IGF 2023 – Day 0 – Event #107 DNS: Foundation For Safe, Secure And Interoperable Internet – RAW

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> ‑‑ they have different internets and basically we have no global internet.  Now when we talk about internet, like I mentioned, we are very excited about a lot of new things like artificial intelligence.  That's the main buzz word of today. 
(Captioner assigned to caption on Zoom and setting up on StreamText)

These potential new technologies that may change our lives will impact ‑‑ will be impacted.  So the ability for new innovation might be limited and restricted.  So something for us to think about. 
    Now, moving on to similar thread we need to talk multistakeholder.  All coming together and talking about how can we further improve the internet or resolve the issues that we face? 
    Remember, the identifiers, each category of identifiers are managed by a different organisation or platform.  Platform may be a better word to call it. 
    In the space of domain names, it is by an organisation called iCANN, the international ‑‑ David and I both work for.  In the space of IP addressing, how IP addresses are distributed in the regions this is managed by regional internet registries.  In the Asia‑Pacific region, it's managed by APNIC.  With protocol parameters, what should be the size of the packet?  How large should the packet size be?  IP version for addresses have run out.  What's the new version that we should think about for people to come on?  These problems are called internet standards.  And they are managed by the internet engineering task force which they will talk about as well. 
    So all of these three organisations or platforms are open for any person who is interested to participate.  And they are governed by the multi‑stakeholder model. 
    I'll take the next moment to talk about iCANN and what we do.  So for iCANN, our role is to coordinate the identifiers.  And we do touch all of the domain names, IP addresses, and protocols in some ways.  So briefly explain this.  In terms of domain names, I mentioned iCANN is the platform for community members to discuss the evolution of domain names.  One example is today if you want to buy a dot‑com domain name, it's saturated and hard to buy. 
    My friend he went to a website and went to buy his own domain name but Marcos go, is already bought.  So he doubled the length.  That's funny.  That talks about the saturation of that space. 
    The domain community in iCANN decided we should avail more top level domains for people to use.  So in 2012 the domain name was expanded.  You can have dot London, dot Paris, or in Chinese Arabic or scripts.  That's the expansion of that. 
    Anything to do with domain names policy is discussed at iCANN.  For iCANN we also coordinate through another function within iCANN, IP addresses, basically the function allocated IP address to the internet registries and distribute it further. 
    In terms of protocols, the function which is in short is IANA is the central repository for protocol registries.  So when the IT decides on the new standard, the IANA function within iCANN records as the standard and referred to each time. 
    So that's the other part.  When it comes to IP addresses and protocols.  The IANA function also assigns the top level domains into the root.  So it assigns operators of the top level domains.  Dot‑com, PRR for.org and so on.  IANA has that relationship.  Even for the countries IANA is the one that assigns the operators.  For Singapore, IANA has that relationship with SGNIC. 
    These are wordy slides, so bear with me.  The current issues with iCANN when it comes to domain names has a direct relationship with the issues you're concerned about.  For example, in cybersecurity, everyone's concerned about cybersecurity today. 
    So the community as a whole talks about this cybersecurity issue from another term called domain name system abuse, DNS abuse.  Over the past years, various groups and stakeholders, including governments, have been calling on iCANN to do more to combat DNS abuse. 
    And this conversation has reached a very good outcome.  So in late 2022, registries and registrars who have a contract with iCANN, they propose to update the agreement that they have with iCANN to specifically include language that helps them combat domain name system abuse.  It's defined better today.  A few years ago we were thinking about how to define it.  DNS abuse now means malware, bot nets, phishing, farming and spam.  Spam serves as a delivery function for other forms of DNS abuse. 
    So these categories are categorized under DNS abuse.  And when governments are concerned about DNS abuse or cybersecurity, this conversation is something that they are part of. 
    Now another area would be data privacy which is also among policymakers and regulators are very concerned about.  This is a topic that's been discussed at iCANN for a number of years now. 
    It started off with the European general data protection regulation or GDPR.  There is a registration data lookup system.  Basically, it tells you who is the registrant of a domain name.  Who bought the domain name?  And cybersecurity law enforcement agencies use this system to fight cybercrime.  Because if illegal pharmaceuticals or child pornography, the law enforcement agencies uses the who is system or registration data lookup to find out where is this registrant a based in so they can look for this person straight away. 
    With the data privacy regulation, all of the personal data, contact name, the home or email address, phone numbers have to be redacted.  And as a result, law enforcement agencies can't use information anymore.  And they have to individually ask registrants for their information. 
    So this became a challenge.  Because on the one hand we have to protect data privacy.  But on the flip side, how can law enforcement then do their work properly?  So it became a conversation that happened at iCANN.  And, again, after a few years the iCANN community agreed to launch a request service.  Basically it's a centralized service that requests, law enforcement agencies can go into the system and request information for whatever website they're look for.  And the registrars on the other end would feed information accordingly in the system. 
    Right now the problem is law enforcement agency or even Interpol, when they need information about a website, they have to write individually to a registrar to get it.  But when they investigate, they usually investigate domain names in thousands.  Do do they right a thousand emails to ask for a thousand websites?  It's challenging. 
    Having a central iced system allows for that convenience so that law enforcement agencies no longer have to write to registrars individually. 
    Now we have ‑‑ we are in the midst of launching the pilot system.  And right now in September, registrars are being onboarded.  In November, we would like to invite law enforcement agencies, cybersecurity professionals, even IP attorneys to come on to the system as well so they can use the system to get information that they need. 
    So the more people that join this system is called the Registration Data Request Service at the bottom of the slide, RDRS, Registration Data Request Service.  The for that use it, the more data we will have to improve it.  Coming from wherever you are in the world, we invite you to encourage your law enforcement or cybersecurity agencies to join the RDRS system. 
    So if you'd like to find out more, reach out to me after this session.  We would be happy to answer any questions. 
    That covers the few points I have.  Looking ahead, there will be many more issues as we use the internet more and more and how will they affect the function of the internet is something all of us different stakeholders have to come together to work on. 

