1 Version: 16 June 2016
1
Version: 16 June 2016
2
ContentsExecutiveSummary..................................................................................................................................3Introduction:IEEEInternetInitiativeandIEEEETAPForumSeries..........................................................4DelhiIEEEETAPForumInvitedSpeakers.................................................................................................5KeynoteSpeaker:NitinDesai................................................................................................................5KeynoteSpeaker:ShriR.S.Sharma......................................................................................................7KeynoteSpeaker:RajendraPawar.......................................................................................................8PanelDiscussion...................................................................................................................................9
DiscussionsandNextSteps....................................................................................................................13Conclusion.............................................................................................................................................14AppendixI:Program..............................................................................................................................15AppendixII:Participants.......................................................................................................................20AppendixIII:Top11Issues.....................................................................................................................22AppendixIV:CombinedIssuesList,Delhi/Washington/TelAviv/SanJoseIEEEETAPForums...............23
3
ExecutiveSummary“UniversalAccessforSocialandEconomicInclusion”wasthemainthemeoftheIEEEExpertsinTechnologyandPolicy(ETAP)ForumonInternetGovernance,Cybersecurity,andPrivacyinDelhi,India,on4March2016.Thiswasthefourthinaseriesofregionalmeetings—“localconversationsonaglobalscale”—tobeorganizedbytheIEEEInternetInitiativetoconnecttechnologydevelopersandpolicymakersinauniquelymeaningfulway.Thetwosub-themesoftheDelhieventwere“SecurityandPrivacyUsingBiometrics”and“TechnologiesandPoliciesforLast-MileAccessandInclusion.”Governmentandindustryrepresentatives,legalpractitioners,andacademicsgatheredfromaroundtheworldatLeMeridienHotelinDelhifortheone-dayevent.Participantsheardkeynotepresentationsandpaneldiscussionsonchallengesandopportunitiesintechnologyandpolicy.Laterintheevent,theysharedspecifictechnologyandpolicyconcernsinarapid-firesessionthatconsideredthetopissuesidentifiedinpreviousIEEEETAPForumsandaddednewconcernstothelist.Thisdiscussionresultedinalistof12keyissues(seeAppendixIII),andparticipantsthenvotedtoconductin-depthbreakoutconversationsaroundthreeofthoseissues:
• ProtectingInternettraffic,managingmetadataanalysis,andhowtoimplementbothsecurityandprivacyatscale
• Multi-stakeholderInternetgovernance
• OptionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusionFollow-upactionswereinitiatedtofurtherrefinethescopesanddevelopwhitepapersonthetopicsofprotectingInternettraffic(encryptionbydefault)andoptionsandchallengesinprovidinguniversalaccess.ThenextregionalIEEEETAPForumgatheringsarescheduledfor17May2016inBeijing,China,and22June2016inTelAviv,Israel.
4
Introduction:IEEEInternetInitiativeandIEEEETAPForumSeriesWhiletremendousinnovation,economicgrowth,andsocietalgoodhavealreadyresultedfromInternetproliferationglobally,thebenefittohumanitythatisstilltoberealizedispotentiallyevengreater.AtransformationisunderwayaroundtheworldinthegatheringInternetofThings(IoT).WithmoreandmoreInternet-enableddevicesbeingnetworkedwithoneanother,thepossibilitiesfornewservices,improvedproductivityandefficiency,real-timedecision-making,andinnovativeuserexperiencesareexploding.Atthesametime,however,newissuesarearisingincybersecurity,privacy,andInternetgovernanceinmarketsaroundtheglobeastheIoTenvelopsmorenetworkedobjectsthatarecapableofsensingandcommunicating.Collaborationacrosstraditionalprofessional,technological,andgeographicborderswillbenecessarytosuccessfullyaddressthoseissuesandencouragesustainabledevelopment,ongoingeconomicgrowth,andpublicsafetyandsecurity.TheIEEEInternetInitiativefacilitatesatwo-waydialoguebetweenthetwohistoricallydisparateworldsoftechnologyandpolicy.JustasongoingInternetinnovation,sustainability,andmarketgrowtharedependentoninformedInternetpolicy,effectiveInternetpublicpolicyisdependentonsound,neutraltechnicalguidance.TheIEEEInternetInitiativeprovidesaneutralenvironmentforcollaborationamongengineers,scientists,industryleaders,andothersengagedinanarrayoftechnology,policy,andindustrydomainsaroundtheworld—tothecollectivebenefitofallstakeholders.Inthisway,theinitiativehelpsbothtoboostknowledgeabouttechnologyanditsimplicationsandimpactonInternetgovernanceissuesandtoimproveawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.TheIEEEETAPForumonInternetGovernance,Cybersecurity,andPrivacyprovidesauniqueplatformforthisconversation.OrganizedbytheIEEEInternetInitiative,IEEEETAPForumsareaseriesofeventsthatbringtogethertechnologydevelopersandpolicymakerstodiscussanddebatecurrentandfuturereal-worldissuesbeingconfrontedinpublicpolicyandtechnologyforcybersecurity,privacy,andmulti-stakeholderInternetgovernance—issuesthatimpacteveryoneonglobal,national,andlocallevelsalike.ThefirstIEEEETAPForumtookplaceinMay2015inSanJose,California,intheUnitedStates(http://sites.ieee.org/etap-sanjose/).ThenextIEEEETAPForumeventstookplaceinTelAviv,Israel,inAugust2015(http://sites.ieee.org/etap-israel1/)andinWashington,D.C.,USA,inFebruary2016(http://internetinitiative.ieee.org/events/etap/etap-forum-in-washington-dc),followedbythegatheringinDelhi,India,on4March2016.Asoneoftheco-moderatorsoftheeventinDelhi,DeepakMaheshwari,directorofgovernmentaffairsforSymantecacrossIndiaandASEANregion,openedthe4MarchIEEEETAPForumbywelcomingparticipants.HepointedoutthatIndiaishometothesecond-highestnumberofIEEEmembers,behindtheUnitedStates.“Here,thewholeideaintheeventistocreateaplatformfordiscussion,”Mr.Maheshwarisaid.“It’snotaboutcomingtoaspecificdecisionoraparticularstandardattheendoftheday.Yes,itcouldaswellbethestartofanewworkstreamwithinIEEE…butthewholeideaishowtohaveagoodinteractionbetweenthepolicymakersandthetechnologists.”
