The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> LUCIEN CASTEX: Dear colleagues, we are about to start. We are waiting for the last people to connect online. We are starting the session.
Let me first introduce quickly the topic and obviously the speakers of the session. And we will dig in quite quickly.
So hello, everyone. Welcome to the workshop NRIs Collaborative Session on cybersecurity.
I'm Lucien Castex, representative for Public Policy of AFNIC, the French Internet company. I will be moderating this session. Denaya Dennis on the Sudanese IGF will be moderating online and will be working with the IGF Secretariat. I invite participants to ask questions in Zoom and we will have a Q&A session as well after this session.
As you know, our topic today is cybersecurity, bridging the gaps for a safer cyberspace which is, let's be honest, a quite broad topic.
It can be analyzed from a global resilience perspective when talking, for example, about infrastructures or awareness strategies. And it also it can be tackled from a regulatory angle.
Balancing rights from trying to ensure a safer cyberspace while preserving human rights and fundamental phrase, such as freedom of speech, data protection, regulation as well, government, addressing cybersecurity with a wide lens, fighting cybercrime and anticipating challenging. For example, new cyberthreats, as many as there are. AI chatbots, so on.
Combating hate speech and disinformation while protecting digital freedoms. Ignorance does not allow one to escape responsibility.
Protecting infrastructure is quite a topic as well as integrity of elections to avoid interferences.
There is also a need to build capacity and integrate basic security in curriculums, schools, obviously Universities, life long education.
In that mix, what should be the role of regional and international instruments? And basically reflecting on the title of the session. How to bridge the gap to foster a safer cyberspace for all.
Enough talking. This is at the heart of the IGF allowing for an exchange of ideas to facilitate knowledge sharing, collaboration, and first and foremost learning from diverse perspectives to comprehend a global and multidimensional phenomenon.
We have around the table both here in Kyoto Japan and online excellent experts bringing inputs from national and regional IGF throughout the world to help us grasp that complexity.
So the flow of the session is 30 minutes stay sitting then we will have open floor exchange. So I invite you to reflect on what you want to ask to discuss for that session.
And then a 15-minute conclusive remark and voluntary commitment if any. And we will close the session.
Around the table we have first from Africa Mr. Eliamani Laltaika from Tanzania IGF and judge of High Court of Tanzania.
We have also from Europe Giovanni Zagni from the Italian IGF. He is the Director of the Italian fact checking project, Facta News.
We also have from the GRULAC region and from Argentina, Ms. Veronica Ferrari, Global Policy Advocacy Coordinator for Association for Progressive Communication.
From the MENA region and should be online we have Mr. Mohamed Farahat from the North African IGF from Egypt, an Egyptian lawyer and researcher on digital rights and cybercrime and the Vice Chairman of MAG of North Africa IGF.
And lastly, from Asia-Pacific we have Dai Mochinaga, Associate Professor in the Shibaura Institute of Technology here on site.
So with these excellent speakers, let me welcome them all, welcome you and give the floor first to my colleague, from Africa, Mr. Eliamani, you have the floor.
>> ELIAMANI LALTAIKA: Thank you very much. Very good morning, colleagues and Fellow Panelists. As I have been introduced, I come from Africa. And it is such a pleasure to talk about cybersecurity in October because as you all know, since 2004, October was set as the cybersecurity awareness month. And throughout this month, leaders at all levels are supposed to raise awareness on the topic of cybersecurity as it attaches various aspects of life and different demographies.
Also it is a very cross-cutting nature.
Some of you might have traveled to Africa and might have seen the Masaai herding their cattle in the simplest life, actually. You see a small boy with nothing, no weapon, and lions are somewhere there, Buffaloes. Has anyone seen something like that? Yes, I can see some people nodding that they have seen.
Now, how do they keep themselves secure? Can we learn something from the Masaai indigenous communities who to assist us to make our policies for cybersecurity better and more inclusive?
Later during my closing I will take the liberty to give you our community or ethnic, our Indigenous People's secrets or code of how we can work in the packet in the Serengeti among lions and still keep ourselves secure. Those five hints will help you in taking your cybersecurity further.
For now as I have been tasked by the moderator, my task is to introduce the concept and then see how all of us are coming in.
Cybersecurity is a topic that I'm passionate about, like I said, because before I was appointed a judge, I told Nelson Mandela Institute of Science and Technology and my topic was cybersecurity. I was writing a book and then I had to leave for the judgments.
I like this definition of ITU which is extremely broad on what cybersecurity is. But to paraphrase it cybersecurity are the tools and the processes in making the cyberspace safe for all. And these tools can be technological, legal, ethical, economic, and even diplomatic tools.
For example, if someone from a very big country, big technologically, hacks systems in a not so big country, you cannot flex your muscles. You need a diplomat to go and say kindly assist us to make sure that our banks come back to operation because we have been hacked.
So cybersecurity is moving from the computer science to many other aspects. To include schoolteachers teaching their kids how to avoid cyberbullying. Sociologists teaching how you can avoid losing your minds because you are being pulled right, left, and centre in the Internet.
Cybersecurity is for everyone. Cybersecurity law is kind of the centre because law in this context is the management tool. And when you talk about cybersecurity law, you include issues of data protection. You include issues of privacy. You include issues of protecting Intellectual Property online. For example, avoiding counterfeits which are sold online. You include issues of electronic transactions and E banking.