(Applause)

>> MODERATOR:  Thank you.  So he told us a lot this morning about the domain name system and how it allows us as humans to use words that we understand semantically in order to reach sites. 
    The funny thing is, computers don't really use those names to communicate with each other.  When computing talk to each other, they don't talk to each other via the domain name.  Instead, they talk to each other via their IP addresses.  I'm David.  This is PAP.  Jiran, that's how we talk to one another.  Behind that is the fundamental system of communication upon which the internet is built. 
    Yes, sir, can you go to the microphone so others can hear you? 

>> AUDIENCE:  Good morning, everybody.  My name is (?) from Nigeria.  I'm a legislator.  As you were speaking, you know we're aware of IP spoofing.  IP spoofing when you start talking about artificial intelligence, I see some areas of concerns.  Because let's say, for example, I'm to use my voice to activate a bomb, as an example.  And the name of the bomb says, Chong and Chong is listed in about five different countries.  Which one ‑‑ I could actually spoof the IP of the one in Nigeria or the one somewhere around the world. 
    Because the majority of the vulnerabilities that we have today is all around IP.  People masking names and masking IP addresses for vulnerabilities.  So what are we doing in terms of those areas?  Thank you. 

>> DAVID HUBERMAN:  That's a wonderful question.  Thank you for asking.  So we have been building this type of security to fight exactly these types of issues into the routing system.  Pablo is going to talk about the regional internet registries with the IP addresses that they run.  One of the things that Pablo's organisation is in part responsible for is helping secure routing so that IP spoofing is less effective and one day ineffective.  Because we're able to use signatures.  We're able to use security features to verify that the IP address you are pretending to we can see it's not your IP address.  We're working through protoll development and operations to provide more advanced security to address issues such as this. 

>> AUDIENCE:  Thank you for this opportunity and discussion.  We started in Nigeria for Africans Internet Governance and African Internet Governance Forum room and in Tunisia.  Here the discussion has become very interesting. 
    Now, I wanted to ask a question from the introduction.  You talked about the beauty of the internet.  Nobody has singular authority or control over it because there are so many actors on the ability of the internet. 
    But I'm wondering how if it is a multistakeholder platform that everybody is on board.  And then a single entity would put it off one day.  How possible is it?  By shutting down?  Thank you.