5
DelhiIEEEETAPForumInvitedSpeakersFollowingintroductionsandareviewbyJamesW.Wendorf,programdirectoroftheIEEEInternetInitiative,ofthepreviousthreeIEEEETAPForumgatherings,theDelhieventopenedwiththreekeynotespeakers:
• NitinDesai,specialadvisertoUnitedNationsSecretary-GeneralforInternetGovernance,India• ShriR.S.Sharma,chair,TelecomRegulatoryAuthorityofIndia(TRAI)• RajendraPawar,chairmanandco-founderoftheNIITGroup
KeynoteSpeaker:NitinDesaiNitinDesai,specialadvisertotheUnitedNations(UN)Secretary-GeneralforInternetGovernance,India,spokeonhisexperiencechairingthemulti-stakeholdermeetingsthatledtotheconveningoftheInternetGovernanceForum(IGF)in2006—“howwehandledtheissueofInternetgovernanceintheearlystageandhowit’schangedinthelast10years.”Mr.DesaisaidthatInternetgovernancepresentedanuncommonchallengefortheUN,inthat,typically,theUNhadaddressedissuesinwhichpolicymakingwasinthehandsofgovernments,andpeopleoutsidegovernmentsoughttohaveavoiceininfluencingthatprocess.“ThecasewiththeInternetwastheotherwayaround,”hesaid,withentitiesoutsidegovernmentcontrollingprotocolsandthedomainnamesystem,forexample,andgovernmentsseekingtobeheard.SotheUNtookamulti-stakeholderapproachtoInternetgovernance,inordertobringgovernmentsintoconversationwiththeindividualswhohadoperationalcontrolovermanagementoftheInternet,policysetting,andassignmentofdomainnames.
EstablishingGroundRules
Foursetsofstakeholdersweremarshalled:Internettechnicians,government,civilorganizationsinvolvedinaccessandprivacy,andcompaniesprimarilyinvolvedindevelopingtheInternetbackboneandsoftware.Then,focusturnedtosettinggroundrulesthatwouldengenderacultureoftrustamongparticipantsintheearlyIGFwork.Thefirstrule?“Noadhominemarguments,”Mr.Desaisaid.Ifoneparticipantdisagreedwithacontributionfromanotherparticipant,itwasnotpermissibletocitethecontributor’scountry,corporation,etc.inthereasonfortheobjection.Disagreementshadtobeairedandworkedoutstrictlyincontextofthesubstanceofthework.Initialdistrustamongtheplayerssubsided,Mr.Desaisaid,astheysawthat“90percentofthedecisionsweremainlyroutinethings,”withnopolitical/competitiveundercurrents.“Thatdroppedthetemperaturedown.Thenwegotdowntothemoreusefuldiscussionsonprivacyandsecurity.”Anothergroundrulewasequalfootingamongparticipants.WhilethetendencyinUNeffortswasto
6
privilegegovernments,theIGFconversationsregardedgovernments,non-governmentalorganizations(NGOs),technologists,industry,etc.asequalcontributors.Also,allparticipantswerechallengedtoactuallyweighin.“PracticallyeverymemberoftheworkinggrouponInternetgovernancecontributedsomethingpreparedinwriting,”Mr.Desaisaid.“Itforcedpeopletotrusteachother.”Thereweregapsinculture,behavior,andspeakingstyletobebridgedinorder“togettheponytailsandthesuitstoworktogether,”Mr.Desaisaid,and,movingforward,aftertheinitialIGFreportandformation,therewasaneedtoensurechurninpersonnelinordertoensurethatdifferentperspectiveswerereflectedinconversations.Inaddressingsecurityandprivacy,IGFfocuseddevelopmentonthreeareas:
• End-usereducation(“absolutelyvital…unlessusersareconsciousofrisksthatareinvolved,you’llnevergetanywhere,”Mr.Desaisaid)
• Morerobustsoftwareforhandlingmalware(“and,evenstill,therewillbecrimeandmisuse”)
• Policyforhandlingfraudthataddresseswherejurisdictionslie(“thatforcesgovernmentsto
focusattention”)Hedescribedthegroup’sthinkingabouttherelationshipbetweentheprobabilityofacybercriminal’sbeingcaughtandmagnitudeofpunishment.Tocreateeffectivedeterrent,“iftheprobabilityofbeingcaughtisverylow,thenthemagnitudeofpunishmentmustbeveryhigh,”Mr.Desaisaid.Consequently,thegroupreasoned,becauseit’ssohardtodetect,InternetfraudshouldbepenalizedhigherthanifthefraudoccurredoutsidetheInternet.
ThenandNow
Mr.DesaialsodiscussedtheevolutionoftheInternetgovernancechallengeoverthelastdecade.“ThebigdifferenceIseenowisthatthereismuchmoreconcernaboutcybersecurityincontextofinterstateconflictandterrorism,”hesaid.“Peoplearenowlookingatcyberspaceasaseparatetheatreofwar.”Oneoftheimplicationsofthisdevelopment,Mr.Desaisuggested,isthattherelikelyneedstobegreatercooperationbetweencybersecuritytechniciansandthoseprofessionalswhoarechargedwithmanagingtheuseoftheInternetforservicessuchasbanking,powertransmission,air-trafficcontrol,telecommunications,etc.Anotherchangeoverthelast10yearsisthatgovernmentsare“lessandlessconcernedaboutwhatothergovernmentsaredoingbutmoreaboutwhatmajorprovidersofInternetservicesaredoing,”hesaidofsearchengines,socialmedia,andotherapplications.“Iknowthatmanyoftheanswerswillhavetocomefromthecommunityoftechnologists,”Mr.Desaisaid,“butitrequiresaconversationbetweenthemandthepolicymakersandperhapsevenotherstakeholders.”
