IGF 2017 - Day 2 - Room XXIII - DC Internet of Things


The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> MAARTEN BOTTERMAN:  Good afternoon, everybody.  First slot after lunch and all the sessions this morning were very interesting.  So people are having lunch I guess.  Nevertheless very happy to have you all here in the room and to take you to the work of the Dynamic Coalition on the Internet of Things.  Building global trust on the Internet of Things is what we are about to do.  I am very happy with the panel we have collected here.  Because there is always new people in the room I'll take a little bit of time to take you through the essence of what we want to talk about.  Can I have the next slide, please?  The Internet of Things, this is weird, let me check. 

Okay.  Internet of Things is something ‑‑ it is not about whether we want it or not.  It is there.  And it is ‑‑ it comes with benefits and challenges.  New technologies brings ‑‑ respond to today's challenges.  We also need it.  Because we have a world that has been changing as well.  We have a lot of emphasis on scarcity of resources of access to people. 

Nevertheless every technology that we use often has two sides.  And it is how do we use these technologies to address the challenges that society brings without adding more problems to it.  So we need to look at how we go about with it in governance terms, how we go about with privacy data collection and how we go about security and also with the safety aspects. 

Next slide, please.  In addressing specific societal issues we are really thinking on global level issues.  In talking about the Sustainable Development Goals as has been agreed in the context of Human Rights at the UN level we see that IoT as such is not one of those blocks.  But basically it is almost everywhere more or less.  To be able to apply those solutions, we need to have global frameworks, global thinking and local application.  So we also need to make sure that people know what it is about and how to use it. 

Next one, please.  There is many different applications.  And just open your mind to a little bit beyond the device you may have on your arm or even consider your telephone as being part of it because it is GPS enabled and does all kinds of things for you.  It ranges from industrial applications of Internet of Things to consumer applications, from emergency warning system like the tsunami buoy, from health monitoring systems to systems that enhance agriculture applications, for instance, better crops, and that kind of stuff.  Wildlife tracking to security enhancing and also more and more autonomous systems that are enabled by IoT Networks that both observe and act to tools that enhance our human ability ranging from helping us to remind things to measure things and much more. 

So about the global approach, next one, please.  IoT for us is part of the Internet.  It is specific aspects of the Internet just like social media, communication, access to information.  And how to precisely define it we don't want to spend too much time on it.  It is things.  It is technology attached to the Internet that helps us share data and do things. 

Next one, please.  Dynamic Coalition set up actually already in 2008 by a group of people including Wolfgang Kleinwachter who can't be here because he had a little mishap happening to him, but he continues to inspire us with his thinking as well. 

Another person that was mentioned by Eric Loeb, I appreciate very much in the panel yesterday on stage Joe Oledfoff was a major contributor to this work.  The aim to develop the Chair's understanding on global good practice with regards to the Internet of Things and to do this from a multi‑stakeholder perspective. 

Next one please.  If you have read our paper you must have seen the principle, and the principle is to take in to ethical considerations and to account from the outset.  Ethical means different things in different places.  But it is taking responsibility to find sustainable ways ahead and to create something that we would see as free, secure and enabling rights‑based.  Again a future we want which doesn't mean my future for everybody.  But within that context. 

Next one.  So in summary, we are thinking of bracing IoT to address societal challenge in an ethical way, to create an IoT environment that also encourages investments.  As was remarked this morning by our representative of Microsoft if it is not technology sustainable, it won't happen.  Yes.  And that's a very important aspect.  That is also important that this also is multi‑stakeholder.  And next to it also needing to be socially sustainable, et cetera.  Emergence and the challenge, we stand for is ensuring the emergence of a trusted IoT environment, an environment that we feel comfortable with rather than uncomfortable which would make the cost socially maybe even bigger than the benefits.  So that would require in our thinking current thinking as you have seen in the paper meaningful transparency.  So not just a little data but meaningful.  A clear accountability. 

So not just ‑‑ it is all of us but also any of this my responsibility is this and real choice.  So it is not your in or out, that must be other things possible, too. 

Next one, please.  So the focus of today's session, please show us.  If you push again, please.  Securing IoT is very much one of the big challenges today.  If you don't secure it we can't agree on anything.  It won't happen. 