>> Thank you.  So in the space that I described in the domain name system, so if we are using the same set of identifiers, basically no one organisation can block somebody else in that sense, in the sense that dot SG or CN, et cetera, will always exist.  Because right now it's managed by iCANN as an organisation.  We are nonpolitical organisation and neutral.  So we provide that a global service to everybody. 
    Now, there is a separate layer which you can go up a little bit which is whether you can get content in another country in terms of internet shutdowns.  That is a different layer from the Domain Name System.  If you're talking about that area, you can then use blocking methods to block your citizens from being able to view websites to enter your space.  You have to work with your internet service providers within your country. 
    They happen in different layers.  The thing about the Domain Name System layer, which is what I was describing, it's really different stakeholders all coming together and being a part of it. 
    That's why we talk about as long as we have ‑‑ we are using this DNS, we're using one single internet.  If somebody doesn't want to be part of it, then they have their own set.  And the existing ‑‑ actually, systems they are not part of the global DNS that we have today.  And they actually ‑‑ they do exist.  And we just call them intranets or other systems that they are using. 

>> DAVID HUBERMAN:  Yes, please. 

>> AUDIENCE:  Hi.  Thank you for the presentation.  My name is (?) from Member of Parliament from Egypt.  Actually it's very tricky when we say that we will prevent people from hiding their IP addresses to prevent the phishing and the electronic and all these things.  At the same time in a lot of dictatorships, as you said, and the already block some websites.  So people have to go through VPNs and hide their IP addresses so they can actually access these websites. 
    So it's very complicated.  We need, of course, a safe environment, a safe internet.  But at the same time we need it to be ‑‑ it cares for the human rights and encourages the democracy.  So how can we solve this equation?  Thank you. 

>> DAVID HUBERMAN:  (Microphone muted) this is getting much more interesting, what my presentation was going to be about (Pablo) if you don't mind, we'll expand on these relevant questions.  I do think there's a lot of value to explain different layers and different technologies and different solutions and different challenges that are yet to be addressed. 
    So when the honorable Member of Parliament asked about IP spoofing and questioned the different problems recognised through voice recognition or there catching terrorist attempt on time.  Right there in those series of sentences there were technologies that could have been used or misused in order to achieve bad behavior or crime eventually. 
    So something that always is done in incident response or incident mitigation, the first thing is to know what technology's being used how and who is doing this, right?  Eventually, what you would like is to arrive to a solution.  So starting with IP spoofing, IP addresses ‑‑ I was going to talk a little bit about that ‑‑ are not necessarily relating one‑on‑one to individuals.  They are, yes, almost more than half of the individuals in this planet connected to the internet.  There are many more that are still yet to connect to the internet. 
    But there are many more devices connected to the network that actual individuals and IP addresses, IP numbers are for all kinds of things and devices that are connected to the internet. 
    So there could be around 25 to 30 billion devices right now connected to the internet.  And only about, what, 4.5 or 5 billion individual users there. 
    By the way, the protocols that Jiran are talking about, they're interested.  Because at the beginning, the addressing space of unique numbers was only 4.2 billion unique addresses.  So there are not even one address per one device connected on the network right now.  Actually, there is.  Because a solution has been found many years ago to a different, much larger IP address base.  So obviously when you're talking about IP spoofing or what is happening, you need to know whether it's IPv4 or 6 and how it's being done.  In terms of spoofing again, the IP addressing system works from like very, very big blocks of numbers, the whole set of address space, IP V4, 4.2 billion addresses or 6 which is a trillion over trillion unique numbers space. 
    With that enormous pool, that is sort of divided, let's say, at a very large continental level, particularly five.  Five regional internet registries.  And these are five different sets of communities and different organisations that basically allocate very large blocks of numbers to networks. 
    As you know, the internet is a network of networks.  There are, what is it, around 80,000 autonomous system numbers which are autonomous networks interconnected?  And there are how many prefixes?  1.1 million blocks of or little chunks of those IP addresses. 
    And those are assigned to those networks, autonomous networks.  And those networks that operate in the public and private sector, et cetera,et cetera, then there are subnetworks et cetera, et cetera.  It is very, very down the stream where you can pinpoint an individual to an IP address.  And it's not usually a one‑on‑one relationship. 
    So the issue mostly is to keep the registries at the upper levels accurate in the sense that they relate to the networks that operate those addresses.  And those networks will assign those numbers to the individuals.  That's where the problem of spoofing might happen. 
    Also, as Member of Parliament from Egypt was saying, there's also an element of virtual private networks or VPN and how they're used, et cetera, et cetera.  Those are also other technologies that do not reside on that level of addressing that we're talking about. 
    Then for voice recognition, I cannot even start how that technology works.  But I want to finish that answer with, as David was saying, there have been enormous efforts to add encryption into the DNS and into the routing configuration in order for certifying and be more sure that the networks or organisations that are using those set of addresses or those registries are the ones that actually are authorized to do that in order to prevent misuse, et cetera. 
    Would that help in terms of beginning to answer this?  Then I can run a little bit of the presentation that I have to summarize some of these issues.

