Governments, business and representatives of civil society met in London on 1-2 November 2011 to discuss the vital issues posed for us all by a networked world connected ever more closely together in cyberspace.
The advent and development of the Internet is transforming our world and revolutionising our everyday lives. The Internet can drive equitable and sustainable growth. It gives access to knowledge and the exchange of ideas. It nurtures innovation and investment. It improves opportunities for participation in social and economic activities for those on the margins. But the rise of the networked world has also produced significant challenges which could undermine these benefits and pose a serious threat to reaping the full potential of cyberspace. This affects us all. A secure, safe digital environment cannot be developed by governments alone. A safe and resilient cyberspace must be shaped by the interests of civil society, industry and governments across the globe. In tackling the threats, we must not allow improved security to come at the expense of fundamental human rights.
Earlier this year I proposed the following principles for governing behaviour in cyberspace, and called for a more focussed and inclusive dialogue between all those with a stake in the Internet – civil society and industry as well as governments - on how we might implement them:
- The need for governments to act proportionately in cyberspace and in accordance with national and international law;
- The need for everyone to have the ability – in terms of skills, technology, confidence and opportunity – to access cyberspace;
- The need for users of cyberspace to show tolerance and respect for diversity of language, culture and ideas;
- Ensuring that cyberspace remains open to innovation and the free flow of ideas, information and expression;
- The need to respect individual rights of privacy and to provide proper protection to intellectual property;
- The need for us all to work collectively to tackle the threat from criminals acting online; and
- The promotion of a competitive environment which ensures a fair return on investment in network, services and content.
The London Conference on Cyberspace began this more focussed dialogue on principles and set out an agenda for further work. The success of this agenda will be founded on the set of partnerships we have explored at this Conference. Our starting point must build on existing work, including the Geneva and Tunis World Summits on the Information Society. Our partnerships must remain inclusive, co-operative and collaborative to make certain we can build a secure, resilient and trusted global digital environment. This work will now go forward over the next 24 months with conferences in 2012 and 2013, graciously hosted by Hungary and South Korea respectively, to take stock.
The London Conference brought together Ministers, senior government officials, industry leaders, and representatives of the Internet technical community and civil society. In all, more than 700 participants from 60 countries took part.
Opening addresses were made by the Prime Minister of the United Kingdom, David Cameron; Vice President Joseph Biden of the United States; Carl Bildt, Foreign Minister of Sweden; Sachin Pilot, Communications Minister of India; Helen Clark, Administrator of the United Nations Development Programme; Jimmy Wales the founder of Wikipedia; Atiaf Alwazir, Yemeni activist and researcher; Lord (Richard) Allen of Facebook UK; and Eric Van der Kleij, CEO of Tech City UK.
President Toomas Ilves of Estonia spoke, and representatives from many other governments and the European Union. There were speakers from civil society and think tanks. The Conference heard from the information and communications industry and from many other companies. Altogether over 100 businesses were represented. International organisations such as the United Nations Development Programme (UNDP) and the International Telecommunications Union (ITU) also spoke. A full list of those who contributed is at Annex A.
Parallel to the main sessions, many workshops, fora, dynamic coalition meetings and breakout sessions were held. A youth conference ran alongside, bringing in the views of young people who are driving the digital revolution. The key conclusions of these London Cyber Youth sessions are captured in Annex B.
Meanwhile as is fitting in a conference on cyberspace, technology allowed not just those in the room to take part. Besides contributions from those present, input and views were gathered from citizens right across the world through the Web. Panellists took questions direct from the public through the Internet. The event was livestreamed and real-time updates put out through Twitter.
The Conference themes
The London Conference focussed on five topics:
- Economic growth and development, covering such questions as:
- How to realise the benefits of a secure cyberspace for international economic growth and development?
- Is Cyberspace a prosperity multiplier?
- How to strike a balance between protection of intellectual property and access, innovation and creation of markets?
- How to ensure transparency and predictability of regulatory and fiscal regimes, and their ability to adapt to fast-changing technologies?
- Government regulation and industry self-regulation – what are the ways forward?
- How can problems between states be prevented and managed?
- Social benefits, covering such issues as:
- How can we maximise knowledge empowerment and the potential gains for government service delivery?
- What more can be done to enhance democratic accountability and freedom of expression?
- How can governments engage to best effect?
- What more can be done to deal with the negative social aspects?
- Safe and reliable access, covering such questions as:
- How to assure safe and reliable access to cyberspace?
- How best to promote public risk-awareness and education in safe and secure online behaviour (particularly for vulnerable groups)?
- How to ensure lawful access for individuals without discrimination or interference, while protecting against abuse?
- International security, covering such questions as:
- How can problems between states be prevented and mitigated?
- What lessons can be learned from other areas of international security and conflict prevention work?
- How do we develop and apply appropriate principles of behaviour?
