ITAC Newsletter n° 1, May 2013

May 29, 2013

Full .Pdf Version of Newsletter:ITAC Newsletter

Table of Contents

1. Editorial By Constance Bommelaer, Senior Director, Global Policy Partnerships, and Nicolas Seidler, Policy Advisor, Internet Society

2. The OpenStand Paradigm and Its Importance for the Internet Economy By Karen McCabe, Senior Director, Strategic Marketing, IEEE Standards Association

3. Internet Policy Making –OECD’s Principles, Its Multi-stakeholder Approach and the Way Forward By Verena Weber OECD Economist/Policy Analyst

4. Sharing Perspectives in the Realm of Cryptography By Christine Runnegar, Director, Public Policy, and Robin Wilton, Technical Outreach Director for Identity and Privacy, Internet Society

5. ITAC Member Spotlight: RIPE NCC By Chris Buckridge, External Relations Officer for the RIPE NCC

6. Internet Exchange Points By Kurt Erik Lindqvist, CEO of Netnod

7. The Economic Benefits of IPv6 Implementation By Mat Ford, Technology Program Manager, Internet Society

 

Editorial

May 28, 2013

By Constance Bommelaer, Senior Director, Global Policy Partnerships, and Nicolas Seidler, Policy Advisor, Internet Society

Screen Shot 2013-05-22 at 9.15.49 PM

It is with great pleasure that we inaugurate the first newsletter from the Internet Technical Advisory Committee (ITAC) to the OECD.

ITAC was created in January 2009, following the 2008 OECD Ministerial in Seoul. Its main purpose is to provide Internet technical expertise to the work of the OECD Information, Computer and Communication Policy Committee (ICCP) and its working parties. The civil society advisory group (CSISAC) was also created at the same time, in addition to the existing business and trade unions stakeholders groups (BIAC and TUAC).

Ever since the first World Summit on the Information Society (WSIS) in Geneva in 2003, tremendous evolutions have taken place in the field of Internet Policy development, with the emergence of more cooperative and inclusive models of policy-shaping in a variety of fora and regions.  Five years later, in june 2008, the positive input of the technical community in the OECD Ministerial was acknowledged by OECD ministers in the Seoul Declaration for the Future of the Internet Economy. This declaration invited OECD Member States to reinforce co-operative relationships and mutually beneficial collaboration with the Internet community. This was reflected in the Closing remarks by Angel Gurría, Secretary-General of the OECD:

“A more decentralized networked approach to policy formulation for the Internet economy also includes the active participation of stakeholders. Such active participation needs to be the norm. We appreciate the participation of stakeholders in this ministerial meeting. But I think we need to go further.  I would recommend that we begin the process of formalizing the participation of civil society and the technical community in the work of the OECD on the Internet economy.”

The Internet Technical Advisory Committee (ITAC) was officially recognized by the OECD Council on 15 January 2009. This concrete commitment to the multistakeholder model of cooperation was re-emphasised in the 2011 OECD Communiqué on Principles for Internet Policy-Making, recognising that better Internet policies are developed through multi-stakeholder processes, including business, civil society, the Internet technical community and academic institutions.

Over the past five years, ITAC has progressively grown into a well-identified group, sharing the view that universal growth and social progress can only be achieved on the basis of an open and global Internet ecosystem.  Indeed, the Open Internet is an extraordinary platform for existing and new business opportunities – enabling commerce to flow between all parties in dynamic ways, opening new territories, encouraging competition, expanding market presence, and fostering new business models.

The twenty-seven organisations part of the Internet Technical Advisory Committee have contributed to shape technologically-sound OECD policies and research in critical areas such as IPv6 implementation, open Internet standards, interconnection, security or privacy. Inclusive policy development processes have proved valuable both for governments and participating stakeholders.

With this bi-annual newsletter, we hope to share concrete illustrations and practices of the evolving multistakeholder model of policy development and create opportunities for new partnerships. The Internet Society, which is currently coordinating ITAC, is committed to working with all communities to ensure the Internet continues to grow and evolve as a platform for innovation, economic development, and social progress for people around the world.

 

The OpenStand Paradigm and Its Importance for the Internet Economy

May 28, 2013

By Karen McCabe, Senior Director, Strategic Marketing, IEEE Standards Association

IEEE

The Internet is no less than an economic and social phenomenon that has touched billions of lives worldwide. Over the last three decades, the Internet has flourished organically—its market-driven growth overrunning industry, technological and geopolitical borders and infusing gross domestic products (GDPs) globally.

