IGF 2017 - Day 0 - Salle 18 - Unpacking the Global Conference on Cyberspace 2017- Charting a Course Forward


The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> Hi, everyone.  We'll start in two minutes.

>> CHAIRMAN:  Hello.  Hi.  I'm Matthew Shears.  We're going to just kick this session off.  Global partners and GCCS from Delhi University and organized this event.  I will outline the structure of the afternoon.  Thanks.

>> SPEAKER:  Our idea was that you know once the GCCS is announced, everybody will work out how we wanted to look structurally and substantively.  We thought it would be helpful to take stock after they have identified best practices and to use that going forward.  So that's really what this session is about.  We hope to be able to tease out useful information so that the next GCCS is a productive exercise for everyone.

>> MATTHEW SHEARS:  So what we will do is split the session into two.  We will start with a panel that will unpack the GCCS in 2017.  Take a look at the conference outcomes and some of the modalities.  And then we'll have a quick coffee break and we'll go into the second part, which is really about charting a course forward and looking at what we think the next GCCS should look like in one or two years.  It always seems to be likely to be the case.  What I'm going to be speaking in the second half and I'd like perhaps everybody to think a little bit about how as you're listening to what people say, think about what you would like the next GCCS to look like.  It would be good to come out of this session with a couple of key points on what that might look like and we'll certainly be Orienting the discussion this second half to fly and do that.

So, with that ‑‑ oh, yes.  Sorry.  Yeah.  All right.  So hold on.  We have quite a small group.  So ones what the GCCS is?  Who has participate is?  Does anybody not know what the GCCS is?  Okay.  Okay.  So the global conference in cyberspace is a series of conferences that came out of the London process that was started in 2011, which is really about the need to focus on cybersecurity and human rights.  It was the U.K. that led it off.  That's why it's called the London process.  Over time, this has evolved into a process that has been considered basic norms and over time, it is involved in relative important as a multi‑stakeholder space for discussions about cybersecurity.  There have been five to date.  And what we're going to do here is look at the one that just happened in DELHI in November.  Do a little bit of retrospective and talk about how it compares and how it faired and how stakeholders believed it evolved from the prior one in 2015, which was managed by the dutch and also to think a little bit about how we can see some issues evolving perhaps for the future where the GCCS 2019 or whatever it might be want to focus going forward.  So it's really evolved over time as probably the most open process for multi‑stakeholder engagement on cybersecurity issues in one space.  I put a lit bit of a quote mark around it.  So that's ‑‑ does that help, everybody?  Anybody want to add to that?  We can be pretty interactive given the size of the group.  It might also be useful, just before we start, if everybody could introduce themselves.  Just to know who's around the table.  Matthew Shears with Global Partners Digital.

>> I'm Daniela (sound cut out)

>> I work with center communication governance.

>> I am Juan Fernandez from the communication of Cuba, but I'm not here in that capacity ‑‑ I am mainly here because I am member of the MAG and I'm one of the core organizers of the main session in cybersecurity that's going to happen on Tuesday at 15 hours, 3 o'clock in the afternoon.  I am here because if you're interested, I could explain how this session is going to be because we will welcome your participation and your questions, but in an orderly way because I will explain you later.  We ended with a very, very long list of speakers.  So time management will be an issue.  And I hope that you could make intelligent questions that one intelligent question it serves like four of the other ones.  Thank you.

>> Hi.  I'm from Indonesia.

>> Hello.  I'm from a private company.

>> Deepak and I'm also the wide share of Internet initiative.

>> I am Marilia Maciel.

>> Hi, everyone.  I work with collaboration on international ICT policy in Africa.

>> Matthew Rantenen from the tribal chairman's association.

>> Jane Coffman from the Internet Society.

>> Alia also MAG member.

>> Paul Wilson AP neck.

>> MATTHEW SHEARS:  Good group.  Let's keep it interactive.  So I will turn it over to Danny to walk us through the first session.  Thanks.

>> Danny:  My name is Daniela.  I'll be moderating this first panel today.  So we'll kick off with the first panel.  It's called unpacking the chair statement from the GCCS 2017 and it will be focusing not only on the chair statement, but the conference as a whole.  So in the run up, the actual conference and its outcomes.  So our panelists will reflect and capture lessons learn as Matthew was saying, they will feed into the next panel focused on chartering a way forward building on those learnings.  The structure that we suggest for the panel is the following.  We will have interactions and remarks no more than five minutes each.  After which we will open to a discussion with all of you.  We want this to be a really dynamic and open conversation.  So please do engage and we'll then have some really brief financial remarks from the discussants and we have excellent and excellent line up of discussants today.  We have Chinmayi of the National Law University.  We have Lea.  We have Marilia and, Olaf Kolkman from ISOC.  So let's start with the panel.

So to give a little bit of background.  So the focus on the conference was on inclusion.  So with the cyber for all was used as an umbrella for the four themes which were cyber for growth, cyber for inclusion and cybersecurity.  In addition, there were endorsements to multi‑stakeholders and during the conference as well.  So I'm very interested to hear our discussants reflect on the conference and whether they think that it fulfilled itself objective really of building global corporations in cyberspace.  I'm going to ask the discuss ants to please make their interventions now, to address the highlights and challenges and the lessons learned really to capture.  So without further adieu, let's hear from Chinmayi first.  I would like to you talk about the process as a whole in the run up to the conference.  Thanks.

>> CHINMAYI ARUN:  Thank you, Danny.  So we were officially partners of the GCCS which is why I think of it in two stages.  It is being super consultive.  Everyone across stakeholders that was interested to be a part of the conversation and encouraging all stakeholders to pitch evens and that's how we ended up being involved with multiple pre‑events with GCCS.  In principle, it looked like a great practice.  I hope this is another GCCSs will think to include.  It meant if people were not able to make it, if the actual GCCS suddenly became not likely anyone in the room, we don't want to talk about this, we don't want to talk to these people, it is still redeemed by the fact there was a series of events that took place before that was inclusive and that did discuss substantive useful issues.  Multiple.  So that's one that I would flag.  GCCS doesn't have to be the conference itself.  It can be process leading up to the conference and that process is a vehicle for inclusiveness.  It's amazingly something that the Indian government got very right.  Unfortunately after that as I am sure you will hear from the other panelists, it is really not clear what happened.  There are people that were involved with this that said basically the decision making shifted from an individual to a different one.  I think that in the end, it is only themed the government comes to the table and people hear specifically what happened.  We invited them regrettably any they didn't accept the invitation.  I feel like if it's possible to understand why, then that's again something to learn from.  But whatever was done before that took place, that's useful.  The second thing and this is based on my conversations with some people.  We've also been reflecting on what could have been done to reflect this.  It was very heavily ‑‑ one thing to learn is maybe we should talk to them in advance because some of the members of industry that founded GCCS have banned people from participating.  It would be interesting if sponsors make it a condition that human rights will be part of the debate and GCCS will be inclusive.

>> DANIELA SCHNIDRIG:  I like that the conference doesn't have to be just a conference.  It's a process and all that's happening in the run up to the conference is equally as important and it's very important that that's inclusive and that makes people feel part of the process.

Next we will go to Lea.  Lea, could you please focus in particular on the cell society participation in the event and how you think it measured up to the 2015 conference.

