ITAC Newsletter N°4 December 2014

December 18, 2014

PDF Version

Table of Contents

 

Editorial: An open Internet for economic and social development

By Constance Bommelaer Senior Director, Global Policy Partnerships, and Nicolas Seidler, Policy Advisor, The Internet Society

The Open Internet: Much More than Just a Good Idea

By Lyman Chapin, Partner, Interisle Consulting Group

Open ICT and Open Internet for Innovation and Economic Growth

By Karen McCabe, Senior Director Technology Policy and International Affairs, IEEE Standards Association

IoT and Identity – Managing Personal Data Toward Market Growth in the Age of a Connected Life

By Joni Brennan, Executive Director, Kantara Initiative

Internet Security: Turning Principles Into Action

By Christine Runnegar, Director, Public Policy, The Internet Society

IPv6: Not a Product, a Building Block

By Marco Hogewoning & Chris Buckridge, RIPE NCC

The IANA Stewardship Transition

By ICANN

Previous Newsletters

Newsletter N°1
Newsletter N°2
Newsletter N°3

EDITORIAL: An Open Internet for Economic and Social Development

December 17, 2014

isoc photoBy Constance Bommelaer Senior Director, Global Policy Partnerships, and Nicolas Seidler, Policy Advisor, The Internet Society

As the contours of the 2016 OECD Ministerial on the Digital Economy become clearer, many key priority issues require the attention of governments who seek to reap the benefits of the Internet economy.

This 4th edition of the ITAC newsletter aims to provide some insights into issues and factors that enhance our understanding of the open Internet:

As we aim to assess the economic and social benefits of an open Internet, it is useful to take a step back at what we actually mean when we use the term “open Internet.” Lyman Chapin of Interisle Consulting Group provides such a perspective in his article, “The Open Internet: Much More than Just a Good Idea.”  It addresses some of the misperceptions of what an open Internet is, and captures the essential properties of openness that make the Internet such a uniquely valuable platform for development.

Foundational to an open Internet are open Internet standards. In an article from Karen McCabe of IEEE Standards Association, “Open ICT and Open Internet for Innovation and Economic Growth,” she explores the relationship between open information communications technologies (ICTs) and an open Internet. Karen points out that economic growth depends increasingly on open ICT and open standards to help ensure interoperability by enabling cross-boundary information sharing and transfer. Read the article here.

The open Internet has enabled the innovations of the Internet of Things (IoT), which offer a wealth of new opportunities that leverage the human-to-device connection as well as present unique challenges. Joni Brennan of Kantara Initiative highlights the challenges of IoT and managing personal data in her article, “IoT and Identity – Managing Personal Data Toward Market Growth in the Age of a Connected Life.”

With the explosion in the number of people, devices, and web services on the Internet, the adoption of IPv6 remains critical to help ensure the Internet can continue its current growth rate indefinitely. Marco Hogewoning and Chris Buckridge from RIPE NCC reinforce this message and the misperception that IPv6 is a product, rather than a building block to a new future in their article, “IPv6: Not a Product, a Building Block.”

In such a distributed network, Christine Runnegar of the Internet Society addresses the importance of a collaborative approach to Internet security in her article “Internet Security: Turning Principles Into Action.”  She reminds us that because the Internet is a highly connected environment and effectively a globally shared resource, security risk management must be a shared endeavor and requires broad participation.

Finally, in the context of important changes in the oversight and accountability framework of technical functions within the Domain Name System known as the IANA functions, ICANN reminds us that maintaining the “openness of the Internet” remains a central criteria as the U.S. NTIA’s oversight of these functions is transferred to the multistakeholder Internet community.

An affordable and reliable Internet is not yet a reality for the majority of people in the world. And for those who do have access, being connected does not guarantee they will be able to innovate or freely share information and ideas; these abilities require an enabling Internet environment based on openness.

The Internet Society’s 2014 Global Internet Report , highlights the benefits and challenges of an open and sustainable Internet, and reminds us that significant development work remains to be done to bring the economic and social benefits of the Internet to everyone.