Undergirding the Internet’s ongoing growth has been an array of ever-evolving and foundational technical standards. IEEE standards for physical connectivity, Internet Engineering Task Force (IETF) standards for end-to-end global Internet interoperability and World Wide Web Consortium (W3C) standards for the World Wide Web, among others, collectively allow the Internet to function the same from market to market around the globe—and, consequently, facilitate its market-driven growth. These foundational Internet standards were developed via bottom-up collaborative processes that are characterized by direct, open participation by diverse industry innovators with varied needs from around the globe, and they have been adopted voluntarily. And the standards’ impact is evidenced in the invention of a wholly new culture of border-crossing e-commerce, information sharing and community operations.

It is this market-driven model of standards development and adoption on which the OpenStand paradigm (http://open-stand.org), announced in 2012, is based.

As Organisation for Economic Co-operation and Development (OECD) member states elaborate policies oriented at developing economic growth and social progress, a closer look at OpenStand is in order.

The OpenStand principles are intended to harness grassroots inspiration, creativity and expertise globally in standards development for any technology space. The principles demand:

  • cooperation among standards organizations;
  • adherence to due process, broad consensus, transparency, balance and openness in standards development;
  • commitment to technical merit, interoperability, competition, innovation and benefit to humanity;
  • availability of standards to all, and
  • voluntary adoption.

As seen with the Internet and in other technology areas such as electronic design automation, medical-device communications and the emerging smart grid, the OpenStand approach is proven in its ability to advance cutting-edge technology and empower rapid market implementation of high-value, high-demand products and new services with societal benefits. The market-driven OpenStand paradigm fosters global markets, job creation and economic opportunity and yields better products at more competitive prices.

The world is a better place because of the Internet, and its innovation is incessant. As OECD member states consider policy evolution, it’s important to note that a major reason for the Internet’s unmitigated success is a market-driven model of standards development and adoption that the OpenStand paradigm seeks to encapsulate and make easily adaptable to other technology areas.

How, specifically, is the OpenStand paradigm applied in the real world of standards development? For more on how IEEE Standards Association (IEEE-SA) activities in varied technology areas embrace the market-driven principles encapsulated in OpenStand, please visit http://standardsinsight.com/.

 

Internet Policy Making –OECD’s Principles, Its Multi-stakeholder Approach and the Way Forward

May 28, 2013

By Verena Weber OECD Economist/Policy Analyst

Screen shot 2013-05-21 at 8.15.34 AM

During the past two decades, the Internet has become a key platform for innovation and economic growth. By fostering the free flow of information, it has increased transparency, opened new territories and, as a consequence, lowered entry barriers to markets and created new business opportunities. Its open nature has also facilitated inclusion – anyone can develop new applications and services that, in turn, can be used anywhere in the world.

The OECD has a long history and expertise in analysing how to best promote the dynamic nature of the Internet while, at the same time, protecting privacy, security and intellectual property. Against this background, the OECD Council adopted the Recommendation for Internet Policy Making Principles in 2011. It contains a set of 14 principles that call for a holistic approach to Internet policy making along the entire Internet economy value chain from investments in high-speed networks and services to the promotion of creativity and innovation on the application layer while protecting privacy and security.

Importantly, the Recommendation puts forward three overarching principles to guide the further development of the global Internet economy: (i) the promotion of the global free flow of information, (ii) the preservation of the open, distributed and interconnected nature of the Internet and finally, (iii) the adoption of a multi-stakeholder approach to developing Internet policies which guarantees transparency and effectiveness. During the past years, discussions and policy making processes in the OECD Committee for Information, Computers and Communication Policy have greatly benefitted from input from various stakeholder groups including the Internet technical community, civil society, and business.

Pursuing this multi-stakeholder approach to policy making is crucial to the future of the Internet economy. The OECD is currently setting up a multi-stakeholder voluntary expert group to develop a roadmap for the implementation of the OECD Recommendation. We welcome the active participation of the Internet technical community to this group and its contribution to developing policies that support and promote a dynamic, open and inclusive Internet economy.

 

Sharing Perspectives in the Realm of Cryptography

May 28, 2013

By  Christine Runnegar, Director, Public Policy,  and Robin Wilton, Technical Outreach Director for Identity and Privacy, Internet Society

Screen shot 2013-05-28 at 3.49.13 PM

Screen shot 2013-05-07 at 8.42.23 AM

Thanks to some substantive comments submitted by ITAC to the OECD that were principally authored by colleagues from the ISOC Trust & Identity team, ITAC was invited by the OECD Working Party on Information Security and Privacy (WPISP) to lead the organisation of a roundtable during WPISP34 on developments in Cryptography Policy.

