IGF 2016 - Day 2 - Room 1 - ORGANIZATION OF AMERICAN STATES

 

The following are the outputs of the real-time captioning taken during the Eleventh Annual Meeting of the Internet Governance Forum (IGF) in Jalisco, Mexico, from 5 to 9 December 2016. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

>> BELISARIO CONTRERAS: Good afternoon to everyone.  My name Belisario Contreras, I'm with the Organization of American States and I'm joined by my colleague who is one of the officers at the programs at the OAS.  Actually we have the pleasure to meet with the Rapporteur of freedom of expression at the Dominican commission of human rights, as you know the ICHR.

Thank you, thank you very much, for hearing us today, in this forum.  We want to start with the presentation about what we do at the OAS and security issues and we want to be somehow quick on this.  There are multiple slides but then we want to try to engage in a dialogue with you, try to answer questions about how we work, how we do our work, and maybe actually we can clarify doubts about how the commission works and how the issues of privacy and the freedom of expression work, which are very close to cybersecurity.  You saw this claim, of course, all of these presentations, it does not necessarily reflect the views of the general Secretariat, nor its Member States, nor any of the organizations that we are going to be mentioning here.

This is a little snippet of the organization.  We operate on mandates and also what we do is we try to increase our security capacities in the O.AS Member States that means in both government, private, civil and other areas.  We want to show a couple of reports actually that we have prepared with the private sector.  These are a couple of companies.  We started working on this in 2013 and then we prepare a couple of others, 2014 and 2015.  And this year, with the partners being like the University of Oxford, we release major report on the reality of the region.

We have several indicators.  Most of this information came from different parties.  Actually, we gave credit at the end of this report and we invite you to go to the website of our security observatory, the observatory, where you can find most of this information.  This is how the report looks.  One important thing is we, as a ‑‑ the general Secretariat, we understand we are a very political organization.  We didn't want to go through an index, that's actually one of the major issues of operation with Oxford and we decide, there's five dimensions.  Legal frameworks and technologies.  And then actually we wanted to go through five levels of maturity, and, again, we didn't want to say, country A is number one, and country B is 32 in the region because we doesn't find that that much value on that approach.

We recognize that although the regions may not be totally prepared to face several security issues, there have been some advances in certain countries in the hemisphere.  And this is kind of a snapshot on how the region looks on the different ‑‑ the different dimensions.

There are several challenges that we found.  For example, 25, 30 countries, they don't have to national strategies or national cyber plans or security plans or whatever they may call it.  Most of them, they don't have identified the key elements of a national critical infrastructure, simple things like utilities, communications, transportation, which are fundamental for the day‑to‑day basis for the sustainability of the democracy.  And actually, we were in Brazil last week, and talking about cyber.  There was a meeting on human rights.  They provide for the fundamental rights.  And so it's really, really relevant for us to point out this.

Many of the countries were recognized that they don't have a coordinated or a common approach to promote cybersecurity awareness.  It doesn't mean that there are not efforts to promote cybersecurity through the population.  What we want to say is that the efforts are in silos.  They are not coordinated or national coordinated campaigns.  They are really good examples in this countries where government, the private sector and the civil society and academia, they work all together to promote a common ‑‑ a common approach or a common message on several issues, and the majority of countries that this had happened.

What are we doing?  This is the five major areas of the work of our cybersecurity program.  The first one is national strategies.  The second one are training, worship and telecommunications, cybersecurity exercises, development of national certs and awareness raising.  The OAS, we operate based on mandates.  Back in 2004, this was a cybersecurity strategy that was adopted by consensus on all Member States and since then, there have been several declarations that have been adopted by ‑‑ by the Secretariat, against the committee where we are located.

Recognizing the importance of cybersecurity issues, there are two other arms at the OAS that work on several issues.  One is the meetings of ministers of justice.  They focus on promoting legal tools and more on the telecom side.

These are the national strategies that have been adopted, Colombia through that panel and Jamaica and this article right now are under development.  There are different challenges and different times and, of course, we need to recognize that the pace of this country's to move on and to adopt the central strategy and actually other processes provides, depending on different ‑‑ on different aspects and different factors.  It's an increase number of opportunities that we are doing.

This year was an incredible year for us.  We want to recognize that all data, our donor countries like Canada, United States, the United Kingdom, are making possible all of these activities.  This year, actually with the support of the government of Spain is here, we have mentioned an experience.  We had a boot camp, bilingual.  We brought 200 people from different sectors, private sector and civil society, and we are planning to do it in 2017.