To address societal challenges in all parts of the world how do we roll this out in a way that is not only Developed Countries that can benefit from it, but also in other ways, other parts of the world as it can add a lot for relatively little investment in large parts of the world.  Ranging from warning against emergencies to helping with crops.  And the last one is would it be possible to get ‑‑ in some way to get access to independent trusted expertise to ensure accountability.  Trusted both by those people who are affected by the use of tools, as by those people who developed the tools and may need to have somebody looking in to their source code or whatever. 

So with that very happy on the next slide to introduce the committed contributors because we are all participants in this.  By being in this room you have now become part of the Dynamic Coalition. 


>> MAARTEN BOTTERMAN:  So it can be Brian, I even know your name.  Alex Wong is here from the World Economic Forum.  The World Economic Forum represents a lot of industry thinking but it is also ‑‑ I mean there is clear interest and full understanding that it needs to go beyond industry alone.  So Alex will expound on that.  Also very happy to have with us Daniela Bronstrup from the Germany Ministry ‑‑ Federal Ministry of Economy and Energy.  She has also been involved in the preparations of the G7.  And some of you may have noticed that the Torino Declaration coming out in June I think this summer to have a clear vision on that ‑‑ what we do here with technology needs to serve our society.  And he will tell more about that. 

Sebastian Bellagamba from Montevideo, CABASE Internet, from ISOC.  What is the impact on this and he will expound on their work.  Marco Hogewoning has been one of the people on my right who has been setting up a group on more technical focus.  RIPE is one of the regional registries in the world.  They take care of the numbers and need to make things work.  He will tell more about that. 

Very happy to have Eric.  He needs no introduction.  Everyone saw him yesterday in the room.  Very happy to have you, Eric, as an AT&T person, maybe slightly more of a telecom perspective than ICT.  But look forward to your comments. 

Arthur from the IERC is a lawyer but he is also very much involved in the work of the alliance for IoT innovation in Europe and European developments that needs to have a legal framework as well.  And as a lawyer he knows everything about it.  After short introductions Avri Doria on the far right will be the one who will make sure that you get fully engaged if you weren't already at this point or after the contributions.  So with that please go to the next slide for Alex. 

>> ALEX WONG:  Good afternoon.  We are here to unveil a new offering at the Forum.  It is tied to the Fourth Industrial Revolution which many of you know the World Economic Forum has made a lot of noise recently with the new and fast changing introductions of new technologies and in combination with biology and all sorts of other technologies that we are really entering a new phase of development and associated to that which is music to everybody's ears here, and why we are all here at IGF we know there are huge governance gaps and policy challenges that are emerging because of the speed of change.  Within the Forum we felt drawing on our convening power, neutrality what we do best in terms at the leader level how can we apply this in a more Democratic open process that applies to the way the Internet or the Digital Economy has evolved. 

So the first slide that you see behind me is all very basic and all of you I am sure will subscribe that we need to move away from vertical and industry Government dominated coalitions to the multi‑stakeholder approach.  This is how the Internet has developed through the physical and logical layer.  And we have to extend this now to the societal economic layer.  So these issues of security, privacy, all the societal issues that we are seeing similarly we feel need to be addressed in a multi‑stakeholder, transparent, open fashion.  Our proposed solution to that if we go to the next slide, it is a term that we are still toying with, whether this will be the final name, Digital Protocol Networks. 

I am going to come to IoT in a moment but this as a bit of background, conceptually we at the Forum have the privilege to work with many of you, many at the top level of organizations, many global experts, decision makers.  And so how can we turn that in to a network of experts who collectively can gather together mixed base from private sector, public sector, academia, Civil Society to come together around a specific issue and follow a very disciplined process to create actionable solutions.  We are using the word protocols because that invokes a bit of reaction. 

I know for many of you in this room protocol probably means five different things automatically.  It is not just another best practice or a case study.  It is meant to be concrete, discrete enough, actionable solutions that people that were part of the network and people who contributed to the network can implement them.  And so there are much more to the far right‑hand of the spectrum, if you have best practices on one end and laws on the other end.  It is on that side of the spectrum.  But it is not normative.  It is not a law.  That's not the role of the Forum or many of us in this room.  But it is a place to create enough detail that we can then let actors move these forward. 

