Internet Policy Making –OECD’s Principles, Its Multi-stakeholder Approach and the Way Forward

May 28, 2013

By Verena Weber OECD Economist/Policy Analyst

Screen shot 2013-05-21 at 8.15.34 AM

During the past two decades, the Internet has become a key platform for innovation and economic growth. By fostering the free flow of information, it has increased transparency, opened new territories and, as a consequence, lowered entry barriers to markets and created new business opportunities. Its open nature has also facilitated inclusion – anyone can develop new applications and services that, in turn, can be used anywhere in the world.

The OECD has a long history and expertise in analysing how to best promote the dynamic nature of the Internet while, at the same time, protecting privacy, security and intellectual property. Against this background, the OECD Council adopted the Recommendation for Internet Policy Making Principles in 2011. It contains a set of 14 principles that call for a holistic approach to Internet policy making along the entire Internet economy value chain from investments in high-speed networks and services to the promotion of creativity and innovation on the application layer while protecting privacy and security.

Importantly, the Recommendation puts forward three overarching principles to guide the further development of the global Internet economy: (i) the promotion of the global free flow of information, (ii) the preservation of the open, distributed and interconnected nature of the Internet and finally, (iii) the adoption of a multi-stakeholder approach to developing Internet policies which guarantees transparency and effectiveness. During the past years, discussions and policy making processes in the OECD Committee for Information, Computers and Communication Policy have greatly benefitted from input from various stakeholder groups including the Internet technical community, civil society, and business.

Pursuing this multi-stakeholder approach to policy making is crucial to the future of the Internet economy. The OECD is currently setting up a multi-stakeholder voluntary expert group to develop a roadmap for the implementation of the OECD Recommendation. We welcome the active participation of the Internet technical community to this group and its contribution to developing policies that support and promote a dynamic, open and inclusive Internet economy.


Sharing Perspectives in the Realm of Cryptography

May 28, 2013

By  Christine Runnegar, Director, Public Policy,  and Robin Wilton, Technical Outreach Director for Identity and Privacy, Internet Society

Screen shot 2013-05-28 at 3.49.13 PM

Screen shot 2013-05-07 at 8.42.23 AM

Thanks to some substantive comments submitted by ITAC to the OECD that were principally authored by colleagues from the ISOC Trust & Identity team, ITAC was invited by the OECD Working Party on Information Security and Privacy (WPISP) to lead the organisation of a roundtable during WPISP34 on developments in Cryptography Policy.

A great piece of distributed collaboration between Robin Wilton, Gershon Janssen (OASIS) and Michael Donohue from the OECD Secretariat, with the help of BIAC, CSISAC and OECD members, pulled together a very good set of speakers who were able to provide both a technical context and topical examples of the economic and social impact of cryptography policy.

Bob Griffin (Chief Security Architect at RSA), sharing his experiences in the field, made a compelling case for governments to encourage the use of encryption technologies to protect the confidentiality of data, particularly in case of theft or loss – as part of a defence-in-depth strategy. How many privacy breaches caused by lost USB sticks and stolen laptops could have been mitigated had the data been properly encrypted? Bob also expressed his confidence that crypto-capable mobile devices have a growing role to play as enablers of strong authentication.

Matthew Scholl (Deputy Chief, Computer Security Division, NIST) emphasized that governments cannot, and should not, try to “corner the market” on cryptography. The NIST model today is to foster private sector open and transparent development of candidate algorithms, and to evaluate them as possible US government standards. A case in point is the AES algorithm, which was developed outside the US.

Just as important as using encryption, is ensuring that the tools being deployed are not using vulnerable, or “out-of-date” algorithms. When widely-deployed algorithms (such as SHA-1) come to need replacing, governments and enterprises alike are faced with the challenge of migrating safely to new ones.

Masahiro Uemura (Director of the Office of IT Security Policy, METI) cited several examples of Japanese projects in the crypto domain, and technical areas in which work is either planned or under way concerning: authenticated encryption; identity-based encryption; and “signcryption” (algorithms that combine signing and encryption capability).

Suso Baleato (CSISAC) pointedly asked a rhetorical question: “Why are electronic messages sent as postcards?” and encouraged all stakeholders to foster end-to-end encryption by default.

Robin Wilton (ISOC), who moderated the roundtable, remarked in conclusion:

  • economic and social activity depend on sound cryptography policies
  • governments and business need to pay attention to the evolution of cryptography technologies
  • even the most careful deployment of cryptography can be flawed, can suffer from attack
  • cryptography achieves the widest adoption when mechanisms are hidden from the user, because the less the user has to do, the more likely they are to use it.

All in all, this was a fascinating insight into the world of cryptography policy.

Finally, let us make a brief call out to some of the crypto-related work being undertaken by ITAC members:

  • W3C – Web Cryptography WG [1]
  • IETF – JavaScript Object Signing and Encryption (JOSE) [2]
  • OASIS – Enterprise Key Management Infrastructure (EKMI) TC [3] and PKCS #11 TC [4]

For more information regarding cryptography, please contact Robin at

Find out more about the OECD Working Party on Information Security and Privacy (WPISP) at







ITAC Member Spotlight: RIPE NCC

May 28, 2013

By Chris Buckridge, External Relations Officer for the RIPE NCC


The RIPE NCC was one of the key founding members of the Internet Technical Advisory Committee when it launched in 2008. With Internet governance already gaining prominence in many inter-governmental settings, it was clear that the OECD could be an important venue for producing authoritative analyses of the economic and political impact of developments in the Internet industry.