7
KeynoteSpeaker:ShriR.S.SharmaShriR.S.Sharma,whochairstheTelecomRegulatoryAuthorityofIndia(TRAI),spokeontheimportanceoftheInternetinIndia’snationalgoals.“Almostalltheprocessesareslowlymovingtotheonlineworld,andonlineworldinourcontextmeansInternet,”hesaid.“WemustleverageInternetinthedeliveryofgovernance.Thisisveryimportantforus.”HediscussedtheDigitalIndiaprogram,aflagshipprogramofthenationalgovernmentpremisedonthevisionoftransformingthecountryintoadigitallyempoweredsocietyandknowledgeeconomy.Hesaidthattheprogramisworkingtoencouragedevelopmentinthreeprimaryareas:digitalinfrastructure,softwareandservicesondemand,andcitizens’digitalempowerment.Theprogram’ssuccess,Mr.Sharmasaid,dependslargelyonexpandingconnectivity.Hesaidmobilecompanieshavemadeimportantstridesintermsofloweringratestothepointofbroad-scaleaffordability,resultinginroughly1personineachIndianfamilyhavingmobileaccess.“However,whatwedonothaveisbroadbandconnectivity,”hesaid.ThoughIndiahas300millionpeopleconnectedtotheInternet,manyofthoseconnectionsarelowspeed.“Thereisahugechallengeofinclusion,andourgovernmentisworkingtoleverageallmeanstoimprovetheInternetpenetrationinthecountry,”hesaid.ThereisaprogramtoexpandopticalfibertolocalpointsofpresencethroughoutIndia,andothertechnologyspaces(TVwhitespaces,satellite,etc.)arebeingexplored.“ThereisawholebouquetofthingsweproposetodotoimprovetheInternetpenetrationtoimprovetheinclusion,”Mr.Sharmasaid.
ASeatattheTable
Mr.SharmadiscussedIndia’smotivationandeffortstoplayalargerroleinInternetgovernanceanddecision-makingaroundissuessuchascybersecurityandprivacy.Withcyberterrorismandcyberwarfarehaving“acquireddimensionswhicharemuch,muchlarger”andthenotionof“bloodlesswarthatdoesn’tinvolvehumanbeings,justmachines”comingintotherealmofpossibility,nationalinterestandactionhavecoalesced.HesaidthatconcernshavegrownamongIndia’sleadershipthatthenationhastypicallynothadenoughrepresentationintheinternationalbodiesthatmakedecisionsabouttheInternet’sfuture.“We’reone-seventhofhumanity…we’reaveryimportantstakeholderinthisgame.”Mr.Sharmasaid,“ourlawsandlegalprocessesarereallynotequippedforthesetypesofcybercrimeissues,”makingthoseareasprimeforinnovation.Healsosaidcybereducationmustbeimproved.“Peoplegenerallythink,‘IfIlogontothis,thingsaresafeandsound,’”Mr.Sharmasaid.“Weneedtoworkveryhardtoseepeopleensurethatbasicprecautionsaretakenwhilepeopleareinthecyberworld.”
‘Aadhaar’
AsdirectorgeneralandmissiondirectoroftheUniqueIdentificationAuthorityofIndia(UIDAI),Mr.Sharmaoversawimplementationofanambitiousandchallengingprojectundertakenbythe
8
GovernmentofIndiaforprovidingitsresidentswithuniquedigitalidentifiers.Thereweretwobroaddriversforthe“Aadhaar”program,hesaid.First,millionsofpeoplehavenoformaldocument(suchasabirthcertificateorschoolcertification)forprovingtheiridentity.Second,hesaid,“inlast20years,Indiahasfocusedondelivering(social-assistance)benefitstoindividuals…Whathappenswhenyougivebenefits?Thereisthenadesireandpropensityforpeopletogamethesystembycreatingmultipleidentities.”Consequently,theneedtocreateasystemtoensurethatindividuals“areabletogetintoadatabaseonlyonce”alsoinformedAadhaar’sdevelopment.ThoughmuchofIndialackedconnectivityatdevelopment’soutset,Mr.Sharmasaidthatcreatingafuture-proofsystemthatwouldanticipatewidespreadaccessacrossthenationalpopulationwasapointofemphasis.Theidentificationsystemdoesnottakeeligibilityforentitlements,citizenship,etc.intoaccount.Rather,theunderlyingarchitectureprincipleisthatAadhaarperformsidentificationonlyandcanbepluggedintootherdomains.“Whenyougotoabank,thebankdoesthetransactions;identityisdonebyUniqueIdentificationAuthorityofIndia,”hesaid.“Andthenwebuiltinalotofprivacyprinciples,”hesaid.Forexample,identifiersarerandom12-digitnumbers,providinganumberspaceofmorethan100billionforlong-termscalability,andassigningnomeaning(gender,age,etc.)toanyofthedigits.Also,theAadhaarsystemdoesnotallowfordownloadingofdata—onlyuploading.Collectedinformationonusersiskeptofflineatthebackend;thebiometricdataassociatedwithanumberisnotaccessiblebyanyone,eventhegovernment.
KeynoteSpeaker:RajendraPawar Mr.RajendraS.PawarspokeprimarilyontheNationalAssociationofSoftwareandServicesCompanies(NASSCOM)CyberSecurityTaskForce,whichwasestablishedtobuildIndiaasaglobalhubforprovidingcybersecuritysolutions,developingbothacybersecurityR&Dplanandaskilledworkforceofcybersecurityexperts.ThetaskforceisstudyingtheIndiancybersecurityecosystemtoidentifyissuesandchallengesandcreateanactionplantoaddressthepriorityissues.Inadditiontohisworkaschairandco-founderoftheNIITGroup,whichhasplayedakeyroleinshapingthegrowthoftheIndianinformationtechnology(IT)sector,Mr.PawarischairingtheNASSCOMCyberSecurityTaskForce.“Wehavedonefairlydeepandwidediscussionsaroundthecountry,”Mr.Pawarsaid,seekingtoanswer,“Whatarethebigissuesweshouldlookat?”TheNASSCOMtaskforcehasorganizedtheirgleaningsintofourareasforneededdevelopment:
• Industry—“Howdowebuildanindustrywhichisservingarealneed?”Mr.Pawarsaid.“Industrywillsurviveonlyifit’sservingarealneed.”HesaidIndiahopestoincreaseitsshareoftheglobalcybersecurityindustryfrom1percenttodayto10percentin2025.Hesaidsuchgrowthprojectstoa$35billionindustryforIndia,yieldingcreationofabout1,000startupsand1millionjobs.Jobgrowth,hesaid,isthenation’sbiggestpriority.