A great piece of distributed collaboration between Robin Wilton, Gershon Janssen (OASIS) and Michael Donohue from the OECD Secretariat, with the help of BIAC, CSISAC and OECD members, pulled together a very good set of speakers who were able to provide both a technical context and topical examples of the economic and social impact of cryptography policy.

Bob Griffin (Chief Security Architect at RSA), sharing his experiences in the field, made a compelling case for governments to encourage the use of encryption technologies to protect the confidentiality of data, particularly in case of theft or loss – as part of a defence-in-depth strategy. How many privacy breaches caused by lost USB sticks and stolen laptops could have been mitigated had the data been properly encrypted? Bob also expressed his confidence that crypto-capable mobile devices have a growing role to play as enablers of strong authentication.

Matthew Scholl (Deputy Chief, Computer Security Division, NIST) emphasized that governments cannot, and should not, try to “corner the market” on cryptography. The NIST model today is to foster private sector open and transparent development of candidate algorithms, and to evaluate them as possible US government standards. A case in point is the AES algorithm, which was developed outside the US.

Just as important as using encryption, is ensuring that the tools being deployed are not using vulnerable, or “out-of-date” algorithms. When widely-deployed algorithms (such as SHA-1) come to need replacing, governments and enterprises alike are faced with the challenge of migrating safely to new ones.

Masahiro Uemura (Director of the Office of IT Security Policy, METI) cited several examples of Japanese projects in the crypto domain, and technical areas in which work is either planned or under way concerning: authenticated encryption; identity-based encryption; and “signcryption” (algorithms that combine signing and encryption capability).

Suso Baleato (CSISAC) pointedly asked a rhetorical question: “Why are electronic messages sent as postcards?” and encouraged all stakeholders to foster end-to-end encryption by default.

Robin Wilton (ISOC), who moderated the roundtable, remarked in conclusion:

  • economic and social activity depend on sound cryptography policies
  • governments and business need to pay attention to the evolution of cryptography technologies
  • even the most careful deployment of cryptography can be flawed, can suffer from attack
  • cryptography achieves the widest adoption when mechanisms are hidden from the user, because the less the user has to do, the more likely they are to use it.

All in all, this was a fascinating insight into the world of cryptography policy.

Finally, let us make a brief call out to some of the crypto-related work being undertaken by ITAC members:

  • W3C – Web Cryptography WG [1]
  • IETF – JavaScript Object Signing and Encryption (JOSE) [2]
  • OASIS – Enterprise Key Management Infrastructure (EKMI) TC [3] and PKCS #11 TC [4]

For more information regarding cryptography, please contact Robin at wilton@isoc.org.

Find out more about the OECD Working Party on Information Security and Privacy (WPISP) at www.oecd.org/sti/security-privacy.

_________________________

[1] http://www.w3.org/2012/webcrypto/

[2] https://datatracker.ietf.org/wg/jose/charter/

[3] https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ekmi

[4] https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pkcs11

 

ITAC Member Spotlight: RIPE NCC

May 28, 2013

By Chris Buckridge, External Relations Officer for the RIPE NCC

chris_buckridge

The RIPE NCC was one of the key founding members of the Internet Technical Advisory Committee when it launched in 2008. With Internet governance already gaining prominence in many inter-governmental settings, it was clear that the OECD could be an important venue for producing authoritative analyses of the economic and political impact of developments in the Internet industry.

Ripe_CMYK

The core business of the RIPE NCC and its fellow Regional Internet Registries (RIRs) is the management and distribution of Internet number resources, including IP addresses (IPv4 and IPv6) and Autonomous System Numbers, and the five RIRs represent distinct regional communities involved in the bottom-up development of policy governing the management of those resources. While the issues relating to IPv4 depletion and IPv6 deployment have long been understood in the Internet technical community, in the years since ITAC was formed, these issues have increasingly become the subject of scrutiny and discussion by governments, regulators and other Internet stakeholders. Participation in ITAC ensures that when these discussions take place in the OECD context, the perspective of the RIRs and their communities (those who build and operate networks) is part of the conversation.

The RIPE NCC’s focus in the OECD has been primarily in the Working Party on Communication Infrastructures and Services Policy (CISP, for which the RIPE NCC serves as ITAC issue leader) and the Committee for Information, Computer and Communications Policy (ICCP). This participation has allowed the RIPE NCC to contribute to the production of important studies in areas such as IPv6 deployment and Internet interconnection, and to highlight these issues and offer technical expertise in forums such as the 2008 OECD Ministerial Meeting and the 2011 High Level Meeting on the Internet Economy.