The Open Internet: Much More than Just a Good Idea

December 17, 2014

By Lyman Chapin, Partner, Interisle Consulting Group

unnamed-1

We’ve all used the term “Open Internet” so often, in so many different contexts, that we tend to assume that everyone knows what it means—and that it means the same thing to everyone! But some people think that having an “open Internet” is the same as having “network neutrality,” and others think that an “open Internet” is simply an anarchy in which the rule of law and other norms of human behavior don’t apply. Neither viewpoint captures the essential properties of openness that make the Internet such a uniquely valuable platform for social and economic growth.

As we head towards the 2016 OECD Ministerial, which will focus on the way in which good Internet policy making supports an expanding open Internet economy and stimulates innovation and economic and social growth, it will be useful to find a common understanding of what an open Internet is, and why openness is one of its most important features.

In the Internet, openness is about opportunity, not ideology: it is about the opportunity for students, entrepreneurs, creators, and inventors to explore new ideas and new business models without asking permission from any established gatekeeper. Openness is not about promoting the social or political values of one group over others. It is freedom, not disorder. The open Internet is an environment of social and economic empowerment not because its supporters relentlessly assert that “openness is good,” but because it confers extraordinary tangible benefits:

  • As a technical infrastructure of hosts, routers, service providers, protocols, and many other components, the Internet is optimized for interoperability—peer components interact with each other without extensive prior configuration because information is shared openly, and every developer and operator has open access to the externally visible behavior of each element of the Internet system. Any host or network can join the Internet simply by making the necessary physical connections and following the protocol standards.
  • As a highly resilient operational infrastructure that relies on the voluntary participation of many different parties to manage its independent parts, the Internet is an open society of individuals and organizations that fulfill their separate local missions by collaborating to make the global Internet work. This feature of openness allows Internet political agreements to accommodate considerable variation in the organization, operation, and autonomy of the infrastructure elements that collectively support “the Internet.” The open Internet represents a political arena in which the spectrum of available choices among collaboration models is not limited to those that require a high degree of uniformity or centralization.
  • As an innovation engine that supports the development of new technologies and initiatives, the Internet succeeds because openness—in terms of transparency, access, and participation—brings the best ideas to the table, distributes them widely, and engages everyone in the process of turning them into new services and applications. Innovation in the open Internet arrives by consensus through open collaboration among researchers, manufacturers, service providers, and users. It can enter from any source and propagate in any direction.

However we use the term “open Internet,” we tend to take these benefits for granted, as though they were natural consequences of building a global network. But we enjoy them not just because the Internet is global, but because it is open—and we will continue to enjoy them only if it stays that way.

_____________________

Lyman Chapin has contributed to the development of technologies, standards, and governance structures for the Internet since 1977, and is widely recognized and respected as a leader in the networking industry and the Internet community. His broad experience and deep insight are invaluable to Interisle’s clients, who benefit from his ability to focus both a powerful intellect and the skills of a seasoned diplomat on problems ranging from network architecture and design to organizational dynamics and business strategy.

Open ICT and Open Internet for Innovation and Economic Growth

December 17, 2014

By Karen McCabe, Senior Director Technology Policy and International Affairs, IEEE Standards Association

karen_mccabe

The relationship between open information communications technologies (ICTs) and an open Internet has enabled transformational and impactful developments. It has evolved the Internet to a universal platform supporting unprecedented connection among world citizens—providing a powerful means for collective awareness, information sharing and problem solving. It has given rise to increasing levels of connectivity that now go beyond the Internet or a network of networks to the Internet of Things and people, increasingly generating unlimited opportunities for innovation and economic advancement.

The success of the Internet is dependent upon the way it has been developed. As noted in the Internet Society’s “Internet Invariants” (http://www.internetsociety.org/internet-invariants-what-really-matters) paper, this is explained as: “The Internet requires some basic agreements and social behavior – between technologies and between humans,” after which the paper enumerates “interoperability and mutual agreement,” “collaboration,” and “reusable [technology] building blocks.” All these resonate with the principles in OpenStand (open-stand.org) paradigm, and carry over into ICT development—with the characteristic of open being central.