• Technology—Mr.PawarnotedhowIEEEactivitiesarecontributingtotechnologyinnovations
9
thatareneededinIndia,andheemphasized“theroleofacademiaworkingcloselywithindustrytocreatenewindustryinlabandtakeittomarket.”
• Skills—Notonlywillskillsdevelopmentberequiredfortheprojected1millionpeopleserving
innewcybersecurityjobs,Mr.PawaremphasizedthenecessityofskillsdevelopmentandthreatawarenessamongInternetusers.“Cybersecurityisasweakasitsweakestlink,andeveryoneisalink,”hesaid.“Everyonewithamobilephonecreatesvulnerability.”
• Policy—Thusfar,Mr.Pawarsaid,theNASSCOMtaskforcehasdeliberatelyconcentratedonly
asmallpercentageofitseffortonpolicyneedsforanumberofreasons,includingthefactthatotherentitiesarealreadyatworkinthisspace.Still,“policywillhavestrongbearingonhowmuchofa$35billionindustrywecanachieve”incybersecurity,hesaid.“Theeffortsoftheleadershipofthenationtobuildnotjustpolicybutcybercommandwillhavehugebearing”onIndia’ssuccessincybersecurity.
NeedforEducationandCollaboration
Mr.PawarsaidtheNASSCOMtaskforceisplanningtoconfineitsworkto10categoriesofforthcomingrecommendations.AttheIEEEETAPForum,hediscussedtwocross-cuttingthemeshehasseenacrossthedevelopmentareas.Oneistheneedformoreeducationandawareness.“Inthiscountry,wedidbuildacapacitytocreatetalentfortheITsector…so,thereisconfidencewecandothatinthisspace,too,”Mr.Pawarsaid.HeespeciallyencouragedinputfromthegroupassembledinDelhiintheareasofeducationandawarenessneeds.Theotherthemeistheneedforcollaborationacrosstraditionalboundaries,inareassuchastechnologypolicydevelopment.“Weneedaveryintenseinteractionamongthreeentities:government,notjustforpolicymakingbutalsoasusers;academia,wheretechnologyhastobecreated;andindustry,andwe’relookingatstartupsasasymbolicaspect,”Mr.Pawarsaid.“Thesethreeinourcountry,asinmanycountries,arebigsilos.Infact,withingovernment,therearemany,manysilos—incountryaftercountry.”HepointedtoothernationalmodelsfromwhichIndiacanlearn.Forexample,Mr.Pawarnotedtheinterrelatedworkingsofeducation,themilitary,andindustryinIsrael,aswellasusing“publicfundsforprivategood”intheUnitedStates,suchasintheexampleofgovernmentfundingforstartups.“Wearebuildingaroadmap…thatwillhelpusveryquicklyputtogethertheissuesthatwillhelpusgetto35billion,”Mr.PawarsaidoftheNASSCOMtaskforce.
PanelDiscussionNext,PrasantoKumarRoykickedoffapaneldiscussionbynotingsomeadditionalcharacteristicsoftheInternetlandscapeinIndia.“AlmosteveryInternetsubscriberisessentiallyusingthemobile,”he
10
said.“Thewirelinebroadbandisalmostnegligible…so,essentially,theproblemisoneofmobiledataaccess,andmobiledataaccesshasawholerangeofissues,including,ofcourse,cost.”Hewentontoasktheaudiencetoconsiderthequestions,“Howisallthisinclusiongoingtohappen?…Inthenet-neutralregime,whatwillwedoforuniversalaccess?”Mr.Roythenturnedtheconversationtofourpaneliststoexploretheuniversal-accessquestionincontextofbiometrics,security,access,andprivacy:
• ChaimCohen,anIoT/cybersecurityconsultant• Dr.NeenaPahuja,DGERNET(EducationandResearchNetwork),anautonomoussociety
underDepartmentofElectronics&InformationTechnology• SubhoRay,presidentfortheInternetandMobileAssociationofIndia• OsamaManzar,founderanddirectorofDigitalEmpowermentFoundation(DEF)andchairof
ManthanandmBillionthawards
Biometrics
ChaimCohendiscussedhowbiometricsystemsassumeandrequireanintimaterelationshipbetweenpeopleandtechnologiesthatcollectandrecordthebehavioralcharacteristicsofpeople—andthatitisincumbentuponthosewhoconceive,design,legislate,anddeploybiometricsystemstoconsidertheethical,cultural,social,andlegalcontextsofthosesystems.Forexample,Mr.Cohenasked,“Ismoreimportantourpersonalnationalsecurity,orismoreimportantourprivacy,oursenseofselfrespect,protectingwhoweare,andtheidentitiesofourlovedones?”Failingtoattendtosuchconsiderationsandtheirimpacts,hesaid,notonlypotentiallydiminishesefficacyofsystemsbutalsocouldyieldseriousunintendedconsequences.Mr.Cohenexplaineda2002hotelbombinginIsraelanditsroleingalvanizingthinkingtowardcreationoftheIsraeliBiometricDataLaw,aswellastheongoingdebateovertheimportanceofthephysicalsecurityofapersonversustheperson’sprivacy.ThelawstipulatescollectionofIsraeliresidents’fingerprintsandfacialcontours,integrationofthatdataontoIsraelidigitalidentitycardsanddigitalpassports,andcreationofabiometricgovernmentdatabasetoallowforaccesscontrol,identificationofindividuals,andassistanceinlocatingindividualssuspectedofcriminalactivitybylawenforcementofficials.Thelawwaspassedin2010,andstagedimplementationcommencedwithapilotin2013.Mr.CohendetailedsomeofthetechnologiesthatarebeingusedinimplementationsoftheIsraeliBiometricDataLaw.Whilebiometricsystemscanbenefitsecurity,Mr.Cohenconcluded,potentiallylifelongassociationofbiometrictraitswithanindividual,theirpotentialuseforremotedetection,andtheirconnectionwithidentityrecordsraiseimportantissues.Suchmoral,ethical,social,cultural,andlegalconcernscanimpactasystem’sadoption,acceptance,andusage.Also,biometricrecognitionintroduceskeylegalissuesofremediation,authority,reliability,andprivacy.Thesefactorsmustbeaccountedforinthedesign,development,anddeploymentofbiometricrecognitionsystems,and,Mr.Cohencontinued,theIEEEETAPForumserieshasaroletoplayinprovidingeducationinsuchareas.