The core business of the RIPE NCC and its fellow Regional Internet Registries (RIRs) is the management and distribution of Internet number resources, including IP addresses (IPv4 and IPv6) and Autonomous System Numbers, and the five RIRs represent distinct regional communities involved in the bottom-up development of policy governing the management of those resources. While the issues relating to IPv4 depletion and IPv6 deployment have long been understood in the Internet technical community, in the years since ITAC was formed, these issues have increasingly become the subject of scrutiny and discussion by governments, regulators and other Internet stakeholders. Participation in ITAC ensures that when these discussions take place in the OECD context, the perspective of the RIRs and their communities (those who build and operate networks) is part of the conversation.

The RIPE NCC’s focus in the OECD has been primarily in the Working Party on Communication Infrastructures and Services Policy (CISP, for which the RIPE NCC serves as ITAC issue leader) and the Committee for Information, Computer and Communications Policy (ICCP). This participation has allowed the RIPE NCC to contribute to the production of important studies in areas such as IPv6 deployment and Internet interconnection, and to highlight these issues and offer technical expertise in forums such as the 2008 OECD Ministerial Meeting and the 2011 High Level Meeting on the Internet Economy.

With much attention currently focused on further defining Enhanced Cooperation and assessing the effectiveness of multi-stakeholder Internet governance models, the RIPE NCC sees the OECD and ITAC example as an important success story in how different stakeholder groups can work together, sharing expertise to achieve positive outcomes for all sides to ensure a stable and evolving Internet.

Internet Exchange Points

May 28, 2013

By Kurt Erik Lindqvist, CEO of Netnod

Screen Shot 2013-05-22 at 9.27.22 PM

Internet Exchange Points (IXPs) have recently gained increased interest in Internet Governance discussions, as well as among governments. IXPs have played an important role in the development of the Internet, and especially in driving down connectivity costs, increasing resilience of the network and in improving the end-user experience.

Europe today is the region of the world with perhaps the most IXPs in the world. This density of interconnects has served Europe well, and has contributed to among the highest broadband speeds to the lowest cost. IXPs and interconnects were established early in the European Internet as a means to save on expensive transatlantic costs (at a time when 80% of all traffic went to content located in the US), as well as saving on expensive intra European circuits. IXPs and interconnects allowed the new and emerging Internet Service Providers (ISPs) to compete with the larger and often incumbent operators. This competition followed the deregulation of the European telecommunication markets in the early 1990s, and this led to a build out of access networks as well as price erosion in the end user charges. The importance of deregulation in creating a competitive European market can’t be overstated, and this was also instrumental in creating the dynamic interconnected ecosystem that still exists today. Another reason for the success of the IXPs in Europe is that they are almost all membership owned and driven. This was possible through the emergence of the cooperative environment that exists still today. This is reflected in the recent OECD study  of interconnection agreements, which showed that 99.5% of agreements are made on a handshake, and not in written agreements. OECD is continuing to do work in this area with more studies supported by the Internet Technical Advisory Committee.

So why is the existence of IXPs and interconnects important? First of all, IXPs still can save on costs, although the cost for circuits and Internet transit in large parts of Europe today has fallen sharply and tends to be at or below the cost for connecting to an IXP. More importantly however, IXPs also helped to improve the end user experience over time. In the early days of the European Internet, traffic between operators in the same country could go via the US and back. This changed gradually and initially traffic stayed in Europe and over time traffic stayed inside countries, and today the trend is for more and more IXPs inside each European country, further keeping traffic local, improving the end-user experience and lowering the cost for handling traffic overall. This gradual localization of traffic drove the development of new IXPs, while at the same time new IXPs enabled the localization of traffic. This mutual benefit led to a dense network of interconnects. Today, this localization is furthered with the deployment of content delivery platforms (from companies such as Google, Akamai, Limelight etc) both located in many IXPs, but also inside operators’ networks and close to the end users. This is driven by the advent of high bandwidth applications such as video, which puts greater requirements on performance between content and end users.

Screen Shot 2013-05-22 at 9.24.14 PM

Source:  Euro-IX

Lastly, IXPs and the dense interconnection network that were developed have  increased the resilience of the European Internet. This density has helped the European Internet work through major events such as 9/11 and large scale outages in operators, which has allowed the network and content to continue to function. This is an aspect often overlooked but IXPs and interconnects play a crucial role in securing the Internet and all the applications that depends on it.

Many other parts of the world today find themselves at a similar state of Internet development as Europe was at in the early and mid 1990s. There are many important lessons to be learnt from what happened in Europe and what the driving factors were. Other regions can learn from the factors that created the enabling environment that fostered the growth of IXPs and interconnects, such as the deregulation of the telecom markets and the trust and cooperation between the operators. The European experience has been a success with high bandwidth broadband at low cost for the benefits of the end users. This in turn has acted as a platform for the development of new services and ecommerce that has driven the growth of the digital economy.