>> LEA KASPAR:  Okay.  Thanks.  Just one caveat in terms of what the idea is not necessarily the 2015 conference.  So in thinking about how to organize a multi‑stakeholder event, the aspirations can be even higher and the GCCS itself in 2015 in interest of full disclosure, we helped the dutch government facilitate engagement in that event.  So we kind of saw the back handle of how that worked.  In GCCS this year, how I was thinking about it it's not just about civil society participation.  This is ‑‑ if we're talking about multi‑stakeholder approaches, it is other steak holders as well and the level of inclusion of all steak holders including private sector and including governments and including a civil society and however many groups you want.  And why I am saying that is because in terms of highlights or what is good and where the Indians took the opportunity that they had was to bring on board a global self‑government to the table and that was one ‑‑ something that we need ‑‑ I think that's important to note.  With we think about inclusion, it's not just across stakeholder groups, but it's about where geographically where do the stakeholders come from if you look into each of the groups.  So that was something that was seen as a challenge in previous situations.  The fact that was conference was being organized for the first time in a country was an opportunity to broaden the debate and to bring global south steak holders to the table in discussing cyberspace.  So just a short intro.  So what I was trying to consensualize is maybe visualize inclusion or level of inclusion and how it progressed in the run up process.  So I came up with this little graph which I would like to show you.  If you have it, very simple.  If you imagine two access and one access, you have a level of inclusion and the other you have meaningful engagement.  I would say that if your starting point is here, you know, as we progress towards meaningful engagement, we kind of went ‑‑ 

[ Laughter ]

And ended up quite (inaudible).  Just to say something in terms of level of inclusion, it would be from how many people were included, but also where they were from.  I don't want to go into specific area of inclusion.  But what is interesting, if you think about meaningful participation and why this is so open at the beginning because the first stage is just inviting people.  Do you have the registration open and to be honest, if you look at what the (inaudible) did and what Indians did, it was the same.  So they started from the same starting point.  Registration was completely open to all.  If we go back six months before the conference, actually few months less, but the government they open up registration to everyone.  It was a portal you could register.  If you think about where we started, it was the same point.  Yes?  If we think about what we mean by meaningful engagement and why that went downwards, a couple of milestones to think about, one is after you get invited, what happens.  And not only ‑‑ I think I want to mention two things.  For those who were invited in the end, how did they ‑‑ how much were they then involved in shaping the conference outcomes?  There are two elements to that.  One was the level of participation in conference panels and we can talk about that.  So how inclusive was that.  You compare it to the hague.  You mentioned the hague, Danny.  It was actually similar.  I mean, there were more civil society speakers in quantitative terms if you go to the hague, but in terms of interactivity and openness, I don't know if it was that different, which is unfortunate for those who attended the conference.  I thought for myself coming from an IG space where you have interactive Round Tables where you can talk to people and exchange views, this was incredibly static, non‑dynamic format where very few can ask questions and let alone get into a conversation about something.  So in terms of shaping the conference itself, there were very few opportunities to do that.  But last and not least and the most important thing about as a criteria for meaningful engagement is shaping the conference outcomes.  So how inclusive was that?  And there, if you compare it to the hague, I think we didn't do as well as we would have opened for in this round.  This is again going back to inclusion.  It is not about how much was inclusive to civil society, but how much was inclusive overall for just as an FYI.  The Indian government made an effort to draft a declaration.  There was a drafted declaration that was circulated prior to the conference that a few governments got to see.  It quantity open to anyone else.  We were given access to that declaration at some point and said would you guys think?  This is from a friendly person.  The government of India was not planning to do any sort of consultation on this draft and there was no efforts to open it up.  In the end, because in part due to lack of consensus on governments of the nature of this document, the declaration or consensus was dropped all together and the government ended up just issues a shared statement.  The shared statement is the same type of document we had as an outcome in the hague.  So that was ‑‑ it's just a statement of the chair.  The main difference is it is not to use or a consensus view.  It is just a view ever the chairman who was hosting the conference.  So that was the same.  The chair statement back in the hague was open to participants to participants of the conference.  I know we were facilitating input from civil society in that document and a lot of the comments we put forward ended up in the document in the end.  One thing that I forgot to mention, that's in terms of my little graph, one thing that I 94 got to mention ‑‑ forgot to mention is invitations.  It doesn't sound like I'm endorsing the process or saying it was great.  There was this middle bit.  So from opening up the registration to everyone to the point of sending invites to whoever got invites, there was a very murky in transparent process.  It wasn't clear what the process was, who decided, who got the invite in the end.  As it turns out from a civil society perspective, but I will let others speak for other steak holder groups, a number of groups that we know that had been working in this field that have registered got their ‑‑ I guess got their accreditations not declined, but they never got an invite.  Not saying everyone should get an invite, but the government can be selective.  The dutch didn't do that just to stay in comparison.  The dutch invited every single civil societies that registered.  That's on the record.  In this case, we Dean know what the criteria was.  We know that groups that have worked who have tried to enter a conference were not allowed and what's really unfortunate was that a number of local groups were not allowed entry.  This was really unfortunate, but I think it's important to note that the government did not ‑‑ wasn't inclusive.  They were talking about inclusion as an umbrella term for the entire conference.  I don't think they embased it in practice when it came to their own local groups.  So I think I'll stop there, Danny.  Thanks.

>> DANIELA SCHNIDRIG:  Thanks.  We'll circulate the graph afterward.  Marilia, over to you.  Could you please comment on the chair statement and specifically how the statement addresses human rights and multi‑stakeholderism.

>> MARILIA MACIEL:  Thank you.  I have four points and a general observation.  It is interesting we call this process the London process which gives an idea that it is a process that rebuked upon previous meetings.  You were not bound by jurist prudence.  In this meeting, I didn't feel it was beating up what was asked before the summary.  So in terms of process, is this really a process and what can we expect for the next one.  This is a first question I think we need to ask.  With regards to human rights, I think that it's one of the clearest things from the document is that there was a setback.  Human rights was really at the forefront there the document that came out of 2015.  It was part of the first paragraphs and there was an equivocal commitment to respect human rights.  It is almost absent when privacy is mentioned, it is in the context of needing to balance privacy and security or needing to make sure that privacy is respected by law enforcement and has conditioned to investigate what they need to investigate.  So there's this mitigation of human rights that is concerning.  Of course the world today is different from the world of 2015.  You were coming from the revelations and the mood was quite different from today.  However this is an important setback when we consider the documents as a whole and what was achieved.  When it comes to multi‑stakeholder participation, the document from 2015 dedicated a whole session to multi‑stakeholder.  They took the opportunity to talk about things and there was a paragraph that said cybersecurity discussions need to take into account the participation of all stakeholders.  In this document, the world multi‑stakeholder only appears in the end when they self‑praise themselves by the fact the meeting was really diverse and multi‑stakeholder.  So there's no commitment to that whatsoever and on the contrary, that is a paragraph that talks about the need to respect the leading role of governments on cybersecurity issues even though authors I invited to participate and this takes us back to the discussion on the rules and responsibilities that lingers with us for more than a decade.  And it is an unresolved issue.  I think it is an issue that has evolved over the years in the sense that if we think about 10 years ago, there were parts of the Internet that talks about any rules and responsibilities.  They adopted the world is flat approach.  I think there is recognition there are different roles and responsibilities.  Perhaps we need to talk about that.  Signer security is one of the feuds in which I think the moment to talk about actually what we mean when we talk about different rules and responsibilities may be coming.  If we assess that civil society and other actors are losing space in cybersecurity discussions, perhaps to spell out what are the different roles and responsibilities is a way to make clear that we are taking responsibilities for a bunch of things.  This can serve to preserve the situation that we have today and also to avoid some things that I think are happening in cybersecurity when you look at studies on response incidents that are parts of cybersecurity in which there are gaps.  There are things if they happen, it's unclear whose responsibility it is.  There are parts that are overlaps and the situation is equally unclear because they would dispute on the issue.  So the second thing is that yes.  I think in terms of multi stakeholder, there was something on the document.  But I think it is consistent that we needed some point to discuss different rules and responsibilities in cybersecurity perhaps.  Could be a good place to start.  The third point is interesting.  It's the positive and forward looking part of the document, which is the knowledge sharing document which they propose and create to share knowledge and expertise.  To my knowledge, I don't understand what's the difference between this and what was created in the hague with a global team of expertise.  There is an overlapping of responsibilities when actually what we should want is reinforce what we already have.  Perhaps this is a policy that needs to have something in the document and say we delivered that from the Indian meeting.  But what is interesting as well that governments would select the known government of participants that would give input to this knowledge sharing platform.  So once again, they are having a reinforcement a way to practice multi‑stakeholder we would not agree with.  One final point that I made in the other session is related to the fact that the meeting took place in India and people thought this would be a God opportunity to expand the London process to our developing country.  I think it was a good idea, but when I read the document, what I see from the document is not an engagement with an international discussion.  I see from the document a country that is self served and thinking about itself and giving examples about what he is doing.  If our go was to involve India, perhaps this was not successful and I think that maybe the strategy to involve the countries through a meeting is not enough because a meeting is a one‑year event and we need to involve them in conversations that are taking place that allow us little by little view this sort of convergence that we need.  We cannot discuss that security without eastern countries without India and China and we need to recognize that we need to stop this narrative of us and we are the good ones that won cybersecurity because we want to protect our people and they just want cybersecurity to keep themselves in power to break this somehow and to practice countries to spaces that we're discussing and suggest the coalition or Global Commission of cyberspace and to understand why some countries are not participating.