>> Just to add what Pablo was saying.  I think the key message really is that there are many different layers of when we talk about internet.  It's important to know the technology involved in that particular aspect when we think about it.  So VPNs, for example, is at another layer or blocking off websites is a different layer.  When we think about regulation, to understand the target of the regulation or the law that we are making is directed at that particular layer. 
    Because earlier one lesson we learned was the intention of the EUGDPR was targeted at the content side of things.  It was very obvious and regulators mentioned the targets were Facebook and Google.  That was their target.  The unintended consequence of that legislation actually hit the technical functioning of the internet. 
    So the same colleagues in Europe who are fighting cybercrime can no longer use the system on the regulation side that worked on data privacy.  The message is as we use internet more and more, there will be more aspects that the will cross into each other. 
    It's important for us as a whole, understand which technologies are involved in which area.  When we think about working on legislation or regulation, targeting these areas, we're more focused without consequences on other layers. 

>> DAVID HUBERMAN:  Please. 

>> AUDIENCE:  Good morning.  My name is Robert from low ga but now a Parliamentarian in Kenya in my row by.  My understanding of the service is may be also abused by regimes which are not friendly to bloggers.  I wanted to know the process.  I don't see the validation.  How do you know a safe request?  Because you can have a police state requesting to know the identity of a blogger and then when you expose the identity, you actually saying that they're executed on site.  How do you ensure that Google request and Facebook request would protect those bloggers and activists in states where they are no so free?  Thank you so much. 

>> JIRAN:  Thank you.  So regarding the Registration Data Request Service and we have an actual expert in the room.  I'll call on you ‑‑ the intention is that requesters, most of them will be either cybersecurity professionals, law enforcement agencies, or IP attorneys when it comes to infringement.  They have to create an account.  And when they do the creation of the account, they have to fill out various information and then there's some verification process. 
    So that's the one side, the registrars on the other side, when they receive the request, they will then respond accordingly.  That process is already done. 
    Right now the issue is that when ‑‑ let's say, I'm a law enforcement agency from Singapore, and I have to write to a registrar who is in the US.  How do they know who I am?  I just put my email and then I have my credentials I put below as a signature.  But there's no way to verify it all.  So that's the challenge. 
    May I give a couple minutes for you to share about the process? 
    

>> AUDIENCE:  Okay.  My name is Yuko from iCANN organisation.  I would like to first mention that this topic will be heavily covered on Tuesday's session.  It is called current development in DNS privacy.  It will be in Workshop Room 2 at 1545.  I will have an in‑depth presentation about this system that we're building. 
    In terms of how do we make sure that the registrant information is not abused or incorrectly disclosed?  It is currently solely based on registrar and registry, the data holder's discretion that we make sure that registry or registrar who were asked for registrant information to make sure that they assess the request in full.  And based on their local law, that they would determine whether to disclose the requested personal information, meaning that they would have to do the balance test as to whether security of the matter at hand and the matter of privacy protection of the individual, such as bloggers that was mentioned. 
    They would have to make that determination.  As of right now, there is no way for us to validate the requester in terms of systematic way of validating, yes, you're from CIA or yes, you're from FBI or you're a police force from this country or that country.  There are no systemic way to validate that.  Although, that topic is in discussion within the iCANN community.  And there could be a future of such a centralized system that could validate the identity of the requester and to accredit them so that the request may take a little quicker path of being reviewed by data holders and whether to disclose the data or not. 
    But that is something in the future.  As of right now, all requests must be reviewed by individual data holder to validate their identity, make sure that they're disclosing the database in the local law.  I hope that makes sense.  Thank you. 

>> DAVID HUBERMAN:  Thank you so much, Yuko.  Pablo, would you like to talk to us a little bit about IP address? 