The Economic Benefits of IPv6 Implementation

May 28, 2013

By Mat Ford, Technology Program Manager, Internet Society


The Internet is a powerful force for unleashing innovation and economic growth. Underpinning this capacity of the Internet to drive change and progress are some aspects of technology that may be easy to overlook, but that are in fact fundamental. The huge economic and social benefits brought about by the Internet are ultimately supported by very specific characteristics of the underlying technology.

The Internet is powerful because it is global and because it is open. The global nature of the Internet is made possible by Internet addressing. Without a unique, public Internet address, communications must be proxied, leading to degradation of communication quality, and reduced potential for the network overall.[1] Proxying communications in this way reduces the resilience of the network, increases costs for service providers, has implications for communications traceability and curtails the ability of the network to act as a platform for innovation, thereby diminishing the economic growth associated with the Internet. The need to proxy communications is growing as available public address space runs out all over the world. In addition to costs for service providers, it’s worth noting that growing use of proxies creates costs for the whole Internet industry as they work around the proxies. This will be needed in the short term, but it is possible to move to a better solution for the long-term future of the Internet and remove these costs from the entire industry.

Deployment of IPv6 technology is the solution for this growing problem.[2] In the 2008 Seoul Declaration for the Future of the Internet Economy, OECD member states encouraged the adoption of IPv6, in particular by governments and large private sector users. The Internet technical community echoed this encouragement in their Memorandum on the Future of the Internet in a Global Economy, where the fundamental importance of IPv6 deployment for the successful evolution of the Internet was strongly emphasized.

Since 2008, IPv6 deployment has gathered pace, stimulated recently by World IPv6 Launch, an industry-wide collaborative activity organized by the Internet Society. This activity has helped to encourage IPv6 deployment at large Internet content providers, service providers and equipment vendors. Major fixed-line and mobile Internet service providers are now starting to carry significant volumes of IPv6 traffic on their networks, and this progress is being measured and reported regularly to stimulate further progress across the wider Internet industry. IPv6 implementation will support huge growth in the range of services and products that make use of the Internet and is a fundamental enabler of the Internet economy, supporting the creation of new markets and catalyzing economic growth.

But further encouragement is necessary. Overall IPv6 uptake remains patchy and the opportunity remains for governments and leading private sector organizations to show leadership in securing the future of the open and global Internet, with sufficient public addresses for all, that is so central to the economic growth of tomorrow.

Read more about the Internet Society’s IPv6 activities here:

Read more about World IPv6 Launch here:


[1] Communications are proxied by Network Address Translators (NATs). The NAT has a public Internet address that it shares across multiple private connections.

[2] Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. See for more detail.


ITAC contributions to 65th ICCP session (11-12 April 2013)

May 28, 2013

The 65th session of the Information, Computer and Communications Policy committee (ICCP) was held on 11-12 April at the OECD headquarters in Paris.

The Internet Technical Advisory Committee (ITAC) provided concrete proposals for the future activities of the ICCP and its high level events in upcoming years, in particular stressing on the importance to assess the positive impact of open Internet standards on global innovation. In this regard, the OpenStand Paradigm was highlighted as providing key principles that encourage the development of market driven and efficient standards that are global, interoperable and open.

One of the key issues discussed at the ICCP was about the deployment of IPv6 and the importance for OECD member states to further promote its adoption. Marco Hogewoning (RIPE NCC) presented the main findings of a draft paper authored by Geoff Huston (APNIC) on the transition from IPv4 to IPv6. It was preceded by video interventions from Geoff Huston and Vint Cerf highlighting the key challenges and importance to foster IPv6 adoption to ensure a sustainable Internet economy.

  • Geoff Huston’s presentation:

The OECD also held a session taking stock of the ITU WCIT conference and inviting guidance on how best to address Internet governance challenges in years to come. ITAC, represented by Nigel Hickson (ICANN), stressed the importance to engage with developing countries and to share best practices in other to address some of the concerns that emerged in Dubai. Ultimately, it is hoped that further exchanges and shared understanding will also lead to greater appreciation of the value of multistakeholder frameworks for Internet policy making.

Earlier in the week, ITAC was invited by the OECD Working Party on Security and Privacy to lead the organisation of a roundtable on developments in Cryptography Policy. Robin Wilton (ISOC), Gershon Janssen (OASIS) and Michael Donohue from the OECD Secretariat, with the help of BIAC, CSISAC and OECD members, pulled together a very good set of speakers, who were able to provide both a technical context and topical examples of the economic and social impact of cryptography policy.
Robin Wilton (ISOC), who moderated the roundtable, remarked in conclusion:

  • economic and social activity depend on sound cryptography policies
  • governments and business need to pay attention to the evolution of cryptography technologies
  • even the most careful deployment of cryptography can be flawed, can suffer from attack
  • cryptography works best when mechanisms are hidden from the user, because the less the user has to do, the more likely they are to use it.