, which is equal to India tomorrow.  We think this is the future of India, you know?  The information technology is the way forward for India to move forward in the future of the digital world.  The program pulls together many existing schemes that I have talked about.  Governance and services on demand, digital empowerment through financial empowerment and social empowerment.  We have launched many program, I will not go into the detail, like digital India, making India for manufacturing part of the country.  Like today, half ‑‑ more than 50% of the mobiles are produced within the country, and like others, most are imported.  Skill development, standup India, start‑up India, and bang lor is the third largest hub for start of industry.  Online, the systems for all the hospitals and other utilities.  Coming to this few words on the cybersecurity initiative, because it is an important element of the entire program.

Security in cyber space and we rely on (?) for the important communication channels.  It brings social groups together.  It is a social space of interaction in real‑time.  We have the national cybersecurity program.  And framework for increasing cybersecurity.  And the shine program from 2000, and a modified version came out the other day.

And the response team is there.  National critical information instruction is there.  Cyber law framework is there, you know, to tackle any issue like best practices and prevent occurrence of security incident, (?) critical infrastructure section 78.  Effective provision, section 43, 66, 66B, six F, 72 and 72 (audio skipping) with the compensation and punishment to deal with cyber crime such as cyber terrorism, online pornography and including child pornography.  And cheating by persons, and violation of privacy, breach of privacy, breach of lawful contact, et cetera. 

So we have put in play and recently, regarding the data protection and privacy, this year we brought in the personal data protection bill to be placed in parliament, in the coming months.  Which is well led how data has to be preserved.  There is some controversy regarding data localization, whether it is inside or outside of the country. 

It is a multicountry approach, Normandy is working with other parts.  To see what is better for the country to bring this kind of thing.  We have a collaboration with other BRIC countries, like Russia, China and others, you know, various join working group to tackle the issues of cyber space and many other fields of the technology field, transport, agriculture, and those that are already there.  So ...

We have a kind of activity that is noting the incidents.  69 events, security incidents, and the regional collaboration with the Asia‑Pacific and the recall CERTs around the world, so we are cooperating with those kind of thing.  And we have a cooperation through bilateral interaction with the other countries, many other countries in the world in this space.  I will stop here.

     >> MODERATOR: Thank you. 

Thank you very much.  One key thing is not to miss the digital revolution.  How to keep in mind, not to miss the digital revolution.  There is also the mobile penetration, speaking from the Brazilian perspective is growing immense low.  Maybe the mobile is the vector to reach the digital literacy, it does feel incomplete sometimes, it is something to think about and maybe discuss in the roundtable later.  Last, but definitely not least, we have our representative from C.  She's working in community and university politics.  She agreed to share a few impressions with us.  It would be a pleasure to hear what she has to say, Yik, if you will.

     >> YIK CHAN: Thank you, Mark.  I am with University of Shanghai, to clarify that.  I want to talk about sovereignty.  The issue of sovereignty is a core argument from the Chinese gift.  (?) with the national debate.  I want to touch on, please.  This is a point I want to make.  First of all, why people (?).  I think because cyber security plays against a lot of Internet connectivity, and the human rights, freedom expression.  You know, this is a kind of concept, that actually looks again of sovereignty.  And another thing the cyber security, with the multistakeholder model.  That is a concept for the model for the multistakeholder governance.

This is a general debate about the security issues.  This kind of position, I think it has several issues.  The first one is the issue of content regulation.  How to prevent harm and protect people's rights.  We know the environmental power in terms of Internet governance, international law and the negotiation in the small countries and big countries.  China, U.S.A., the European Unions, the small countries in Africa and Latin America.  What is the best model for them to participate in the cyber space negotiation?  The multinational is the one to facilitate the more country governance to understand the market model points (?)

But I have to point out, of course, cybersecurity can sometimes be abuse by national government to repress freedom of expression to contain the information in the domestic countries. 

