Cooperation Working Group

Thursday, 17 May 2018

At 9 a.m.:

Cooperation Working Group

Thursday, 17 May 2018

At 9 a.m.:

CHAIR: Good morning, everybody. We start. It's my pleasure to be back with a group, I missed the opportunity in Dubai, so I am very pleased to be back here again. We have a very dense programme, so, in a way, the presentations will be five presentations, will be 15 minutes each, and we will give the opportunity to speakers to either use the whole 15 minutes or to have some lesser time for the presentation and leave some time for questions so maybe they are not going to take a question during that. Let's start immediately with the first presentation and I am pleased to welcome Marco Hogewoning from RIPE and a follow‑up to the CGN debate we had already last year in Budapest.

MARCO HOGEWONING: 31 slides, 15 minutes, I work for the RIPE NCC, what I am going to do here is recap of a presentation in the round table last year where I had an hour so I skipped quite a few slides and I might skip over some detail. Please bear with me if I don't have time for questions, I am here all day. So what is this about? There is a discussion going on in Europe about carrier grade net, we all think it's bad, how far can you take this, how many customers can share an IP address, with that in mind we thought statistics are useful in con text, let's look at what we can find. Very big disclaimer, this is by no means exact science, I round all my numbers up to millions and even then there is massive error. Whenever you spot that error think about it. I probably be either under‑estimating the number of connections or I am over‑estimating the amount of IP addresses in the market. If you think it's bad, if I would correct for the error, you are probably even worse.

So, what is this about? Well rule number 1, you want to connect to the Internet, you need an IP address. If you can't have an IP address, you kind have to share, we know that as carrier grade net but IPv6 only networks need to connection to IPv4 usually they employ some kind of IPv4 address sharing amongst customers. Keep one in mind, one IP address per customer, one IP address per connection. So brief example: Anybody here from Hungary? Anybody here who works or used to work for Hungary telecom, that is an example not because they are Hungary telecom, because it was an easy example I had the data. From where I stand on the Internet and I look at Hungary how big are they, I can look at routing table and see how many IP addresses they announce and with a bit of help you can see that they announce 1.4 million IP addresses. So that is how big Hungary telecom is from the Internet's perspective.

How big is Hungary Telecom, really? Well, luckily they are listed, so they publish quarterly results, so I dug one up. This is the Q3, 2017 and I report 1 million fixed broadband customers and about 5.5 million mobile users. These are growing, especially fixed broadband is growing year by year growth. Small caveat: The report on mobile subscribers, I couldn't figure out whether that is mobile broadband or ‑‑ you will see later there is a big chance not all of them already have mobile broadband, it could be ‑‑ high level analysis, then. 6.4 million connections, 1.4 million IP addresses, something has got to give, these use some form of address sharing. So it must be there. They are reporting growth so question how long is this sustainable, how many customers can you put behind a single address or how many customers do you need to put behind a single address? So far, so good, I can do this for every company on the Internet, it's a tremendous job. Take a step back. I can also do this at country level so how many IP addresses do you have in each country, just as every Internet graph it goes up and to the right specifically because I put the small country to the left, Estonia, Luxembourg, and the big ones, Germany, France, to the right, it goes up. It's not very useful. But where I stand normally from Amsterdam, my gut instinct is if I move south or east, I find less IP addresses, let's test that theory. You may recognise the shape of a continent here, the size of the bubbles and I am going to keep using that in my graph is proportionate to the amount, so in this particular case the size of the bubble is proportionate to the amount of IP addresses in each country. Testing my theory, if I'm there in the Netherlands yes, the further I go south or east, the smaller the bubbles get. Yet we still have big country, small countries, so population size doing the same thing you already see there is a tiny difference here: Down here southeast gets a bit more dense, and look at the space appearing up there in the north. Assume that everybody needs Internet there is going to be a correlation between IP addresses and amount of people in the country and the amount of G D N in a country. So sorting them on population size and ‑‑ but starting off with the small ones here it goes up and to the right, but then look at it, Finland, Denmark and there is Slovakia, that is a tiny bubble there in between the big ones and as you move along big Swedish meat ball between Hungary and Portugal, twice the size. There is a couple of odd ones out here. You move up, yes, the bigger ones get bigger, it follows the trend but there are a few exceptions.

What if I divide it, someone the magic number, it's not to scale but gives you a tiny idea of where we are, Denmark, Belgium, lux em Burkes I have got more than one IP address per capita. Down here, Slovakia is already below a half, Greece, Poland, Hungary, they are all very low already, so where will you find CGNs? More likely in these countries. So, you can already kind of see where the problem starts to appear. But this is people, this is not connections. How many connections are there? Because we kind of assume Internet is going to be Internet but everybody has a fixed line at home, right, you have one or maybe two mobile phones. So looking a bit at OECD data who report on the amount of broadband connections. And again, the small countries to the left, the big countries to the right, you kind of see an upward strength because there is a could relation between the two, Luxembourg the smallest, Germany the biggest market when it comes to broadband connections. I can put them side by side, how many connections are there in a country, how much IPv4 do you have? Lux em Burkes okay more IPv4 than Czechs. Slovenia, yes, Estonia is the first one where you see tiny difference, they have more Czechs than they have IP addresses. Further down the line of course Hungary is big gap, Portugal, Netherlands still many more IP addresses than there are Czechs. It kind of varies, but look at Spain, look at the difference there, hitry, quite a shortage of IP addresses. Doing the Sam math, dividing the amount of IP addresses by connection, you kind of get this picture, France is about exactly at one, Ireland about exactly at one, Austria just above, Germany just above, the UK is pretty close to 1.5 IP address per connection right now, so they are doing quite well. Of course Sweden, the small bubble there I think is still bucks em Burkes Netherlands, Belgium, and south, southeast all below that 1 per connection marker. These are definitely using CGN and at a massive scale.

Connections and populations. That is the third matter I am going to throw in here because we all want Internet and we all need Internet. So, looking at this, we see Luxembourg more connections than people, Slovenia, just tiny bit more people than connections, as the trend continues, you see, for instance, Denmark, almost twice as many internet connections than people, everybody probably has a mobile phone, everybody has a DSL, or a fibre, or a cable line at home. As you move up, you see, for instance, Germany also connections but it's far less of a gap. That is interesting, because how is this market going to develop? We want to grow, we are in the business of selling Internet. You saw Hungary Telecom, they are still selling new connections. They are gaining customers.