With much attention currently focused on further defining Enhanced Cooperation and assessing the effectiveness of multi-stakeholder Internet governance models, the RIPE NCC sees the OECD and ITAC example as an important success story in how different stakeholder groups can work together, sharing expertise to achieve positive outcomes for all sides to ensure a stable and evolving Internet.

Internet Exchange Points

May 28, 2013

By Kurt Erik Lindqvist, CEO of Netnod

Screen Shot 2013-05-22 at 9.27.22 PM

Internet Exchange Points (IXPs) have recently gained increased interest in Internet Governance discussions, as well as among governments. IXPs have played an important role in the development of the Internet, and especially in driving down connectivity costs, increasing resilience of the network and in improving the end-user experience.

Europe today is the region of the world with perhaps the most IXPs in the world. This density of interconnects has served Europe well, and has contributed to among the highest broadband speeds to the lowest cost. IXPs and interconnects were established early in the European Internet as a means to save on expensive transatlantic costs (at a time when 80% of all traffic went to content located in the US), as well as saving on expensive intra European circuits. IXPs and interconnects allowed the new and emerging Internet Service Providers (ISPs) to compete with the larger and often incumbent operators. This competition followed the deregulation of the European telecommunication markets in the early 1990s, and this led to a build out of access networks as well as price erosion in the end user charges. The importance of deregulation in creating a competitive European market can’t be overstated, and this was also instrumental in creating the dynamic interconnected ecosystem that still exists today. Another reason for the success of the IXPs in Europe is that they are almost all membership owned and driven. This was possible through the emergence of the cooperative environment that exists still today. This is reflected in the recent OECD study  of interconnection agreements, which showed that 99.5% of agreements are made on a handshake, and not in written agreements. OECD is continuing to do work in this area with more studies supported by the Internet Technical Advisory Committee.

So why is the existence of IXPs and interconnects important? First of all, IXPs still can save on costs, although the cost for circuits and Internet transit in large parts of Europe today has fallen sharply and tends to be at or below the cost for connecting to an IXP. More importantly however, IXPs also helped to improve the end user experience over time. In the early days of the European Internet, traffic between operators in the same country could go via the US and back. This changed gradually and initially traffic stayed in Europe and over time traffic stayed inside countries, and today the trend is for more and more IXPs inside each European country, further keeping traffic local, improving the end-user experience and lowering the cost for handling traffic overall. This gradual localization of traffic drove the development of new IXPs, while at the same time new IXPs enabled the localization of traffic. This mutual benefit led to a dense network of interconnects. Today, this localization is furthered with the deployment of content delivery platforms (from companies such as Google, Akamai, Limelight etc) both located in many IXPs, but also inside operators’ networks and close to the end users. This is driven by the advent of high bandwidth applications such as video, which puts greater requirements on performance between content and end users.

Screen Shot 2013-05-22 at 9.24.14 PM

Source:  Euro-IX

Lastly, IXPs and the dense interconnection network that were developed have  increased the resilience of the European Internet. This density has helped the European Internet work through major events such as 9/11 and large scale outages in operators, which has allowed the network and content to continue to function. This is an aspect often overlooked but IXPs and interconnects play a crucial role in securing the Internet and all the applications that depends on it.

Many other parts of the world today find themselves at a similar state of Internet development as Europe was at in the early and mid 1990s. There are many important lessons to be learnt from what happened in Europe and what the driving factors were. Other regions can learn from the factors that created the enabling environment that fostered the growth of IXPs and interconnects, such as the deregulation of the telecom markets and the trust and cooperation between the operators. The European experience has been a success with high bandwidth broadband at low cost for the benefits of the end users. This in turn has acted as a platform for the development of new services and ecommerce that has driven the growth of the digital economy.

_____________________________

[1] http://oecdinsights.org/2012/10/22/internet-traffic-exchange-2-billion-users-and-its-done-on-a-handshake/

The Economic Benefits of IPv6 Implementation

May 28, 2013

By Mat Ford, Technology Program Manager, Internet Society

ford

The Internet is a powerful force for unleashing innovation and economic growth. Underpinning this capacity of the Internet to drive change and progress are some aspects of technology that may be easy to overlook, but that are in fact fundamental. The huge economic and social benefits brought about by the Internet are ultimately supported by very specific characteristics of the underlying technology.