And finally, you include issues of fighting obscene, obscenity, issues of hate crime, and issues of cyber terrorism.
To conclude my first part and allow my colleagues to come in because I am aware that they are going much, much deeper in the cybercrime which is part of the cybersecurity law known by many because many people want to enforce those criminal aspects instead of going broadly to facilitate. Cybersecurity may be divided into three layers. To have a comprehensive cybersecurity policy or law you must indicator for three layers. One, hardware layer or hardware level. Two, protocol layer. Three, content layer.
The hardware layer is the security of the infrastructure. You need to have infrastructure which is secure and which is resilient. You cannot de employ substandard machines, laptops, and then expect it to be secure. So in Tanzania, for example, we have the Tanzania communication regulatory authority which checks the standards of every gadget that is deployed or is imported into the country.
Protocol layer is now the software that we use. You find that we have companies that have, I have my colleague Giovanni will chirp in later to indicate how huge companies are contributing to these layers.
Content layer is where you post things. People agree that as much as we promote freedom in the Internet we also need to make sure that it is not abused. So what goes into the Internet in terms of the content should be respectful of people and the dignity.
The Honorable member of Parliament Sarah from Uganda talked passionately yesterday about how bloggers and users of the social media go, invade privacy and spread lies, things like that. Many judges are prepared to make sure that rights of, personality rights are respected. And by personality rights, this is common terminology in Europe -- German, France, Europe in general, have a more comprehensive approach compared to Anglo-American legal system, which does not have this very rich concept of the privacy. If you see the GDPR is built upon this Germanic French culture which has a much more deeper philosophy of respecting personalities rather than just allow anyone to invade.
With those few remarks, thank you very much.
>> LUCIEN CASTEX: Thank you, dear colleague. Great presentation. For reminding us of the definition of cybersecurity by the ITU and as well of the need to bring together legal and policy aspects with technology as well as sociology or philosophy of the Internet.
I propose to give the floor to Mr. Giovanni Zagni. You have the floor.
>> GIOVANNI ZAGNI: Now it works, I think.
Thank you. Thank you for the previous presenters and the moderator. The previous presentation was really useful in setting the frame for this discussion. I think as far as I'm concerned this is already kind of a success because I have never been on such a big screen in my life. It is like being in the movie theater with the movie of myself.
And what I'm trying to, in the frame that was exposed before, I think that my few remarks will be squarely on the content side because I will be talking about cybersecurity in terms of the electoral process. Cybersecurity of the electoral process is a crucial part of today's democratic proceedings as well as a recurring theme in the public debate.
The next European parliamentary election is scheduled to be held on 6 to 9 June 2024. According to many commentators next year's election is going to be contentious and crucial for the future of the union.
The numbers of this democratic exercise are massive. Twenty-seven states with a population of roughly 450 million people will be called to the polls in order to elect more than 700 representatives in the only directly elected body of the union.
Especially after 2016 the momentous years when British citizens voted to leave the European Union and Donald trump was elected to the White House, there are growing concerns about its concerns due to the influence this can have on the electoral process. In the years since many examples have emerged of coordinated campaigns and foreign interference by malicious actors with the aim of influencing the public opinion of states around the world, including Europe.
The COVID-19 pandemic has given us a clear example of how disinformation can have a direct impact on public health while the war in Ukraine showed us how false and misleading information is one of the weapons in a conflict especially in the battle for winning over international hearts and minds that often runs in parallel with the one on the field.
With this background we can safely say that our public debate at the European level is not very healthy. We know that one of the premises for free and fair election is free and informed public debate. Free from external attacks, free from foreign interference, free as far as possible from the information of bad quality.
The experience I would like to present today is one by ADMO, a project funded by the European Union that brings together a large community of researchers, media literacy experts, journalists, policy experts and fact checkers.
Its governance is independent from public authorities, including the European Commission. Its ambitious scope is creating and promoting many activities in media policy analysis, media literacy as well as academic research around the areas of media misinformation. ADMO established a network of investigators who collaborate in investigations and publish every month an overview of this information across the continent. In this context at the beginning of this year the European Media Observatory decided to establish a task force ahead of the 2024 European elections.
The idea is to monitor what happens in the EU economic systems ahead of the decisions and highlight the risks connected with it. The task force wants to facilitate communications and research, media and literacy as well as fact checking initiatives. It wants to bridge the gap and exchange information also with other stakeholders, both public and private that are monitoring the electoral efforts.
In order to have a collective assessment of the risks posted by the elections from the perspective of the media system we need to identify common threats and critical challenges that involve maybe just one country. Every country and every region in Europe is exposed to different risks and the ambitious of the task force is to provide an overview of all that. For example, during the recent ADMO event a couple of weeks ago we heard that the ADMO Spanish community did not detect a significant amount of disinformation coming from other countries during the parliamentary elections that took place in Spain in July.
On the contrary in central Europe, for example in Slovakia or Czech Republic this is very much an issue and it is at the top of the list for the local ADMO representatives. I mention the regional differences because the task force from the beginning gives a strong responsibility to the add month chapters, the ADMO hubs. There are currently 14 of them and they cover almost all the states, region and linguistic communities in the union. In fact, the task force is consisting three members from the Advisory Council and it relies on them for collecting and sharing information about what they see on the ground.