The Internet and the paradigm that enabled its success are rooted in openness, fueled by open ICT and standards development with a focus on technical excellence through collaboration of many from all around the globe. The ICT ecosystem provides a ubiquitous infrastructure and innovation platform that facilitates economic growth, technology advancement and social interaction throughout the entire economy. Economic growth depends increasingly on open ICT and open standards to help ensure interoperability by enabling cross-boundary information sharing and transfer. Interoperability plays a key role across a diverse collection of ICT applications, including mobile communications, web services, e-commerce, e-health, smart energy and smart urbanization to name a few. Interoperability promotes innovation via a meaningful exchange of information. Increased levels of ICT interoperability among systems, applications and components tend to be good for innovation and competition. Increased ICT interoperability fosters innovation in goods and services as well as processes, which in turn leads to technological advantage.

The ICT ecosystem is a unique combination of complex and dynamic relationships, where competitors collaborate to push the envelope of innovation. The power of the open ICT ecosystem comes from the virtuous cycle that it can sets in motion. As sharing and collaboration are established as norms, the benefits of sharing increase. Open ICT and standards lower the barrier to innovation, multiplies the sources of innovative ideas and effort and empowers a larger community to address challenges and create new solutions. Open ICT that embodies transparency and inclusiveness, and that is borderless, is important now more than ever to unlock creativity and unleash collaboration where all stakeholders work to leverage strengths, solve problems and innovate for economic benefit and positive societal impact.

_______________________________

Karen McCabe is Senior Director of Strategic Marketing and Product Development at the IEEE Standards Association, where she leads the global marketing, communications and community engagement efforts for IEEE standards and consensus-building programs and activities and leads standards product development and publishing toward the fulfillment of the IEEE-SA’s strategic goals and mission of enabling and promoting the collaborative application of technical knowledge to advance economic and social well-being.

IoT and Identity – Managing Personal Data Toward Market Growth in the Age of a Connected Life

December 17, 2014

By Joni Brennan, Executive Director, Kantara Initiative

brennan

Adoption of Internet of Things (IoT) technology for everyday life presents a wealth of opportunities that leverage the human-to-device connection for new opportunities. Today IoT is the enabler of Machine-to-Machine communications (M2M). More and more, IoT converged with Identity services represents a powerful equation that brings identity, security, software, hardware, policy and privacy priorities to the forefront. When the promise of IoT for Identity services is realized our “connected lives” will be revealed.

IoT Potential – Societal Opportunities and Challenges

IoT may improve lives in varying ways ranging from devices that monitor our physical activity and quality of sleep, to those that help us to manage our homes. To fully leverage the beneficial powers of IoT, vendors need to know that IoT-Identity (IoT-ID) enabled products and services won’t fail and severely damage their brand reputation. Users need to know these new tools respect their preferences. For a hint of how frightening the IoT revolution can be for a user see “I’m Terrified of My New TV: Why I’m Scared to Turn This Thing On — And You’d Be, Too.

User Centric – Personal Data Management

The growing number of devices, connections, and relationships presents unique opportunities and challenges.  At the low end of the scale, the number of devices and connections will be in the billions (some predict 75 billion by the year 2020). Users need tools to manage their personal data.  User Managed Access provides an open standard approach to help empower and engage users for the management of resource access and sharing. The OECD Privacy Guidelines continue to provide informed guidance for IoT-ID designers and implementers.

Personal data can fall in to criminal hands. It can be sold without consent or be leveraged in unimagined ways. Imagine receiving a traffic violation by postal because an infraction was recorded via your car sensors or street cameras. Users need to know their personal data is properly protected for privacy. Smart physical spaces will become more prevalent. Legislation is developing to provide guidance for user notice and consent practices both on-line and in physical spaces. Working openly and transparently, the Kantara Initiative Consent and Information Sharing WG is developing a number of approaches seeking to develop a more useable form of consent.