So therefore, at the moment, how can we place cyber security and cyber sovereignty question forward.  The main question is why do we reject the cyber space securities, if you believe or not, it is a fact, (?) two days ago, made a speech, expressly recognize the growing Internet governance.  The main point, not reject the concept, it is about jurisdiction of the cyber space sovereignty, which areas belong to the government, which is not?  From China at the moment, there is a debate going on.  I am talking about the organizations.  I think what they propose actually is a kind of three dimensional approach.  Basically, when we talk about cyber sovereignty, it has to be clarified, divided into three dimensions.  The first is about infrastructure.  So the second is about applicational.  And the last is about the core model.  There is three dimensional model. 

For the first item, talking about infrastructure, hardware, software.  That is standardization.  The code, the (?) has to be standardization for the Internet to be interconnectivities and interoperationalized.  This is the infrastructure.  I think the Chinese scholars, they support this kind.  I want to give you brief explanation of that.

The second is the application online, we have a lot of apps.  Most of the country that develop apps they want to have a global presence.  It is not we want to play and chat.  It is not only adapting, in China they want an international market.  So how can we make it global compatible.  Of course, that is something that has to be sewn.  We have seen the domestic law.  For example, the privacy law.  The privacy law is part of the domestic law.  They have the international implication, but privacy law has to be national jurisdictions.  Also, like I said, other things maybe is before will national government jurisdiction.  And the last is the core, the security, political systems, the political cities, social order, cultural diversity.  It is here, the Chinese standing point that government, the domestic government have to be elite.  The state has to meet.  And the public policy is public policymaking powers have to be received and the whole government, because various reasons, we have to respect the cultural and different diversities about the issues.  That is the Chinese (?) and the last one, we talk about cyber sovereignty, we have to make reference to the congratulations, experts, that is a team of experts.  They put forward this definition.  They said basically, cyber space public policy power is a country sovereignty.  So this is a sovereignty.  So the country has a sovereignty over its public space policymaking power.  And also has jurisdiction in terms of the information, which is disseminate the local infrastructure.  So this is a basic consent over that.  As I said, we have to really debate and find clearly, what is the sovereignty and jurisdiction, and the national government and what belong to the international law or international negotiation.  That is all I want to say.  Thank you.

     >> MODERATOR: Thank you, you touched on many points.  In the three dimensional point it summarizes in a neat way what the policy may look like.  I myself have to look further into it.  I will admit that I was not so aware of it.  So this is a very interesting point to start off.  Thank you very much. 

With this initial exposition, I would like to propose ‑‑ this is tentative, let's try our best.  To have a debate between the people present here, because we identify one thing with the BRIC countries, the cyber attacks.  This is one of the top countries with hackers.  When I was coming up the panel with Ilona, it is interesting.  First, the countries are cyber dangerous, there is an opposite message there, which is these countries have very skewed talented people very interested in the digital who have high capacity output that is maybe not being used in the correct way, but can that capacity be leveraged for them to become a cyber giant.  I would like to propose to get into what we feel is our indicators that we could look at to move the conversation forward, in my mind, I think a lot of education and how this is ‑‑ how is the new generation being educated inside of cyber, what they're taking?  And I think a lot of job markets, how are the job markets structured to people who want to find good jobs in the cyber have that access?  But I would be very pleased to hear from my panelists and as we move from our audience as well.  What do you think are some key points we should be looking at in approving this from a policy perspective?  How do we get the people who produce so much ‑‑ such a huge volume of cyber attacks to produce an even huger volume of good quality software, hardware and become digital top actors.  I would like to know if anyone ‑‑ Brazil.

     >> AUDIENCE: I would like to thank you for this workshop, my name is benedict from the foreign affairs of Brazil.  Just more a comment, in general.  More than responding to your call, Mr. Chair.  First of all, we should be talking to South Africa, because South Africa is there, in the BRIC.  The second part of that is you say BRIC on the web, it seems like if we attack the web, and have put in a very proper context.  Thank you for that.