So we are calling these Digital Protocol Networks and it is trying to combine two things.  It is the convening power of the Forum working at the lead level and also combining with what is essential for this to have any validity which is to be transparent and have the opportunity to get comments and interaction from everyone.  And actually we thought we are in a better place to talk about this than the IGF.  And Lynne Santomora, who has been supportive of us of using this space. 

Last point, let's get down to a couple of pilots and see how this works.  The pilot network that is almost near its completion of drafting the first set of protocols is around the topic of IoT and security.  And there is a little brochure at the front of the room you are welcome to take.  And it is on the e‑mail ‑‑ all these documents you can look at.  The experts of this network are chaired by the UN, the counterterrorism executive directorate and the menu of experts in there has everyone from the UL Underwriter's Laboratory to IEEE to insurance companies.  And what this group decided to do was how can we create actionable solutions so that we can ensure industrial IoT devices.  Make these insurable. 

That was a decision of the network.  Among all the different things they can do they decided they want to focus on that particular solution and therefore what are the actionable solutions that are needed to allow that to happen.  So we've basically been going through a process that began in March of this year.  Our most recent gathering was in New York on Wednesday last week which Maarten was able to join where we are trying to socialize what the group is coming up with and get feedback on could these be the actual solutions to make IoT devices insured. 

So the other document that's at the front of the room and also downloadable on the link is the actual draft protocol.  It is still a draft.  It basically mentions that there is three areas of focus.  The IOT safeguards itself.  Secondly the organization's internal governance risk management processes and thirdly data record keeping metrics.  So I will let you read it on your own but what it is meant to be is a framework, more than a framework.  Actionable solutions that we can then take forward.  And if we have the right people sitting around the table involved with this who have the power to implement the solutions because they are manufacturers of IoT devices or buyers of IoT solutions then we are starting to create a movement bottom‑up that could be a way that we address a governance gap. 

>> MAARTEN BOTTERMAN:  Thank you very much.  Interaction now and also after the meeting, of course.  I ask you to bring in your perspective from a Government. 

>> DANIELA BRONSTRUP:  Many thanks.  Many thanks, Maarten.  And also for that inspiring intro, maybe for introduction I would like to interlink a little bit the two issues to headline on your session today, and Artificial Intelligence.  The two things are not the same.  But they are very much interlinked.  People listening to talks about AI often thinks of super intelligent machines.  Some people even have fears and reservations about it.  But in fact, what we see as AI is part of our daily life and a lot of machines.  Because it is sort of a learning system.  And I think it is important therefore to bring the two perspectives of Internet of Things and Artificial Intelligence together. 

And this is especially true for security and interoperability issues.  Because those especially depend on standards and you mentioned that in your introduction that standards are quite important and that what we think as well and allow me to also point to the G20 Declaration of April this year, whether the G20 also pointed to the fact that standards should play an important role on our ‑‑ in our digital world.  We have various standards, developing organizations, yes, DOs, various fora and consortia.  And we believe that it is important that they work very closely together and that we come to more harmonized approaches. 

Therefore thank you for the very concrete approaches you are both doing already. 

With regard to the various worldwide ongoing processes, we think that a communication is essential and therefore the IGF, of course, is a very important Forum. 

Now coming to AI and what we decided as G7 in Torino in September.  I would like to point to two aspects of the Declaration.  The first one is that the G7 share the view that we should focus on a human centric AI approach because that is one we believe is crucial to drive innovation and growth. 

And the second point is that stakeholders should play the clear role in this process.  And if you have seen the Declaration there is also an annex 2 to that Declaration which deals especially with the questions of AI.  And yes, that was hard work in Torino but we agreed on something that is maybe more concrete than you usually expect G7 Declarations because we decide on a multi‑stakeholder discussion approach that should deal with questions like jobs, and the question what AI means for jobs and jobs creation and productivity, innovation, accountability and transparency. 

And I very much liked the sentence in the paper saying that transparency also means usability, yes.  Indeed I think that's really crucial.  We agreed also on dealing with privacy, cybersecurity and safety.  So we have a real agenda on ‑‑ I thank very much our Italian and Japanese colleagues who pushed issues and the Canadian colleagues because Canada is taking over the G7 presidency and has announced to follow up on this process.  It is not only G7.  That's why we think that the IGF is the ideal Forum to discuss all these issues.  And therefore I'm also happy to say that Germany has applied for the IGF as a host country in 2019.  And in case we will become the host country then I will invite all of you and I am happy to meet you then.  Thank you. 