Reality of Reliability – Technical and Policy Interoperability

Device identification methods are not standardized. For instance, industrial tractors (farm machines) have one type of identifier, while personal fitness devices have another type. As tools and systems begin to converge these singular industry approaches create challenges. This lack of standardization makes the use of device discovery mechanisms a key challenge that needs to be solved for market and economic growth to flourish around IoT-ID. At Kantara Initiative, the IDentities of Things WG is working to deliver an industry analysis of the current landscape opportunities, challenges, and gaps to address.

Recommendations to Consider

To power IoT+ID-based economic growth the following core qualities are needed:

  • Transparency – Personal data collection and use policies and practices must be clear, easily found, and understandable to the average user.
  • Accountability – Organizations must adhere to their personal data collection and use policies. Clear and appropriate consequences must be present for those who do not adhere to policies.
  • Manageability – Users must have access to trusted tools to help them appropriately engage in their own personal data management.

The realization of challenges and opportunities will hinge upon our ability to innovate with appropriate security and data management services that respect users by providing a data management environment with: transparency, accountability, and manageability. Government and industry collaboration toward implementation of these three qualities will begin to provide a strong foundation for economic growth opportunities around the IoT-ID and beyond.

________________________________

Joni Brennan builds diplomatic and collaborative relationships within and across communities of interest. She participates in international organizations and industry standards committees including: OECD ITAC, ISOC, IEEE, OASIS SSTC, ISO SC27 WG5, and ITU-T SG17 Q6. She has served as the NSTIC / IDESG Trust Framework WG Chair. She has provided testimony regarding Trusted Identity and Access Management systems for the US ONC HITSP as well. Joni has helped drive and formalize strategic partnerships between Kantara Initiative and organizations including: Geant, Terena, OASIS, IDESG, DirectTrust and EHNAC.

She leads Kantara Initiative as the premiere Trust Framework Provider facing multiple industry sectors. As a US ICAM Trust Framework Provider Kantara Initiative will provide Accreditation and Approval verifications for Identity Providers / Credential Service Providers to be deemed qualified for access to connect to the US Federal Cloud Credential Exchange. In addition, working with multi-stakeholder representation, Joni has help to ensure that the Kantara Initiative program is aligned and referenced in multiple eGovernment strategies including: Government of Canada, New Zealand, and Sweden.

Joni has over a decade of service to the IEEE Standards Association (SA) and Industry Standards and Technology Organization (IEEE-ISTO) as a Senior Program Manager . She is a member in good standing of the American Society for Association Executives (ASAE) and an honors graduate of of the first class of Rutgers University Information Technology and Informatics (ITI) programme at the School of Communication and Information (SC&I).

Internet Security: Turning Principles Into Action

December 17, 2014

By Christine Runnegar, Director, Public Policy,  The Internet Society

christine

In Paris this week, OECD stakeholders are conferring on a set of new guidelines regarding security that could prove to be as globally influential as the 1980 OECD Privacy Guidelines.

At the core of this work, there is a common appreciation that the success of the global digital economy is highly dependent on an open globally-accessible decentralized Internet.

In such a highly interconnected environment that is, effectively, a globally shared resource that no one owns, security risk management necessarily becomes a shared endeavor. This is an endeavor that needs broad participation and an approach that considers the overall security and resilience of the Internet and its actors, not just one’s own security risks.

PastedGraphic-1

It is not without challenges because mitigating external risks will not usually directly benefit the entity and indirect benefits (e.g. greater overall security) are sometimes hard to see. Take, for example, a scenario from the Internet routing area – ingress filtering[1]: networks which implement ingress filtering help protect other networks from spoofing attacks. However, they do not receive any direct protection themselves unless those other networks also do the same. Nonetheless, everyone participating on the Internet receives the indirect benefit of a more secure Internet.

A voluntary shared commitment is a useful way to motivate a collaborative approach to security, as a recently launched initiative, coordinated by my colleague, Andrei Robachevsky, has demonstrated.