11
IoTSecurity
Dr.NeenaPahujawithERNETIndiasaidthat,whenshestartedusingtheInternetin1993,securitywasnotevenamongherconsiderations.Andshewasnotalone.“IthinkwewereallexploringtheworldofInternet,whichwasabsolutelynewforallofus.”TheconversationaboutsecurityintherolloutofIoTisalreadyquiteadvanced,Dr.Pahujasaid.Already,shesaid,understandingexiststhat“noneoftheIoTproductswillworkwithoutsecurity…Theconsumerwon’thavecomforttousetheproduct.”Withoutsufficientsecurity,forexample,IoTsmart-homeande-healthapplicationscouldbehackedandmisusedforcriminalpurposes.Dr.PahujapresentedadiagramofsevenlayersenvisagedforIoT:peopleandprocess,applications,dataanalysis,dataingestion,globalinfrastructure,connectivity/edgecomputing,andthings(devices,sensors,controllers,etc.).Allsevenarepotentially“hack-able,”shesaid.“Thereisnothingthatahackercannotdotoday.”Still,Dr.Pahujaelaboratedonheroptimisminmeetingthechallengeto“ensuretheIoThasasecuritylayerfromDay1.”Hackerstypicallyareexposedbytheirpatternsofbehavior,andtheIoTalreadyhasanintegratedlayerfordataanalysisthatcanbeleveragedinquicklyidentifyingthosepatterns.Shesaidsheexpectsthat,whilenotgoingsofartoguaranteethatanyproductorapplicationis100-percentsafe,guidelinescanbecreatedthatcertainprovisionsbeincludedinIoTproductstoprotectagainstspecificthreats,andcanhelpcreateasufficientlevelofsecuritytosupportongoingIoTimplementationandinnovation.Dr.Pahujaalsoexpressedhopethatsolutionscanbecreatedthatappropriatelybalancesecurityandprivacyconcerns.
Access
OsamaManzarchallengedtheaudiencetoshifttheirfocusontheaccessquestionfrominclusiontoexclusionintermsofaccessinIndia.Insteadofmeasuringthesuccessofconnectinganincreasingnumberofcommunities,schools,microenterprises,healthworkers,etc.,thoseworkingontheseissuesneedtothinkmoreoftenaboutthenumberofthoseinstitutionsthatdonothavebroadbandaccessinorderto“knowtheintensityofexclusionforthepeoplewhoarenotconnected…Wearenowonthevergeofnegativegrowth.Halftheworldremainsnotconnected.”Heproposedemphasizing“verystraightforward,simplesolutions”inexpandingaccess:wirelesstechnology,utilizationofunlicensedspectrum,encouragingsingle-circle(servicearea)telecomorcircle-levelInternetserviceproviders,leveragingorganizationsalreadywithinroadstounconnectedmarkets,andexpandeddeploymentofwirelessbroadbandpublicaccesspoints.Mr.Manzaralsourgedpromotinginstitutional-levelconnectivityinordertoreachlargenumbersofusersandtoprovideameansforaccountability.SubhoRaynoted,“askewedviewof(alwaysgivingpriorityto)helpingthevillages...Ofthose1billionweneedtoconnect,500millionareincitiesandtowns.SoIwouldencourageeveryonetolookaturbanareas…Let’sshiftourfocusalittlebit.”Hesaidoneofthereasonsfordelaysinconnectingtheunconnectedhasbeenthat,“forthelongesttime,wehavenotbeensolvingforconnectivity…wehavebeensolvingfortheuserandadevice.”
12
Programsfocusedon,forexample,supplyinglaptopstounconnectedusers.“Usersalreadyhaveadevice;theydon’thaveconnectivity,”Mr.Raysaid.“Whenyouaretryingtoconnectpeople,youstartbyasking,whatdopeoplealreadyhave?Theyhavemobilephones…Andiftheyhavemobilephones,youhavetoprovidebroadbandtothat.”Mr.Manzaradded:“ThereisalotofsufferingthatIndiaisgoingthroughbecauseofthelackofhigh-bandwidthprovision.Weareanoralsocietyandcommunity…YouknowhowstronglywehavespreadtheTV,becauseit’saudial/visual.Youknowhowstronglywehavespreadthemobile;itisbecauseitisaudial.Itdoesnotrequireyoutobecomeliterateoreducatedtoreadandwrite.”
Privacy
Mr.Roy,Mr.CohenandDr.Pahujafollowedwithafewadditionalbriefcommentsonprivacy.Mr.Roytalkedaboutissueswithmobilefraudschemespreyingonilliterateusersandsmart-gridapplicationsbeingmanipulated,forexample,toidentifyhousesthatareunoccupiedatagivenmoment.Mr.Cohenmarveledathowmuchmoreandhowmuchmorequicklysearch-engineandsocial-mediaproviderscangeneratedataonindividualusersthancanstate-runintelligenceagencies.Henotedtheimportanceofencouragingsmarttechnologiststousetheirskillsforthepublicgood,andhewonderedaboutthepotentialofhiringexperthackerstohelpcreatemoresecuresystems.Dr.Pahujawarnedagainstsimplyaddingcomplexitytosecuritypolicies,foritcoulddiscourageuseofthetechnologiesandconnectivitythatdigital-inclusioninitiativesareintendedtospuron.