>> Thanks.  Olaf, you're a member of the technical community.  From your perspective and priority issues that ISOC has, do you think ‑‑ were your expectations met, would you say?  Did the conference provide a platform for discussion of technical challenges related to cybersecurity?

>> OLAF KOLKMAN:  Thank you for that.  That's a good question.  I found just as a personal note, I found the conference very confusing.  And it's all of the above.  All of the previous speakers speak to what made the conference, at least from my perspective, fairly confusing.  An opening up with multiple stakeholders being invited to the table, things closing down being less inclusive in the actual outcome.  I like the way that the panel was introduced.  We wanted to organize this panel with we thought about it organizing this, we sheltered in ‑‑ we filtered this in at the early stage and we thought everybody scrambled now.  It is not really my experience that everybody was scrambling.  Everybody was watching saying what is going to happen there?  I think everybody was sort of looking for what is going to be the thing that we are talking about.  And I was looking from my perspective from the work that I do specifically on the cybersecurity pieces of the agenda.  And I think that it's reflected in the outcome of the conference.  Because I don't think we made a difference.  I have the feeling if it comes to the security section of this conference, no real step forward was made.  It's positioning of states as the central owners of the security issues which I think, frankly, is a mistake.  It is ‑‑ there is no further statement around what is the next step in the securitization debate, how are we going to get to these solutions, how are we going to implement a norm around this issue.  I had hoped for I would say discussions around norms.  One of the good things about these type of conferences and the IGF is essentially the same even though you don't get to earn outcome, you discuss the norms and you grow a common sense of where we are and what the next steps are.  And I haven't seen this in this conference.  There was discussion about a failure of the GGE.  Discussion about other UK processes failing, a Will to continue that discussion, but no real outcome.  There was part of the recognition and the civil society.  Of course, also, but if it comes to security, the tools to deal with security in the internet and global space are not solely understate control.  The private sector has a great component in providing security for people for public infrastructure for critical infrastructure and so on and so forth, but I didn't see the discussions there.

So on that side, I was a little bit concerned so to speak.  I didn't see it.  I did see things that were launched in the side lines of the conference that brought that informative process further and I did see that capacity building aspect that you need in the multi‑steak holder address of security issues.  And that was the outcome of the global form of cyber expertise was clearly a next step in trying to involve multiple steak holders in addressing cybersecurity issues, perhaps not that much cybersecurity issues, but cybersecurity issues while the Global Commission on cyberspace took one step by publishing it's (inaudible).  To me, it's taking that signer securitization discussion's little bit further.  I know that is confusing.  I use cybersecurity and cybersecurity to distinguish a little bit about these two words because I feel that we often make him into one ball.  So that's as a sort of first observation.

>> Thanks Olaf.  I think we had a really good first round of remarks.  I would like to hear now from you, from the rest of participants in the room.  Do you have any questions?  Is there anything that you understand like to raise?

>> My question is about attendance part.  There was a lot of confusion.  I think they could have handled it better because the mean hall was ‑‑ I think frankly even that won't have any challenge.  It was only station where actually there was a challenge in terms of accommodating all the people who wanted to be there.  And other things just to be in the process itself.  If you recall, the first day it was called pre‑registration.  It was not even called registration.  The only details were the name, phone number and e‑mail.  The phone number was not working on the registration.  Then it started working and then additional details were asked.  But yes.  The second thing is in terms of feel confirmations.  Those who get approved and those who do not get approved.  Again, I don't know what the criteria was or was not.  It seems many people who had been submitted did not get approval.  At the same time, we should also consider one more thing.  Even for IGN.  I don't know whether anybody got rejected.  I'm not saying that.  But again, what are the criteria?  I don't know.  The idea is the approval of whoever I know people are who less than 24 hours was submitted on the details.  In case of GCCS, the approval et cetera came much better.  So I would say in terms of preparedness, some of these things can be ironed out.  Later, I do know there was a lot of communication.  In case you were not approved, you can still participate.  Now that web presence was mostly useful in terms of the stations.  People who have more flexible formats taking questions and comments.  There was hardly any scope or time left for questions.  So for example, I attended a couple of plenaries and there were just speeches and speeches and speeches and after that, there was no time.

>> Any more questions?  Comments?

>> Has anyone seen an increase in allowing civil southeast or public to put into processees that the government is following up with.  And to have a public process was sometimes quite something.  Almost ended up creating a quite in country because we ‑‑ we brought the regulators.  So this was 2002.  So if you're going to have a robust society.  But are you seeing public hearings, public debates and more openness in listening to different views on the matter?  And in particular in countries where semantic has security‑related concerns that are valid for networks.

>> Olaf, I think you wanted to take that one.

>> OLAF KOLKMAN:  I think I'm about to answer a different question.  Sorry.  I'm going ‑‑ we work together.  I do this all the time.  One of the successes of the behaved GCCS and I see this little pie being made from the inside some what being dutch was that foreign affairs, ministry of justice and (?) are of three strangers ministries.  We wanted to work there early on.  If you look at the tone, there's a tone in the document, it talk about economic issues and security issue.  If you look the chairman's report and you step back, the economic issues have a tone of the internet governance type discord that we're used to.  It talks about station hosters and you can go into details and say this is where kids are missing.  But the tone is about possibilities and not one particular steak holder having very much of control.  The security chapter on this is written by a completely different piece from a completely different universe.  I think ‑‑ I think that's okay.  We have seen the courses evolve.  It has been evolving out of second commission for over 15 decades.  The first commission of the committee of the U.N. in has been talking about cyber stability and cyber security.  The fact that you bring those two type of ministries and the security or diplomacy at the start of the process makes a difference in the tone of the conference, makes a difference understanding there are different forms of discourse, different forms of engagement.  I think that what I see in the discourse of the security and securitization aspects, we have seen failure of governments in a row.  This conference I think failed to make a step forward and there feels to be an empty face is, a void.  To me, that is ‑‑ should be a trigger to say what can we learn from the other conversation upon here.  Perhaps the roles and responsibilities are slightly different.  I think we should have that discussion.  That is reflective of this paper.  I think it is sort of reflected of the processee.  The whole interaction we have seen through the discourses.  I think they're coming together.  So challenges here.

>> So Lea had a comment and then Chinmayi and Matthew.

>> LEA KASPAR:  I think there's definitely a trend or at least a commitment, first of all, there is a commitment and documents.  We have it now.  There's a lot of guidance already being written about involving different steak holders if you look at guiding developments and strategies on OAS guidance.  There are a number of others that provide that and I think that's excellent.  You had a couple of examples where it's been tested.  We have been working with partners in Chile and Mexico over the last couple of years, which is an example.  I am focusing on cybersecurity because I think if you broaden it out to IG discussions, there are other examples that we can look at as well.  In Chile and Mexico ones are the ones that we mention as they have ended and the strategies have been published.  You can trace how the whole process happened.  In fact, we had a group working in Chile had published a report where they analyzed the amount of input and how the documents reflect the input that groups have different steak holders as part of the consultation process.  A lot of it is reflected in the final outcome.  That is something if we're thinking about where it can be made and going back to capacity building points you made, that is what we should focus on.  So when day come to the global level, the check conversation you say this is how it works and this is why it works and this is why we make bedder woulds.  So thanks for your question.

>> Just to report, the report you mentioned is being translated into English.  So we'll they're that soon.  Chinmayi?

>> CHINMAYI ARUN:  I could see the ministry is learning to put out consultation drafts.  It was (?).  And it took us a month's work and 20 law students working there day and night.  We did a knock document that reflected every single's point of view.  So the thing is we went that far and then something changed and that's where my comment is coming from.  I like the way GCC was interacted.  Because of what happened in the aftermath, they started out very conservative and there was this black box system.  So you ask on what basis they did not ask ‑‑ so several were discussing and they cherry picked who was on the committees.  None of us would not say why were you so you see how it spirals down wards.  In the end as Lea said, all the major civil sets not at the GCCS.  The problem with that is it's a mailed.  I think that it would be nice if the global community took note of these things just because India is a democracy.  I can say it came as a shock to all of as well.