At the same time, we actually had an exercise with the participation of more than 23 countries and, again this was more participative.  There were different teams in from different countries and sectors participating on this, with ITU, we had one activity in Ecuador, a cyber drill, but so far we have been working a lot on management as well.

There are 22 computer incident response teams and this year we release a guide on how to establish these themes.  It's available both in English and Spanish.  And we want to recognize, again, that the level of development of these themes go from country to country.  There are 22 incident response teams.  Perhaps the capacity and the level of development of these themes, it will be pretty substantial, and there may be issues where there are only two people.  It's very important to point out this, and it's very important to work with all the actors to make sure that these themes get to minimal level of development.

We are working on a platform that's called CICTE America.org, it's a closed platform for governments and what we are frying to do is exchange information, and trade intelligence on different issues that are happening.

And it's close because we don't want to share with other private actors.  Right now it's in an initial phase.  This is how it looks.  On the awareness raising, well, I mentioned a bunch of reports.  Right now with the government of Colombia, we are working on a study on the costs of cybersecurity threats in the country and we are planning to actually ‑‑ to take this as a pilot and implement in other countries next year.  And we look to develop one education or administration for Trinidad and Tobago.

Right now we are working with the city foundation.  There are four countries beneficiary, Trinidad and Tobago and Colombia are creating cybersecurity.  This is focused on people between 18 and 25 years old.  Young people.  And we are just getting them education on how to get into the cybersecurity market.

The OAS welcomes you and we need your support.  Our Secretary General actually give us instruction of the importance of the civil society and for enforcing the need for the general Secretariat to work more closely with you.  So for those who are interested, there's a link over that explains how the civil society process works.  We will be more than glad to tell you more about this.

This is an event that we had this year, in particular with CICTE.  Some of the accomplishments we don't want to stop here.  Finally in partnership with the GFCE, we want to actually release today and have the opportunity to release the global cyber expertise magazine.  For those who are interested in submitting articles you have the opportunity.  Feel free to send proposals for the next edition.  You can go to the GFC.com, you can propose articles and we invite you to register for the distribution list.

So sorry for taking this time, but we want to tell you a little bit about activities and we will be more than glad to answer questions about this.

>> I want to thank you for this panel and the issues of civil security and human rights and the approach of the special reporters of field expression.

I want to continue in Spanish.

(Awaiting English interpretation).

Okay.  Follow my bad English.  Well, the office of the special reportership, it's an expert about freedom of expression and human rights and we are ‑‑ we are having to ‑‑ or we are into the international commission of human rights.  I know the security issues and the national security issues are an initiative of the state.  And we believe that it is important that the state protect the privacy and the ‑‑ the networks and the security of the CICTE, and this is ‑‑ this is important also for the journalists, the citizens, the politicians and all people that enjoy the freedom of expression.

And our concern about this type of politics or policies, in regards, you know, the ‑‑ to protect the interests of civil security.  This is because, you know, sometimes, it's for the state or for the prosecutors to, you know, make against ‑‑ or have a process against the human right defenders, actors, and about these activities.  And then go down under the umbrella of this kind of like cybercrimes.  This is one of our goals.

And then our standard is like the state have the right to make some figures to protect the civil security and informatics crimes, it's very narrow, the 13 articles of the commission of human rights and the state establish this crime by law.

And then its necessary penalties.

If the right or narrow or border figure and then they have very hard penalties about the initiative of the technology.  And it can ‑‑ it's possible that some activities ‑‑ some of these activities can ‑‑

The second concern about these kind of policies in regards to the surveillance because, you know, for instance, the freedom of expression, it's necessary to have ‑‑ you know, privacy environment to protect sources, to protect the information that ‑‑ you know, the activities or the journalists, it's doing.  And then we have some notice of the civil society that some state, you know, by some kind of tools for the server that perhaps are in ‑‑ well impressive to have an initiative and this kind of ‑‑ it goes to the right of freedom of expression.

And then this is the approach of the office.

>> Well, I know that our presentation was a little bit fast, but I just want to, like, leave an important message before we open to questions.  For us, with truly believe in our project, in our program.  We truly believe in multi‑stakeholders and participation.  As you can see, we partnered with different sectors.  We partnered with the NGOs and academia, the government to develop those different policies.  And we did this ourselves and every time that we go to a countries to help countries to implement a policy, we try to bring this multi‑stakeholder partnership as well.