So this is where the magic starts. This is where the science ends. Extrapolation, peeking into the future. What is ubiquitous Internet, what if everybody gets an Internet connection? For this exercise, I assume you are going to share your home connection with whoever you live in your house with. So I am going to do one fixed line per household in a country. And everybody gets a mobile phone or maybe two, so I am going to take five phones for everybody four people, 125% let's call that saturated market. For the record, I am going to ignore everything in enterprise and I am going to ignore machine to machine and data centre, public utilities networks, the universities, I am going to very strictly look at the excess market. Market coverage data, again I am using OECD partly because it gives me the coverage on mobile where simply divide the amount of broadband connections by the amount of people. You see, for instance, Estonia, at 120%, Finland is at 145% mobile coverage so sort of for every two Finns there are three mobile phones in action, you kind of get the point. For fixed lines, I needed to resort to a UN data that depicted households, unfortunately I couldn't get it complete, I already had to look back to 2011, but you kind of see the trend here. This is current. Where are we if I start to extrapolate? This is where it gets interesting, because, for instance, look at Germany, there is about 60 million fixed lines or 60 million mobile lines in Germany right now but if I want to saturate that market I'm going to add 45 million subscriptions there. In theory that thank means they are going to need 45 million IP addresses. I certainly don't have them, and I don't think you are going to get them out of the market, at least not at this current going rate. You kind of see everything move up. So, IPv4 in a saturated market, I am going to do that math with my fixed numbers, how is it going to look like in the future. You see the bubbles grow because the market gross. As things grow, they get heavier, gravity is a bitch, they all go down. Currently the ones at that go down below one. Germany, yes, they were above one, but if you really sell every German a mobile phone and every German a fixed broadband line they are going to be below it. Ireland drops below one, Austria drops below, Estonia, I can actually make it easier for you, let me put the old one back. Look at the difference here. Sweden, not so much. They have got a lot of IP addresses compared to the amount of people, compared to the amount of connections, so that is almost saturated market. Netherlands, they drop a bit, but still have quite a bit of spare IP addresses to work with. Belgium, yes, but they stay above one. The UK is also crucially going to stay above one. Hungary, yes, you see the drop. They are in deep trouble, Spain here, Italy. This is a couple of very interesting exceptions here where you know these people are already deploying CD G and the problem will only get worse.

IPv6 then, the great equaliser, will come to the rescue, don't you think? This was the status in December when I made these graphs. The blue is the proportion of connections that have IPv6. Sweden, well, not so much but hey, they are fine anyway. Netherlands, yeah, Belgium is global leader on IPv6, but I'm not sure whether IPv4 shortage is a big driver there. From this thing, it's actually only Germany where you kind of see them fall through that magic line, that magic one IP address per connection where they are deploying significant amount of IPv6. The UK market is doing reasonable job, but they don't really have a problem. Italy, oh, yeah, hello, you must love CGN, don't you? Spain, do something about it, you know. You are in trouble here, mate. Hungary ‑‑ Hungary is actually, they are getting ‑‑ you see the IPv6 deployment speed up. You get the picture, I guess.

So, soft conclusions:

Many markets have already more connections than they have IP addresses so they are going to be in CGN somewhere. And the situation is who not improving over time. So market will sort of, as they go along, drop below the threshold. Yeah, is that bad, is that good? Kind of ‑‑ as far as we go, not sure CGN is really driving IPv6 adoption. It may be but from my stats I don't really see it happening. I'm about to run‑out of time. I have got one question left, or actually two: What is the current going rate for an IP address? Anybody wants to take an educated guess, anybody recently bought one? Yeah, IPv4. Well, is it, 15, 20 dollars, something like that? How big do you think is the revenue of Hungary telecom, I couldn't resist, I had the numbers there anyway. Hungary telecom reported 1 €.8 billion of revenue last year, operating profit 545 million, with only 1.4 million IP addresses. Assuming that everything they sell is relying on IP, they make over €300 per IPv4 address per year. We still consider CGN a cost, but at this return. Maybe they are smarter than you. I will leave you with that. My questions for you, even after the session, is this useful? If you think it's useful, also consider that open data is imported, I use a lot of data certificate, it was a tremendous amount of work putting it together. Thank you, you can also mail me questions.


CHAIR: Thank you. And next speaker is Jari Arkko, now that he has lots of spare time not chairing the IETF any more he is looking into consolidation.

JARI ARKKO: So I want to talk about consolidation in the Internet ecosystem is that is a topic that is crossing a little bit of technology, some amount of markets and maybe even some regulation. And I guess I'm going to argue here that we, the techies, can't really completely ignore what is happening in the market space and in the Internet as a a whole, it does have an effect. So I am going to do a short intro on this topic and call for discussion and basically asking for let's think about this and gather more data.

Okay. Consolidation, so this is about large and larger entities that are doing much of the work at the Internet, whether it's search giants, or email or social media, and we can all come up with many examples in that space, you know those obvious ones but also many other things like app stores ‑‑ some amount of control there, how can you get your applications on a particular market. Or even things like email, obviously many people can and do run their own email services but I would argue that it's over time back bit more difficult because you are ‑‑ if you are a small entity it's relatively do I have convince others that everything is ‑‑ that they want to connect to you and sometimes you get into this problems of being labelled as, on a blacklist or there is a technical problem and if your ‑‑ nobody is going to listen to you where if you are there is going to be fixed in one minute. So there are many of these effects, and as noted, sort of the economics and competition, that is not really the field of the techees, but we still need to understand what is happening with the Internet, if we want to tweak the Internet in some fashion, or develop technology, it's useful to understand what is it that is actually happening with the Internet. And it might be the case that as these changes happen on the Internet, like you have more centralised entities or bigger entities or different technical arrangements it does have impacts on Internet arc, or vice versa, that if the kinds of technical things we do will either drive forward this or accelerate this development or slow it down or provide more opportunities for various types of entities. So I think it's useful to think about this topic for driving also forward new work.

And just a very briefly going over some factors, leading to consolidation of the obviously market and competition environment, I am not going doing into the details of that but there is some fundamental things like clearly network effects, you want to be in the platform where everybody else is right? So there is that. There is other types of fundamentals like, say, speed of light, if you want low latency and fast communication this means you probably have to be at some point at least, you have to be relatively near to your customers or whoever is using your services, which means global deployment in some sense, and if you are a small player you probably can't do that on your own, you have to work with some other entities or already a big entity you can perhaps do this on your own.

There is some cases about denial services like if you are, again, a small entity and your website or web services is attacked, then you're basically down. You can't do really anything about it, but you do have a fighting chance if you are working with some of the bigger entities, providing CGNs for your service, for instance.