13
DiscussionsandNextStepsNext,theDelhimeetingconsideredthetopissuesidentifiedinpreviousIEEEETAPForums,aswellasadditionalconcerns,formoreconcentratedattention.Participantsdiscussedlivestreamingofnewsbroadcastsandothercontentthattodayisdeliveredbyradioandtelevision.Implementationof5Gmobileservicesislikelytoencouragethepublictolistenandwatchsuchprogrammingliveonsmartphones.Whilethiscouldincreasethereliabilityandauthenticityof,forexample,importantnewsreporting,hackingoflivedatastreamingandaddingorreplacingunwantedinformationcouldinstantaneouslyspurunrestamongcommunities,groups,countries,etc.InthepresentTVandradiobroadcastingsystem,programsarechannelizedinahighlysecuremannerthatisinthecontrolofthebroadcaster;anyabnormalbroadcastmaybestoppedimmediately,toquellthepotentialofviolenceanddestruction.Similarsecurityforlivedatastreamingand5Gmobiletransmissionwillbenecessarysoasnottojeopardizepublicsafetyandsecurityuntilprotectionofahackedlivestreamingdatachannelisrestored.Thisdiscussionresultedinalistof12keyissues(seeAppendixIII).Participantsthenvotedforthethreehighest-prioritytopicsforfurtherdiscussion:
• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementbothsecurityandprivacyatscale
• Multi-stakeholderInternetgovernance
• OptionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusionOnthetopicofprotectingInternettraffic,theInternetArchitectureBoardhasrecommendedthatalltrafficbeencryptedbydefault.TheInternetEngineeringTaskForceistryingtodevelopastandard.RahulSharmaandPrasadMantrivolunteeredtoleaddevelopmentofawhitepaperonthepolicyandtechnologyimplicationsofprotectingInternettraffic(encryptionbydefault).Onthetopicofuniversalaccess,allaspectsofaccessibility—asdefinedbyW3CinWAI(WebAccessibilityInitiative)—shouldbeincluded.Qualityandavailabilityaremostimportant;accessibilitydoesnotneedtobefree.UniversalaccessshouldbetiedtotheUnitedNationsSustainableDevelopmentGoals(SDGs).Ofthe17SDGs,nineareheavilydependentonICTimprovements.SubimalBhattacharjee,PrasadMantri,SubratPrusty,andChaimCohenvolunteeredtoclarifyandrefinethescopeofawhitepapertobewrittenontheoptionsandchallengesinprovidinguniversalaccess.Duetolackoftime,thetopicofmulti-stakeholderInternetgovernancewasnotfurtherdiscussed.
14
ConclusionThenextregionalIEEEETAPForumgatheringsarescheduledfor17May2016inBeijing,China,and22June2016inTelAviv,Israel.
JointheConversation
TheIEEEInternetInitiativeworkstoinformdebatesanddecisionsinprivacy,cybersecurity,andInternetgovernanceandtohelpensuretrustworthytechnologysolutionsandbestpractices.Withtechnologypolicychallengesemergingincybersecurity,privacy,andInternetgovernancearoundtheworld,theIEEEInternetInitiativeconnectsengineers,scientists,industryleaders,andothersengagedinanarrayoftechnologyandindustrydomainsgloballywithpolicyexpertsinaneutralenvironment,forthecollectivebenefitofallstakeholders.TherearemanywaystoengagethroughtheIEEEInternetInitiative.Pleasevisithttp://internetinitiative.ieee.orgoremailinternetinitiative@ieee.orgformoreinformation.
15
AppendixI:ProgramTheIEEEExpertsinTechnologyandPolicy(ETAP)ForuminDelhi,India,on4March2016wasthefourthinaseriesofregionalmeetingstoadvanceaglobal-scalediscussionabouttoppublic-policyissuesincybersecurity,privacy,andmulti-stakeholderInternetgovernance.Diversestakeholdersfromaroundtheworld—governmentandindustryrepresentatives,legalpractitioners,andacademics—gatheredfortheone-dayeventorganizedbytheIEEEInternetInitiative.Location:NewDelhi’sLeMeridienHotelModerators:DeepakMaheshwariandPrasantoK.RoyDeepakMaheshwari
DeepakMaheshwariisdirectorofgovernmentaffairsforSymantecacrossIndiaandASEANregion.Apublicpolicyandregulatoryaffairsprofessional,hehasakeeninterestintheinterplayoftechnologicalinnovationwithsocio-economicdevelopment.Anoft-invitedspeaker,author,andcolumnist,hehasplayedapivotalroleinevolutionanddevelopmentofInternetpolicyanddigitalecosystemasanindustryspokespersonandthoughtleader.HeservedtwoconsecutivetermsaselectedsecretaryofISPAssociationofIndia(ISPAI)andco-foundedtheNationalInterneteXchangeofIndia(NIXI).HeisachartermemberofIEEEExpertsinTechnologyandchairstheBSAAsia-PacificPolicyCommittee.AnengineeringgraduatefromIndianInstituteofTechnologyaswellasalawgraduate,hehaspreviouslyworkedwithMicrosoft,MasterCard,HCL,andSify.
PrasantoK.RoyPrasantoK.Royisamediaanddigitalconsultantwhowritesandspeaksontechnology,digital,andgreenissues.HeisheadofmediaservicesforTrivoneDigitalServices.Atechjournalistforovertwodecades,hewaspresidentandchiefeditoratCyberMediaforovertenyears.HewritesforIANS,BBCNews,Al-JazeeraIndia,etal.,andisatechexpertonshowsforNDTV,CNN-IBN,HeadlinesToday,andothers.HeisajurymemberforvarioustechjuriesforNDTV,CyberMedia,Nasscom,DEF’smBillionth,andothers.HisSouthDelhihomeGreenOneisIndia’sfirstTERIGRIHAgreenhome.Mr.RoywasaphysicsmajoratSt.Stephen’s,Delhi.StartTime EndTime Program
8:30am 9:15am RegistrationandNetworkingBreakfast
9:15am 9:30am WelcomingRemarks
DeepakMaheshwari
16
StartTime EndTime Program
9:30am 9:45am Self-IntroductionbyParticipants
9:45am 10:15am ReviewandReportingonFirstThreeIEEEETAPMeetings
• IEEEETAPSanJose2015• ETAPTelAviv2015• ETAPWashington2016
JamesW.WendorfJamesWendorfistheProgramDirectorofIEEE’sInternetInitiative,whichisdedicatedtoconnectingtheglobaltechnologyandpolicymakingcommunitiesonInternetgovernance,cybersecurity,andprivacy,toinformdebateanddecisions,andtohelpensuretrustworthytechnologysolutionsandbestpractices.ThroughtheInitiative,IEEEstrivestoimprovethestateofknowledgeabouttechnologyanditsimplicationsandimpactonInternetrelatedpolicyissues,andtoraiseawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.Previously,JimwasDirectorofIndustryConnectionsintheIEEEStandardsAssociation,wherehefacilitatedthebuildingofindustryconsensusandtheincubationofnewstandardsrelatedactivitiesinareassuchascomputersecurity,communications,SmartGrid,andcloudcomputing.PriortothathewasVicePresidentofStandardizationatPhilipsElectronics,wherehedirectedcorporatestrategyandparticipationinstandardsactivitiesfocusedonelectroniccontentdistribution,digitalhomenetworking,digitalrightsmanagement(DRM),andcontentprotection.PriortothathewasVicePresidentandSectorDirectorofSoftware,InteractionandConnectivityinPhilipsResearch,wherehemanagedandguidedthestrategicdirectionofacorporateresearchsectorfocusedondigitalcommunications,videoprocessing,andinteractiveservicesforconsumerelectronics.JimhasaB.MathincomputersciencefromtheUniversityofWaterloo,andaPh.D.incomputersciencefromCarnegieMellonUniversity.