- What are the most appropriate fora to take the debate forward?
- Cyber crime, covering such questions as:
- What are the responsibilities for individuals, the private sector and government for preventing cybercrime?
- How do we ensure that all countries have equivalent legislation to allow them to tackle cyber crime domestically, and support international working?
- How do we secure the right level of investment in the right areas?
- What more should Internet intermediaries do to address the spreading of malware and botnets over their networks?
- How do we create the right incentives to build improved and cost-effective security into the design of devices, systems and services?
- What role do industry standards have to play and what would they look like?
Questions were posed directly by members of the public to the Conference, while sessions were in progress, using Facebook and Twitter. Against each theme the following conclusions were reached and points made.
Economic growth and development
All delegates agreed that the Internet has a critical role to play as an engine and facilitator of economic growth, especially in the developing world.
The conference agreed that to achieve the broadest and deepest possible benefits to growth from cyberspace, access, in terms of both physical infrastructure and training and skills, must be broadened so the widest possible group of people can share what it has to offer.
Delegates agreed that cyberspace must be secure and reliable so that it is trusted as a medium for doing business, and innovators and content providers are confident their discoveries will be appropriately protected to encourage investment. There was strong support for the principle that in the cyber market we must promote a competitive environment which enables a fair return on investment in network, services and content.
At the same time speakers called for cyberspace to be free from government and commercial censorship, consistent with international legal obligations, so that the free availability of information can drive strong incentives for the highest standards of accountability and national governance.
Delegates called for cyberspace itself to have the latitude to evolve and innovate naturally to create new opportunities and benefits in the future. This was also a strong theme of the online debate running alongside the Conference. There was general support for free and fair competition through transparent policy making, standards development and regulatory processes.
Delegates called for the removal of unnecessary barriers to trade in cyberspace. Only then will the full benefits of online cross border trade and globalisation be realised.
The Conference recognised existing work on the Internet and growth, such as the Organisation for Economic Co-operation and Development (OECD) Principles for Internet Policy Making agreed in June 2011 and work in the Council of Europe, ASEAN, APEC and other organisations, including private sector initiatives such as the development of principles for User Generated Content. Focus should be on building upon existing work, rather than revisiting discussions or creating new institutions.
The Conference strongly welcomed the role the Internet can play in giving the unheard a voice, improving access to education and healthcare, reducing poverty, and driving progress towards the Millennium Development Goals. Delegates called on developing countries, the private sector, donors and international development organisations to work together to ensure we harness the Internet’s economic and social dividends.
The Conference called for global efforts to close the digital divide through the provision of development support on ICT. The goal must be to ensure the Internet is increasingly accessible, affordable, safe and reliable, so as to drive equitable and sustainable economic growth. Delegates expressed support for the objective of, and the work being taken forward by, the ITU/UNESCO Broadband Commission in seeking to increase access to broadband communication in the developing world. The key was promotion of open and competitive markets.
In developing existing work such as the OECD Principles, many delegates agreed it is critical that all those with an interest are engaged – business and civil society as well as governments, and from developing as well as developed countries. Only in this way will the interconnectedness of the Internet be properly reflected. The goal of further development of policy-making principles in this context should be to help promote and protect the global free flow of information, ideas and expression, to encourage investment and entrepreneurism, and help the development of cross border services.
On the theme of social benefits, all delegates reaffirmed the overwhelmingly positive and transformative benefits that the Internet has brought to citizens, societies and governments.
Many speakers in particular welcomed its contribution (especially through social media) to freedom of expression and association, and its ability to expose human rights abuses as they happen and give the unheard a voice. In bringing citizens and governments closer together, the Internet is a powerful engine for empowering citizens and driving government accountability.
Speakers emphasised the particular importance of engagement with the youth community, both in giving them a voice in the democratic process, and being more receptive to their ideas in the development of policy.
The conference agreed that efforts to improve cyber security must not be at the expense of human rights. There was overwhelming support for the principle that cyberspace must remain open to innovation and the free flow of ideas, information and expression. Many speakers affirmed their belief that rights to freedom of expression and association apply with equal force in cyber space, and stressed the imperative for governments to comply with their obligations and commitments in this area as set out in the Universal Declaration of Human Rights. Speakers stressed that capitalising on the full benefits of cyber space and protecting freedoms needs the participation of not just governments but also business and civil society. Given the speed of technological advance, speakers thought that the best foundation, and the one which best reflected the dynamic of the Internet itself, was a transparent and stable framework of self regulation.
There was strong support for the principle that users of cyberspace should show tolerance and respect for diversity of language, culture and ideas; but delegates said that protecting this principle must not be used as a cloak for attempts to subvert the right to freedom of expression and association, or become an excuse for fragmentation of the Internet. Speakers also expressed concern that some states may use notions of sovereignty as a guise to restrict access, block websites and censor Internet content.