Permission‑less innovation, Internet provides a mechanism for everybody to do whatever they want, they don't have to ask permission and that is great of course, but in some sense it feels a bit we sometimes think of this as we provide the highway and then you do whatever you want with the highway. And maybe it is time that we did look at some of the things that is happening on top of the highway and provide more tools for us to deal with, some of the issues there. One example of this is the IETF we had this discussion, recently, about one bit in one protocol, a quick protocol and the bit was called a spin bit and with the spin bit, you could provide some information to underlying networks, access networks, or routed networks about latency of the connection, and that was a huge debate, can you provide this information, you know, are we revealing something about the latency of a particular connection or not? And... but this was like, it was not information about the user in any sense, it was information about the connection and might that have been useful for the providers involved. But, at the same time, when this huge debate is going on, like, you know, take a look at Cambridge Analytica and you know, terabytes of information that flowed there, and we are not doing much about that, and perhaps we should, perhaps we should be providing some toolset at that level as well. Not just think about the highway, we are building the highway but what kinds of seatbelt and such we are providing.

There is also many other things that might affect this, one of the questions that we had is whether asymmetric bandwidth available like mobile networks plays into some of this because it's not as easy to provide a service on a peer to peer fashion than otherwise. So the question is, should we act on this somehow? This is at least as I perceive it, it's reality. Should we do something about it? I think it's important that we actually understand how the Internet evolves and talk about it here and elsewhere. And about the understanding, I think we have this notion that this is happening but we don't have a lot of data, or at least I was unable to find good data source like, I wanted to have equally good graphs as Marco had in his presentation, but I don't have them. And I think it would be a really good thing if our research community and otherwise were to collect some more data that would allow us to understand what is happening with the Internet, how much of the traffic goes to top level content providers, for instance.

And then we need to talk about evolution of the technology. I mean, this is obviously hard thing, it's not clear how can we help the small player, to get an edge, or level the playing field in some sense. But there is some things we could do like federation type solutions would help smaller players work together and they can provide the low latency service around the world globally, even if they are not present in every country, and also like this example about security on higher levels, it's not that we just provide the highway, maybe the other parts also are something where we should provide more tools and maybe we as users could demand some of those tools be used, say data privacy or portability and in telecoms networks we used to have this number portability idea, we don't have portability of data, actually different systems on the Internet today and maybe we should, I think it would be a useful thing.

So, I think I'm getting to the end of this or my part of the talk. I do have some pointers, this has been discussed by many people, the IAB published a blog article in consultation some time ago, the link is there, I had an Ericsson article on the security issues around this, Geoff Huston, who I don't think is in the room, has talked about some aspects of this. So, I don't want to talk any longer, I will just open it up for discussion, I don't know how much time we have, but five minutes, okay. So take it away.

SPEAKER: Good morning. ICANN. Thanks very much and this is very topical of course, and I was in a meeting a couple of weeks ago, a conference with various European telecom regulators and if I remember correctly, the French one was talking about how from their consideration of net neutrality they want to look into other aspects of the value chain, platform neutrality, yes, but also areas such as peering, competition etc.. it's not entirely new, and I think Chris Buckridge and Geoff Huston will remember in my previous job I was working with them, the OECD did a couple of reports on competition in the peering market, which was a very positive report, which was great, and perhaps it's time to look at, to talk to OECD maybe again and work with ‑ think Chris is closer to OECD nowadays, so he will know whether it's the right time, I think it's a good time, they have have some metrics, they have have got a statistics, as Marco was showing. I think it's important to look at it, as you point out, there are some trends which could be worrying, there are some funny games being played in some parts of the wider chain of the Internet and we need to pay attention to it because if we don't and if we don't have the right data, what might happen is that we get unwanted attention from regulate that might not have all the information or we might not be able to give the right information from and we might consequences, it's a really, really useful piece of work, I am going to read up on the detail and I am happy to help, just to say that, please continue.

JARI ARKKO: And network neutrality is of course one aspect of this, and by the way, I am not standing here and arguing that we need more regulation but I am at least standing here and saying we need more understanding of the issues and discussion and based on that understanding maybe the techees can do something or, you know, if things come to that maybe there are some regulation aspects on some area where one needs to act but understanding is step one.

SPEAKER: Actually, I am Alexander from Russian Federation. Actually, the ‑‑ if you watch carefully they have kind of unification of autonomous system numbers so we ‑‑ represented by one company, previously telecom on 100ists so it's result of consolidation. The major Russian operators are consist about 20 to 30 so it was independent company registered AS and it was same routing policy so already doing kind of this just look at that.

SPEAKER: Hi Alain Durand. I was wondering how much some of this is the result of work that we do at IETF, for example if we look at the privacy that was done ‑‑ that some as the unintended consequence to consolidate a lot of the resolvers in some places it raises the barks what it takes to deploy the resolver so it might be something to think about as you peer review who could be the unintended consequences on consolidation of some of the technologies that we are pushing there.

JARI ARKKO: That is a good point and the example that you mentioned is one case where, you know, new technology that is currently being developed might have an effect of concentrating some more things in the Internet so we should look for that and point ‑‑ your point is taken, thank you.

CHAIR: Thank you very much. If I may conclude also from a policy makers point of view that it is important that issues like this are debated in fora like this and for instance for the CGN, the European Commission had signalled in questions ‑‑ in answers to question by European Parliament members that this was the forum where the discussions would take place. Let's go now to the next presentation, Chris Buckridge about the recent developments in the EU.

CHRIS BUCKRIDGE: Good morning everyone, I have a very brief presentation here, hopefully, so hopefully there will be some time for questions or comments. On the very exciting issue of EU regulation and what is going on there, first point, this is not about GDPR ‑‑ I sense the disappointment in the room. No, my colleague Maria did two presentations on that yesterday, I am sure she is around if you have new questions for her but I don't want to hear it. There has been a enough focus on GDPR, not the only game in town, there are clear take aways from what is going on there, not least of which regulation, whether it's particularly in the EU is a clear and present factor that we need to be thinking about right in our, that these are not just sort of pie in the sky things, this is ‑‑ the issues that are going to have real operational consequences for people in the Internet. With that in mind, the RIPE NCC and a couple of years ago started working with a company in Brussels called political intelligence that actually done some work with other Internet operators, also working with euro ISP A, some experience of our industry and what we are interested in. The basic point, what we were trying to do in having that relationship is to get up dates on developments that would affect the RIPE NCC as an organisation, as a registry, get up dates on what developments might be coming that would effect you, effect our membership, affect our community so we can talk to you about that. And then where useful and where appropriate we can actually make input to those EU processes and so political intelligence can help us with that.