When you goes to countries you try to facilitate discussions and try to make sure that this model is improved also.  And here I think the idea here today is also to discuss with you, if you have ‑‑ well, first, if you have any questions about our program, we can go through the presentation and discuss more in detail some of the policies that are implemented but also it will be really good to hear from you also how we can improve this model, how can our cybersecurity program make sure that more people is involved and we can so ‑‑ so it's really an important opportunity to be here, to make sure why our project, we decided to come here to the IGF this year.

>> BELISARIO CONTRERAS: So we would like to open the floor and begin an interaction with you.  Do you have any comments or questions about the specific activities, please.

Anybody in English or Spanish.

>> AUDIENCE MEMBER: Good afternoon.  I'm from Colombia.  I want to ask two specific questions.  What is the specific actions with the multi‑stakeholder model to discuss cybersecurity policies in countries because Colombia's example is not the best on participation from civil society.  We have to try to push very hard to participate in the ‑‑ in the development of the policy.  So that's first question.

And second one, what is the specific themes you are trying to move or develop on cybersecurity agenda, not just the broader term of cybersecurity, but specifically ‑‑ specifically what ‑‑ what parts of the strategy you are developing.

>> BELISARIO CONTRERAS: On the second question, on the specific things?

>> AUDIENCE MEMBER: Yes, the lines of work on cybersecurity you are working on or trying to develop on the countries.

>> BELISARIO CONTRERAS: So first thing and actually, we have a representative from Colombia, and maybe bell give him the chance to take the floor a bit, but not just for Colombia but for other countries usually when we go to a country, we ask them to involve a variety of actors.  First of all, for the OAS, the academia and the other community, we know that actually in the Internet world, academia and the technical community are ‑‑ actually, we usually try to involve NGOs and technical communities and involve academia.  Actually, because all of them have a ‑‑ have a special role.

Of course private sector actors are fundamental.  They own the critical structure.  And without them, you cannot ‑‑ you cannot do anything.

And actually, we highlight that this is not a role of one government, but there should be an interest agency process.  What we have found in many countries is, of course, most of the strategies are adopted by executive orders, decrees, and there are certain obligations that decree, the executive order that can give it to ‑‑ to certain private sector or civil society organizations.

So this is something that we have dealt with and it's very difficult for ‑‑ for the ‑‑ with the participatives.  From these side, from the general Secretariat side, a release actually to be facilitators, and to try to make sure that when we go to a country, all the parties are involved.

In specific countries actually, what we try to do is sometimes we send the documents to the commission on human rights, and we told them, can you please provide some ‑‑ some comments and I should not use the commission on human right.  They are gender issues that needs to be addressed in the cyber world.  We were discussing this before the panel start.

So we tried to gather these comments and send them to ‑‑ to counterparts, to a state.  I'm not sure if we are fortunate or unfortunate, the OAS is not a positive organization.  We cannot impose the state or the government to take on all those recommendations.  Sometimes we wish that we can do that but we are at the service of our Member States and we need to recognize that we are international public servants.  That's our role and it's important that you understand the role of the Secretariat.

On the specific lines, well, we can go back to the program and we are working again.  There are several different areas of action.  We can accept Oxford and the IDB, we have 49 specific things that needs to be improved.  We can say that we want to improve had the level of maturity of our Member States and in two years see how effective our action has been in those countries to those familiar areas that we have already mentioned.

I don't know if you want to add something else.

>> So about the first question, about how do we ‑‑ what have we been doing to address the multi‑stakeholders.  From our experience, it's actually a learning process.  So we talk about multi‑stakeholder participation and even countries, I think that already have this ‑‑ a little bit of more consolidating their strategies, it's interesting when they reveal their strategy, we realize there's a multi‑stakeholder, what are the roles of different and multi‑stakeholders and for us, this is a learning process us for us as well.  We have four national strategies in the region and Colombia and receiving ‑‑ and we can see from 2011, and this one now in 2016 that we have more of this language, of a stakeholder and you will create mechanisms to this.  It's a learning process.  Sometimes understand that, phew, it takes a while, but it takes a while not only Latin America, but the entire world is struggling.  We tried the roles.  How will be the formulation process of the strategy and later how you are going to be involved in the implementation of it?

And to be quite honest, I'm open to suggestions.  We improve in every experience that we have, in each country.  I'm proud to say that the next country we go, it gets better.  But, of course, we have a lot of room for improvement, and actually being I'm open to suggestions here and how you think we could do this, and that's something that we have been discussing, one of our potential projects is actually trying to come one some best practices.  We have been discussing this a lot.  It's important.  It's a learning process.  And we are trying.  And making sure we are involved in the discussion.  We are an international organization and our role as facilitators and we try to balance the discussion and, well, I think that' the main message.