>> PABLO:  Sure.  Is it possible to show my screen? 
    So I'll go to the basic question about who runs the internet and the possible answers we have these days, which are changing quite a bit, particularly as these guys have become more and more prevalent and more powerful as well.  So there is some places, this belief that the internet is Facebook or the internet is TikTok.  And it's not necessarily so. 
    There is also sort of those big network operators, mostly mobile these days, that are the ones that actually provide connectivity.  So these services are on top of these services, which is interesting as welling.  Obviously, there are many different ways in which you can connect to the internet these days. 
    There are like the fixed networks and there are also the satellite networks, low orbit or geostationery.  I don't know if you have heard about these guys, but they are quite important, because they bring a lot of the content closer to where users are accessing it. 
    So it's a very important service these days.  We have talked a lot about whether States are the ones that run the internet and have power of it or can regulate that, such as, for example, the recent GDPR.  So most of the time when you ask a nontechnical person who runs the internet, the answers are more or less around sort of these box. 
    However, we come a history.  The Internet Governance Forum has been very much of that history of revolution, right?  There is always like this tension between the governments and, let's say, internet giants.  And the internet giants can be platforms, can be operators, can be content operators, et cetera, et cetera. 
    But there are more players in the ecosystem in addition to these sort of version of who controls the internet.  Here is where we go back in time, 20 years ago when the layers were starting to sort of be differentiated more and more. 
    We have the physical layer of antennas for mobile services or fixed lines or submarine cables, and we can see and grasp that infrastructure which usually requires a lot of expanse and a lot of sort of deployment techniques. 
    The middle layer is the one that Jiran and myself were talking about.  For many it's kind of invisible.  It's a later of the technical standards such as the domain name system or domain names and IP addresses.  It's something that if you are not very technical, you don't see very much.  It is a layer that requires co‑ordination at many different levels, geographic co‑ordination but also between different services. 
    The ones that we can see more and more where most of the governance challenges that are being discussed in this forum are now very much on the upper level of content and applications, including artificial intelligence, for example.  These are the things that we grasp more and more as where most of the problems are.  For example, individuals trying to pretend they are someone else, like a bank, and then committing crimes with new technologies in new places. 
    So, as I said before, it is very important that to each problem assign a technology, a layer and my understanding where that comes from, then solutions or attribution can emerge and arise.  Of course, also mitigation before we end up needing, as our colleague said, to find a particular person who commits a crime. 
    Around that sort of system of unique identifiers, this is sort of a different version of this slide that Jiran presented.  There are devices connected to small and big networks.  In order to arrive from one point of a network to another point of the network, a very special sort of feature or the ones that allow for that to happen are IP addresses. 
    The friendly version of IP addresses is the Domain Name System.  And that is only used by the human beings.  Because all the devices that are not humans, mostly don't need the Domain Name System.  The domain names is because we have an easier way to call things by name rather than memorizing a string of numbers. 
    So it's really friendly way in which we can just type an address and a catchy address either with a country code at the end or (?) I was having a conversation with a person of dot 1.  I don't know if you have heard of it.  So dot 1 was a friend that I just met recently with that website. 
    There is sort of this system that works a little bit on a key that starts with a root and with a top level domain names.  There are a lot of policies around how to generate new top‑level domains.  There's also a lot of policies downstream with country codes and the different services. 
    So Jiran talked about the process of resolution of a domain name and translate that into an IP address to enable that exchange of communications.  And what I want to get there, without going into sort of how does it really work and into the detail, is that in the last 20 years there have been many changes in the Internet Governance landscape. 
    So Internet Governance, it was defined 20 years ‑‑ well, a little bit less than 20 years.  But it's about the principles, norms, and decision making procedures that effectively shape the evolution and use of the internet.  Initially or for many years most of these norms and processes were applied to that middle layer or logical layer of the internet protocols like domain names and IP addresses. 
    There is a lot of history about how we come up with governance and the institutions that help to coordinate that hierarchy of things that are very much invisible to the nontechnical people. 
    So this history started sort of in the late '80s when the organisations started to emerging.  Of course, the one that deals with defining the protocols and then in the early '90s, the registries, as I've said, there are regional internet registries that allocate from the global pool of IP addresses into networks in the different regions. 
    So there are three regional internet registries that started to operate.  And then converge in this umbrella organisation, which is iCANN built with both global policies for the Domain Name System and also at the global level of the internet numbering. 
    So this is a timeline of the registries, sort of Europe, Asia‑Pacific where I work for APNIC, Latin America, then a collective of the co‑ordination mechanisms around all these organisations. 
    And all together there are literally hundreds of organisations not represented here because there is not enough space.  But there are many organisations that help to coordinate these resources.  There are many registries and registrars.  What is beautiful about it is that there is sort of a collaborative approach to the healthy global, stable, and secure internet.  This is just an ecosystem in that middle layer. 
    I think through that 20 or so year process, there are many lessons learned about sort of how we can have the Technical Community with the policymakers with the commercial enterprises work together in a collaborative way to set policies and solve problems.  These are narrow sets of problems that have had that history of evolution.  And there are many new problems that are being discussed here in the IGF that still may require a similar history, hopefully learning some of the lessons that we had throughout the years in order to solve more complicated problems such as artificial intelligence and all that that rely absolutely on the good working of the internet for that to happen. 
    I will leave if here.  Maybe I expanded more than needed. 