The task force builds on a similar previous experience that happened a couple of years ago when the same ADMO established a similar initiative at the beginning of the war in Ukraine.
The first output of the current task force on the European elections will be hopefully a risk assessment report that will see the areas of concern across the 27 states and languages of the Union. To conclude part of the strategy of the European community is to delegate part of its responsibilities for ensuring the security of the elections to a multistakeholder group of experts chaired by a fact checker.
The idea is to tackle the issue in a democratic and inclusive way, giving proper representation to the diversity of issues on the ground and at the same time avoiding any censorship or exercising of oppression. We hope that experience can serve as a useful experience for future elections in Europe and beyond especially in those places with a high degree of diversity and difference in geographic region and communities.
Thank you for your attention and I welcome your questions and remarks in the following discussion.
>> LUCIEN CASTEX: Thank you. Thank you a lot for bringing light to the importance of election. And of balancing cybersecurity with fundamental freedoms.
I propose to give the floor now to Veronica Ferrari from the GRULAC region. Veronica, you have the floor.
>> Thanks so much. I am glad to be here. Good morning. Thanks so much for the invitation. It is great to be here to discuss how to bridge the gaps for a safer cyberspace.
For those who don't know the association for progressive communications, the organisation I work with, we are an international Civil Society association and network of members from over 40 countries mainly in the Global South, working on generally environmental justice issues and intersections with digital technologies.
So in my intervention today I wanted to talk briefly about the need to adopt gender perspectives to cybersecurity to have a safer cyberspace for everyone.
Because we all know that traditionally cybersecurity debates have been centered on national security and the security of systems. But we also see there is an increase consensus and attention about the need for human rights-based approach to cybersecurity since as we argue from APC humans are the ones impacted by cyberthreats and operations. Also there is more and more consensus in global, regional and national spaces that different groups are in different positions when dealing with cybersecurity threats such as surveillance, hacking, censorship. Disinformation campaigns, Internet shutdowns.
Some populations are more vulnerable than others. This is referred as differential vulnerabilities and cyber incidents have been shown to disproportionately harm groups and individuals in society on the basis of race, gender, sexual orientation and journalists, human rights Defenders and other situations of vulnerability.
As I was saying, national, regional, we see these issue issues gaining more space but also we are seeing policies that threaten the cybersecurity for all. For example, like some cybercrime laws around the world that we mapped recently in APC, that instead of protecting these vulnerable groups could in fact threaten their human rights.
So in terms of a regional perspective, so a few countries have fully integrated gender considerations into their national cybersecurity policies. In Latin America it is still difficult to find specific references to gender or gender equality in cyber, some examples, Costa Rica and Chile with the new discussions and some others are considering gender in some way.
Global level, for example the UN discussions connected with cybersecurity there is more consensus about the need to bridge the digital gender gap to promote more diversity and women's participation in the cybersecurity field and policy. But clear guidance on how to mainstream into cyber her knowns are still lacking. I wanted to briefly mention to contribute to the discussions at APC we have a framework that seeks to integrate under to cyber policy at national and also in international discussions.
Really quickly, with the project we are trying to debunk some misconceptions on gender and cybersecurity. The idea is not to think gender only as a women's issue. We think that incorporating the gender perspective shows an impact to a lot of groups in significances of vulnerability and impacts the majority of the people, it is not a technical issue, cybersecurity only. And cybersecurity should be gender, not gender neutral but gender aware.
A gender approach for us, to start concluding is about understanding and differentiating the needs and the needs of faced by individuals in the face of cybersecurity and should recognize the importance of being active subjects who have agency in the position of creating a more secure online environment and overcoming the lack of diversity in the cybersecurity field.
So again, why it is important? Because we think that without the more systemic approach of human rights and gender approach to cybersecurity large populations are left vulnerable to cyberthreats. Basically this framework that I can discuss further maybe later in the discussion is thought as a starting point with general recommendations that we recognize should be allowed to regional and national contexts. It is mainly intended for policymakers working in national cybersecurity strategies but also for civil society advocating for these perspectives into policies and also the idea for this framework to be used for international discussions.
So I will stop here for now. I am happy to share more about this later and looking forward to learn more from colleagues and to the discussion. Thank you.
>> MODERATOR: Thank you. Thank you very much Veronica.
It is indeed quite important to bring a gender perspective to cybersecurity policy. And the lack of diversity in the field is to be tackled. So the discussions are indeed numerous from the first Committee discussions in New York at the UN as well as the starting negotiations of the global digital compact.
Our colleague Mohamed Farhat has a problem connecting. We will get back to him. I propose to give the floor to Dai Mochinaga. You have the floor.
>> DAI MOCHINAGA: Thank you for the introduction. I am Dai Mochinaga from the Shibaura Institute of Technology and also affiliated with Japanese Keio Research. I would like to, for stage setting, to choose the topic of economic development and the data protection. And this impact of them on the cybersecurity. From the regional perspective, I would like to point out the fragmentation of the regulation. The big data has the enormous role in economic development recently. And the sharing of data generated by individuals companies has created a new opportunities for the economic barriers. And also the big data is a big, boost for infrastructure and economy. In order to maximize the economic and social value generated by such data, it is important to ensure cross-border data flow.