17
StartTime EndTime Program
10:15am 11:15am KeynotePresentationsNitinDesaiShriR.S.SharmaRajendraS.PawerNitinDesaiistheSpecialAdvisertotheUnitedNationsSecretary-GeneralforInternetGovernance,India.In1993,thethenUnitedNationsSecretary-GeneralappointedMr.NitinDesaiattheUnder-Secretary-GeneralleveltoheadthenewlycreatedDepartmentforPolicyCoordinationandSustainableDevelopment.In1997,Secretary-GeneralKofiAnnanappointedMr.Desaitocoordinate,andsubsequentlyhead,theconsolidationofthethreeeconomicandsocialdepartments.Mr.DesaiisalsotheconveneroftheExecutiveCommitteeonEconomicandSocialAffairs,whichbringstogethertheheadsofalltheUNSecretariatentitiesdirectlyconcernedwitheconomic,environmental,andsocialissues.BeforejoiningtheUnitedNations,Mr.DesaiwasthesecretaryandchiefeconomicadviserofIndia'sMinistryofFinance,andhewasthesenioreconomicadviserfortheWorldCommissiononEnvironmentandDevelopment(TheBrundtlandCommission).From1990to1993,Mr.Desaiwasthedeputysecretary-generaloftheUnitedNationsConferenceonEnvironmentandDevelopment.Mr.R.S.SharmabecametheChairoftheTelecomRegulatoryAuthorityofIndia(TRAI)inAugust2015.PriortojoiningTRAI,Mr.R.S.SharmaworkedasSecretarytotheGovernmentofIndiaintheDepartmentofElectronicsandInformationTechnology.HehasalsoworkedasChiefSecretarytotheStateGovernmentofJharkhand(India).HisotherassignmentsincludeDirectorGeneral&MissionDirectoroftheUniqueIdentificationAuthorityofIndia(UIDAI),wherehewasresponsibleforoverallimplementationofthisambitiousandchallengingprojectundertakenbytheGovernmentofIndiaforprovidinguniqueidentification(christenedas“Aadhaar”)toallitsresidents.Mr.SharmahasheldimportantpositionsbothinthegovernmentofIndiaanditsstategovernmentsinthepastandhasbeendeeplyinvolvedintheadministrativereformsandleveragingITtosimplifyadministrativeprocesses.Mr.SharmaholdsaMaster’sdegreeinmathematicsfromIIT,Kanpur(India)andanotherMaster’sincomputersciencefromtheUniversityofCalifornia(USA).Mr.RajendraS.PawaristheChairandCo-FounderoftheNIITGroup,comprisingNIITLimited,agloballeaderinskillsandtalentdevelopment,andNIITTechnologiesLimited,aglobalITsolutionsorganization.Underhisleadership,NIIThasplayedakeyroleinshapingthegrowthoftheIndianITsector,bycreatingskilledmanpowertodriveitsmomentum.HavingrevolutionizedtheITtrainingindustry,heisnowinvolvedinestablishinganinnovativemodelinhighereducation,thenot-for-profitNIITUniversity.Mr.PawarisaDistinguishedAlumnusofIITDelhi,FellowoftheComputerSocietyofIndia,FellowofInstitutionofElectronicsandTelecommunicationEngineersandhasbeenawardedanhonorarydoctoratefromtheRahulGandhiTechUniversity.AcknowledginghiscontributiontotheITindustryinIndia,hehasbeenawardedthecountry’sprestigiouscivilianhonor,PadmaBhushan,bythePresidentofIndiain2011.HeisontheboardsofIndianInstituteofManagementUdaipur,IndianSchoolofBusiness,ScindiaSchool,SMVDUniversity(J&K),andtheDelhiUniversityCourt.Mr.PawaristheChairoftheNASSCOMCyberSecurityTaskForcethathasbeensetupinresponsetoPrimeMinisterNarendraModi'svisiontoseeIndiaemergeasaglobalhubofcybersecurityproductsandservices.