>> DAVID HUBERMAN:  Thank you so much, Pablo.  So Pablo talked about how in modern times now for Internet Governance, we have to balance.  We have to balance technical considerations, policy considerations, commercial considerations.  We have stakeholders from academia, stakeholders, individuals around the world.  And we have to do all this within a fairly complicated technical infrastructure, right? 
    The whole thing is built on a set of protocols.  It's funny because I've been doing this for about 25 years now.  I remember ‑‑ but I wasn't trained to do this.  When I was a young man, my background, my training was in broadcast engineering, television.  And when I left University and got my first job, it was actually producing television shows.  Okay? 
    This made my mother very happy.  This made my mother happy, because when people would ask about her son, David, what is he up to now?  She could tell them, David is producing television shows you're watching.  But in 1999 I switched gears and I started working in internet engineering.  So I started working with these things that we've been talking about, Domain Name System, reverse DNS, BGP routing. 
    In 1999 these words were like a foreign language to my mother.  She didn't know what they meant.  Part of that was because my mother was born in 1945.  And in 1945, the most advanced piece of technology in her house was a radio. 
    Later, it became a television.  In the 1960s it was a color television.  That was cool! For many years that color television was the most impactful piece of technology in my mother's world. 
    In 1999, yeah, she had a computer at work.  It wasn't necessarily connected to the internet.  But move forward.  It's 2023.  And everyone in this room is carrying around a supercomputer in their pocket.  They have a device that connects them to all the information in the world that they can find. 
    My mother calls me up one day.  David, I finally get it.  I understand what you do now.  Oh?  She was watching a documentary about a really cool technology that allows surgeons in any part of the world to perform surgery on somebody on the other side of the world using a robot.  Remote robotic surgery.  She said, David, you did that?  What?  No, I didn't.  Those are robotic engineers.  Those are incredibly advanced medical doctors, they're harnessing all the technology we have in 2023 to perform surgery, advanced surgery in parts of the world that didn't necessarily have access to that just yesterday. 
    She said, I know you're not a doctor, David, although you should have been.  You're not a doctor, but you've built the platform that this technology uses.  I said, you're right.  Because what allows the internet to work, the way I always explained it that was most understandable is because we use a common set of protocols. 
    And that, my friends, is very different because not a lot of the things we do in this world do so.  If you look in my wallet right now, you'll find a Japanese yen.  You'll find Euros.  You'll find American dollars.  If you think about it, that's kind of absurd.  Because in 2023 the purpose of currency is the same thing.  I want to buy something.  There's nothing interesting about currency.  It's a way for me to buy something.  But we haven't standardized what currencies we use around the world. 
    We're here today in yo toe but many of us are visitors to this beautiful country.  What is one thing we have in common as visitors.  In order to charge our devices, in order to charge our laptops, we have to carry an adapter.  Why?  Because the shapes of the plugs and the voltages they use are different.  We have standards for them.  We just have many different standards for them. 
    In Japan when you drive a vehicle, you driving on the left side of the world with a steering wheel on the right side of the car.  In other parts of the world we drive on the right side of the world with the steering wheel on the left.  It makes us challenging for us but also for the manufacturer of vehicles because they have to apply different manufacturing standards based on where the steering wheel is and all the ancillary affects that internet doesn't work like that. 
    In 1969 when they were developing this, a group much PhD students were developing this internet, four people sat around and they were trying to solve an engineering problem with some of the earliest pieces of internet equipment.  What they did is they wrote a document.  They put together a document for what their proposed solution for this challenge was.  And they called it an RFC, a request for comment.  In 1969 they published RFC number 1. 
    In 1986, the internet engineering task force was created and it was carrying on this work of standards development, becoming the home of these RFCs.  Today in 2023 we're publishing RFC10,000. 
    This internet engineering task force is one of many standards development organisations that exist in the world.  You've heard of many of them.  You heard of IEEE, electricity and electronics, and the worldwide web consortium.  They develop standards at the IETF level.  It doesn't work like a lot of other standard organisations do.  It works from the bottom up.  It's truly multistakeholder. 
    The way it's truly multistakeholder is anybody can participate.  Simply by having an interest.  It has no members.  It has no member dues.  And while the IETF does have face‑to‑face meetings three times a year, those are actually the least important part of developing protocols.  You never have to show up at any point in your life to an IETF physical meeting or participate online virtually.  You don't have to do that.  Because the most important work of the IETF happens on mailing lists, email.  Which makes it accessible to most people in the world who are interested in developing policy. 
    The IP addresses that Pablo's organisation's helped register were standardized in 1981.  The DNS that Jiran was developed in 1983.  The standard system of routing that allows all networks to connect to each other was standardized in 1995.  That's pretty cool if you think about it.  It's really old technologies.  What's the newest phone?  Remote robotic surgery, AI, machine learning.  The newest technology is the best technology because it impacts us the most.  Yet it's all built on technologies that's 30, 40, and 50 years old, all because of multistakeholderism.  All because we entrust engineers to build ‑‑ to develop with quality engineering protocols that we can innovate from, that we can build these applications on. 
    So as Parliamentarians, as legislators, as policymakers, you also have a role in protocol.  Because it's 2023 and the internet is involved in everything in our life.  We can't just do protocol development in a vacuum anymore.  Because when we engineer things there, are real world consequences to all of us, to bloggers, to students, to people who need medical care, and to just you and me who are trying to look up at how to get the right train to go downtown.  Everything we do we rely on this. 
    As legislators and policymakers, it's important you get involved in policy making to lend your expertise to engineers as they develop technologies of tomorrow.  At the same time, it's also important to respect it's been the efforts of these engineering that have helped develop this this interconnected system that we all use and call the internet. 
    So that is our remarks about how the DNS, about how internet IP addresses and really about how the fundamental protocols that all applications are built on are what enable a safe and secure and interoperable internet for everybody to use. 
    We still have a little bit of time left, if anybody wants to come up to the mic, please do so.  And ask some questions. 