However, there are challenges in the security and availability of data. Cybersecurity becomes a critical issue for our business. It is not only critical infrastructure but also other business domains. If there is serious impact on the critical infrastructure, it spreads to other sectors and the slowdown our economic development because threat finance people and data connected to the world's economy.
Recently countries strengthened the control over data generated and stored in their territories. Such as domestic data storage obligations and other restrictions on cross-border transfers. Government access and data sovereignty, which are generally referred as data localisation.
Data localisation has begun to spread internationally in response to these moves. From the viewpoints of economic system that rely on data as a source of economic value.
On the other hand, cyber attacks take advantage of the attacking the data. Hospital in China was hit by ransomware. It impacts about 85,000 patients' data. And hospital does not work.
I like to point out these types of infrastructure, not only critical infrastructure but also our healthcare system depends on the data. So I would like to mention about these types of example wills are expanding not only hospital but other sectors. Transportation in the Ukraine saved millions of people and that kind of example shows that cybersecurity saves people.
And the lastly I would like to point out fragmentation of the data regulations. Recently the Asia-Pacific Region has that kind of a fragmentation. Each country took a different approach as these many reports pointed out. For example, southeast Asian countries have different scope or perspectives in cross-border transfer or data localisation or regulating sectors. For example, Vietnam regulates cross-border transfer of personal data and requires data localisation for online service.
Thai and Singapore, these countries only regulate cross-border transfer of personal data, but about the Indonesia regulates both and its data localisation requires a different sectors.
So as I said, data regulation is now fragmented in this region. This situation is heavily impacting how cybersecurity situation because cybersecurity collect and store data from computers and servers. So it used detection or analysis of the various impacts and crowd environments.
These -- cloud environments.
This depends on cross-border data transfers. I would like to point out these types of situations makes us to secure our Internet. So I would like to propose, point out the primary responsibilities of governments because this session has some kind of these topics. These kind of governments has a responsibility to harmonise these types of regulations along with some kind of principle, setting a principle, something like that.
I will stop here. Thank you.
>> LUCIEN CASTEX: Thanks a lot, Dai, for that presentation. It is indeed shedding light on data fragmentation worldwide and in the Asia-Pacific Region from Vietnam to Singapore, as you said, as well as concrete use cases and the need for government to harmonise such legislation.
We have already online I see the online moderating. Thanks to Anja for helping out on that. The question from the Bangladesh remote. The question reads as follows: How can individuals raise awareness about online scams and educate others about how to protect themselves?
Is there anyone from the speakers that wants to answer that? Go ahead.
>> Thank you very much for that great question from Bangladesh, for the online, is it?
(Tanzania.)
Yes, I was right, Bangladesh. And it is wonderful that we are communicating virtually across the world.
Like I started my remarks by reminding everyone that we are in October, which is the month, the UN move cybersecurity awareness. And there is a role that each one of us can play to raise awareness not only on the scams online and those abuses, but also in raising the next generation of responsible citizens who use the most powerful tool in their hands, namely the Internet, responsibly by going to talk to school children during their break. You ask their teacher, I want to talk to them about cybersecurity. What is it when somebody that you don't know asks you to tell them about your mother, what you have eaten for lunch today, and all those kind of things.
So we expect that as the month of act is advancing, everyone will find their own niche. If it is going to a radio station and talk about technological ways of knowing that this email is not genuine because this is not the kind of address that you expect from the bank or showing that these photos have been doctored. That is terminology used nowadays because with deep fake, it is no longer that a picture is just being faked. It is, the word fake is no longer sufficient. It is actually to doctor it, to go so deep into making them.
Kindly look for something that suits your environment in Bangladesh and make sure October is used effectively to raise awareness on how we can be safe online.
>> LUCIEN CASTEX: Thank you. Thank you indeed. We are in October.
And this is a good moment to actually act on it.
I propose to now open the floor. We have, as you know, an open exchange between speakers and all NRI interested experiment participants on who want to take part in the schedule and thank you for the speakers for setting the will stage and we will conclude with concluding remarks from the speakers and off to another session.
So is there any one in the room or online that wants to take the floor? Let me check. You can take the floor with the mics directly in the room. You have one on the left and one other on the right. And thank you.
>> AUDIENCE: All right. If I may, of course, thank you, Justice Eliamani for mentioning me and my organisation during his opening remarks. I think I should sort of make a quick intervention in this space. I'm Ginny from Kaspersky. We're a Google cybersecurity company.
I want to pose this question to the entire panel. I think we are very happy to listen to such he is teamed speakers. It is open for anyone to answer this.
I just wanted to know what your view is when it comes to partnerships between, partnerships between the public and the private sectors. So I'm talking about public-private partnerships. What is the role of private companies and the industry in this ecosystem to ensure that the fight against cybercrime and ensuring cybersecurity and proper, especially in critical infrastructure sector is robust and continues to reach out to more countries and benefit the regions and internationally as well?
The role of public-private partnerships. Thank you.