I would like just to compliment you for the presentation that was made by Luca Belli with regard to developments taking place in Brazil recently.  First of all regarding data protection, because as it was said it was enacted, sanctioned by our president on August 14.  So exactly three months ago.  And the information data protection authorities the provisions on the national data protection authority, they were vetoed.  Not sanctioned.  I think maybe they got it wrong.  They were vetoed not sanctioned.  It was a mistake there.

The reason for that, that portion of that was proposed by Congress, in according to our legislation, it should be the initiative of the executive power.  That is the reason why it was vetoed.  The president, at the same time, announced that there would be parliamentary legislation for that.  Because otherwise, as it was said, it would be mutilated.  Actually, it would make no sense to have a legislation without the implementing power for that.

In an participation of our participation and of the national data protection authority to be put in place, the minister of foreign affairs has made a request of several states and this has been granted before the consultive convention of the meeting 108 that allows for national data protection authority to meet and share best practices and explore possibilities of cooperation.  This is something we have done.  Unfortunately, it is not on national data protect.  The good news is this legislation will become legally enforceable in 18 months.  That is what happened in the case of the GDR and the case of the European Union.  Most people were there in ‑‑ in 2020, there is an expectation.  I think there is still time for the national data protection authority to be put into effect and able to perform as soon as the legislation is enforceable. 

The second point in regard to cybersecurity, it is true that there is a CERT that is hosted by government and host by the military.  But the most important cert in Brazil is held by the national committee.  A stakeholder body.  I have seen many people from the cert participate in the meeting.  I'm not sure it is quite right to say cybersecurity is led by the military.  There is a military portion (?) that needs to be taken over by the government.  The civilian cert, if you can, hosted by CGI is the most active and important in Brazil.  By the way, (?) a wide network of interaction with certs.  So those are a few points I would like to raise for the debate.  Thank you. 

     >> MODERATOR: Thank you very much for your clarifications ambassador.  They have been taken in notes.  I would like to ask if any of our panelists would like to intervene on this subject?  Please Luca, you have the floor.

     >> LUCA BELLI: Of course, I think also (audio skipping) (?).  My initial overview was just about governmental policies.  I was not digging into the parallel system that was created and actually 95 with the decree, the CGI and then also farther in 2003, with the president international Silva, finding the current structural CGI which encompasses the cert, which is very important entity of course.

     I was pushing for the divergence over the past decade and the elements at home that we're missing, and the first example was the data protection legislation that was recently enacted.  I'm not sure everyone shares the optimistic view that in the next 15 months data protection authority will be created and able ‑‑ not only created but also able to perform for instance, a key point of data protection and also competition is the right to data portability.  To export your data and go to a competitor, that is only possible in the administrative authority, yet to be created, it defines the norms on how to do so.  The reason why perhaps my term "mutilated" was a little bit too ...

Harsh.  But it was really to communicate the fact that we doubt the authority existing and properly functions.  My opinion is the current abilities of the framework, it would be difficult to implement.  I hope in the next 15 months, this body would be able to operate.  That is my greatest hope.  I am not sure every observer shares the same optimism.  I want to make another comment with regard to what was said before on the production of the software.  And also linked to the progressive policy that also were enacted by the government, not only creating this multistakeholder of the makeup, but also lobbying and implementing free software policies in Brazil.  I think are responsible for the great development of software nowadays.  The fact it allowed Brazil not to be dependent on foreign software, but to limit the costs and enhance cybersecurity paradox because of the authority that is transparent, it is able to be examined.  You know if there are vulnerabilities and if you are dependent on the private software.  You cannot inspect it or know if there are vulnerabilities, if those are found out by hackers, you can be victim of the hackers.

     >> MODERATOR: In the spirit of not being too Brazil focused, I would like other panelists to please ‑‑ Ilona, if you may.