>> AUDIENCE:  Hi.  I'm Barry Liba I work in the IETF and I work in iCANN on the security and stability Advisory Committee.  I work in ISOC, the Internet Society.  I've got a lot of roles in all of this.  I'm speaking for myself.  But that's my background and how I know about this stuff. 
    I want to highlight a few of the things that this panel has said and some of the people from the floor have said.  We brought up issues of DNS and the stability and security of that.  We've brought up IP spoofing.  We've looked at routing security and a lot of things like that. 
    Each of these is a different piece of how the internet is put together and how it fits together is important and somewhat complicated.  David pointed out how old some of these standards are.  Yet we're still updating them and making changes to them.  We recently added protocols to the DNS to use encryption in DNS resolution. 
    We've added more routing security protocols.  We continue to update this stuff as it goes.  So while they are old protocols, they're not crusty and unmaintained.  They are modern.  It's kind of an interesting balance. 
    And the technologieses at the IETF and other places are continuing to work on this.  There's a project called manners that started under the auspices of the Internet Society and is on its own cycle, the mutually agreed norms for routing security.  Mutually agreed is the important thing.  There are technologists and separators are connecting together to ensure this is the best way to make this is safe and secure.  And we're going to agree on norms, on best practices for how this works and how this stays secure. 
    So I think one of the things that I would like to see people take out of this is that the technologists are watching this.  They're monitoring this.  We are looking at this day to day and working on keeping the protocols secure and updating them. 
    And what we would like to see from the regulators is to let us do the technology work and then have the regulators go ‑‑ let us know what you need.  And then take the other side of it and recommend the application of the technology that we have developed. 
    So that's what I'd like to say.  Thank you. 

>> DAVID HUBERMAN:  Thank you, Barry.  Please. 