>> AUDIENCE: Hi. My name is Will, from the Youth Programme in Brazil and I'm at the from the institute in Brazil. We are a cybersecurity exchange, currently developing protection of infant and -- but we provisionally create protections around government hacking. We, the risk of using governments hacking and the client side in public security. My research includes cases of surveillance from the Global North on policies and the activities from the Global South and my questions goes to displacing: How do you build cybersecurity from the perspectives of the Global South when the north is still holds the basis to develop the technologies and the economic power to create them?
>> LUCIEN CASTEX: Thank you.
>> AUDIENCE: Hello. My name is Reynaldo. I'm from youth Brazil as well.
I followed the previous description, like we are researching about security and how do we develop a more secure Internet to safeguard our lives? The Global South have kind of some measures that are applied by the Global North and especially to the cybersecurity community we face difficulties on this theme specifically.
Is it possible, my question will be is it possible for us to discuss and implement other perspectives that include and also hears our perspectives on this development? Thank you.
>> AUDIENCE: Jako Ansoni, question for the IGF. Mention of the security of elections. I would like to know if there are already examples that you have monitored before the next year, European elections. There has been a bunch of elections already in Europe this last month. In Spain and Slovakia, et cetera. Have you seen attacks, cyber attacks on the integrity of the elections? Can you explain what you did? Thank you.
>> LUCIEN CASTEX: Thank you, Giacomo. You can see the presentation and the remarks and do not hesitate the to take the floor online, just not in the room. All right.
>> AUDIENCE: Thank you, Lucien, thank you the speakers. I have two questions. Number one, I think my number one question will be inclined towards the African union. We have what we call the Malabo Convention. It took place way back in 2014. And of the 55 countries that makes up the African union, only a few around 14 or 15 according to what, according to the data here, have actually been able to ratify the Malabo Convention on cybersecurity.
My question to the panel is, what is making countries not being able to ratify this very important Convention on cybersecurity?
Question number two is about the issue of, as to whether the -- the cybersecurity strategies in countries are incompatible with, or compatible with what is happening now given the issues of artificial intelligence, Generative AI.
AI and where do these two meet? The artificial intelligence and cybersecurity. Thank you.
>> LUCIEN CASTEX: Thank you. Before giving the floor to the onsite room in Kyoto, let me read you a question again from the Bangladesh remote hub. Thank you for the question.
Second question is: How can cybercrime be controlled as so many innocent people are victims across the world, including Bangladesh?
Thank you.
>> AUDIENCE: As we know, the cybersecurity and safe Internet issues are globally, global phenomena. So the actions should be global.
So we see that U.K., Sri Lanka, local activities and laws, policies are implemented within these countries. It shows that there is a lack of these issues in the global activities. So my first comment is regarding that we need to make global actions against the cybersecurity more accurately.
Then second thing is, the roles and responsibilities of users, platforms, technology companies as last organisations and Civil Society. Advocating on these responsibilities, there is lack of space for those areas. So my comment is on that. Thank you.
>> AUDIENCE: Hi, everyone. My name is Moho, I am from Lesotho. I was inspired by the lady from Kaspersky when she asked her question. Adding on to her question, I want to know what advice do you have for countries like Lesotho where the cybersecurity and cybercrime law has not yet been passed in Parliament? For companies like Vodocome, what advice do you have for us to continue making impact full cybersecurity awareness in our society even though the law has not yet been passed? Thank you.
>> MODERATOR: Thank you. You have the floor.
>> AUDIENCE: Hello. My name is Shaka from Nigeria IGF. I have questions from my friend here from Brazil and also concerning our friends from Bangladesh. This is a question about the Global South and the base, business of technology coming from the Global North.
I would like to point out that the IGF, just like the structure we have multistakeholder, we know we come from a bottom-up approach.
I would just say that using an example from Nigeria, with Nigerian government is doing in conjunction with the private sector it is very important to take stock from what you can control and then look at what you cannot control and that's where you need global intervention.
In Nigeria we know that we don't have 100 percent to make changes on the technology. We focus on making those changes from a people level, from what we can control. For example, we looked at, for example, what the speaker said, we looked at all the areas that, such as sociology, entertainment. We target the schools, using cybersecurity treaties, child friendly, using music, using movies, targeting school programmes.
So it is taking it from those aspects that we can control. From the Global South, there is so much resources that we can tap into that intertwine with cybersecurity and we can start to secure our Internet from there.
I think that will help us to bridge the gap between what we cannot control from the Global North and over time we take it to the level such as to the IGF and we start a more concise focused interventions for cybersecurity. Thanks.
>> LUCIEN CASTEX: Thank you. Just looking around. In the room? I see no question on the room. One? Go ahead.
>> AUDIENCE: Hello, everyone. This is Nara from Nepal. As we all know that there is trade off between usability and security. The more secure our Internet is, the less usable it will be and vice versa, yeah. We all know that.
When you talk about data protection, social media regulation control, malinformation control, we all know that it will lose, we less concern about security concerns and freedom is impacted on this part.
So my question is how IGF solves this issue to achieve its goal of Internet freedom as well as trusted ecosystem achieving cybersecurity issues. Thank you.
>> LUCIEN CASTEX: Thanks a lot. Thanks a lot for the question.
I propose to give a round of applause to our colleagues and questions around the room. We have a lot of questions, cybersecurity, new threats such as AI. Who wants to go first?