>> MAARTEN BOTTERMAN:  Thank you very much.  So good to know we have somewhere to go in 2019.  We will still be looking forward to hear 2018.  Thank you for that very clear statement.  Sebastian, you're working for a global organization yourself.  What do you think and what are you doing? 

>> SEBASTIAN BELLAGAMBA:  Okay.  Hi.  It is a big question.  It is a very open question.  Thank you.  And good afternoon, everyone.  As you may know the Internet Society works to connect everyone everywhere to the Internet.  And we do so because we believe in the transformational power of the Internet and the Internet will make our lives better.  Not for just deploying technology but because of the consequences of deploying this technology.  Our analysis is that there is good things happening around the Internet and not good things happening around the Internet.  And we have to work on both things and both forms.  And good things, I mean 50% of the human population is connected already to the Internet.  That is good. 

Now that technology has been deployed so fast in the history of humankind but we are still lacking the other 50% and it is important.  And the 50% that is already connected is kind of suffering kind of way of trust crisis I would say.  It is lacking the trust they used to have on the Internet.  So we have to address both things.  How can we manage to connect the 50% of the population and how can we reclaim the trust that people used to have in the Internet as before. 

One of the things that we see as key to this trust issue as you put it in the title of this panel is the internet of things and the security related issues to the Internet of Things.  The Internet of Things will obviously bring a lot of benefits to everyone, industrial sector, from the user perspective.  There is going to be a lot of things.  But there is a lot of challenges coming from the IoT sector regarding to security and we would like to address that. 

Next year as part of our work we are going to focus on four campaigns.  One of the campaigns is related to IoT and security.  And it is going to be launching in January the 1st.  And that is in conjunction with something that happened during this year which is that we ‑‑ we are also working now in ‑‑ with the online trust alliance, the online trust alliance.  You can see their website.  Otalliance.org is now an initiative of the Internet Society.  It used to be independent body and now it is an initiative of the Internet Society.  And something that I would like to refer you to briefly about the OTA is the IoT trust framework.  I think it is a very, very good document that highlights 40 ‑‑ a set of 40 strategic principles and started to ensure IoT in its whole life cycle.  I mean from designing to deployment and use.  And I think something that is very reliable.  We don't have time to go through the principles here.  But invite you all to go online to visit the otalliance.org website.  If you go through that and it is not in that document, but you will see some recommendations that come out of these ‑‑ of these principles and I would like just also to give the title because in the interest of time we have 28 minutes left for this panel. 

But when you ‑‑ when it comes to public policy and governance there is a couple of recommendations that we can put on the table if you choose.  One has to do with the accountability of IoT framework.  We believe that accountability should be strengthened in the IoT framework.  We have to work clearly on responsibilities and consequences of security issues regarding to IoT.  We have to be very clear on what ‑‑ how safe our device, our IoT device is from design.  I mean because we strongly believe that we have to work on security by design in IoT.  I mean it is not something that you can implement afterwards.  But it is something that you have to implement from the very beginning of the design of the device.  Some things that correlates to this you have to adopt the user perspective.  Security in IoT for the use of ‑‑ from the user perspective is very open‑ended.  The typical user of IoT devices is not the typical user of big computer service that is knowledgeable on information system.  We are talking about people that are not used to that.  I mean are not used to patch things.  I mean to apply patches in order to erase security holds.  We are talking to people here that just want to ‑‑ this dishwasher to be connected to the Internet for whatever reason.  I can't imagine.  But for ‑‑ but they want to do so. 

So this perspective should be applied from that perspective.  That the user is not the typical user of information systems that we use.  And the designer of these systems is not the same.  So for the things that we connected to the Internet computers, servers, et cetera, were designed by systems engineers that knew about systems and had a very big component of security in their minds when they designed this.  Today we are talking about appliances makers who ‑‑ I mean their field of expertise is not neither assistance and not the security.  So we have to be very clear in the framework that we applied before that IoT chief is connected to the dishwasher in order to make it secure. 