     >> ILONA STADNIK: I would like to return to this, before you open the floor.  There are a lot of negative potentials in the cyber crime.  Russia likes the idea of promoting global cybersecurity.  What it means.  Basically, on the national level, it is about education.  Actually.  So relative efforts on the governmental level, not the commercial organization.  And I think our coordination center for the Russian (?) level participates in this.  So basically, they provide some events aimed at schoolchildren.  It is lessons on how to behave safely on the Internet, how to manage passwords and not be tricked by criminals, all of this stuff.  But also the reason, we have a huge dream of the specialists that specialize in cybersecurity and (?).  And of course the country is trying to do something with this.  We have big players in the cybersecurity market.  They offer big salaries, but not enough.  The other track is that our country is recruiting people for the service, for some intelligence service.  But the problem is that the condition for work is not so good for people that are used to premium.  That is why we still lacking the specialist in cybersecurity field. 

Another point I want to make, also the government is aimed at stopping the dependence on the imported (?).  Of course we have a lot of code developers of software applications, software programs.  But still the majority of what is used in country is coming abroad.  It is kind of viewed as a pretty much, very ‑‑ because of the national security, especially for the system.  It is in the government.  So we're working on substituting this software with the national created one.  This initiative was pushed forward two or three years ago, but still the progress is not so big.

     >> MODERATOR: I wonder, coming from that point Dr. Govind, you mention it was exported in the cyber realm, do you have information to give us as to what the situation is right now, in terms of how this is being shaped at this moment, how is the local industry?  Is it growing, what is your feel for the local industry of India, not only for the people that it has been able to export around the word.

     >> DR. GOVIND: Yeah, I would like to see the working abroad, the Google and big companies of the U.S. are Indians working on various softwares.  So having said that, we have a lot of software pools in the country, that are working for the software development for global companies within the country.  We're still guarding the software, it is in the Internet world, you cannot demarcate between your own country versus the rest of the world kind of thing.  It is a free flow of information.  So believe it in the democrative way of things, doing the multistakeholder approach and Internet governance approach.  We are aware that certain software have bugs in the equipment and software.  We need the local expertise to see what you are importing, exporting what is embedded in that.  So we make it aware that how the things ‑‑ apart from that, the cybersecurity, the issue is the cybersecurity things which are there, we need awareness in the country to the grass root levels and the women, the cyber stacking areas, the root server areas, the massive programs are there.  The digital footprint I talked to you in the beginning, there are simultaneous cybersecurity, and cyber awareness are there.  These things keep happening in completely isolated country from the software and hardware because it is import, export, and all ideas are moving around.  The IA is coming block chains and how will you deal with that.  It is opaque to the external world.  It is not the Internet it is a block chain, how will the block chain see the privacy.  It is the security, how will we deal with the next level of emerging technologies coming up?  We have a typical part of the artificial intelligence.  It is something that needs discussion, debate, globally.  How do we tackle these and become multinationals.  How they're dealing and distinguish between the local needs, local ethnicity, the language, like India and the official languages.  India has ‑‑ every state has its own culture, you know, cultural habits and everything.  How do you know in the Internet these things should not be wipe out.  We're seeing Internet is great, but at the same time you can propagate your things and you can see how these are done and given those things.  You have to have a double kind of weapon.  India weapon is a double‑edged weapon.  You have to, if you are doing good things, you have to get bad things also.  But how to ‑‑ you should be aware how well the bad things are happening and how to give that in the global cooperation.  Multilateral dialogues in the U.N. and other places.  How do you work with like BRIC, working with Russia and other countries within the BRIC and how to build the trust, more cooperation in the cyber space, and we work answer something happens to the state, we go back and improve that.  That way we can impede the corporations with the bottomless Internet, there is national things and other things.  That is what I believe.

     >> MODERATOR: Thank you for the intervention.  I believe we have an intervention from the floor.  I would like to ask if there are questions on the online queue as well.  We go to the floor.  The gentleman please.

     >> AUDIENCE: (?) from Internet Society.  I am also from the dynamic coalition on core an tenet values.  We have the workshop that talks about common prominent negative.  It is talking about cybersecurity issues that are more hypothesized ‑‑ politicized.  Some are real, but they're politicized by everyone.  So can the focus be on sharing more of the positives, on positive policies?  India has several good policies and good practices to share.  For example, the work that it does on digital India transformation and on other developments.  And Brazil, for instance, is an exemplary way.  It is very good on community networks.  And within the countries, rather than waiting for an invitation from one country to another could these countries with the positive experiences and positive policies proactively share their good practice and good experience, like Brazil could reach out to other countries, not only within BRIC, but within reason and talk about their experience of community network and multistakeholder process.  And make a positive, positive participation in Internet and Internet governance.  Thank you. 