>> DAI MOCHINAGA: Okay, I would like to answer the first question about the public private partnership. There are so many public private partnership in many countries, but these types of work is different scope, has different scope.
In Japan, so many companies, especially in the critical infrastructure, holding critical infrastructure has deeply collaborated with the government about how to secure their infrastructure and not only share information but also sharing practices and how to work with them.
But the other countries has the some kind of strong regulations about the country has some power as they are forcing to regulate these types of key infrastructure.
So the types of collaboration is different. But the goal is the securing the cyberspace is common.
The biggest, I think the easy way to success in these types of collaborations is defining bad things is the easy one. Cybercrimes, cybercrimes is bad things. This is a common theme globally. But how to secure cyberspace, what is defining secure is very different from each country. So probably from the perspective of private-public partnership, the company has what is a good? But the government doesn't think it is not bad. But the bad thing is, for example, stopping the operation of critical infrastructure is bad things.
But the good things for the private sector is different from the good things from the government. For example, private sector doesn't want to interfere with from the government or something like that. So these types of collaborations need to have a common understanding about the good things and bad things. This is very difficult things.
But the solution is to share that kind of perspectives with companies and the government sectors.
>> LUCIEN CASTEX: Thank you. Veronica? Do you want to take the floor?
>> VERONICA FERRARI: Thank you. Yes, sure. There were a lot of really good questions. But I think that some issues that came up are connected also with some of the issues we care about when we work on cybersecurity issues.
So about the questions about like the issue of the global majority and technologies being developed in the Global North and also how to engage other actors in the discussion of the laws, for example in the case of one of the colleagues that raised that issue.
Talking specifically about companies, but as a Civil Society speaker, the point that I wanted to raise is this idea also, being in the IGF, like the symbol of multistakeholder participation, is remind us that promoting a safer cyberspace is not the responsibility only of states. So a clear and strong commitment to multistakeholder governance is essential for safer cyber environment.
National, regional and also international levels.
So Civil Society companies but also technical sector academics and different state agencies and departments should be involved in cyber policy development. And in particular, we believe that Civil Society has an important role in, for example, bringing in this idea of a human centric understanding of cybersecurity. Also in helping to implement these approaches.
So Civil Society organisations play a security role in supporting implementation of norms and policies. By coordinating and convening other stakeholders to increase the awareness of these policies and norms, increasing the capacity of different actors and also as there were questions about marginalised groups and groups from the Civil Society, we bring perspectives of these marginalised groups including excluded communities and grassroots and also pushes and advocates for policies, processes and the legislative discussions to be more bottom-up, more people-centered and more inclusive.
In terms of how to do that, how to do engage other individuals in these discussions, we have some concrete recommendations, but some basic things are maybe doing a mapping of stakeholders. And like a full range of stakeholders that can be contributing to cybersecurity policies. It is hard top find the voices that can help understand the gender aspects in each country and in each region.
So those were some of the points that I wanted to raise, answering some of the questions. Thanks so much for the questions and the conversation.
>> LUCIEN CASTEX: Thank you. Giovanni, do you want to go next?
>> GIOVANNI ZAGNI: Thanks, yes. There was specifically a question about what has been done in monitoring previous elections across Europe. So right now we are working on, so the task force has started its activities in the past few months. The first thing that we have been doing is to ask the hubs that cover the single nation states in Europe and the regions to present a brief overview of the risks in their specific country and region. Right now we are working on putting together all those inputs and so this is very much a question that probably we will be able to answer comprehensively next month.
And parallel to that, we have been carrying on an exercise in checking what the domain narratives of this information that we are circulating in all the states that want to the elections over last year. We are planning to publish a report about that also very soon.
So for example, different countries have very different narratives of disinformation that varies a lot in between them. And then you can see that there are a few that are similar across the region. You have this double path, so to say where you can see really that the issue of misinformation is both country-specific, region-specific and also similar across the whole European Union.
Apart from that a quick note on the public private partnership question. I think that there are two main issues here. When you want to go into a private-public partnership, I think those are pretty widespread. For example, in Europe those are more or less one of the common ways to do business in this field. But there are two issues. One is about independence. And the other is about governance. There is clearly a balance of power between the two sectors in the sense that the private sector usually has the money and the public sector usually has the regulatory authority.
So we have to ensure a governance that makes it possible to keep separate these two interests and not influence, have a way not to have the money influencing the regulatory authority, so to say. Sorry to put that too brutally maybe.
Finally on the north-south imbalance, there are, what I find particularly useful, there are a few I think positive examples of cooperation. For example, I am quoting again European example. We have been working with the with a big African fact checking organisation to carry on an investigation about disinformation narratives in the continent. And the interesting thing there, we are seeing in other parts of the world coming up basically networks of fact checking organisations that are in some ways maybe inspired, modeled -- anyway, let's say inspired by the global and European examples.
So from my point of view, I see a lot of potential in positive collaboration in bringing out the best practices. Of course, this is just looking at the positive side. I know there are also a lot of negative issues around this topic, but these are just my two cents about it. Thanks.
>> LUCIEN CASTEX: Thanks a lot, Giovanni. It is indeed quite an issue. For example, quick remark in France we passed a law on combating manipulation of information in 2018. And well dating back to quite, well, it is an old joke, it is 1881, Article 77, if I remember correctly.