There is a big role for Government there.  The Government should encourage a culture of security among IoT stakeholders and I agree totally with you, that every single stakeholder has to be involved.  There is some other incentives.  There should be punishment and incentives in order to apply this and many other things.  And you are going to kill me, Maarten.  So I see your eyes.  So I'm going to wrap up now.  But there is many things online.  We have plenty of information online in the Internetsociety.org website. 

>> MAARTEN BOTTERMAN:  Thank you very much.  And indeed this is why we connected those links in the agenda.  You will find the Torino Declaration and pages from Sebastian on the ISOC work page and the World Economic Forum.  Marco. 

>> MARCO HOGEWONING:  Yes.  I think in your introduction you used a crucial word.  To me the word is application.  You refer to the IoT as applications.  In that sense we have a wide variety of things to connect to the Internet.  Where I come from my community we are the regional Internet registry.  We supply you with IP addresses.  That's part of what we do but that's what we are most famous for.  And to keep it very basic, if you want to connect something to the Internet, you need to speak the Internet protocol.  If you want to speak the internet protocol you need one of my addresses.  There is no way to work around me or my other four colleagues in that sense.  But taking it from that perspective and talking to my community what I often get is sort of the why is the IoT so different.  You are just connecting something to the Internet.  Something that I have been doing for the last 30 years.  And that becomes a bit of a challenge when addressing some of these applications.  Some of these things.  It is in essence it is a computer.  You pointed to dishwasher here.  Washing machine, it might not be a washing machine.  It is a computer that washes your clothes.  It is a subtle difference but from our communities it is like yeah, it is another computer.  It is a computer.  It is a phone washing machine.  You need the address and you connect to it. 

Taking it completely to the other side where we stand now and sort of looking at it from an IoT perspective, we kind of focus on that application and we kind of often forget to see what goes on behind the scenes.  It is kind of common ‑‑ oh, yeah, your computer needs a firewall.  It needs a virus scanner and as previous speakers pointed out it might be harder to do it in appliances.  When you take that level of security to the transport layer there is no big difference there.  The big challenge that I see from where we stand now we get so focused on the application layer that we often forget what goes on behind the scenes and the transport layer. 

When I talk to IoT people and explain who I am, that's usually what I need to do.  I need to explain who I am.  Oh, you are building Internet of Things.  Oh, you are connecting everything to the Internet and they are like who are you?  A regional Internet registry.  Never heard of it.  What's an IP address, tell me.  And that's ‑‑ that's kind of weird in the sense that okay, so you try to shape policy on the Internet and then talk about Internet security.  You never ever heard of us. 

>> MAARTEN BOTTERMAN:  That's why we invited you on this table, Maarten. 

>> MARCO HOGEWONING:  Now you know who I am and hopefully you know what we do.  So yeah, that's a crucial point in that discussion is like okay, you are trying to set policy.  But at the moment it comes to transport layer and getting packets from A to B.  What I note from IoT often becomes somebody else's problems.  Maybe Eric Loeb can explain later on because it is usually his problem.  Getting the package from ASP, but at the same time they expect the ISP to do all kinds of magic because after all they are the Internet. 

So trying to bridge that gap, what I have been doing, is in the dialogue with my community which started with tell me why the IoT is so different and why we should pay so much attention to it explaining that there is this other world, we have set up a Working Group now to kind of try to bridge the gap and bring it together.  And that's sort of also what brings me here to the table to the DC is we need to figure out a way to connect it.  We are talking a lot about sort of connecting things and linkages and everything but we kind of start seeing the IoT as this big monolithic block.  And we should be respectful to the different Internet layers and the different organizations that diminish these layers.  Maarten is saying speed it up.  And I am going to wrap it up here with exactly that.  Be aware to use the right tool for the right job.  Said that yesterday in a workshop.  And I'm going to say it again and reach out to those communities that to effectively manage the layers you need something to do.  And doesn't stop treating the IoT as this big massive thing.  Yes, I don't think that's a feasible solution. 

>> MAARTEN BOTTERMAN:  It is again to show not only stakeholders involved in experiences but different stakeholders and different steps that need to work together.  And very important to take the networking and add technology aspects in to account.  Eric, thanks for being patient.  What is your observation at this point knowing that this is the first time we have you here in the room?  What do you think and what's next? 