So with all of that in mind and sort of building on some of the knowledge that we have gained from working with them, I've put together here a quick overview of a few of the key developments we are seeing coming through, at the EU level at the moment.

And the first one is one that we have heard about before, it's been discussed in this Working Group previously, it's the NIS direct, on security of network and information systems. It was adopted by the parliament in 2016, so it's been a long discussion. The deadline for national transposition to EU Member States is 9th May. So that means basically there is a directive at the EU level, each Member State has to work that into its own legislation and they can do that in their own bespoke way. The deadline was the 9th May. That seems like it's a little fuzzy. But I will talk a bit more about that in a second. There were three parts to that directive. One is improving sub security capabilities at national level, increased EU level cooperation and risk management and incident reporting obligations for essential service operators and digital providers. So essential and digital service providers. That is not actually strictly defined in the directive. There is some guidance given. There are some things mentioned, TLD operators is one, so that might apply to some of you who work with ccTLD operators. There is also reference to route server operators. That applies to us potentially, the RIPE NCC. And others as well. So where are we with this? Basically, as I said, the legislation is supposed to already be in place. However, defining who is that essential service operator is still ongoing. We are talking with the Dutch authorities, this is something that we are talking about. Our feeling is that route servers, while very important, is not going to be something that falls under that definition of critical for the directive. However, it's a discussion we are having, and obviously we are also talking with Netnod or the other EU based route server operator so there is some useful community coordination going on there.

These are not the prettiest slides, partly because I have scattered a bunch of links throughout which is specifically so ‑‑ please download the slides from the website. There is a lot more information on this and I hope the slides will link you to what you need to see if you are interested in more.

The next one, I will keep moving here, is E evidence so this is work that the Commission has been doing to basically improve law enforcement access to electronic evidence in Member State. There was a legislative proposal came from the EC in April and the new mechanisms they are suggesting which are relevant to us are this European production order and preservation order. So what does that mean? Right now, and well ‑‑ its whole existence, the RIPE NCC is under Dutch jurisdiction. If law enforcement wants to get access to non‑public data that we have they need to get a Dutch court order. Under this proposal, it wouldn't need to be the Dutch court order any more, it could be any EU judicial authority could give an order to the RIPE NCC and we would have to comply there and we got name checked in the legislative proposal itself, they mentioned Internet registries by name. This would be a change for the RIPE NCC, it's not something set in stone yet and we are talking with people in the Commission and elsewhere. It's also now in parliamentary discussions. But this is something that is actually important for our membership to understand, that what these EU regulations can mean for the RIPE NCC and what we are doing with your data.

Keeping moving through a couple of other quick ones. Intermediary liability, this has been something under discussion for a very long time in many different venues, the OECD was mentioned, they did work on this a while back at least. In the EU situation a couple of different situations converging, copy write directive on how to prevent illegal content in intellectual property space but also legal battles about the responsibilities of platforms for having defamatory or otherwise problematic information. So the European Commission has released recommendations here. What is significant about this one particularly is that there is currently an open consultation so there is an opportunity for anyone in this room or going back to your legal or other departments to actually have input here and talk about what is important for you, what is important for your organisation. As I said there are links there so hopefully that is useful for you.

And then the final one I have here is cyber security. And so this ‑‑ that NIS directive that I talked about earlier, that is relating to cyber security but there is a further act proposal that the Commission brought out last September, and there is a couple of things that this would do, someone that it makes the European network information security organisation a bit more of a monster, it gives it an expanded mandate and a little bit more in the way of powers to coordinate at the EU level. And then it would also establish an EU wide ECT certification framework and so that would basically override any of the national frameworks that would exist and where they don't exist it would have an impact there.

So this could also have more on our members and community impact than on the RIPE NCC, but it's something that is important for people to be aware of. There is going to be a vote on that proposal and whether it moves forward in mid‑June, and the aim is to come to an agreement on that by the end of 2018. So there is time to talk to people but probably not a lot of time.

So, with all of that said, just some closing observations here. We are seeing I guess a couple of things driving what is going on in the EU here at the moment. It's a bit of a perfect storm at the moment for privacy personal data issue, we have got the GDPR discussions going on and with the came ridge Analytica situation with Facebook, who has got personal data and what they are doing with it and the Commission is stepping in to regulate in that space. There is a huge amount of concern about cyber security and illegal content and terrorism, online platforms being used for that. So that is also fueling discussions. In a way those two could be seen to be conflicting, on the one hand you have got your personal data, on the other hand people want to know what that data is and be able to use it. But what they are both pushing towards is greater ‑‑ a trend for greater regulation of the Internet, so that is what we are seeing. What we have said for many years now really as long as as I have been in this I don't be is the cross‑border nature of Internet makes regulation difficult, it means as a national legislative body also making regulation that will have an impact on what the Internet is in your country is difficult because it's the Internet, it's much broader than that. What we seem to be seeing now actually in response to that is ever broader regulation, they have said okay, national regulation doesn't seem to be working with well, let's try go bigger so you have GDPR which you have people around the world, not just in the EU, talking about the impact that is going to have. So the concern there for extraterritorial impact, whether as a side effect or an intentional outcome, is, seems to be lessened. And that means that, yeah, what we are seeing now is some very serious impacts of these regulatory moves and, yeah, hopefully this has given you some idea of what might be coming down the pipeline in the next few years. Possibly we have time for some questions or comments? Five minutes. Okay.

SPEAKER: John Curran ARIN. Could you go back to the E evidence slide really quick. Just something people need to understand. E evidence has regulation but a matching direct that I have came out of parliament, the directive actually has some other interesting aspects to it. It it requires that parties that provide infrastructure services or communication services designate an agency for receiving the E production order and E preservation order. That agent is to be prominently listed on your website, this is sort of interesting because they recognise that these parties could be natural or legal persons with personal data and they are mandating you put it at the bottom of your website, it's kind of again a push and give with GDPR. And so any communication provider, anybody providing IP addresses, anyone storing electronic communications is going to need to designate an agent in some EU territory country and put it at the bottom of their website. This has the same extraterritorial effect of GDPR in that service providers outside the EU who hold themselves forth to offer services to EU residents have the same obligation, they will need to establish a presence somewhere in the EU and note that at the bottom of their website, so the E evidence actually has the same level of all sorts of excitement that we face with GDPR only in the opposite direction, making yourself more authority for competent authorities to get that information.