     >> MODERATOR: Thank you for your comment.  I believe one of the things we set out to do is really understand ‑‑ get a basic consensus going in this forum, for instance.

Correct me if I am wrong.  This is the only BRIC oriented workshop we have.  Maybe it is two.  So it is still an area of discussion that needs to be very radio ‑‑ should be more diving and space for communication.  Linguistic diversity and cultural diversity, we have to make more proactive efforts to keep the conversation going.  Hopefully a very basic attempt to (audio skipping) (?).  I will let you know if the panelists would like to intervene.  Please, you have the floor.

     >> YIK CHAN: I think among the BRIC country, we're not only talking about cybersecurity, for sure.  And as many of my colleagues mentioned, you know, each of the countries try to develop software as well as data protections artificial intelligence, block chain, you know.  I think it is crucial interest for the country that are trying to catch up, you know, China, America, they're racing about artificial intelligence, big data, this kind of thing.  What happened in China, the trade war, the crash of the accusation of the cyber attack.  A lot of issue on who can choose what.  Like with the controls, the intellectual property rights, you know, the software dependence. 

So that way, you know, for many ‑‑ even China, you know, they are facing an issue of how can they develop their own software and hardware and the I.P. writing issues.  Even the artificial intelligence seems quite (audio skipping) with the money and effort to developing the artificial intelligence resource and infrastructure and software with the airports.  We have to be aware of it.  18 to 90% was developed in the U.S.

You look at the artificial intelligence, it is what?  Application.  They don't have the independent algorithm.  Most of the algorithm they copied or emulate from the U.S.

The source is based on U.S. innovation, so they just use it in terms of the application.  So a lot of that in the recognitions, language, translations, all of this is on the (?) and the countries that we are catching up, and we need to think about these things, particularly in artificial intelligence.  It is a crucial part, but not the whole story.  Yeah. 

     >> MODERATOR: Thank you very much Yik, unfortunately, in the interest of time, we have to start wrapping the session up.  Maybe we can fit a final comment in or any reaction.  So Dr. Luca, please.

     >> LUCA BELLI: Just a comment to complement what was being said.  That is one portion of the workshop.  Although as I mentioned before, one may have a critical view ‑‑ it is good to have positive criticism on data protection frameworks that will be adopted by BRICs.  There are interesting elements that could be shared.  I think what ‑‑ if ‑‑ as an academic, I'm used to analyze best practices and worst practices.  So there are things that should be reduced from other people experiences and things that should not be reproduced.  So both in the process that people are adopting.  And both in the substance.  There are things one can criticize as good or bad.  What I think is BRIC are starting to understand now is that simply copying and pasting what Europe or U.S. has done doesn't really solve the problem.  If BRIC have to find their own solution.  The reason I was mentioning before the open soft, the open source software as a production of software, this could be an area third solution that does not allow people to depend on other people's software.  So (audio skipping) open software, for instance, in the fold of software, that would be a very good (?) corporation.  Not only to have improvements in software, but also to be useful to other developing countries.

     >> MODERATOR: And with that I would like to maybe summarize.  Unfortunately, we do have an incoming session.  But I do think that a threat emerged here, it is the threat of software and how the countries are moving forward.  We said this in a lot of different context, if it is apps, cybersecurity and companies.  In the future discussions we have, I hope we can start looking from that angle and see what can be produced in that sense.  I would like to thank immensely everyone that came here.  It is a great pleasure that you join us for this tentative discussion.  I would like to invite you all to contact the panelists, if you feel that you have anything further to add.  We would like to carry this conversation forward in this forum or other forums in the future.  Thank you for your presence.  Thank you very much.