>> MATTHEW SHEARS:  There was an assumption that was written by the ministry of foreign affairs and had that 2005 feel to it in much of the language and referring to enhanced corporation.  Then the language and the actual shared statement was quite different.  But I think this point up a challenge that the organizers will have, which is insuring you have the various ministries involved which can issue multiple aligned before they start down the path ever trying to organize such an event.  I think it's an interesting points as well.  We understand there moot have been some of that GCCS.

>> Paul?

>> PAUL:  There are a couple of examples I will speak to, which can be quite good case studies.  The political leadership in Tonga, very small case, but one that's really been successful was multi‑stage holder and consulted with churches and schools.  Nick had said that's not what they're doing.  PNG.  Yeah.  PNG.

>> Of course.  Sorry.

>> And something that's going on there is 's is ‑‑ we happen to received some haven't from them as we have from others in some of the work, but they're putting their money into what they can see as multi‑stakeholder processes.  So there's quite a few things we hope come out of that.

On the GCCS, there was a lot of chaos.  I think in lack of organization because of timeframes and because of the way things seem to happen in that part of the world.  I think we're supposed ‑‑ we're advised not to consume some strange.  There was strange stuff.  I and several other people I know of were invited to be the people to present the summary of at least one of the tracks.  I sort of objected that I actually didn't attend much of this.  I think there was a mixture of very top down model wear.  Some official report back can be written and just distributed to people to prominent people to just read out and then just I guess not being particularly familiar with expectations.  I think it wasn't surprising at all in India that there were India centric.  The purpose of this event in a lot of cases has been with the IGF itself.  In a few past occasions, it has showcased the countries and India is very keen to do that feeling overlooked in a lot of cases are not well understood.  So no surprise there.  But I wonder to what extent those issues in India do they have bearing on the future.  I think we could debrief for the next couple of hours, but to what happens there.  I think what we heard about the positive optimistic started would be a nice thing to focus on and try and almost assume that the rest of the complexity and changes didn't happen and things were launched.  But that's ‑‑ I guess that's the question.  Which parts are the India lessons of?  Lesson is really useful to work on here?

>> that's a great point.  We ever going to be discussing that in the next session.  So having all of these challenges and communities as well in a way are very, very successful to feed into our income conversation.  I have ‑‑ next conversation.  I have Luis over there.

>> Luis:  Participation and civil society and drafting and the process of doing socially.  They show tendency that ‑‑ I think the OES involvement was very helpful in convincing them that the civil society participation was needed.  Even then, they tried to do ‑‑ they tried to put Civil Society in a silo, in which they were not going to make a lot of trouble.  They did this five tables and one was from education.  I didn't want to be auctioning about education security since they were forced.  You have to also we participate in two many parts of the drafting of the cybersecurity strategy from Mexico.  One, we were there without lawyer we were talking and smiling to everyone.  In the middle, we revealed that the government ‑‑ this is the second time we talked about cybersecurity strategy.  One thing I wanted to mention that might be a problem is when we engage with them in any capacity even as a back up.  I felt like when there was civil society, when you engage, you notice they are low level officials.  You reason with them and you realize there is progress, but you don't know how much that process is going to materialize into something relevant.  For example, in an hour, someone from‑‑ I mean, he's not the one who is going to implement the strategy.  He's not part of the hard‑core national security.  So there are still lots of work to be concern to really engage with conversations with people that really make decisions.  I'm also concerned that in global content, in IGF or CCS, the representatives are the ones who are making the decision on the ground in Mexico or a high level.  There are still ray lot of work is to be done to be able to engage those officials.  I think engagement on our side we really want to engage with government in high level because really when you talk to them and they lose fear from civil society and they see you have arguments and you're reasonable, then there's ways in which you can make progress.  I think even though we have to make our stance and be very contentious.  We show we were reasonable in our stances and our positions.  There we made in the cybersecurity strategy on so just wanted to add that experience from civil‑sort in one of these countries.

>> Very, very ‑‑ we are almost running out of time.  So Olaf, would you like to make a final remark and then let the other discussions make a feel intervention.

>> OLAF KOLKMAN:  Very timely.  I figured I wanted to also put something positive to the table.  That's a personal experience.  I think it was very useful, at least for me to also be exposed to the issues, the economic and social issues that India is the biggest ‑‑ I was in a session of technological solutions and should of that is both inspiring and provides context for security discussion.  You as somebody who looks at this from several angles and is not always in Asia and not always in the big economics in the world.  So I do think that the breath of topics economic and social, but also security has its positive side effect of being eye‑opening to challenges that report faced in different parts of the world.  So those are things that to me contributed to also be more informed in the norms discussions elsewhere.  That is something I took away and find very positive from a personal perspective.

>> Thanks, Olaf.  Would you like to make any final remarks?

>> To make an additional remark, my colleague here works for cyber fix foundation.  They just entered cybersecurity in a huge way and they were closely involved.  So you might have noticed us talking.  I do feel like ‑‑ it is always good to well is a reflected conversation.  It's not necessarily happen to adopt the country.  But I feel one of the ways in which they pointed out he said there was a stage at which the individual runnings conference changed to another way.  And we thought this is a little crazy.  You were doing fine two months back.  So sometimes it's good to call it out, if that's okay.

>> Lea, would you like to make any final remarks?

>> I think points to the maybe sets of software like what do we do next?  The reason why that is happen is because the process is not how do you say institutionalized if you find a way to institutional this and embed it in the structures, whether that happen hazard approach and what's happened here, from what it sounds like, perhaps wouldn't have happened as long as you have accountability.  Then you can refer back to it.  We have been dealing with government factors who try to implement the processes.  We Dean know how to do it.  Do you have a check list?  Do you have a list ever things you can say.  This is how I invite them.  It is just not written down and I think Paul ‑‑ I think there is positive or where the intention is good.

>> If I can respond to that, you know, I've been having talks with a colleague, the problem is and I agree is that we often look for lip service and it's really not enough.  So we need to find a way to let governments know when they're not talking their talk.  So we can make the list.  The trouble is that maybe it's not a bad thing sometimes to let a country know at a point they're messing up.  And I don't think that was said clearly enough.

>> I was leading that particular one where is it started off with one regional hackathon and then the plan was changed to a national one.  And then last Monday, it was made as a global.  Whatever plans we had to complete changes, that ‑‑ that is something.

>> Paul, you wanted to respond?

>> PAUL:  Just a brief practical suggestion is perhaps some of the lessons are very hard learned from the IGS could actually be transported over to the GCCS.  It only happened a handful of times and the IGF has happened every year for now 12 years.  And actually has experienced a lot of the same problems in institutional memory and very, very difficult it was ‑‑

>> I don't think we fixed that one.  There is probably some lessons there that could help just in getting the practical things that Lea mentioned.  It might be worth considering.

>> LEA KASPAR:  Unfortunately, we ran out of time.  I invite you all to keep discussing and chatting about this during our coffee break.  We will break for around 15 to 20 minutes.  So then when we get back, we now lay down the challenges and now we have not so easy task that will leave up to the nice panel to discuss the possible ways forward.  So thank you all.  Thanks to the discussions.  Thank you so much.  And yeah.  Let's go enjoy some coffee and be back in 20 minutes, please.

(20‑minute break taken)

>> Hi, everyone.  We'll start in a minute.  I just wanted to say my colleague Chatel is here and she has some interesting publication she's going to tell you about.

>> Is this working?  Is it working?  Okay.  So I just wanted to plug our tool for human rights defenders, which I think might be relevant to a number of you here.  It is specifically focused on encryption policy.  And so I think if you are engaging on a cybersecurity policy or indeed, on encryption policy specifically, this can be a very useful tool.  Please come and pick one up.  I've got eight copies, I think.  So grab one while you can.  Great.  If you want to know anything more about the series, then please let me know.  Thanks, Daniela.

>> Hi, everyone.  So we will start with the second half of this session.  We've had a great first session where we discussed the many concerns that we have had with the way the GCCS process has been conducted and also about some of the successes we have seen over the past few months.  The next session we are now going to move to is charting a forward course.  We've seen some of the biggest challenges in the process have been inclusion and meaningful participation of multiple steak holders.  So in this session, we'd like to discuss what we can take away from the entire GCCS process not just the conference in Delle and move towards identifying things that we can build on between now and 2019 to insure there is meaningful participation in the future of the GCCS.  And also insure there is more open discussions during the conference itself.  One of the ‑‑ while we discuss some of the problems in the process earlier, we have substantive elements and we'd like about to also touch upon that and see what we can learn from earlier conferences and take forward in 2019.  Our discussions for this session are from CIS, Matthew Shears from global partners, Caja Ciglic, Deborah Brown and we have Lillian Nalwoga, but she's not here yet.  We'll move into more open discussion.  To close, Matthew and I were speaking earlier, and we thought it would be great to hear inputs from the panel as well as everyone in the room that we can take from this and work on collectively over the next couple of years while we move to the next GCCS and to future attrition of the GCCS.  I invite to you think about contributions you'd like to make at this stage as well.  So perhaps we can start with your remarks.