>> BELISARIO CONTRERAS: Thank you.  You know, I feel like we haven't dealt with the world participation in the civil society in these issues.  This is not an excuse but, you know, sometimes the realization that we are in the same building but when I was appointed two years ago, we don't have, you know, the facilitator coordination of these policies, no?

In human rights and civil security.

Even in the American commission of human rights and the office, promotes some public hearings about these issues and many, many of those issues come to the commission to put in place of the situation, and in cybercrimes and which countries.  So perhaps we need to, you know, have more discussion, more dialogue, and multi‑stakeholder discussion about these policies and the impact on the human rights and the world issues.

Also, we have one office.  We have five, six people in the freedom of expression Special Rapporteur, and sometimes when you send me like, this is a draft policy of this country and I do have ‑‑ you know, I do have the human service and the funding to, you know, put a lawyer or two weeks to study in deep form with these and ‑‑ in the case of Colombia, we send comments and questions to the state and we try to work there.

But I assume that I think that perhaps we need to have a conversation about what kind of mechanisms we can bridge between civil society, and to ‑‑ you know, to have a role about this.

>> BELISARIO CONTRERAS: And before giving the floor, one minute.  We have approached different organizations, and we tell them to maybe have a mail that we can send to you, and tell them we are going to country X.  We would love to do that.  We are organizational of the country.  And we ‑‑ I was really, really happy of the reception of the organization, because I send the person an email.  I say this doc and we were able to clarify, and actually we work more closely with the organization.

I think the fact that you are in the process, in all the process, not user policies, the trainings, the reports, brings more legitimacy to our work and to the work of the government.  So we ‑‑ actually, that's why we wanted to actually open this dialogue with all of you.

So you and then the other gentlemen.

>> I'm with the ministry of Colombia.  You took the words out of my mouth about this kind of process, I don't want to ‑‑ to make line a public discretion about the process of the planning and development of the policy, but one true thing is that in Colombia, we try to do the best to have the inputs from several stakeholders, but the problem is that some of those stakeholders doesn't understand which is the dynamic inside the government to do the ‑‑ the discretion policy.  It's very difficult discretions of the government, because there are many agencies that have some kind of responsibility.  So we need to put all together to have and to find like a point of counter to ‑‑ a common denominator to discuss on this, and we try to do that.  Even we have all the comments and input and feedback from the international organization from civil society, for academia, and what we do is we put it in a spreadsheet in a ‑‑ and we publish every response to any comment we got about the document because I think it's respectful to give that to people.  What is the perception of ‑‑ and the response and apply for any comment.  So the thing here is that we need to understand the economics inside the stakeholders in the work of every stakeholder in this kind of discretion.

We need to work closer with these stakeholders but the most important thing is to have, like, the instruments in the implementation stage to ensure that this will be ‑‑ do it with them.  And I think that in the case of Colombia, we are planning to have redefined set of policies.  The stakeholder to reach the multi‑stakeholder approach that we are looking for.  So that's ‑‑ that's the own thing I want to highlight and so the discussion will be, of course, when we start the implementation, when we go deeper in of the topics of the policy, but I think that this kind of discretion is very important to have a good policy.

(Awaiting English translation).

>> Is this any other question?

>> AUDIENCE MEMBER: Yes, good afternoon.  Catherine, coming from the Dutch delegation of the IGF, and also the Hague University and women's cybersecurity.  I'm looking forward to ask you about the Budapest convention.  The Budapest convention has been signed already and actually, there has been some states from the Organization of American States that have also ‑‑ have been invited to accede to the Budapest convention, so the‑called cybercrime convention.  I wondered to what extent ‑‑ I have two questions.  To what extent is there any upcoming new accession from any states from the Organization of American States and to what extent before this is making even more bridges between the consul of Europe and the OAS.

>> BELISARIO CONTRERAS: It's an observer to the TCY, which is part of the convention.  We were attending the Council of Europe, we were attending the Convention a couple of weeks ago.  It's a close partner of the OAS.  We have organized several activities together.

I can tell you Chile approved the convention, it's now pending approval for the President of the Republic and so Chile will be the next one.  There are a number of countries, actually this morning Alexandria, the IGF which is the secretary of the convention was saying that there are around 10 countries that have representation.  They are pending for ratification.  Of course, the process is not easy.  And as I was mentioning on the process of the government, we had a ‑‑ actually the process of developing legislation and adopting a convention, it's actually ‑‑ it's quite difficult because it involved several issues that they are of importance of a state.