>> AUDIENCE:  Good morning, everybody.  My name is Shriba, I'm a senator from Nigeria.  I chair a committee on citizens for security.  For me, I think United Nations somewhere in New York where the United Nations now is the internet.  That connects not just governments that sit in New York but connects citizens across the continents and across the globe. 
    Now, three of you have spoken very well about how internet is governed by multistakeholder platforms.  My concern is is this multistakeholder platform fully reflective of all the challenges and particularities of all the continents of the world?  And not just a symbolic as the United Nations is. 
    The second question for me is, the Internet Governance, and I think the measure of that is moving away from protocols, from standards.  The protocols and standards are value neutral.  What is not value neutral is the application of these protocols.  Are ‑‑ we're going to see more and more government interest in the Internet Governance space, artificial intelligence, blockchain, social media, nothing can be truly, truly neutral about this application.  How do you ensure that as the internet begins to expand more and more across all spheres of our life, the government needs to regulate and the citizens need to be truly global and free in a socially delicate manner.  This is where the Parliamentarians can now come in to enact laws and legislate interventions to ensure this delicate balance. 

>> PABLO:  I love that intervention.  I would love to keep the transcript of it, because I think it was very deep in two senses in terms of the aspect of what is international and then the depth of the connections that sort of link humanity around the world and how those things cross borders in initial ways without respect firm frontiers I'm a firm believer that the multilateral world where we're discussing this in an open and multistakeholder way can coexist and should live together with the multistakeholder world. 
    I don't think they are two separate things.  Actually I think they are good for the narrow set of problems that they are designed to build. 
    I also think that there is no one multistakeholder model and one multilateral model.  There is a wide degree of governance models to tackle different things.  Organisations have their own governance according to their own needs and so States and the internet, et cetera, et cetera. 
    I think where there is this fantastic element or interaction between technological problems and how they cannot be resolved only through technology but they also require good governance.  And I think that's the history that we are building one step at a time in a very evolutionary and careful kind of way.  And now more and more careful because how much we depend on these infrastructures. 
    And as this becomes more and more critical, then I think more and more support from the multilateral is needed as well. 

>> JIRAN:  Thank you.  The senator from Nigeria, your questions are the same all of us are thinking about but you articulated it in such an eloquent way. 
    I don't think any of us has the answer specifically to how things may be.  But I think how you pointed it out is that indeed internet can be seen as kind of a United Nations that connects all of us.  Vis‑a‑vis the current landscape, as what David mentioned, is somehow, in my own personal view, an accident, that we stumbled upon the internet that is global and open for everybody to join. 
    Because it kind of works against how naturally people want to do things.  For example, when we talk about blockchain, people want to build their own systems very quickly.  And now we're moving to metaverse.  And everyone want to focus on their own standard, their own system.  They try to be the biggest.  In some ways it's like building their own world garden.  And there is an economic driver behind this, right? 
    If I get more users within my own world garden, then I have economic incentives to do so.  But internet doesn't work the same way.  Yeah, it worked in such a way that everyone's free to join.  You're free to join.  And you can do whatever you like with it, which is quite strange. 
    And I think the fact that we stumbled upon it as one humanity, we should try to work to maintain it and evolve it, update it such that it continues to be open and free.  And that would then allow us to address some of the challenges that we have going forward.  But there will always be that inherent tension.  Because as we develop new applications, new technologies, the natural inclination for whoever developed it is to own their rights is to try to keep users within them. 
    Fundamentally, at the internet level we have to think outside of this usual economic incentive.  That's where the challenge is.  I think that's why when it comes to thinking about models, as Pablo mentioned, there isn't one fixed perfect model but rather something we have to think about evolving as going on.  Likewise, learning from history in terms of the multistakeholder model for the internet engineering task force.  That started amongst a group of people in academics and later on opened up to Google communities to come together.  That would continue to give the Internet Governance Forum, the global IGF a space as we continue to think about how do we evolve our model for governance and to include ‑‑ to think about different challenges that we have.  Because there's always going to be that inherent conflict or tension between keeping an open internet versus the incentivising innovation.  But it tends to have an economic incentive.  Just leaving it there.  Thank you. 

>> DAVID HUBERMAN:  Okay.  I think that's a good place to end. 
    I would like to thank you all for listening and for some great questions.  Pablo from APNIC and Jiran from iCANN, thank you so much.  Keep the conversation going this week.  I wish you a successful and productive IGF.  Thank you, everybody. 

(Applause)   

(Event concluded at 10:50 am)