At the core of this initiative is a document called the Mutually Agreed Norms for Routing Security (MANRS at www.manrs.org), which defines a set of principles and best current practices for a coordinated approach to improve the Internet routing system. Already, several network operators – CERNET, Claranet, Comcast, KPN, Level 3, NTT, RUNNet, SpaceNet and SURFnet – have made a public commitment to make the global routing system more secure and resilient by implementing one or more of the MANRS recommendations, i.e.:

  • prevent propagation of incorrect routing information
  • prevent traffic with spoofed source IP address
  • facilitate global operational communication and coordination between the network operators
  • facilitate validation of routing information on a global scale.[2]

Their basic mantra is “we do at least this and expect you to do the same”.

This is a concrete “real world” example of a voluntary collaborative approach to raise the overall level of security and resilience of the Internet.

As the OECD’s work on the revised 2002 OECD Security Guidelines draws to a close, we look to the next steps, and how the principles will be applied across the OECD community and beyond.

[1] https://en.wikipedia.org/wiki/Ingress_filtering

[2] More details can be found on www.manrs.org

_________________________________

Christine Runnegar is Director, Public Policy at the Internet Society, based in Geneva, Switzerland. Her current areas of interest include online privacy, security and identity. Christine contributes to the OECD’s work on privacy through the Internet Technical Advisory Committee (ITAC) and APEC’s work on the Cross Border Privacy Rules (CBPR) System through the APEC ECSG Data Privacy Sub-Group (DPS). She also participates in the Internet Architecture Board (IAB) Privacy Program, co-chairs the W3C Privacy Interest Group (PING), and works closely with other Internet technical experts on privacy and provenance. Christine also led the pilot Internet Society Copyright Working Group and the development of the Internet Society’s paper entitled Perspectives on Policy Responses to Online Copyright Infringement – An Evolving Policy Landscape.

IPv6: Not a Product, a Building Block

December 17, 2014

By Marco Hogewoning & Chris Buckridge, RIPE NCC

RIPE NCC_Logo2013

 

Debate about the need for speedy adoption of IPv6 has been going on since its inception as the next generation Internet Protocol (IPNG) in the mid nineties. Even in the early design phases, the question arose of how to enable a smooth transition, and key features of the protocol were designed to create a non-disruptive migration path from the existing protocol (IPv4) to the new technology that we all now know as IPv6.

With the Internet now a major element of economic and social life, the question of how to encourage the Internet industry and users to adopt IPv6 remains, and has become an important issue even in non-technical forums such as the OECD. The reasons why may have changed, but even with today’s ubiquitous Internet use, IPv6 adoption is still not being deployed quickly and the Internet remains largely dependent on IPv4.

In the late nineties, the technology simply wasn’t ready for production use, and the Internet industry crash at the start of the millennium severely slowed the necessary innovations and development. But an increasing number of recent large-scale IPv6 deployments have shown that the technology is ready for use and today’s infrastructure can support IPv6. The next challenge is to teach people how to use it. This is a problem that several ITAC members, including the Regional Internet Registries, have sought to address through a variety of capacity building programs targeting various Internet stakeholder groups.

However, the biggest obstacle to a widespread deployment of IPv6 to date is the lack of a clear business case to recover the cost of such a deployment. A lot of effort has gone into identifying an economically viable business case, but even as the cost of sustaining and growing IPv4 networks has grown (due to factors such as the need to buy additional IPv4 resources in the open market), it appears IPv6 is still seen as a net cost for operators.

The fundamental problem here is that the majority of market players still view IPv6 as a product, rather than what it really is: a building block to a new future.

The ever-increasing demand for connectivity in developing markets means millions of new users are connecting to the Internet each month. But it is not only people connecting; more and more devices and sensors are being connected as part of what is sometimes called the Internet of Things (IoT). Nobody really knows how this will develop, but the one certainty we have is that IPv4, with its limited number of addresses, will never be able to support this new way of using the Internet.

In this sense, the question of IPv6 adoption is a foundational one for much of the work and study being done in the OECD’s Committee on Digital Economy Policy (CDEP) and its working parties. The Internet of Things, machine-to-machine networks, network neutrality, mobile networks – all of these issues are affected by the success of IPv6 deployment.