SPEAKER: Nurani. I thought it was incredibly useful presentation. It's very hard to get an overview of what everything that is happening so well done there. And then also just the comment on your observation that more and more of these things are happening, not on a national level any more and on one hand it's an observation that I agree with and I think on one hand it's quite understandable, and you could say that also makes it easier to get an overview instead of having all these national different legislation, different countries, the concern of course is we know that on a national level when we do get involved there and we do ‑‑ there is much greater chance of affecting the government in our own countries when we can provide technical advice or others. And then final comment or question: As interesting as the presentation is, I'm not sure if everyone will download it. Any chance you could throw it on the blog? That would be awesome.

CHRIS BUCKRIDGE: We can certainly do that, yes.

CARSTEN SCHIEFNER: Could you just do me a favour and go back four slides to slide number 5. That is when it comes to name servers. Not strictly defined in the directive itself and may include ccTLD operators and DNS root servers operators. What about core TLD operators that are not situated within the European Union like there is operator where possibly would say this is is an essential service across the global but still obviously Verisign is not located, headquartered in the European Union so is there any clarification around this question, whether it would apply to all TLD operators or just the ones being located within the borders of the European Union? First question.

CHRIS BUCKRIDGE: And quick answer, there is I think not clarification. The directive itself is quite vague, it just says TLD operators. There has been further discussion and there is actually cooperation group which is active throughout this year where Member States will be able to discuss what each of them have decided is an operation of a essential service but, as I say, it's not a regulation, it's a directive so it's implemented differently in each country. Those are likely to focus on the operators that are something within their borders so I think the likelihood is they would only focus on ccTLDs, but it's an ongoing discussion. Sheaf second question concerns slide number 7, that is the evidence thingy. I just wonder to what extent ‑‑ okay, as said, there need to be qualified person or agent receiving such inquiries, so the assumption is that such an agent is clever enough to, how should I put this, to recognise a legal or judicial authority as in a law court here in Marseilles filing some kind of paper to Germany‑based registrar and the agent of that Germany based registrar needs to understand this is like a legal and lawful thing that has just been put on his desk, is that the assumption

CHRIS BUCKRIDGE: That is certainly my assumption and possibly our legal team have thoughts on that. Just thinking of it from a RIPE NCC perspective and us understanding what is coming through as a legitimate request. But this is still very much in the making, yes, so I think that those sorts of questions are going to have to be considered further down the line.

CHAIR: I am closing the queue, you three guys are all in the queue. One question per person, we are running out of time.

SPEAKER: Constanze, from Ministry of Interior, Germany. I want to bring in another point of view. The politics view. My working day is to see all these proposals from EU and I can just see if a few of them.. and I am a bit helpless. If I see how many proposals coming up, and I don't know how to argue in this proposal because I don't know the technical standpoint. Therefore, I'm here and I try to understand the technical point of view, and on the other hand side I have the politics view. But just the national view. So, I try to convince and to bring in in the European discussion the view I learned here, and my national view, and I try to figure out the ‑‑ how to react in the European world, so and this is a huge work and I'm feeling alone. I want to say that. And I want to ask perhaps it's an issue for RIPE NCC also, or, for instance, the main point for the RIPE community, to help us and I want to push the Member States and the political colleagues to bring in this process, because I can argue, in the moment and we have a new government and now we have a new coalition contract and in this contract we have so many digitalisation projects and from all parts of the country coming processes and I have to, I have to make sure that infrastructure is running, but I can't do this. In the moment, we have two layers addresses, and I don't know about that, and it's a big bang in the moment. And then the initiatives from Europe coming up, for instance, digital single gateway you didn't mention, or you don't know perhaps about that, and so many more things, and I have to react in this and so I'm lost in the moment.

CHRIS BUCKRIDGE: This ‑‑ I mean, I think that overwhelming sense is certainly what we at the RIPE NCC also had, that has driven our making this relationship with political intelligence. This presentation is begin winowing down from what the winowed down information we get from political intelligence and as you say, there are many others that I probably could have included in this presentation but that is where maybe a blog or a series of blogs would be something useful the RIPE NCC could do for the community. So we will certainly look at that and take your perspective there.

Constanze: I want to push my colleagues, yes, that is my main argument, and please help us and we have to stay together and to bring our experiences and we have to talk about these issues, and our themes and our aims and otherwise it wouldn't working, yeah. Thank you.

CHAIR: Thank you for being here.

PAUL RENDEK: From the RIPE NCC. I just wanted to touch on the point that Nurani made and a echo a bit of what Constanze said, ten years ago life was a lot more simple in the legislation regulation area for RIPE NCC certainly. Back then, it was much more of a cut and paste inside the country, probably things copied from America that were then cuss and pasted and maybe rejigged into your own, what maybe was suitable for your country. We could follow that. That was much easier. The game has completely changed in those ten years. You have EU coming up with all of these little bits. Our remit is a lot larger than just the EU, we are taking a look at the 76 countries that we have, LIRs ‑‑ we have LIRs in much more than that but our service region of 76 countries, what we are seeing is that the legislation and regulation is coming and popping up all over the place in very different manners. This is very hard for us to actually get our heads around. The point that Nurani made about using local communities is very important. Sure things get regional, lots of things that are local. RIPE NCC is not here to battle the politics of a sovereign country, right? I think what we are here for is that we can actually provide the technical factual information for those that need to make better public policy. I think a winning car for us is using the local operators and local communities to wok together so we can provide this information so that they can have that footprint within their country, that is a much better way of approaching this than probably throwing everything on RIPE NCC's shoulder and say, get out there and just tale with all the legislation and regulation and 76 sovereign countries, right? So, this, in this sense, we are calling on the local communities, we are taking a look at how we could work with the local NOGs and operators or what have you to bring some of these pieces had a we see in legislation and regulation to light so they can actually go and do the work there locally. It's very important. Constanze, I wanted to echo, thank you very much for making those statements because we are reaching out and trying to be as cooperative with all governments as we can, right, in providing this kind of information and we are taking a look inside of RIPE NCC, how we are doing this and how we can the most effective so I hope that we will continue to have this dialogue and we can move forward with the developments. Thank you.