The Internet is powerful because it is global and because it is open. The global nature of the Internet is made possible by Internet addressing. Without a unique, public Internet address, communications must be proxied, leading to degradation of communication quality, and reduced potential for the network overall.[1] Proxying communications in this way reduces the resilience of the network, increases costs for service providers, has implications for communications traceability and curtails the ability of the network to act as a platform for innovation, thereby diminishing the economic growth associated with the Internet. The need to proxy communications is growing as available public address space runs out all over the world. In addition to costs for service providers, it’s worth noting that growing use of proxies creates costs for the whole Internet industry as they work around the proxies. This will be needed in the short term, but it is possible to move to a better solution for the long-term future of the Internet and remove these costs from the entire industry.

Deployment of IPv6 technology is the solution for this growing problem.[2] In the 2008 Seoul Declaration for the Future of the Internet Economy, OECD member states encouraged the adoption of IPv6, in particular by governments and large private sector users. The Internet technical community echoed this encouragement in their Memorandum on the Future of the Internet in a Global Economy, where the fundamental importance of IPv6 deployment for the successful evolution of the Internet was strongly emphasized.

Since 2008, IPv6 deployment has gathered pace, stimulated recently by World IPv6 Launch, an industry-wide collaborative activity organized by the Internet Society. This activity has helped to encourage IPv6 deployment at large Internet content providers, service providers and equipment vendors. Major fixed-line and mobile Internet service providers are now starting to carry significant volumes of IPv6 traffic on their networks, and this progress is being measured and reported regularly to stimulate further progress across the wider Internet industry. IPv6 implementation will support huge growth in the range of services and products that make use of the Internet and is a fundamental enabler of the Internet economy, supporting the creation of new markets and catalyzing economic growth.

But further encouragement is necessary. Overall IPv6 uptake remains patchy and the opportunity remains for governments and leading private sector organizations to show leadership in securing the future of the open and global Internet, with sufficient public addresses for all, that is so central to the economic growth of tomorrow.

Read more about the Internet Society’s IPv6 activities here: http://www.internetsociety.org/ipv6
http://www.internetsociety.org/ipv6-isp-heatmap

Read more about World IPv6 Launch here:
http://www.worldipv6launch.org/infographic/

_______________________________

[1] Communications are proxied by Network Address Translators (NATs). The NAT has a public Internet address that it shares across multiple private connections.

[2] Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. See http://en.wikipedia.org/wiki/IPv6 for more detail.

 

ITAC contributions to 65th ICCP session (11-12 April 2013)

May 28, 2013

The 65th session of the Information, Computer and Communications Policy committee (ICCP) was held on 11-12 April at the OECD headquarters in Paris.

The Internet Technical Advisory Committee (ITAC) provided concrete proposals for the future activities of the ICCP and its high level events in upcoming years, in particular stressing on the importance to assess the positive impact of open Internet standards on global innovation. In this regard, the OpenStand Paradigm was highlighted as providing key principles that encourage the development of market driven and efficient standards that are global, interoperable and open.

One of the key issues discussed at the ICCP was about the deployment of IPv6 and the importance for OECD member states to further promote its adoption. Marco Hogewoning (RIPE NCC) presented the main findings of a draft paper authored by Geoff Huston (APNIC) on the transition from IPv4 to IPv6. It was preceded by video interventions from Geoff Huston and Vint Cerf highlighting the key challenges and importance to foster IPv6 adoption to ensure a sustainable Internet economy.

  • Geoff Huston’s presentation: http://www.potaroo.net/presentations/movies/IPv6-OECD.mp4

The OECD also held a session taking stock of the ITU WCIT conference and inviting guidance on how best to address Internet governance challenges in years to come. ITAC, represented by Nigel Hickson (ICANN), stressed the importance to engage with developing countries and to share best practices in other to address some of the concerns that emerged in Dubai. Ultimately, it is hoped that further exchanges and shared understanding will also lead to greater appreciation of the value of multistakeholder frameworks for Internet policy making.

Earlier in the week, ITAC was invited by the OECD Working Party on Security and Privacy to lead the organisation of a roundtable on developments in Cryptography Policy. Robin Wilton (ISOC), Gershon Janssen (OASIS) and Michael Donohue from the OECD Secretariat, with the help of BIAC, CSISAC and OECD members, pulled together a very good set of speakers, who were able to provide both a technical context and topical examples of the economic and social impact of cryptography policy.
Robin Wilton (ISOC), who moderated the roundtable, remarked in conclusion:

  • economic and social activity depend on sound cryptography policies
  • governments and business need to pay attention to the evolution of cryptography technologies
  • even the most careful deployment of cryptography can be flawed, can suffer from attack
  • cryptography works best when mechanisms are hidden from the user, because the less the user has to do, the more likely they are to use it.