On the topic, which is obviously quite an issue since massive campaigns of false information can modify the course of elections.
Thank you. Thank you a lot. I propose to give the floor last to Eliamani if you want to react to the different questions.
>> ELIAMANI LALTAIKA: Yes. Thank you very much. Many of them have been answered, but quickly to add to Ginny from Kaspersky. I know that she is reaching out to some countries including in African countries. And I'm sure that there are laws in Tanzania there is the public-private partnership act of 2015, which explains the parameters in which the private sector can cooperate with the government in areas that have been identified.
ICT is one of those areas because most of the infrastructure belongs to the private sector actually. It is a matter of right that the government needs to collaborate.
Very quickly to the young lady from Lesotho. I can be your consultant. Invite me to Lesotho. Before I was a judge I was doing consultancy with different countries on how to develop cybersecurity laws and now that I'm a judge I don't have that luxury. But if the request comes from the king of Lesotho, otherwise I can be arrested by the king. We will talk to the Honorable member of Parliament from Lesotho and see how we can push each other together in the continent.
The north-south issue has been addressed very quickly but I can only say we must push ourselves into the centre. We cannot stay and complain and say these issues are from the north and they are putting regulations. There are many, many avenues where the Global South can be heard. Only that we cannot sit down and complain and say things are not moving.
(Speaking non-English language.)
If things are not moving, you move them.
>> LUCIEN CASTEX: Thanks a lot. I would like to give a last chance if somebody has either a remark or a question? Go. Take the floor. And then we will give the speakers time to conclude and particularly to, well, point to action points, to try to find what could be good to do, what's next. What could NRIs do. You have the floor.
>> AUDIENCE: I am looking for a public sector organisation in Pakistan. We are living in global village and cybersecurity is not a local phenomena. It is a global issue. From my point of view, for a safer cyberspace, a common question should be framed for all countries to follow. This will be a very good for all countries. This will be a common regulation at least it will solve a lot of problems related to cybersecurity. Thank you.
>> LUCIEN CASTEX: Thank you.
>> AUDIENCE: My name is Peterking from Liberia IGF. I would like to ask the question. To date few countries have implemented cybersecurity legislation in Africa. What efforts can you suggest or make to countries that have strategies that are just in like their literature or in their legislatures in their national Assemblies? What suggestions can you give to push them to ensure that these laws are made or these are passed to ensure that our safety online with cybersecurity, cybercrime issues have been adhered to from local perspectives.
>> LUCIEN CASTEX: Okay, I take the floor for a minute before giving the floor. We have a third question from Bangladesh. Which I read: Around 67 percent of women are victims of violence, harassment and fraudulent online in Bangladesh. How can we ensure cybersecurity for them? And how IGF can play a significant role in elimination of the problem across the world?
And now Sebastien.
>> AUDIENCE: I am from the Internet Society, France.
I was in another session where we were talking about the shutdown before, during, and after elections. And there were questions about elections.
It seems to me that work could be done at the cyber action against the trouble before, during, and after election could be a good way.
But the other point is that it seems to me that we are talking about how to use the Internet or how the Internet is closed during elections, but we never talk about how we can use Internet to help the election eventually to be used as a tool for the election. For that we need cyber tools strong to be able to do that. Maybe you have something to say about this topic. Thank you very much.
>> LUCIEN CASTEX: Maybe I'll -- let's hold a minute. We are wondering if we can have the person from Bangladesh speak from the remote room. To see them on the screen, actually.
(Pause.)
>> LUCIEN CASTEX: This is a hybrid session in the IGF, it might be a good idea if we had some -- digital difficulties.
Colleagues from Bangladesh, if you want to take the floor? You are welcome to do it.
(Pause.)
>> LUCIEN CASTEX: Well, we'll see if you can still do it. And the next part, basically we have 15 minutes which is perfect.
Basically to have our speakers conclude with action points, voluntary commitments, what's next in your mind. What could we do. Either as individuals or in collaborating between local and regional Internet Governance Forum French IGF, Brazil IGF, so on and so forth.
What could we do? How do you feel about it?
Who wants to go first?
>> Thank you very much. In concluding I will take you to the savannas in Africa like I promised. Next time you find yourself in the jungle and you don't know how to work with animals and be safe, these are five secrets of the Masaai people.
Number one, carry something taller than you. You will always see the Masaai carrying a spear like this. Because animals know the structure of a human being. If you have something different they will not attack you.
Its application in cybersecurity always go to Ginny and Kaspersky and they have your antivirus or cybersecurity or anything to protect you online. If you are not protected you are vulnerable to all malware and stuff like that.
The second secret of the Masaai is to avoid where animals have babies. Or because if you find a very friendly animal, when they are protecting their babies they will very much attack you. And also to avoid where they are watering spots for the animals. In the middle of the Serengeti if you see a green space, that is where animals have water and if you go there, they will attack you.
In the cybersecurity world, avoid those websites which are not verified. If you get something that you are logic is telling you is not safe, please don't go there.
The third secrets of the Masaai is walk like a Masaai. The Masaai have their particular way of walking. They always look confident. If you show online that you are not confident, you will be attacked. And number four secret of the Masaai, tell the truth but not the whole truth. Tell the truth but not the whole truth. Spare some things. Its application online, don't share all your data. There are things that you can use to anonymize because I know some people are looking for your information. If you give everything, then you will very much be more vulnerable.