>> ERIC LOEB:  It is a pleasure to be here and terrific to see the work that the Dynamic Coalition has been doing to develop this document over the years.  I will be brief with a couple of comments and it is based on what I have seen over the last decade with the change from just a handful of connected devices, emerging devices to now it is essentially every customer, every company that we work with has or is looking for their strategy to figure out both the data analytics and connectivity and how they are getting at things.  I approach this from the standpoint of reading the document as it is and trying to think of a couple of items that jumped out at me as meriting some refinement.  And the first thing draws directly from what Alex highlighted and that's the industrial Internet of Things which isn't mentioned in here.  And it eases to explicitly be so.  They are considerably different from the standpoint of the data privacy or security considerations.  Just from one of the things that I observed on the industrial IoT side we see sometimes the most pervasive and most effective use of IoT is not involving any personal information at all and may be a shipping line that is tracking cargo containers or doing very minute careful calculations of how to navigate most efficiently with the least use of fuel, to get to the port exactly on time without wading away from the port. 

These small improvements may lead to very significant efficiencies or savings.  There are countless examples of that.  In the refinements of this paper and taxonomy there needs to be a distinction of how we think of the Internet of Things. 

The other thing that did jump out was the benefit of how the need for some cross‑jurisdictional and cross‑sectoral coherence and frameworks.  So I will talk cross‑sectoral even within one country.  You may have 15 different agencies that have an interest in the IoT depending on the industry sector involved.  And if you don't have some kind of national framework or national concept that ensures a degree of consistency or something, then you could have vastly different requirements done at a sectoral layer. 

So trying to minimize that is important.  And then I would say cross jurisdictionally in many areas of the IGF we have been talking about cross‑border data flows.  I just bring it up here.  It is not in the document.  But when I look at many of the IoT deployments and this is whether it is industrial or whether it is personal, just because of the technology and economic efficiencies many of these things are created and then deployed on a cross‑ jurisdictional basis and the systems that are set up to ensure that they operate.  And in fact you can do the relevant data analytics that they are there for.  A company can't do this in 226 different ways.  And so trying to have some concept in here of cross‑jurisdictional coherence whether data flows or cross‑ jurisdictional border things.  To work in on the next iteration.  But apart from that, I'll stop and look forward to conversation. 

>> MAARTEN BOTTERMAN:  Thank you very much.  And we will miss that extra half hour that we would use.  But appreciate the opening remarks, jurisdiction, et cetera.  We have one more to go. 

>> We will have almost no time left for comments. 

>> MAARTEN BOTTERMAN:  Arthur, please. 

>> ARTHUR VAN DER WEES:  Now from the alliance for IoT innovation, the European Commission started two years and they started it and grouped together stakeholders and it is now an association.  So that's I think a good to know that that is actually happening.  What we are doing there on security privacy data management, data protection level is not inventing or making new standards.  There are 360 standards already on the market as I mentioned earlier today and one standard in the making.  And we believe it is not a sustainable way of trying to get there.  IoT is about hyper connectivity.  It is about connecting people.  It is about connecting society with things, with sensors, with computing power and with algorithms.  And therefore we also think that we need to hyper connect those standards.  So what we have done is basically look at a couple of items that I think are very important for everyone to focus on. 

One, of course, is the application including the technical stack.  What is involved here whether we are building a certain device or wearable for consumer or try to smarten up the industry with industry IoT or with an OT, even operational technology that we add something on that ‑‑ that is linked to the Internet if you would like to do that.  That's one second.  So we stack it basically.  Already have several baskets.  There is an example of communications and networks as a layer and hardware devices is a layer.  Applications platforms is a layer and services is a layer.  Of course, you can make many other different but we try to keep it only to four.  Then we add three other items with three dimensions.  One is data.  Because data is relevance all over the place.  Secondly is the human side.  Human is also relevant in ‑‑ in the factory whether it is the engineer trying to get the code right, algorithms or the one that tried to make the sensor correct.  And the third one is authentication.  So identity and authentication which allowed to do what when.  So now we have seven.  Four layers, three dimensions and we have read everything that there is on the market, including all the standards and also the ‑‑ I think I saw a couple of guidelines that the World Economic Forum read as well.  And we basically extracted the principles because we are a principle‑based market.  Principle‑based and extrapolate these. 