>> Thanks for having me.  I'm coming into this session completely blind.  I have no idea what was discussed before this.  The first time I heard of London process was when a bunch of people from the U.K. government came visiting Bangalore and wanted to meet with the center for internet and society.  So about 3 or 4 of us showed up at the hotel and they spent two or three hours speaking about government to them.  What is unclear to me because I haven't been to both is which one was worse?  Was it London meeting worse than the DELHI meeting?  So in any case, I'm someone who doesn't like the holder model and that's because precisely this, which is like in the movie the promise land, any evil actor in the Internet government space can fabricate civil society when they want to and delegitimizes real civil society if there is such a thing.  Really educating experience for me at the last IGF meeting was sitting behind the IGF fellows and they were planning their next vacation.  IGF being their previous vacation.  So someone like me has to being around for a ticket to get to an pre‑IGF meeting, but there's a whole system of ‑‑

>> (low voice)

>> Did I get that wrong?  Sorry.  I'm not good with acronyms.  So in a sense, the vision for multi‑stakeholder governance if we were to bottle from Telecom terminology is TDMA.  Time division multiplexing.  So what we do is we hold a meeting in a location.  There is a number of rooms and a final number of slots in the program and in every slot, we are hoping to divide the time amongst all the five or four stakeholders depending on how you count.  And that is the classic vision of the multi‑stakeholder process.  What they did is it only increased the granularity of TDMA.  You divide time equally among stakeholder groups and somehow you assume the output of that work will always be ‑‑ will have legitimacy and potentially be accepted by all stakeholders as either the discussion going forward or the software going forward and how rules are going forward or whatever.  The idea is to move from time division multi‑flexing to division.  We must accept as a matter of design that we won't be in some rooms.  And that should be seen as a feature rather than as a bug.  That means the people that can do the regulating so the states can regulate the behavior of all stakeholders the corporations also increasingly can regulate behaviors of all other stakeholders.  They are transnational corporations often as powerful as states.  The technical community can regulate their own behavior.  They can decide on what standards to prioritize at the SSOs and what kind of energies and investments to make on each of those projects.  And civil society can't regulate everybody including themselves.  So the self‑regulatory opportunity that the hit‑stakeholder model offers is really only exercised by the states and the corporations and to some degree the Technical Community.  So what we encourage is for governments to come to agreements and tell us.  They should agree on self‑regulatory and report back to us as civil society, our feature is our diversity.  So we shouldn't aim at producing consensus, but rather we should be able to each one of us accurately represent the whole spectrum of views that we hold.  So that when corporations or government comes out of the closed door with their output we can tell you see.  You agree with the following and you disagree with the following and so on.  So we also need to do work behind closed doors, which is to understand how we agree and disagree on the detail of issues.  We all agree that human rights should be in every third sentence of the various documents we produce, but if you do not want mass surveillance which targets all citizens, then we need to, for example, agree on whether we think big data technique should be leveraged in surveillance or weather we think legal hacking should be allowed and what are the various components of that when it comes to procurement of vulnerabilities, striking vulnerabilities and disclosure and recognization.  So in a sense being thrown from the room in DELHI should be seen as a positive thing.  We should not be upset we were thrown out of the room.  We should have sat outside of the room and had our own discussion about where we agree and disagree and a session to really understand the different views that civil society holds.  So yes.  I'm not so much worried about ‑‑ so in a sense where DELHI disappoints me is not where civil society is.  The government didn't see it as an opportunity to push it forward there.  Cybersecurity agenda.

So what the government did is it used it as an opportunity to show case to the world.  Which is completely irrelevant and no other government is interested in this.  If the government was evil, then they should have said they did it completely wrong.  We should do it the other way.  They didn't do that.  I think they missed and understood the opportunity.  They thought that DCS would be a good place to export E‑governments best practice from India to the rest of the world.  That's not why the rest of the governments came there or maybe most of the governments didn't come there thinking that was going to happen.  So that's really for me what, does ELHI‑‑ DELHI is.  And hopefully the next government that plays host doesn't get it wrong.  It shouldn't matter.  They should be prepared to speak to what they say whether it's behind closed doors or not.  Civil society being prepared and having messages to deliver to a closed or open GCS, that should be the homework on our plate.  Thank you.  Sorry for going on and on.

>> Thank you.

>> Thank you for that.  I also ‑‑ this seems to work.  I also wasn't here before.  I am speaking a little bit in a vacuum.  I'll be brief and hopefully we have more of our conversation afterwards.  There's a bunch of points you said that makes sense that don't necessarily ‑‑ I think in terms of ‑‑ I ‑‑ this clearly there have been challenges in India.  I don't think the industry got an easy ride there, but that is a problem for the multi‑stakeholder as a whole.  I think it is important that all groups are participating the technical aspect.  There are two.  Also the industry doesn't necessarily speak as a harmonized unique voice.  And shouldn't be encouraged for a variety of reasons.  Possibly as diverse as the civil society, if you were to break out that sort of small and medium and large global enterprises.  In terms of the DELHI conference and the path forward, I think one thing that to me was clear is part of the problem is that sort of the challenge of a new government takes over every two years and there's almost no overlap.  I think the dutch really tried and sort of hand over a lot of their efforts to the Indian government.  It's almost every time the process is learning Anew and often times at least the last time around, it took a long time before we were aware of where it is going to take place and when.  So that shortened the time for preparation substantially.  I think the dutch knew like a year and a half in advance and went full on preparing and reaching out from the very start to bring in different steak holders to drive discussions to drive the agenda and work across both the governments private sector and civil society to get there.  I think if we have the main learning is to try and find the new government to host this as soon as possible.  And sort of almost help with them as a group with whoever it is whether they are from the global south or whether they're a developed country to understand the practices, to understand how we as different diverse steak holders and groups can help them focus the agenda and drive it forward as well as bring all the steak holders that need to be there there.  And I think the second point that I would make is, I think, to what you were just saying.  I think it would be important to narrow the focus of the discussions back a little bit to what the London process originally was.  I think you were right.  I think the Indians took it a little bit to governance and particularly India specific to governance issues.  If we wanted this to be a repeatable global conference that pushes the agenda forward, I think it needs to be fairly narrow and focused so that it can progress in a particular agenda so it doesn't get diluted.  I think the worry that I have is that it becomes just another conference that talks on all things internet.  And that's limited focus and also new people come to it and that's good.  The new people come every time.  So they need to be brought up to speed every time.  I feel I had a third point.  I think my third point was just in terms of the structuring and the scheduling, I think there is both opportunity in leading up to an event to basically bring people together through a series of consultations.  Even if we look at the GFCE and capacity building efforts, preparing documents in advance, circulating it within the community and gathering feedback is something that can be done.  But also really simply at the conference itself to make sure you actually have diverse participation on panels.  And that I don't mean all of that can also help, but I don't mean just sort of gender country diversity, but I think there's a number of panel in the receipt conference where you just had like the critical infrastructure with industry and that's actually terrible.  What happened was you basically had an hour and a half.  You have five companies and each one did a basic sales pitch.  If you get to a point where you just have people from similar sector talking to each other, you get competition about what we do is better than you.  A lot of similar things were true of just government panels, which I think everything on diplomacy was governments talking to each other.  So sort of mixing those things up, bringing in civil society, bringing industry, bringing in government and even if a discussion is more fraught, it is more difficult to come in agreement is actually the discussion itself the most agenda forward versus just people talking to each other agreeing things.  Those are the three things.

>> Thank you.  Deborah, could you please?