Lastly, the last, which seems to be very unique to the Masaai people, actually. If you are not Masaai in this room, it is hard for you to comprehend. For us, we talk to things. We don't restrict our wisdom and philosophy to talking to human beings. You can talk to a mountain. You can talk to a tree. You can tell a lion: Mr. Lion, I don't have any trouble with you. Can you allow me to go home? And the lion will actually escort you to your place.
And this is applicable in the cyberspace also. We need now to be able to interact with machines, machine learning, AI. Where you should know that when you are online there, it is like you have a human being with you.
These things are becoming extremely personal. Throwing away your used computer is like throwing away a part of you. Someone can use that, take it in a forensic lab and they retrieve everything. Make sure that you are, the gap between you and the online space is as closed as possible for you to be safe.
Thank you very much.
>> LUCIEN CASTEX: Thanks a lot, Eliamani. I would like to give the floor now to Giovanni. Any last remarks, comments, reactions?
>> GIOVANNI ZAGNI: Last question, thank you. From my experience I would say that one of the most useful thing is to, is collaboration, overboard, across borders and sharing of best practices in sharing what works.
So a very concrete action point is to talk to similar experiences that are doing what you are doing in your country. And see what works with them, and then simply steal it.
This is really something that we have learned from working with the fact checking community in Europe is that those are pretty similar organisations in terms of how old they are, what they do, the fact that they are usually pretty young staffed. Everybody is constantly trying to find new things. Trying to find what works. Trying to find what is the best way to teach fact checking to people. To teach media literacy.
There are a ton of best practices of good things that work in Spain or in Finland or in the U.K., and what we do, what I do at least is I simply try to do the same in my country.
So I would say that the simple sharing of information and best practices amongst similar initiatives is something really concrete, incredibly helpful.
And on the other hand I think that we really need to, after the discussion we have today, we really need to focus our efforts a lot in media and information literacy, in trying to really understand which is the best way to teach people how to make a good use of technology.
Because one of the things that strikes me, for example, when we talk about online fraud or scams, is that those are usually pretty easy things to recognize and to avoid if you know how to do that. So the fact that a large part of the population is still not able to find out an obvious scam when they see it, it is clearly a failure of the way in which we teach how to use those programmes, and websites.
I think we have to collectively try to find out what is the baseline for teaching media literacy across the world literally because there are very few, very simple things that you can do that can actually save you from an online scam. So yeah, those are my main two issues. Yes.
>> LUCIEN CASTEX: Thanks a lot, Giovanni, Director of GeoPolitica.
Anja is telling me that our colleagues from Bangladesh might be able to speak now. Let's try.
>> AUDIENCE: Yes, thank you for the nice opportunity to ask. I am the Head of the Bangladesh youth IGF. My question is actually for the youth centered right now, how we can ensure in cyberspace, secure cyberspace for youth and women and children. The IGF is communities strongly bound with the other IGFs.
>> LUCIEN CASTEX: Thank you a lot.
Veronica, you want to go next?
>> VERONICA FERRARI: Yes, now it is working, I think.
Yeah, sure. I think, I just want to go to the previous recommendations concerning capacity building and trainings, those are great steps. Our recommendation is that those initiatives should be specially tailored and built with the groups, the security trainings and capacity buildings with the communities they seek to benefit. Not adopting generic security trainings could be beneficial for certain groups. This is an approach that organisations implement. To know what are the needs and risks of the communities that you want to benefit and what is actually useful for them.
Other like really broad recommends are more with the idea of applying existing agreed norms. You mentioned at the beginning discussions with the UN and the first Committee. There is a framework that should be adopted and also at the national level in policies regarding cybersecurity. It is more accountability than the implementation of those norms is needed.
And international human rights law from a human rights perspective should be the guiding framework to any policy or new law connected with cybersecurity or cybercrime. Those are the points I wanted to raise. The need for tailored capacity building for cybersecurity and assessing the risks and needs of the groups and the communities. The need to apply the norms and the international human rights framework and also ensure broad participation of different stakeholders when crafting policies and crafting norms at the international level.
Yeah, thanks so much.
>> LUCIEN CASTEX: Thank you a lot, Veronica, Global Policy Advocate, Coordinators from the APC.
Lastly, I would like to give the floor to Dai Mochinaga. You have the floor.
>> Thank you. I am thinking about some kind of topics, but so many topics in this session. So I would like to point to just one thing.
So international conferences or other types of conferences, how can we level up the capacity building or best practices sharing. We continue to discuss about this topic over the decades, all decades.
But I think we need more something new. I think something new, for example, how can we act after we know about the best practices, after we know some kind of information shared with colleagues or partners.
So that kind of action is very difficult for us to to collaboratively act with some partners of the other organisations. These are key things in our decades.
So I think the most important point in the future, we have to discuss how can we act based on the information sharing or capacity building. I will stop here. Thank you.
>> LUCIEN CASTEX: Thanks a lot, Professor Mochinaga. We have about one minute left. Let me thank everyone online and on site here in Kyoto, Japan.
Merci. (Non-English phrases.)
>> LUCIEN CASTEX: Thank you all.