Delegates (and many of those commenting as part of the online debate around the Conference) emphasised the need for transparent and interoperable approaches to handling privacy and data protection issues which recognise the requirement for global trade but also the importance of protecting personal information.
The Conference acknowledged the need to continue efforts to bridge the ‘digital divide’ and work towards the achievement of Millennium Development Goals. The work of the ITU/UNESCO Broadband Commission on capacity development and extending access was noted under this theme.
Government representatives discussed under this theme how best to prevent or mitigate potential problems between states on cyber issues.
All delegates underlined the importance of the principle that governments act proportionately in cyberspace and that states should continue to comply with existing rules of international law and the traditional norms of behaviour that govern interstate relations, the use of force and armed conflict, including the settlement by states of their international disputes by peaceful means in such a manner that international peace, security and justice are not endangered.
All speakers agreed that stronger co-operation and collaboration was needed to build confidence and to avoid misunderstandings.
All delegates agreed that the immediate next steps must be to take practical measures to develop shared understanding and agree common approaches and confidence-building measures through the UN Group of Government Experts and through the OSCE and other regional organisations. Some delegates noted the draft Code of Conduct circulated at the United Nations. There was no appetite at this stage to expend effort on legally-binding international instruments.
There was strong support for the recommendations of the 2010 UN Group of Government Experts on further dialogue among states to discuss norms pertaining to state use of information and communication technologies to reduce collective risk and protect critical national and international infrastructure.
Delegates welcomed the work the OSCE is also doing to develop specific confidence-building measures applicable in cyber space, and called on other regional organisations to develop their own work alongside the OSCE on this question.
Tackling cyber crime
The conference identified cyber crime as a significant threat to economic and social well-being, and one which requires a concerted and urgent international effort. As online criminals operate across national borders, all delegates strongly supported the principle that we must work collectively together to tackle the threat from cybercrime and ensure there are no safe havens for cyber criminals. There was strong support from delegates for the guiding principle that what is unacceptable offline is also unacceptable online. As was pointed out in the London Cyber Youth sessions, for young people the online and offline worlds are one place.
Many countries and regional bodies are already taking positive steps towards implementing cyber crime legislation, but the need to ensure that these were compatible internationally was recognised.
There was general support for the principles for fighting online crime that are set out in the Budapest Convention on Cybercrime. Some delegates raised problems with the Convention. But there was little support for negotiating a new instrument. The Convention’s usefulness as a framework on which nations could build to achieve better international co-operation was recognised by many speakers. Many delegates encouraged countries to look at whether they could sign up to the Budapest Convention, seeing the Convention as the best form of international agreement in this area. Some delegates expressed their support for the Commonwealth work on a cyber crime Model Law as a useful stepping stone.
Delegates noted that while having the right legislation in place was essential, this must also be supported by a willingness to act when called upon. In addition to legislation, countries were encouraged to ensure they have the forensic resources, processes and willingness to co-operate as necessary.
There was very strong support from many delegates for practical collaboration and capacity development on cross-border law enforcement, to take place at a rapid pace that reflects the reality of the networked world.
Speakers pointed to the network of law enforcement contact points known as the “24/7 Network” as the best means to make sure that when urgent assistance is required, partner countries are able to obtain it. Delegates called on all countries to join the 24/7 Network and to redouble efforts and commitment to make it a success.
As well as law enforcement and cross-border co-operation, the debate noted prevention as being central to tackling cyber crime. There was general agreement that all sectors - private companies and individuals as well as governments and law enforcement agencies – have responsibilities in preventing cyber crime.
Delegates in the room and those commenting online all thought government and industry had a shared responsibility to do more to prevent cyber crime, in industry’s case for example through more secure devices, systems and services. Industry must be a part of the solution on prevention. There was general support for the view that the public and businesses should get more help to able to identify easily products that have good security. Delegates encouraged the private sector to lead development of improved Internet security products, systems, services and standards in cyberspace, and to make the market easier to navigate for consumers.
Speakers noted that all Governments are currently looking to place more services online, and that many are considering outsourcing to cloud computing. It was agreed that governments need to lead by example, and that when governments procure and provide online services, security is one of the key criteria.
Ensuring safe and reliable access
There was general agreement that global interoperability and resilience underpin the economic and social benefits of the Internet and that governments, industry and civil society must work together to preserve and enhance them. In this context, there was recognition of the important role played by ICANN. There was a call for all those with an interest to get involved in the normal three-yearly ICANN public meetings.
There was also widespread support for the excellent work being taken forward by the Internet Governance Forum. Delegates pointed to the Forum as a demonstration of the clear value of involving participants from private sector and civil society in discussing issues of Internet public policy.
There was recognition of the private sector’s central role in delivering the security, safety, resilience and reliability of cyberspace, through continued collaboration between all participants, and through the development of appropriate international standards in the appropriate international fora.