>> DEBORAH BROWN:  I'll just echo the fact I joined this discussion late.  I wasn't at GCCS this year.  I did have colleagues who tried to register from another country and both were not successfully registered for the event.  I think there's questions of participation.  We've heard an exclusion and having attended the GCCS at the hague, I think that was my first time attending GCCS and I followed previous meetings of the London process and I think we saw some definite improvements there at the end of the meeting in hague a bunch of criticisms that came out in the process.  I think we have to be kind of honest and see that we don't put the Hague meeting on a pedestal.  It was much better than I heard, but there are short comings there too.  So I think in terms of looking at the way forward and how we can improve GCCS 2019, we can also look to use processes.  And I was thinking about other meetings that I don't follow into strictly government at UN process or technical or multi‑stakeholder meetings like the IGF and I want to emphasize that I share some of the critiques about multi‑stakeholderism and I think that we need to make sure that the rules are clear.  And so I wanted to draw some points from research that we did after the net mundial meeting and I also don't think that process was perfect, but we did do some analysis.  We surveyed participants is looked at documents that went into and came out of net mundial and created some best practices or learnings from that event and I wanted to share some of those with you that seem most pertinent to this conversation.  Not every process needs to be as open as the IGF.  That would be fantastic, but for outcome oriented processes, sometimes they're more narrow or more defined rules of engagement are needed.  And this is ‑‑ I think in processes that fall outside of the typical intergovernmental space, flexibility is a good thing and net mundial was very much a process that created outcome in a very short time.  But one of the down falls is there wasn't much clarity.  When that's the case, the powerful players can capture the outcome.  So while I would love to see the next GCCS as possible as net mundial, as long as the rules are clear and it is clear how the different stakeholders and civil society and private sector and Technical Community and others can participate, there will be a better outcome and more trust in the process because at least the parameters for the process are clear and there's a clear way to engage.  That leads me to my second point which is around transparency and how it increases trust.

So I think one of the things I heard about GCCS in DELHI there was a declaration which became a chair statement.  And I think one obvious issue there is that if the initial development of the outcome is not done in a transparent way and if there's a statement that's being created on behalf of the participants and they haven't seen it and it's not clear who can participate, there's no way that outcome is going to be trusted and seen as legitimate.  So even if the outcome isn't something that everyone agrees, from the beginning there is transparency and awareness on the parameters and how to engage and that's key.  I think that was one of the short comings of the hague meeting because there was an outcome.  There were avenues for participation and it wasn't clear to everyone from the start how that happened.  Again, I think that's an outcome of the fact there are flexible processes being developed as the meeting was happening, but not always clear there the outset.  A 30 point is around inclusivity and how there's a need for creative and proactive approaches.  Obviously we can't all be in all meetings and there's a need to look at how to use technology use online platforms for input and this can be from anything from the drafting process to formulating the agenda.  So one thing that was an observation I had in the hague, which I think I heard from colleagues who did make it into the DELHI meeting was how the agenda wasn't in a par participatory way and there were penals that one steak molder oriented or didn't seem is to reflect some of the expertise and knowledge of the participants.  So I don't know if that would be on the table for GCCS 2019, but I think that's a way to by creating mailing lists or surveys or online tools to get input from the community to have more bottom‑up process.  And finally, as you said, we can't be everywhere at once.  I don't think it's even strategic for a society to try to engage, but if there's a way to organize in civil society to say here's who we are and here's who we think needs to be in this meeting and shape the agenda and there's some level of feedback and legitimacy in that process.  We can't expect the government toes inly know who to invite and who not to, but if we can self‑organize and create mechanisms where they feel represented and have loops, that might be a way to have a more inclusive process.  That's more pragmatic and not standing outside saying which.  If we want to be proactive going forward, these are things we need to think about.

>> Thank you.  Matthew, your thoughts on this.

>> MATTHEW SHEARS:  Yeah.  Thanks, Smitha.  We had a really good discussion earlier on.  I think we need to bring a number of those points into this discussion as well.  Let me just kind of touch on a couple of things.  I think we have some basic questions we have to ask about what we want the GCCS to look like.  Has the current model kind of ‑‑ is it beyond the sale by date or do we need something else?  I think going forward, GPD and a number of us invested time in submitting comments to the Indian government in terms of how various processees might be managed and suggestions for speakers and participant lists and things like that.  There was a lot of investment time by many of us in civil society.  And I think if we're going to have the same kind of model going forward, then I think there will have to be a much clearer commitment to some of the things that would enable us to participate in a way that would be rewarding and fruitful.

So the process can be open.  It can be inclusive, but it's got to be more than just a token openness and inclusivity.  The process can be multi‑stakeholder, but it's got to be more than lip service.  Lip service to multi‑stakeholder was frankly disappointing.  We still need to know what that is upfront.  The ‑‑ I think this run up program, I think it's a great idea.  If we want to make progress on cybersecurity issues, you can even say and we buy into the GCRS model, you can argue some work would be useful to keep something going, whatever that thing may be, but certainly a run up program I think that was your experience was it was a successful construct that we haven't really seen before.  Something I mentioned earlier on, I think there are two things here the way you need to buy in.  You need buy into this from the government departments who are actually in charge of putting it together.  That has to be a commonality view there.  What was not clear, but I think we can guess at it that did not seem to be a huge amount of linkages between the host and the prior hosts, which that was one of the things that was supposed to be keep that continuity going from event to event.  That didn't seem to be there.  So again, really pulling that out is a key success factor I think would be essential going forward.  But coming back to the questions.  You know, one of the key questions is what is the commitment to multi‑stakeholders and what other inclusive model it is, what's the commitment to human rights?  We saw human rights completely drop off the agenda in Delhi.  This needs to be something there for us to be able to work with.  Capacity building wasn't so much in the event itself.  It was mostly in the pre‑events and things like that.  So again, that's another key point.  And the other challenges is what will the relevant challenges be in two years time whether they're for civil society or cybersecurity?  We need to think more forward.  There's a lot of rehashing of kind of the same old issues.  It would be nice to have a more forward looking agenda in 2019.  I think if we can't satisfy, if we don't have a sentence of satisfaction about openness, discussion, and these order other fundamentals to success, I'm not sure it is worth while making that kind of commitment.  Right?  We're talking about a year long or nine‑month long commitment to this event.  It is a serious point where we have to really kind of understand what the commitment is before we get involved.  And the other thing is I was mentioning early on about GCCS is norm development and trying to move the discussion forward in cybersecurity.  The norm aspect of it, you can call it that in terms of human rights, the bold move in hague.  In DELHI, that did not move at all.  So is the GCCS going to become an IGF where we have the panel discussion and that's where the discussion goes?  That seemed to be a little bit the way it was going in DELHI.  Or can we move it in a more useful direction and begin to have non‑binding discussions about norms and other things.  I think it is a bit ever a cross roads in terms of what we want the GCCS to be.  It is useful for us because it would be useful input for the whichever government ends up deciding they want to host this going forward.  Thanks.

>> Yes.  I speak not about the main session, but about these issues.

>> Yeah.