11:15am 11:30am TeaBreak
18
StartTime EndTime Program
11:30am 12:45pm PanelDiscussionPrasantoKumarRoy(moderator)SubhoRayOsamaManzarChaimCohenDr.NeenaPahujaSubhoRayhasbeenPresidentfortheInternetandMobileAssociationofIndiaforover10years.Hehas19yearsofexperienceinadvocacy,publicpolicy,andregulatoryaffairsinICTsectorsincludingsoftware,hardware,telecom,Internet,andmobilevalue-addedservicesinIndia.Previously,hewasDirector,IT&TelecomfortheConfederationofIndianIndustry.Mr.OsamaManzaristhefounderanddirectorofDigitalEmpowermentFoundation(DEF)andchairofManthanandmBillionthAwards.Heisanentrepreneur,author,speaker,editor,columnist,andnewmediaspecialistwhoisspearheadingthemissiontoovercometheinformationbarrierbetweenIndia'sruralsectorandtheso-calleddevelopedsocietythroughDEF,thenot-for-profitorganizationfoundedtoaccomplishthemission.ChaimCohenisanIOT/CyberSecurityconsultant.Hepromotesthecreationofinnovative,inclusiveapplicationsthataddressabroadrangeofissuesinmakingtechnologyavailable,accessible,andusablebyallpeoplewhatevertheirabilities,age,economicsituation,education,geographiclocation,orlanguage.WithabackgroundinIOT&neuropsychology,Chaimfocusesonintegratingtechnologytoempowerpeoplewithauditory,cognitive,neurological,physical,speech,andvisualchallenges.Asadeveloperevangelist,Chaimisactiveinhelpingmanagers,designers,developers,policymakers,andresearcherstobeawareandtakeintoconsiderationthemoral,ethical,social,cultural,security,privacy,andpoliticalaspectsofemergingdisruptivetechnologies.Dr.NeenaPahujaisDGERNET,anautonomoussocietyunderIndia’sDepartmentofElectronics&InformationTechnology.Dr.Pahujabringsinexperiencefromtheeducation,healthcare,manufacturing,andserviceindustriesintheareaofdigitizationandinformationsecurityandbusinesstransformation.SheisanalumnusofIITD.Shehasover30yearsexperienceandhasworkedinTCS,SAIL,USIT,Escorts,GECIS/Genpact,&MaxHealthcareinvarioustechnologyenablementroles.AspartoftheDigitalIndiainitiative,ERNETishelpingintheconnectivitytoandwithineducationinstitutes,corporations,andevencities.ERNETisprovidingsmartclassroomsolutionsforremoteeducationcenters.Dr.Pahujaisadditionallysupportingcreationofanational-levelpolicyforIoTatDeitY.SheisalsodoingR&Dprojectsontheusageofwhitespacesforlowcost,last-mileconnectivity.
12:45pm 1:45p.m. HostedLunch
1:45pm 2:15pm SynthesizeandSelectionofHigh-PriorityAreas
2:15pm 3:15pm BreakoutSessions—DelveDeeperIntoHighest-PriorityIssues
3:15pm 3:30pm TeaBreak
19
StartTime EndTime Program
3:30pm 4:30pm ReportfromBreakoutSessions
4:30pm 5:30pm NextStepsandWrap-Up
5:30pm 6:30pm NetworkingReception
20
AppendixII:Participants
SunusiAbdullahiBala,academia
SanjayBahl,CERT
SubimalBhattacharjee,freelancer
SriChandrasekaran,IEEEstaff
LohithChowdaryChilukuri,AmritaSchoolofEngineering
ChaimCohen,IoT/cybersecurityconsultant
NitinDesai,specialadvisertotheUnitedNationsSecretary-GeneralforInternetGovernance,India
HaziqJeelani,GovernmentofJammuandKashmir
AmitKumarJha,DOT
KonstantinosKarachalios,IEEE
MoreshwarKatkar,VPCOEBaramati
MansiKedia,IndianCouncilforResearchonInternationalEconomicRelations
JohnKulick,Siemens
SurajKumar,NeetiFoundation
DeepakMaheshwari,Symantec
ReenaMalhotra,DoT
PrasadMantri,OracleIndiaPvt.Ltd.
OsamaManzar,DigitalEmpowermentFoundation(DEF),ManthanandmBillionthAwards
KarenMcCabe,IEEEStandardsAssociation,IEEEInternetInitiative
PrakashMeena,Govt.Engg.CollegeAjmer
LokeshMehra,Symantec
MuniruddinMohammed,IEEEIndia
NeenaPahuja,DGERNET
RajendraPawar,NIITGroup
RejiPillai,ISGF
SubratKumarPrusty,DOT
SrinivasanRamakrishnan,consultant
SubhoRay,InternetandMobileAssociationofIndia
21
PrasantoK.Roy,TrivoneDigitalServices
SomitraSanadhya,IIITDelhi
SanjayaSaxena,GraypeSystems
RahulSharma,DSCI
ShailendraKumarSharma,TEC,DoT
ShriR.S.Sharma,TelecomRegulatoryAuthorityofIndia
VatsalaShreeti,ICRIER
KarthikSiddavaram
AkhileshPrasadSingh
VipinTyagi,CentreforDevelopmentofTelematics
MaheshUppal,ComFirst(India)PvtLtd
JamesWendorf,IEEEStandardsAssociation,IEEEInternetInitiative
22
AppendixIII:Top12IssuesFromthelistoftopissuesfrompreviousETAPForums,andtheadditionaltopicsthatparticipantsidentifiedduringtherapid-firebrainstormingsessionattheDelhiForum,12keyissueswereconsideredfortargetedbreakoutdiscussions:
• Threatsandopportunitiesindataanalytics
• Algorithmicdecisionmakingthatexacerbatesexistingpowerbalancesandethicalconcerns
• Multi-stakeholderInternetgovernance
• Technology-policydevelopmentprocess
• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementbothsecurityandprivacyatscale
• End-to-endsecurityandprivacybydesign
• FragmentationoftheInternetanddatalocalizationduetolocalpolicies
• Userassessmentoftrustworthinessofdevices,enterprises,andgovernments
• Machine-readableprivacyagreementsandwhoenforcesthem
• Educatingusersaboutcharacteristicsofinformationsocietyandethics
• Optionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusion
• Personalvideoandpublicsafety
23
AppendixIV:CombinedIssuesList,Delhi/Washington/TelAviv/SanJoseIEEEETAPForums
Delhi
• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementbothsecurityandprivacyatscale
• Multi-stakeholderInternetgovernance• Optionsandchallengesinprovidinguniversalaccessforsocialandeconomicinclusion
Washington
• Datalocalization• Educationandethics• End-to-endsecurity/privacybydesign• Technology-policydevelopmentprocess
TelAviv
• Userassessmentoftrustworthinessofdevices,enterprises,andgovernments• Educatingusersaboutcharacteristicsofinformationsociety• Machine-readableprivacyagreementsandwhoenforcesthem?
SanJose
• Threatsandopportunitiesindataanalytics• Multi-stakeholderInternetgovernance• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementbothsecurity
andprivacyatscale• FragmentationoftheInternetduetolocalpoliciesandhowtoavoidit• Algorithmicdecisionmakingthatexacerbatesexistingpowerbalancesandethicalconcerns• HowtobestengageIEEEasaplatformforcontributingtotheresolutionoftheseandrelated
issues