With that you have molecules and we identified 464 unique, unique principles on security and privacy.  So this is now a set of brain cells that you can use depending on your context and stakeholders that are involved and depending on the data whether it is personal or nonpersonal or both and you get the model and that's what we are working on.  Try to avoid standards.  But try to connect them and see what best practice we can get out of it.  So that's called a meta framework or model.  We don't have a name for it but that's what we work. 

>> MAARTEN BOTTERMAN:  Thank you very much.  Thank you very much.  Avri, having heard of this I know that there is very little time left, but I know you will make the best use of it. 

>> AVRI DORIA:  Extremely little time.  Sometimes they let me be a timekeeper and then they will have more time.  One of the things I wanted to ask before we started is how many of you have actually read through the paper that we intend to finish next year?  Could I just see a quick raising of hands just to know how prevalent it has been?  Please do.  Because we have got one more year where we are trying to get this paper finished and it has some good stuff in it.  Who would like to make a first comment?  If you can keep it to a minute that would be good because we can get a couple in.  Anyone?  No one has a comment.  Really?  I scared them all away?  No, that can't be.  I saw the earlier point that somebody had comments.  I'll ask ‑‑ we have one.  Okay.  Great.  Please.  Otherwise I would have asked a question.  No, no. 

>> PARTICIPANT:  This microphone works.  Yes.  My name is Paul Times.  I have two questions.  I don't know whether you addressed it in the paper.  Because one is that a lot of what is around best practice may also point in the direction of having questions phrased and best practice formatted around ethics and that points to a second question which is the whole governance that you have.  Whatever people are saying around principle‑based legislation, whatever they are saying around governance, whatever you say about security and privacy protocols.  There is a dimension to it of governance.  So do you within the Dynamic Coalition also intend to let's say perhaps start gathering best practice around governance?  And that may lead to better framing of how you would do governance.

>> AVRI DORIA:  There is a discussion of ethics in the paper.  Sort of forming on this panel and the paper is not as strong.  But perhaps others would like to add.  I don't know, Maarten, whether you want to take a crack at that or any of you who have all read the paper could. 

>> MAARTEN BOTTERMAN:  Well, for sure on governance the thing is what we can do here together and what we have been blessed and privileged to from having input from many people over the years is that this paper is getting to get some level of maturity as people around the table and in the room have seen if they have read it.  In the end however good this document is, it will only work if you take it out there and make it work.  It is an open process.  And that is the emphasis of the governance.  It is driven by volunteer experience and by partners who come to this table that things that matter and they take it forward in their own networks.  So I think that is what we can do at this moment, Paul. 

>> AVRI DORIA:  Okay.  Please. 

>> PARTICIPANT:  I had a quick ‑‑ I will just mention that the center in San Francisco that we opened we have created an IoT vertical.  That's a place where we continue the discussions.  We have two colleagues in San Francisco.  Ian drafted the protocol on the IoT.  If you don't like them talk to him.  If you like them talk to me or Ann.  And that's ‑‑ we are offering that to the DC to see how we can leverage the platform in San Francisco. 

>> AVRI DORIA:  It looks like it may have filled some of the blanks that I saw in the paper.  You have a comment.

>> BRIAN CUTE:  Brian Cute from public interest registry.  The remarks from Marco and Eric really resonated with me.  Kind of challenging from your colleague's perspective is this Internet of Things truly something distinct and different and definable.  There is a risk that if ‑‑ there isn't real clarity about definition of what the Internet of Things is or is not.  And a lot of this great work will go to not.  And I would encourage everyone to put some greater focus on that part.  Thank you. 

>> AVRI DORIA:  Thank you.  Yes.  Please.  And there is my microphone on in the back that could get shut off.  Thank you. 

>> ARTHUR VAN DER WEES:  Well, so I ‑‑ although agree with you on definition, the IERC here in Europe has a very ambitious definition on IoT, but I think we are going to the wrong way.  And we are making the same mistakes that we made a decade ago, two decades before in focusing too much on trying to pinpoint it.  Because we are already talking about robotics and AI and many other things.  I don't want to bring in to the IoT discussion but there is no distinction where something starts and stops.  We need to be agile and we need to have a contextualized approach and also with the paper to have a contextualized approach as well.  Because there is everything, this is the Internet of Things.  So therefore I would like to avoid that we spend years on trying to define the IoT definition perfectly.