>> Because I was her ‑‑ I'm here only for talking about the main sessions of Tuesday, but I've been listening to your discussion with great interest and I want to give my opinion on that.  As you know, I think that many speakers has mentioned it already.  I think that the topic of the roles and responsibility for stakeholders is key.  That has been spoken, but it is not materialized and there is not agreement between all the stakeholders of what the role of the other steak holder could be.  There are sometimes some stakeholders that want to ‑‑ as you can say get into the feet of the other stakeholder and there is some discussions that is ‑‑ there's no agreement there.  I think it's very interesting that in the last five years, you remember that in 2012 in what is called the WIKI in Dubai, it wasn't an event, but there was a big disagreement on the roles of the different steak holder that ultimately it was regarding Internet government, but it applies also to cybersecurity and all that.  I think in the five years, this has been more understanding that different stakeholders have to talk to each other and respect each other.  One of the most significant things is you then proposal of Microsoft that the world needs at Geneva convention for cyberspace.  If you have studied that carefully, that's a package they are proposing.  They are proposing three things.  One thing is the Geneva convention itself that is very clearly stated it has to be like a convention signed by nation states by governments.  And they say that has to be complimented by some sort of code of conduct, a norm by the private sector, by all the enterprises.  And the third more interesting is that it is needed an international organization for attribution because that is one of the problems pending that in order to any norm to be enforced, you have to have clear the smoking gun.  Many people have said that's the problem in cyberspace.  There's no speaking gun, but that's really not true.  Recently there have been advances in the technology that the attribution is almost feasible to get almost.  But the problem is that nobody wants to show the capacities of attribution because then the other part will use that to try to avoid that capacity of attribution.  So it's a catch 22 in which I say Matthew is the culprit, but I cannot show the evidence.  So this international organization like notarized thing to do that.  That's very interesting.  Why am I saying all this?  Because in all these three things, the first between government, the other of business and the third this it should be everybody else.  All stakeholders have to participate in one way or another.  Civil society is the one that project some balances that all that is done respecting not only recommend rights, but also the cultural rights, also that it's not discriminated and equity and that's the task that civil society has.  It can also go into technical aspect as well.  Nobody denies that, but this role is unique to civil society.  Of course government has to defund all that, but sometimes they need somebody else to remember all that.  That is why there's the original origin of civil society because in concept, in theory, government should be accountable to everybody and should represent everybody.  But because that does not happen, that's how it is one of the origins of civil society to engage in all this.  And in the north between enterprises more than ever, civil society has to protect the rights of the individual either customer or clients or whatever.  That's a given that has to be done there.  Again, government also has to do that to protect the citizen and the customer, but civil society has to keep a watchable eye in order for that to be done properly.  And in this last institution, in order for not to be manipulated either for political things, you know international politics.  Well, in international politics in the normal world what is called (?) world, there is how do you say lies or deceit.  It has a name.  It was called false flag events that in order for that not to happen in cyberspace, again all stakeholders has to keep a watchful eye so that this institution is not corrupted by the malfeasance that happens in some other institutions from time to time and even corruption because imagine the power of this institution.  So I think that it's very important to engage in all the processes knowing exactly.  I think somebody said it before what is the role?  What is the immediate result that you want with that intervention?  And that does not deny that you can have a long‑term discussion(?) position.  But at least in concrete issues, there are many things that can be done.  Even within the limited processes, somebody just mentioned, this gentleman that even if the discussions are carried out in closed rooms.  Other steak holders can have a paper and position to make them heard in those closed rooms.  I think that sometimes we pay too many attention to the process and not to the way in which even with a flow process, we have some results.  Thank you.

>> Thank you.  I think Lillian, if you could give us your remarks on the learnings that we can take away from GCCS.

>> LILLIAN NALWOGA:  Well, I think maybe most of it has already been said.  But from my perspective is we need to be consistent in the things we propose.  We can come here and see it and reflect and reflect and, um, the people who we want to take on these things.  So it doesn't, you know, make sense to me that many times we find ourselves in a mix of, you know, talking about how things should be and we don't really have something concrete.  So I think there was some sort of savvy hey did after the NETmundial conference.  So in my purposes of continuity, I'm just looking at between now and 2009, quite a lot can happen.  I mean, the issue of having capacity building just for civil society now to engage with government and businesses.  I'm thinking more of:  Can we also have ways of influencing the businesses to understand things from a side of view?  Capacity building for them to understand why it is necessary to bring in other voices to be part of this key decisions they tend to give, but also for the governments.  From my experience, most of these government representatives or government officials, they don't understand most of the things that you know.  We think they should be knowing and even about we have experts, you know some of them they keep changing offices.  They don't understand the things that you know.  They don't understand it.  So it is part of capacity building in the build up to 2019.  We need to focus more from capacity building, but just known for civil society, but also for the other stakeholders.  The other thing is they would be more capturing just to maybe elaborate more on how they do it, but it would be interest for participants to have one side or civil society.  How did you see this happen.  It would be nice to hear from the governments or the other actors that people don't consider them civil society or private just to know what it is they think about some of these processes.  Then we can learn some key things from that.  I know the things that are kind of repetitive in 2015, it was a bit of inclusion maybe, but then there was still some, you know, events or some meetings that still civil society participate.  So India it was (?).  Some of us were invited to opening ceremony.  People who really wanted to go had to beg, you know, to get that sort of special letter.  So these are things that, you know, I don't know if it demonstrates something that if we sit back and we don't ‑‑ I know I kept saying this to Daniela and if we just sit back, you know, and say okay.  It's okay.  We're okay because you are already here.  We are okay to participate in certain meetings, but if they don't invite us, it doesn't matter.  I think there needs to be consistent for calling for action to be included in these meetings.  It doesn't matter if there's no one on a panel from civil society, but the fact we are in the room, we are able to pick certain issues or call action or condemn whatever is happening, but also create to what is happening.  I think we need to have consistence.  We don't need to be ashamed to say certain things.  But we need to clearly to the person who has taken that 2009 role, I don't know who that is, we need to show them it started from here right from the London process.  So they're able to know these are our voices and this is what the community feels should be taken on because from India experience, I'm just saying maybe in the next one, we may not see part discussion.  There was some representatives from Africa.  From my country, I didn't have anyone to attend.  Why is that so?  Maybe they didn't find it important.  Why?  I'm still to engage with my government because I know the person was supposed to come.  So why do they ‑‑ why do governments from say developing countries not able to participate in such meetings where they're talking about, you know, cybersecurity, which is quite a big thing back in our country.  So I think that level ‑‑ I don't know documentation.  Maybe Lea already has some bit of documentation, but it is not visible enough.  We need to bring it to the forefront as part of our advocacy or engagements with the different stakeholders.

>> Thank you.  I think we have quite a few things to add to the list of suggestions that we can come up with.  But I'd like to open up the discussion to anyone in the room if anybody has any questions or comments.  Please let us know.

>> Sorry.  I might have missed something, but I'm not sure who we or what's the wrought come from the processes.  Is there an intent to put together some documents and some comments and send them to someone and if so, who?  I just sort of missed what the practicalities of the process.



>> MATTHEW SHEARS:  Given a number of us have participated, we are keeping track of suggestions people made forward and we can collect those and send them around and see if there's any buy in in terms of doing something with them and sending them to the governments.  And in anticipation of the next event.  Totally out of line, Paul.  Forget it.

>> Can I ask also a process question?  Perhaps I missed this since I wasn't in DELHI.  Is there a selection process for hosting a new host and also just brainstorming and thinking outloud here.  Would it be (inaudible) as to what types of qualifications or conditions we'd like to see the new host meet.  This is something that we can look at host country agreements we can look at other processes, but I think we have seen not only in cybersecurity, but in a number of international meetings lately some kind of core principles.  So if we can come up with a positive statement, a checklist of qualifications, maybe that would be ‑‑ I don one to target that too, but to put it out there not just civil society, but like‑minded actors who want an open process.

>> I think that's.

>> MATTHEW SHEARS:  I think that's a great idea.  Again, we're doing this in a very informal manner.  If there are suggestions, I think we should collect them.

>> Any other comments?  Questions?  Sure.

>> Just to respond to Kaja's comment.  Anything within the corporate sector would be seen as anti‑trust would be seen as some kind of anti‑competitive behavior.  I wasn't talking about cartelization.  I was just talking about self‑regulation in this space assuming that if corporations don't self‑regulate, then the states will reg university and we don't want too much of state regulation.  When we talk about the corporate sector, at least at meetings like this, we don't see many of the SMEs.  So the mega corporations that are the source of most of the harms that civil society is concerned about, they can definitely sit in a room and arrive at self‑regulatory and once the development is done, then ‑‑ because there will be a lot of discussion they won't feel comfortable having with civil society in the room.  So if you notice even in the hague meeting, there were the bilateral rooms and civil‑society was not allowed into the bi‑lateral rooms and then in the IGF, remember the history.  The IGF tried to do this to get the governments to agree.  Somehow we had a ministerial type meeting and high‑level meetings and then I saw the death of that (inaudible) that forced itself into that meeting and then no governments came for the next high level meeting.  So there is definitely a value in a group of ‑‑ when one stakeholder meets and discusses things and arrives at consensus internally, and maybe the corporate sector can use some of it in the consensus, but whatever the process is, there is value in stakeholder groups meeting by themselves and arriving at consensus where that is possible.  With civil society, I don't think that type of consensus is possible.  And therefore, we should focus on producing the diversity in excruciating detail.  The other thing is the amount of effort we waste in asking to be invited, I really think we could spend that time better if you focus on the substance.  So if people really don't want us there, we shouldn't, you know, allow them to humiliate us like this.  So we should just say okay.  Thank you.  We don't want to be (inaudible) if you're not welcome.  That's good time that we can spend holding conference calls because we cannot afford all the fancy tickets.  We can hold conference calls amongst ourselves.  We should talk more often and thrash out the details.  They are discussing legal hacking whether you like it or not.  They may not be doing it at GCCS, but they're doing it somewhere.  Maybe at the institute where there is less opportunity to know what is going on.  Typical east west student meeting.  They're finding to coordinate and share practices.  We need to do more homework.  We're getting too caught up in being invited or not invited.  At least in my humble opinion, there is energy on that.

