Focus Area 2
Reality check – do we implement effective regulations and set the right standards to solve the problems of the future?
Rapporteur: Andrijana Gavrilovic, Head of Diplomatic and Policy Reporting, DiploFoundation & Geneva Internet Platform
¶ 1 Leave a comment on paragraph 1 5 There are two levels of internet operability, requiring two different levels of implementation of cybersecurity standards. First is the operational level of the internet, which is managed by international technical organisations such as IETF, and another important layer of consumer device security that needs to go through the scrutiny of both consumers (through relentless testing and security requirements) and standardisation bodies that are working on lower-level industrial standards (through procurement and government regulations).
¶ 2 Leave a comment on paragraph 2 6 Dialogue and understanding of the need for standards are crucial; policymakers who engage in dialogue understand the problems and are more open to reflecting on the limitations from the regulatory perspective and what are the limitations of standards. Governments should understand the incentives and what are the needs. We need governmental regulation which will encourage (and in some cases incentivise) standardisation bodies and industries to implement standards into their products. NGOs should seek to engage with and exert influence on the formulation of soft laws and guidelines as they tend to be more efficient than the long legislative processes and are effective to some extent.
¶ 3 Leave a comment on paragraph 3 1 Green transition and digital transformation are two different areas, with the digital transition being more of a tool for green transition and not an end in itself. There needs to be a common methodology on how we account for the emissions and the environmental impact of digital technologies to be able to look at the entire lifecycle of any digital product.
¶ 4 Leave a comment on paragraph 4 1 Regarding a global cybercrime treaty, we need to leave sufficient room for member states because their legal and criminal justice systems are different. When we formulate minimum standards on the most important elements such as substantive law, procedural law, conditions, and safeguards, the whole framework would provide added value and could be used effectively for international cooperation purposes.
Paragraph 1: It is unclear what the actual message is.
Here, ‘relentless testing’ is not necessarily connected to consumers but to consumer organisations’ testing programmes and to societal organisation of responsible disclosure.
Also, it is unclear what procurement has got to do with lower-level standard bodies (who are they?).
Sorry, the last comment was meant for §2 instead – I reposted it there.
Third sentence: again, industries implement standards, but standardisation bodies do not. Perhaps the sentence should be broken into two parts.
Fourth sentence: not sure why the encouragement to participation is just for NGOs.
Er… what is “internet operability”?
Also, the “operational level of the Internet” (whatever that is) is not managed by the IETF. The IETF makes standards, it does not manage anything.
In the overall, it is unclear to me what the message is.