SPEAKER: First of all, Burkov in personal capacity, not EU citizen at all. Last year all this piles of paperwork from the European Union. I was shocked. Really, I was shocked because it's previously we in Russia were shocked by our parliament, but European crazy ‑‑ the impossible. Because in fact, for me is non‑EU citizen it looks like Europe want to rise international laws, normal behaviour, ignore the sovereignty of the countries. It's a new trade barriers, it's ‑‑ of course Europe can try to see that largest animal in the world, maybe. Let's see. Just for example, now I simply shock, I can't understand what to do me, if I have on my VM just server and got a mail from European citizen how I should align with GDPR and with E evidence? Or we should cancel all communications between us. It's absolutely stupid that ‑‑ it's absolutely unacceptable and I hope that ‑‑ my question for you, it's your parliament, you decide it. And it's great potential huge ‑‑ fragmentation of the network. Thank you.

CHAIR: Thank you. Okay. Thank you, Chris.


So one of the newest partners of RIPE is EURALO and we have Olivier to tell us about that.

OLIVIER CRÉPIN‑LEBLOND: I am the ‑‑ I am the chair of the European at large organisation. EURALO, so this is my quick introduction about what it is and what we do. So, I was going to start first with explaining a little bit what the Internet model is all about. I know that many of you have already seen this a number of times. This is one of these graphics which, where created I think about eight, nine years ago, and I felt that I don't know who actually did this graphic but I thought he was quite a genius thing to try and show the ecosystem, my goodness there is so many people involved in this thing. And just looking at a few of these, the whole point of the Internet ecosystem is that it is multi‑stakeholder, it's not a single actor running all the show. If you look into the multi‑stakeholder standards you will find it's not a single organisation that is creating all the standards, you have got the different layers in the OSI system, in the Internet system and worldwide web so it's W ‑‑ IETF, many different standards organisations and policy different organisations and fora in which the work is actually taking place as well. Governments, multi lateral institutions, the Internet Society and I am sure many of you, I recognise a number of you, many of you are involved in these different fora.

In naming, there is also many different organisations. You will see ICANN, you will see of course the regional Internet registries, you have got the gTLDs, country code top level domains, quite a range of organisations and fora in which things are ‑‑ discussions are taking place. The problem is that one often finds that all of these operate as silos, so you have got that big thing, big overall ecosystem and you've got one silo that talks only about GTLDs and one silo that only talks about ccTLDs, you've got the regional Internet registries that deal primarily with the IP addressing. And so, the question you might be asking yourself is why am I here? So before I tell you why I am here I will tell you a bit about ICANN, I know that a lot of you probably already know about it, but often you have just heard about the organisation and the people that you see in ICANN are the people, and I wish I had a pointer, are the board of directors, these guys travel around the world and say I am on the ICANN Board and we do a lot of things. And of course, it makes it think that it's the ICANN Board that takes decisions and makes things and stuff when really the reality of it all is that the board of directors doesn't really exist, the the ICANN different component part organisations that are made up with volunteers basically, that actually go there. So if I go back one, you will see the only thing that happens with the ICANN board of directors is that the different component parts of the organisation select people to go on the Board of directors but at the end of the day the ICANN Board of directs is supposed to receive consensus based advice and not to have to make the decision themselves, and often that is what they try and do. Different component parts, as I said, so you have got the address supporting organisation, let's start with this one, the most important one of them all of course being the IP addresses, and in ICANN I would have started from the other end, the other side. But here of course you have got all the Internet regional registries including RIPE NCC and in some way it is a multi‑stakeholder system. I have met people here during these few days that came from all walks of life, not a balanced system, most people are actually working for operators that require IP addresses and that are members of RIPE NCC. There is the ‑‑ named supporting organisation, that is another ‑‑ that really is a multi‑stakeholder system, with contracted parties on one side, the generic top level and not cracked parties on the other side so you have got IP interests and that is not IP addresses, that is intellectual property over there and of course I have got, when I talk about IPv6 in ICANN, I need doing the other way around and say we are talking about Internet protocol. Internet service providers, businesses, universities and civil society. The country code named supporter organisation has got all of the ccTLD registries involved and you have got the at large and it's funny because it's the at large and it's also called A LAC because it's the at large advisory committee, and these people represent the interests of end users and I will go into this in a moment because that is where I am coming from. Then you have got other advisory committees, the SSAC security and stability advisory committee that deals with the, well as its name implies the Kurt of the Internet as the Internet identifier system keeps on evolving. The route server system advisory committee, I think that some people might be from south service here, and from the Internet engineering task force and the governments that are represented in the government advisory committee. So you have really got a nice ecosystem here that is somehow geared to not agree with each other and spend a lot of time talking about things when really you could make a decision in the room within an hour. But that's what a multi‑stakeholder system is about. You need to be able to discuss things and get everyone's involvement in the debate.

Now, looking into the at large and I think that a lot of people don't quite understand the difference between the A lack at large advisory committee and the at large. We are divided in five regions, a bit like the Internet regional registries. Of course to make matters a bit more difficult we managed to not use this same boundaries as the regional Internet registries so for example the Middle East in the regional Internet registries is served by RIPE NCC, but in the at large model it's actually from the Asia Pacific part of the world. Five different regions, each one of them selects two people to go on the at large advisory committee, and each one of them is called regional at large organisation. So it's got a leadership. For Europe it's EURALO, I am the chair, for Africa ‑‑ APR A L O and I think you have guessed there is a pattern with this. And the A LAC has got one person from each the regions that is selected by the nominating committee, in fact I didn't mention the nominating committee. If we go back here, nominating committee is in the middle, it can select eight people doing on the board of directors and these are often people that have really had nothing to do with ICANN before and that think that this sounds like good idea to serve on the ICANN board, they find out soon enough it's a bit more work than they originally anticipated but I think we will have to scratch that part from the record.

Moving on. Just looking at the at large advisory committee, that full 15 had he been committee selects one person to sit on the ICANN board, seat 15, and you might have seen him around, Sébastien was the first person selected. At the moment it's Lyon who is not really representing our interests because once you are on the ICANN board you have got to represent the interests of ICANN but who is more in line with our community and regularly attends our meetings and sees what we are doing.

What is at large? Well, we bring the input of Internet end users in the ICANN policy processes. So, an ALS can be a computer club, can be ‑‑ we have got many Internet Society chapters and some university departments, the not purely civil society, it's organisations that have a strong end user component part to them and that can gauge the input from end users. What do we do? Well, we basically the nosy neighbour, the people that basically can comment on everything and anything that takes place at ICANN, so not only just generic top level domains but pretty much anything else and at any time. And we can send our comments to the board and the only thing is we do need to show there is consensus within our community for the statement that is being sent over, and so there is a process that I will show you very briefly as to how we reach consensus. We also take part in cross community Working Groups of which there were quite a few, five minutes, goodness, I thought it was 15 ‑‑ there is quite a few and we also have to sort of spread the ICANN message around the world. Our members also take part in generic name top level domain gTLD, G NS O policy development process as well.