>> Thank you.

>> I want to partially agree with and you partially disagree with you.  I think both things happened.  We made a fuss about not being invited.  As one of my teachers used to put it, institutional places are nobody's victim.  So it's not for the Indian government to be that arbitrary and to say that it's important, but you will be happy to know that CIS in addition to practically all the other organizations did hold an event on the side lines where we did discuss all the things that were not allows for discussion at the GCCS.  I think what's a shame is that event was very underpublicized and maybe one thing to do is stick out (inaudible) and publicize it a little bit more.  We put out a few short position papers of multi‑stage holder.  So there were other things happening, but I knowledge that the problem with us is we're obsessed with power 1, 2 and 3.  We're only interested?  What the government is doing and not so much what we're doing.  Maybe there's a way in which we can change that.

>> I think I want to disagree a bit.  I think we need to make a fuss when we're not invited to something that is calling itself a global (?).  If you're not invited, then you're not in position to share whatever discussion or have your voice heard.  Where we are lucky that some of us from say Africa we get supported to come to some of these events.  But when some things are being discussed as a global level with the way the Internet works, they're going to affect someone in a community who may be have not had Internet or accessing it for the first time.  We need to be very concerned when we're not invited to say something.  Or maybe just sit in and listen.  I think I totally disagree because it does bring back to there was the side vents and daily talk, whatever civil society was still talking to ourselves and you know things that we need to do, but then who was (?).  So I think it is important that you know we make fusses about us not getting involved on something calling itself a global (?).  We are the voices of the unheard of those who cannot come to this process.

>> Just to continue on that.  So why put them on the broadcasting treaty?  That is going to be hard law in every country.  So if you want to complain, there are many places where we would like to complain, but that is not historically seen as a government space.  So it's a question of prioritization and this is an easy thing to do to say I wasn't invited is an easy thing to do.  But to work amongst ourselves and discover our differences in position is a little more difficult thing to do.  So I'm asking us to work a little harder.  Yeah.

>> Thank you.

>> I would actually say cybersecurity and Internet Governance issue.  It is kind of new and I think ‑‑ but it's important that civil society and industry voices are actually heard.  I think to your point, I think it's important to call out when it is just lip service because I think that's where we're seeing at moment a little bit everywhere where people say people were in the room, but nobody is really listening to.  I think there are challenges in cyberspace and particularly in the nation level sort of arm's race.  Quotation marks.  We are both states need to be held into account and sort of called out when they engage and actions that are actively in danger.  Civil society, civilians overall, but also from the industry side when I think the Watson agreements on dual use, there is no input from either and then what comes out are proposals or obligations that are counter productive and not really implementable in real life.  So I think there needs to be an acknowledgment boy governments across the space they need to rely on other actors.  We don't live in a world anymore where they know everything.  That's why I think it is important to push them and call out and say you know what?  It's not always in the room, but can you please have a multi‑stakeholder process or whatever the word is.  Right?  That insures there is at least some real input from all sides.  So I would call.  I really like the idea of having a principle document going forward that calls for that to happen.

>> Thank you.  Matthew?

>> MATTHEW SHEARS:  Just I agree.  I think it would be incredibly valuable to have that to your point.  We need to do both.  We need to sit around more as civil society and understand where our points of common interest are so we can work on those together.  We don't do enough of that.  I agree.  We also need to be in the little spaces as well.  That's part of the challenge, I think.

>> I think we're clearly out of time.  So perhaps closing remarks from panelists if they have additional things to say.  Matthew, would you like to start us off?

>> MATTHEW SHEARS:  So, um, if there is are the ‑‑ so, this is about the GCCS.  If there is another GCCS, I would very much encourage us to organize more broadly ahead of time to make very clear what our interests are and what our requirements are.  What our expectations are for participation.  And I think we need to make those very clear from ‑‑ as soon as we know there's a process underway or that governments are looking at them, we need to have assembling in front of them.  I don't think we can be expected to participate in the manner that we have been.  Thanks.

>> Thank you.  Deborah?  You have some comments?

>> DEBORAH BROWN:  I think we need to be more strategic in where we engage.  A, is there another GCCS?  And B, do we care?  I say that not having been to the last one, but I didn't think I missed much and I don't think I would have been invited, but we need to look at substance and priorities.  Even if we don't see then as legitimate spaces to discuss Internet governance, those issues are happening and we need to go.  Maybe we can push a positive agenda.  So there's a different analysis and calculation as to why we engage in certain spaces, but I would like to maybe be controversial and assume that GCCS is one ever them.  Decisions are made or that we can build our own capacity understanding issues or exposure to different stakeholder groups.  I think there's a value going into non‑oriented processes if we're allowed there.  I kind of feel we were game and spent time complaining about the process for an event where there wasn't much of an outcome or interesting conversations.  Again, I say that having not been there.  It feels like a lot of energy, frustration and time was spent on the process that might not have been so useful.  So I think maybe ‑‑ this is from a Civil Society perspective, but we have limited resources and limited time and we need to build our own expertise.  That's the place we want to get involved in.  Thanks.

>> Thank you.

>> Yes.  If I were to write to the organizers of the next GCCS, I would say divide the meeting into two halfs and then the first half of the meeting, governments sit alone in the room and agree on some norms, whatever the minimum number of norms you can.  During that time, civil society would sit in another room and see what potentially responses could be.  The second half of the meeting, they present their draft norms and we present feedback.  Having everybody in the same room all the time is the IGF format and that is if we want no norms.  If we want norms, we may have to tinker with the format.

>> Thanks.  Lily, would you like to share some comments?

>> LILLIAN NALWOGA:  I agree to what Sunil and Deborah have said.  We need view our capacity and understanding some of these things.  Civil society we lack especially in like a mission we pull whatever is pending.  Some of us are not aware.  But again, I still feel that much that we don't know is going to come out in what 2009 may bring, but for me signer security is something that affects everyone.  And everyone's voice has to be heard.  And also everyone's views in one way or another need to be captured because today someone who is working with the business or the next day they may find themselves in civil society or working with government.  So either way, we need to reemphasize the multi‑stakeholder approach in finding solutions to cybersecurity problems or issues.

>> Thank you.

>> I think I would ‑‑ they need to be more prepared.  I would say that perhaps be a little more optimistic.  It was more confluens of events.  I think it was sort of the lack of preparation or whatever you call it, the bad timing of the Thanksgiving, which I think meant that not only allowed the U.S. people didn't show up.  It had the trickle down effect.  The governments pulled out in general.  The air didn't help.  So I think ‑‑ so I think, you know, I'm pretty sure the Indian government had greater ambitions and wanted to get more out of it.  So I wouldn't necessarily say maybe you're game.  I think it was just a confluence of events and I would say I think it is an important place for dialogue still.  I would give it one more chance hopefully say and see where it goes.  But actively engage to make sure it goes in the right direction and I think like a lot of you, I think, like we came out of it and were like guess heartened and really unhappy with the outcomes and maybe we don't want to do this again.  But I actually think we should.  It's a process worth saving.

>> Thank you.  Anybody who was in the other time think that is the first thing.  Thank you, everyone.  It's been a great discussion.  I think I can hand it over to Danny.

>> MATTHEW SHEARS:  We're out of time.  Thank you, everyone.  We have ‑‑ it's quarter to 6:00.  Really appreciate the discussion.  I think we had a really good kind of review and now some really good inputs to the way forward.  I think what we'll do is we will certainly not in the very near term, but we'll try and pull some of these thoughts together and circulate them amongst those of you who are interested.  We'll reach out to you to kind of kick off a discussion.  It is useful to have these ‑‑ at least some what to have them available should we see an opportunity to input them and get greater buy in as a working draft.  If everybody agrees with that.  With that, thank you ‑‑ yeah.  If people want ‑‑ if we don't have your e mail and you want to give us your e‑mail to get you on our list, that would be great, if you want to contribute to this going forward.  And with that, I guess thank you to everyone.  I hope you have a great evening.

>> Thank you!