Building trust and confidence: Implement internet standards
9 Dec 2016 11:45h - 13:15h
Event report
[Read more session reports and live updates from the 11th Internet Governance Forum]
The session outlined the major Internet standards that should be implemented worldwide, and discussed possible frameworks that could incentivise people and organisations to implement those standards.
In the introduction, Mr Bart Hogeveen, Training and Research Fellow of the Clingendael Institute of International Relations in Netherlands, explained that the session emerged from the Internet infrastructure initiative of the Global Forum on Cyber Expertise (GFCE) – a platform for bringing together the global expertise for capacity building – which aims at building robust and resilient infrastructure through testing and monitoring compliance with open Internet standards.
Hogeveen emphasised that the main challenge is not the lack of standards, but the lack of the implementation of available standards. He said that the Internet Standards Platform was established in the Netherlands in 2015 to bring together public and non-commercial private sectors and to develop a testing tool for compliance with international Internet standards (a particular tool is available at www.internet.nl). The 6 top Internet standards identified are IPv6, DNSSEC, TLS, DKIM, SPF and DMARC. Many operators and websites are not implementing them (the test shown that the IGF website is 34% compliant to these standards), yet there are positive examples: Gmail has been implementing the DMARC open standards over the summertime, The Guardian has moved to HTTPS, and the Hong Kong Monetary Authority forced their partners to comply to certain Internet standards, including DNSSEC.
Mr Olaf Kolkman, Chief Internet Technology Officer of ISOC, briefly provided the framework for implementation of those standards. He recalled Everett Rogers’s theory of diffusion of innovation which sees five stages in adoption of new technology by individuals: knowledge, persuasion, decision, implementation and confirmation. He also called to attention Metcalfe’s Law, that relative advantage in the Internet depends on the network effects, mentioning that, for instance, the network effect for IPv6 is not there (yet). Kolkman noted that there is no immediate relative advantage from implementing new standards, comparing technologies deployed at the core of the Internet to plumbing – while people would notice a new room or bathroom, ‘most people don’t see the plumbing’.
Kolkman suggested that, as a group, we need to be convinced that there will be a network effect of changes, identify attractors to changes, share sense of direction or vision, and reduce costs of implementation. At the same time it is important for individuals to increase relative advantage of changes, maintain compatibility, keep everything as simple as possible, and make new standards tryable and observable.
Three groups were then created, facilitated by Kolkman, Mr Paul Wilson, Director General of APNIC and Member of the Advisory Board of Global Forum on Cyber Expertise (GFCE), and Mr Bastiaan Goslings of the Amsterdam Internet Exchange, AMS-IX, to discuss how to provide conditions and incentives to people and organisations to implement standards. Several takeaways were recorded:
- Migration is costly, and greenfield deployment of new networks with open standards is much easier than upgrading existing networks, which can actually be an advantage for developing countries;
- Government infrastructure deployers are often not aware what standards they need to comply to;
- There is a need for extended awareness and education of consumers;
- Open source alone is not a panacea for employment – the quality of products is important;
- ‘Bragging rights’ (feeling proud to have done something special) by a local leader can be one of the drivers, but not the only;
- There is a need for different documentation materials that talk about the risks and costs of such (non)implementation, which should not target the CEOs and CIOs or technical folks, but middle management (e.g. CEO of a municipality should understand why this is important beyond ticking the box);
- Awareness about the future economic benefits of high standards, such as those owing to Internet of Things, should also serve as a driver;
- Market failure also forces standards to be implemented, and governments and regulators might need to assume a role;
- Competition can also be a driver for implementation (e.g. having 100% compliance with standards can be used as a market advantage);
- The GFCE could play important roles: creating a sense of more urgency, involving those who implement standards (ISPs, web hosting providers) into these discussions, provide more and reliable statistics and proofs of exploits, and helping education and capacity building also on technical matters.
Bart concluded that these outputs will be compiled into a project document, and invited everyone interested to join the GFCE efforts in this regards. In the end, a teacher with several school students from Hong Kong shared their takeaway: that these issues and good practices should also be thought through community centres and within schools as part of the curriculum.
by Vladimir Radunović