>> I think what Brian, I would say some categorization is necessary to help with policymakers because certainly I have spent a lot of time having to start by just explaining how, you know, a connected device is not this.  Right?  So a lot of the regulation ‑‑ the default regulations in place with something that is connected are going to start by thinking about your phone.  And so there may be a lot of policies that by default end up attaching that that have nothing to do with IoT.  So I think it is ‑‑ I think it is important in terms of figuring out whether it is the safety or economic or social policies.  That there are different considerations from this from the connected device, from an industrial device. 

>> AVRI DORIA:  In our last four minutes ‑‑ I had Paul with a question and then I had Sebastian.  And if you guys go quickly we will get it all in four minutes.

>> I agree with the previous speakers.  You have to be careful.  Also if you do ‑‑ the more bigger the definition the more accomplishing the definition the problems you will import on the definition the harder it will become to solve.  And I think that's also with Eric's comment, the moment you start treating your car as a phone you also import all the regulatory aspects of that.  That's a prime example there.  So be careful what you wish for.  And I would rather take a more siloed approach here because that will mean problems are more manageable.

>> PAUL WILSON:  Paul Wilson from the APNIC.  The question of definition would be easier if we agree that the Internet of Things doesn't exist.  That we actually just have the Internet and got things that will be being connected to the Internet, admittedly at a greater pace before.  Jeff Houston from APNIC wrote one of his articles recently about the Internet of stupid things and he cited quite a few cases of things that were misbehaving on the Internet.  And those things were home routers.  They were home routers.  They were devices that are traditionally Internet devices manufactured by Internet companies who did a very bad job and caused various problems.  The strongest impediments to the growth of Internet in Australia back in the late 1980s you would not be allowed to connect anything to the phone system unless it was actually approved.  And getting that approval cost some importer $20,000 to connect something to the phone system.  For the very many years we had the need for no such things.  And the Internet is generally robust enough to allow that and that's a very, very good thing.  And I just wonder if all of this focus on defining what these devices must be and how they must behave and be designed is leading us in to the wrong place which is to rely on those so‑called protections instead of relying on the robustness of the Internet to actually continue to do the same old job that it has been doing for so long, coping pretty well with growth and it needs to do a lot more in the future. 

>> AVRI DORIA:  Thank you.  I heard people talking about insurability and not necessarily attachability.  Sebastian and we are down to one minute and give it to you, Maarten, what you want to say at the end. 

>> SEBASTIAN BELLAGAMBA:  We have seen services where people responded at Smartphones where IoT devices by 97%.  So for us I mean IoT things that are not computers and have minimum human intervention.  That basically roughly is the definition we use.  I just contribute with our definition to something to add something to the table.  Thank you. 

>> AVRI DORIA:  Thank you.  We have a remote comment?  No.  And I am going to turn it over to Maarten.  But the last thing I want to say, go to the paper.  It is still there for review.  Each paragraph has a section for you guys to comment.  Really it is a great time to do it.  Thanks. 

>> MAARTEN BOTTERMAN:  Thank you very much, Avri.  It is an unthankful task to be the Moderator and even the time slips away.  I thank you very much for getting all of this out in very little time.  And I thank the panelists for what they brought in and there is much more behind this.  This was only one hour of your time and the subject at a global level means a lot.  Go to the program page and there you can click down to more information.  Sign up for the DC IoT mailing list, become part of it.  And we are really looking forward to the next World Economic Forum and next what is happening in Europe, next what is happening at RIPE, at ISOC if you are willing to invest, to help to progress where we need to put the finger, where we need to take action, where ‑‑ how to develop this taxonomy that makes us aware of what security is necessary, where, what safety is necessary where.  Where is privacy and data really needs to get drilled down to.  Please come back to us as well.  We are very open to participate.  As I said it is a club of committed enthusiasts that think this is really important and something needs to be done, which means you are welcome.  You get a lot of satisfaction of working even closer with us than you have done today.  So thank you all very much for coming.  And looking forward to see you around.