So it's a very complicated matter.  It's of course very important to have international instruments, but there needs to be in each country a dialogue and an interpretation of the importance of that instrument.  And actually, to clarify, there is another entity at the OAS that works on the tools and there's a specialized entity that has the knowledge.  If you want more information, glad to ‑‑ glad to put you in touch with our colleagues at the COE and the legal administration that can provide you more information about the Latin American countries.

>> AUDIENCE MEMBER: Thank you very much to the panelists for this presentation.  We think that it's good to have this contribution, because in some ways we were learning that some countries may have in the area of service security, but first of all, before going to the matter I wanted to raise here, I would like to share the issue that has been raised by Cuba and I would like to also record that Cuba is presently also a member of the UN treaty.  So I'm sure we would have a lot of input from them in the discussions.

And the mandate, is to wrap a final report in the end of 2017.  So I'm sure that there will be no new elements to ‑‑ to ‑‑ to understand what are the efforts under the umbrella of the UN in this respect.

But the matter I wanted to raise here is concerns about the report that you have issued recently, and the type of service security.  Are we ready in the Caribbean?  I think this report is very important and very informative.  And one the conclusions that you have in this report and it's also included in this magazine that you have been distributing today, is ‑‑ it's concerns about the level of trust that citizens pay have in their government.  I think that the conclusions that you have reflected in this magazine are really relevant to know what could be the kind of assistance that your limitation of American States could give in the area of any government.  Because according to the statistics that you are publishing now on page 14, one of the conclusions is that 87.5% of the 32 countries that have been analyzed have an assess level of maturity of one or two out of five and this means that there are a number of states that possibly would be in the position to ask for assistance coming from the states.

So my question to you is the following:  We know we have this possible scope of assistance, but at the same time, have you been receiving requests from a number of countries and specifically we do not mean exactly which country.  Have you been receiving requests in this area.  That in some ways is very important.  Also in the area of human rights, because it is important to consider the ‑‑ the access of citizens to the ‑‑ to the government institutions in terms of this kind of research that they may have, also a matter of human rights.

Is it possible to have some input in this respect?  Thank you very much again, for your contribution in the discussion.

>> BELISARIO CONTRERAS: Thank you for the continued ‑‑ for the continued support.  But in terms to the OAS, it's really important observers for their organization.

There ‑‑ and I say the organization is really complex.  There are tired mandates and I show you one of the things that we proposed, they are in the initiative that we presented to the GMC for egovernance.  That was one the issues that we identified as a priority.  At the OAS, there is a specialized area of effective public management and actually last week, that was the meaning ‑‑ I will tell you that there are many requests and many level of needs in a variety of countries special requests in the Caribbean and central American countries on ‑‑ on government and cyber issues.

What was mentioning, for instance, it's very difficult, of course to respond to all of the requests we receive.  We receive requests every week on a variety of issues but we have several limitations human resources and financial limitations our ability to provide technical assistance is very limited and we ‑‑ we need to actually try to prioritize on how we provide that support.

Again, there's a specific area, we might have to go, to get help.  You can go to the red hack and you will see the e‑Government process and actually, on public procurement processes as well, that you will find more information on this.

Yes, there is a lot of need on ‑‑ on these issues.

Before I forget about the ‑‑ in the last American sum summit, there was a special declaration on cybersecurity by heads of state and we invite for you to look at the American portal.  This is a recognition of all Latin American or all ‑‑ the importance of cyber issues on CV Ms and actually in the last paragraph, we are very glad that there was included the importance of working with existing regional processes because open the door for our organization and other organizations.

>> I want some information about the human rights we have a strong policy in both the access of information rights.  I think that the number of the commission with human rights and it's very, very critical in the center because now we have 27 ‑‑ 25 countries that adopt access of information around the region.  The commission of human rights, some cases they go in the decision, and it establishes it to consideration ‑‑ it's autonomous rights.  Recently the ‑‑ you know, the court last year ‑‑ last month, I'm sorry, it's a standard that ‑‑ that five, 26, the Dominican code of human rights with regards to its citizens.

Then also the department of international ‑‑ into the Human Rights Commission, into the American rule and examination, and a model of the access of information, it has had a broad impact, also in this kind of law and also the institution to enforce it, for access of information and now the right to the progress.

>> BELISARIO CONTRERAS: Any other comments or questions?

Okay.  Good.  So we are on time.  I think we can adjourn the session.  Our sincere gratitude for taking your time, for this interaction.  We really appreciate it to have this opportunity to engage with you, to clarify things and we invite you to send us an email and we look forward to working with all of you.  Thank you very much for your time.

(Applause).

(End of session 5:57 p.m. Central Time)