The system is bottom‑up so you have got all the at large structures and individuals now. At the bottom they feed into the regional at large organisation and into the A LAC. The process by which we end up building policy is quite complex, in that you always need get feedback and get buy in from your colleagues. You can't just have one person say oh I really hate this, let's get A LAC to write a statement, they need to convince everybody it's a good idea and reach consensus not across their own region but the whole start so you start from the region and it sort of permeates all the way to the top when ‑‑ if there is a final statement where there is consensus, that needs to be voted on by the A LAC and that is sent out. The weight of that statement is actually pretty good because at the end of the day we show that there is such a process taking place when we send that statement over.

That is in response to a public comment, this is online we don't need to look at it. It's similar process as the other one. Why are you here? Of course, so I'm here because, you know, as I said earlier there are a lot of silos around and we work in a silo and ICANN works in a silo, IETF works in a silo and so at the end of the day because we bring in ICANN the input of end users we believe there is the strong end user component in having people involved with allocation of IP addresses and understanding the whole process by which one way may be better than another. The Regional Internet Registries have a number of policies that have relevance that invite community participation and we also believe that cross‑pollination across the different communities is important, specifically for policy and for these things that suddenly fall on our heads like the GDPR, GDPR, quick example, two minutes, had ICANN actually looked around at what other organise organises was doing it might have come up a solution earlier. I listened to what RIPE has done. Instead of reinventing the wheel maybe sometimes we can help each other out on what we do. And so just for all this, in order to collaborate and get more involved with each other's processes EURALO and RIPE NCC signed an MoU for collaboration over the Abu Dhabi meeting and so that MoU says we want enhanced collaboration between us, maybe hold some meetings in each other's spaces, send people over, fellowships, common capacity building, the whole idea of cross‑pollination came from Ray Pulzak, who was the president and CEO of ARIN between 2000 and 2009 and he pulled me over when I used to be Chair at the Beijing meeting and he goes look, ICANN is not just about addresses, about domain names and gTLDs, we are here too, ASO get people involved also in the address supporting organisation and I think that this really is the sort of ‑‑ the signing of what we can do to work with each other. All of the other regional at large organisations have also signed an MoU with their region. Here is some, a few points, if you want to see the policy correspondence you can click on the policy summary. There is of course policy going on in development at the moment, and you have got website for individual users, you can all join as individual users if you want and you have got Working Groups and the RIPE NCC at large MoU and beautiful pictures of two smiley happy people at the are at the bottom link. And that is it. Thanks. I am open to any questions if I have any time. Okay. I am just being killed. Thanks.


CHAIR: I am pleased to welcome again Joanna after first intervention in Madrid one‑and‑a‑half years ago.

JOANNA KULESZA: Good morning everyone. Thank you for making it to the morning session particular thanks to Chris and Olivier, I think all those points you raised were wonderful and I will use them to build upon with this presentation. First, disclaimers: The public core of the Internet is not my concept. It's a concept that has been promoted for quite a few years now by the Dutch foreign ministry, initially Dutch presidency, has provided an extensive report and the Dutch foreign ministry, the for strategic studies, the east west institute were interested in exploring the concept a bit further. A result of a study that buildings upon that concept that I would love to test against this wonderful RIPE audience here today, this is why I suggest the presentation and I'm thrilled to be able to present it here. I hope I have enough time to hear your feedback, to answer your questions, if not feel feel to approach me and I am happy to hear whatever your comments would be, on the protecting the public core of the Internet.

This is an introduction of research and report that deals with finding ways to protect the crucial elements of the network so it deals with cyber security, international law, the work that I do, I work at University of Lodz, in Poland, so my background is international law, Internet governance, cyber security and human rights, that is what I am coming with here today. First, I am going to start with pirates, just to have a pictures. I don't have any comics to hand, but I have a few pirates am going to start with pirates because as I already said what I try to in my work is learn from the lessons in international law and use them for Internet governance. We used to think pirates were romantic and lovely and adventurous, everybody loved Jack Sparrow, we encountered and instead of routing for jack support oh we were rooting for captain Phillips who was trying to protect his cargo. What we are facing now is an old challenge in international law, it's pirates of when I talk to student of international law it's one of the initial cuss Mary law principles, everyone can obtain one and stop them and judge them initially, it was hanging on the rail of a prior at if you were able to find one. Those principles do not seem to work in 2018, we have the problem with the some alley pilots, I am sure you are all following the headlines. There seems to be a unique way of dealing with pirates right now, YouTube is full of those problems so states have a problem with protecting cargo from pirates when you transit company and you have to ‑‑ take that transit through a region that is occupied by some alley pie rats you will be facing challenges. Governments are reluctant to provide assistance so since life does not void, it tends to fill them we have this market of private military companies. If you have a cargo and want it protected the states will reluctantly offer help. So my students would say, you say there is an old principle of how we deal with pirates dates back to those lovely old pictures that you can see how. How come this doesn't work? I should have an answer, and I don't. Right? We have an international law principle on pirates, it's one of the initial customary law principles, and we can't use it, we get private military firms that are actually shooting at people before they are able to identify with 100% certainty they are indeed pirates. They don't want to take risks, they have big guns, if you approach our vessel we will deter you. This is one of the lessons I think we might want to take for cyber security and Internet governance. We don't want to end up in that area, I think and it seems like we are headed that way. Part of the discussion on cyber security now, maybe not on this side of the pond but it seems on the other one and I am pretty sure we have some US nationals here in the room, is on legal hack backs. This is what we are doing with somaly pirates so there is a proposal in the US particle. I think it's going to fall through, a safe bet. The policy proposals deals with allowing private companies to hack back. So if someone hacks into your data and you are not too happy about it not only can you deter them, can you protect yourself but you can go after them, hack back and destroy the data that they have taken from you.