As our vision of the Internet evolves from that of a medium for connecting people to an all-encompassing network underlying our economy and society, we also need to let go of this idea of IPv6 as a product. Rather than seeking direct recovery of deployment costs, we need to focus on the value of IPv6 deployment as a critical element for the Internet’s continuing growth and utility. Widespread adoption of IPv6 will enable the Internet to grow and allow new innovations to develop – it is these new users and uses that make the cost of deploying IPv6 worth it.

_______________________

The RIPE NCC was one of the key founding members of the Internet Technical Advisory Committee when it launched in 2008. With Internet governance already gaining prominence in many inter-governmental settings, it was clear that the OECD could be an important venue for producing authoritative analyses of the economic and political impact of developments in the Internet industry.

The IANA Stewardship Transition -A Change ahead

December 15, 2014

By ICANN

icannlogo

The Internet may have its roots in the United States, but over the past two decades it has expanded exponentially around the world to the benefit of billions. Still, despite the Internet’s global profile, the US Government – the National Telecommunications and Information Administration (NTIA) specifically –maintains stewardship over some narrow but important technical functions within the Domain Name System known as the IANA functions (IANA being the Internet Assigned Numbers Authority). These functions coordinate the domain names, their numerical equivalents known as IP addresses, and a system of protocol parameters that allows the various networks and servers on the Internet to talk with each other and exchange information. NTIA has long contracted with ICANN to manage the IANA functions but that’s about to change.

Last March, NTIA announced its intent to transition its oversight of the IANA functions to the global multistakeholder community; this marked the final phase of the privatization of the DNS as has been the plan since ICANN was created in 1998. http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions

NTIA asked ICANN to facilitate the process for developing a transition proposal that had to meet several specific guidelines. It has to have broad community support and meet the following four principles:

  1. Support and enhance the multistakeholder model;
  2. Maintain the security, stability and resiliency of the Internet Domain Name System (DNS);
  3. Meet the needs and expectations of the global customers and partners of the IANA services; and
  4. Maintain the openness of the Internet.

NTIA also specified that it would not accept a proposal that replaces its role with a government-led or intergovernmental organization solution.

At its 49th Public Meeting in Singapore just a few weeks after NTIA’s announcement, ICANN brought the community together and launched a multistakeholder process to develop the proposal.

This process lead to the creation of the IANA Stewardship Transition Coordination Group (ICG) to coordinate the development of a transition proposal. Made up of 30 members with diverse interests and backgrounds, the group was tasked with soliciting transition proposals, including from the three communities with direct operational or service relationships with IANA – the names, the numbers and the protocol parameters communities – and assembling a consensus transition proposal to submit to NTIA. ICANN’s current contract with NTIA expires in September 2015 and the goal is have a transition proposal in place by then.

ICANN has also launched, a second process on accountability that is interrelated with the IANA Stewardship Transition process. Its purpose is to examine, from an organizational perspective, if and how ICANN’s accountability mechanisms should be strengthened to address the absence of US Government oversight. https://www.icann.org/stewardship-accountability

The process established a cross-community working group, a staple of ICANN’s policy-developing process, to identify the accountability mechanisms that must be in place, or at least committed to, before the IANA Stewardship Transition can take place. NTIA has said it wants the accountability proposals to accompany delivery of the transition proposal.

The task the Community has undertaken is daunting. It has involved several face-to-face meetings in different locations around the world, but many more virtual meetings and constant emails to exchange ideas and achieve consensus towards moving the proposals along. The dozens of community members involved directly with development of the proposals recognize the importance of their mission – finally transitioning the Internet to the multistakeholder community to whom it belongs and, in a sense, granting it its full independence.

It is through such a process that the Internet Community will ensure the continuation of single, open and secure Internet, serving diverse peoples and underpinning economic growth and innovation.

Keep up to date at https://www.icann.org/stewardship/coordination-group

 

____________________________

ICANN is a not-for-profit public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. It promotes competition and develops policy on the Internet’s unique identifiers. Through its coordination role of the Internet’s naming system, it does have an important impact on the expansion and evolution of the Internet.