How do you do that? Well the FBI is going to authorise it, brilliant. The companies have been pushing for that solution for quite some time now. It would be effective, it would be quick, it would be the company that would call up an FBI hotline and get the authorisation and hack back. Cool, isn't it? Right. There is just one problem with it, it's illegal, right, you are not supposed to do that, international law says you are not supposed to do at least you will be held responsible. So it's form for us speaking here in the lovely south of France talking about European policy this is not really our problem right now, as long as this does not become US law and as Chris mentioned in Europe we tend to be more on the defensive side, there is this directive coming resilience over security etc.. so it's more about protecting your networks than taking on active defence, active measures in order to defend yourself. Let me just point out, this is so cool because it's the active cyber defence certainty Act, it's ACDC act, I really like that, so we had pirates and ACDC, that is as cool as I get. I am going to have tables and policy. So the work I'm trying to do is I am trying to figure out which areas of international law or international relations policy making could be useful for the challenges that we are facing. I amming if to focus on cyber security, as you will see I tend to extend that, expand that to all Internet governance. The public core of the Internet is a political science concept. My colleague Denis brothers deals with notions such as the global public comments, there is a paper that you can read, I have the attributions in the presentation itself if you are willing to download it and look into that. So we have those non‑enforceable policy concepts. It's not international law but policy making in the works, you would be referring to certain concepts that are out there trying to figure out what are the common goods, what are the shared values and the measures which we want to use in order to protect them. And those policy concepts have been translated on to enforceable norms that are recognised within international law. The favourite analogies there are international spaces, so again, maritime law, open sea you could also look at the outer space which is supposed to be safe and not used for military purposes. Those are interesting analogies if there are questions I will be happy to discuss the challenges that we would face using those in one to one ratio. We have laws on critical infrastructure protection as Chris briefly mentioned, the NIS buildings on critical infrastructure protection so we have certain norms and the framework that surrounds them that deals with the very challenges I am trying to address here as well. But there are other areas of international law that we could derive from. In the work that was done for the strategic studies and the global Commission on the stability of cyber space, me and my colleague professor Ralph Weber, we looked at international law regimes. All of those have a few shared traits that I will discuss on the following slide. But as you can see here, they also share one very common element that we see also in Internet governance. They require a strong input from non‑governmental parties. My favourite ones are international liability and environmental law but also international trade law. When you look at those areas you will see standard setting forums, for organisations just like this one or these represented in this room that help in international law‑making. I believe that those are all the lessons that we can take into Internet governance. There are four shared principles that I believe hold a lot of power, a lot of information, a lot of knowledge that we could use for Internet governance as well. Some of those are easier to apply, I think that would be state responsibility like with those hack backs for example, due diligence, I had the opportunity speak on that during my last visit to the RIPE meeting. Sovereignty and jurisdictions are swamps, it's very easy to fall into that, they are very complex but they are out there and that is something that we could easily use. We try to look at various venues that might help us make those principles applicable. The RIPE community is one of those, this was raised by Constanze for example, there are many forums that these issues are being discussed. The work that we is it was sponsored by governments, by the Dutch government, was targeted at government agencies as well. I know that this slide is probably going to be most interesting and I am certain that you are going to say some of those axis should or should not be in the places that they are. We try to look at different venues for Internet public policy making, we tried to look at them according to various characteristicsment if this was the a box ticking game ICANN would probably win. There are many more venues, native very strong on cyber security, nothing to do with multi‑stakeholderism, the ITU that holds a lot of potential for Internet governance law‑making is also not multi‑stakeholder, despite of how we with a want to look at it. So we get all those different venues, like Olivier said, there are silos and the dialogue between them is somewhat limited, that is part of the reason I am here, I wanted to show you some of the policy making ‑‑ cyber security norms, due diligence norms and hear your feedback. There are three recommendations ‑‑ five minutes ‑‑ I am sure that is doable. So the first one is, as already emphasised in the previous presentations, a need for enhanced cooperation. We might think of a new forum for developing Internet governance norms, standards but I don't think that is feasible or possible at this point. The only way to do is to enhance the dialogue so the lovely work that work is doing in inviting for example like us to a very technical meeting that we have trouble following with all the acronyms but I do know what BGP is thanks to lovely colleagues in this room, I learned that. I shouldn't say that. I should have known that coming here. But I know it now so that is good. So there are different forums discussing the same issues from very different perspective and I think it's important for us to stay in such.

Again, being an international lawyer, I should say well that is easy let's have a treaty and I have been advocating that, we should have an Internet framework convention and put it down in writing and force it, case solved, isn't it? That would be so cool. That is one of the options. But I don't think it's going to work, at least not soon. I think it's coming in 10 or 20 years but not coming soon. I think we might want to think out of the box, what we might want to do is invite, include ICANN or IRS into the dialogue, we might want to use the compliance mechanisms that they have to introduce certain security measures, cyber security measures if you will, standards, this is what the NIS directive is building upon as well, there are going to be community standards that will be enforced by‑law. So looking at international standards setting or norm making in another way I believe has a lot of potential.

And the last recommendation, there is a lot of talk about norms, especially young scholars are coming up and saying we don't have have norms, IETF ‑‑ ICANN does to some extent could be used to put more precision into international law regulations. So I think law ‑‑ norm making has tremendous potential but we need to make sure that the exchange of information is there.

All of that work contributed to the public core principle that has been declared by the global Commission on the stability of cyber space, they kindly agreed for me to share that work here and I am sure they will appreciate your feedback, I will be happy to get you in touch with the folks that are behind this initiative. So the global Commission on the stability of cyber space proposed the public core principle, a norm. You can see all the references here also to the public core study by Denis brothers. That is the principle, that is the norm, soft law if you will, norm that they are proposing. Which indicates that states but also non‑state actors should not conduct or knowingly allow for activity that intentionally or and substantially damages the general availability or integrity of the public core of the Internet, and therefore, impacts the stability of cyber space. What is the public core? We had surveys, we looked through policy papers, we tried to identify the NIS directive as crucial resource. That is a suggestion. I am sure you will have comments on that. I will just leave that out there. But it should be developed through policy and dialogue and you are more than welcome to contribute to that, the whole report is visible there, so the global Commission published their reports, again it's all in the presentation. And I'm almost on time. Thank you so much. If we have time for questions I am happy to take those, I presume we do not but I am around all day today so you are more than welcome to come up and share your thoughts.


CHAIR: Looking at my watch we are tend of the session and running into the coffee, there was one request for any other business. So go ahead.

SPEAKER: Alexander Russian Internet protection society. So since it's recommended before starting draft pour policy to discuss it at relevant Working Group. So maybe you know that the Russian government and law enforcers since 16th May made a great disruption to Internet connectivity, and I feel that we need to start to discuss something like if not ‑‑ down policy but anti‑Internet connectivity breaking policy. But such things are happening in our region and, well, it might be interesting, so if you feel that it might be discussed or you feel it should not be discussed on such proposal should never appear ‑‑ reach me, we will discuss it. Thanks.

CHAIR: Thank you. Anything anyone feels they really want to bring up before we close this session? If not, thank you all for coming, especially for the first morning session. I hoped you enjoyed the programme and see you next time, thanks.