Delegates believed governments have a responsibility, working with the private sector, to ensure an open Internet that allows individuals access to content and services with only such restrictions as are permitted under international legal obligations, while protecting users (especially children) against abuse.
Speakers emphasised that the private sector is central to the roll-out of broadband. The necessary innovation and investment can be facilitated or inhibited by governments' actions. Delegates called on governments to take an appropriate and proportionate interest in improving the safety and reliability of cyberspace, while recognising that the expertise lies with industry partners.
Speakers emphasised that the private sector is central to the roll-out of broadband. The necessary innovation and investment can be facilitated or inhibited by governments' actions. Many speakers thought that governments should encourage self-regulatory mechanisms for the private sector, rather than start with legislation and regulation.
Service providers and suppliers talked of their commitment to ensuring their continued reliability and availability of systems. Delegates called on industry to lead the creation and maintenance of open standards being mindful of the challenges to information access. There was support for a strong private sector-led strand to the work which would now take place leading up to the next conference in Budapest in 2012.
There was general support for Computer Emergency Response Teams (CERTs) co-operating regionally and internationally and a call for these to cover public and private sector alike.
Delegates inside the room and those commenting as part of the online debate all agreed that the Internet must remain a single undivided network, with engagement from all to ensure that safe and reliable access is something on which we can all count.
Altogether, delegates welcomed the fact that debate at this London Conference had been wide-ranging, constructive, and based on partnership, with representatives from industry and civil society as well as governments participating. Delegates looked forward to continuing work on these issues, and to the next conference in Hungary in 2012, building on a shared vision of a safe, secure, resilient and open cyberspace.
Speakers at the London Conference on Cyberspace
Helen Clark, Administrator, United Nations Development Programme
Carl Bildt, Minister for Foreign Affairs, Sweden
Jimmy Wales, founder of Wikipedia
Atiaf Alwazir, Yemeni activist and researcher
Sachin Pilot, Minister of Communications, India
Lord Richard Allan, Director of Policy for Europe, Middle East and Africa, Facebook
Eric Van der Kleij, Chief Executive Officer, Tech City UK
Joseph Biden, Vice President of the United States of America
Igor Shchogolev, Minister of Communications and Mass Media, Russia
Dong-Seok Min, Vice Minister of Foreign Affairs, Republic of Korea
Sanjay Pradhan, Vice President World Bank Institute
Uri Rosenthal, Minister of Foreign Affairs, Netherlands
James Manyika, Director and Senior Partner, McKinsey & Company
Mikhail Yakushev, Chairman, Russian Association of Electronic Communications
Yu Zhou, Vice President, Tudou.com
President Toomas Ilves of Estonia
Neelie Kroes, Vice President and European Commissioner for the Digital Agenda, European Commission
Patrick Spence, Managing Director, Global Sales and Regional Marketing, Research in Motion
Helen Margetts, Director, Oxford Internet Institute
Speranza Ndege, Director of the Institute of Open, Distance and e-Learning, Kenyatta University
Cornelia Rogall-Grothe, State Secretary, Federal Ministry of the Interior and Federal Government Commissioner for Information Technology, Germany
Asoke Kumar Mukerji, Additional Secretary, Ministry of External Affairs, India
Andrei Krutskikh, Deputy Head, Department of New Threats and Challenges, Ministry of Foreign Affairs, Russian Federation
Patrick Pailloux, Director General, Network and Information Security Agency, France
Nils Melzer, Research Director of the Competence Centre for Human Rights, University of Zurich
Lee Hyun-Ju, Ambassador for International Security Affairs, Ministry of Foreign Affairs and Trade, Republic of Korea
Howard Schmidt, Cybersecurity Co-ordinator, White House, USA
Matthew Kirk, Group External Affairs Director, Vodafone
Erik Akerboom, National Coordinator Counter Terrorism and Security, Netherlands and President Cyber Security Council, Netherlands
Harry van Dorenmalen, Chief Executive Officer Europe, IBM, and member Cyber Security Council, Netherlands
Scott Charney, Corporate Vice President, Trustworthy Computing Group, Microsoft
Eugene Kaspersky, Chief Executive Officer, Kaspersky Lab
Athalia Molokomme, Attorney General for Botswana
Peter Davies,Chief Executive Officer, Child Exploitation and Online Protection Centre (CEOP)
Hyeon Yu, Cybercrime Investigation Professor, Korea Police Investigation Academy
Hamadoun Touré, Secretary General, International Telecommunication Union
Olivia Garfield, Chief Executive Officer, Openreach
Chen Lifang, Senior Corporate Vice President, Huawei
Roger Wilkins, Secretary General, Attorney General’s Department, Government of Australia
Rod Beckstrom, President and Chief Executive Officer, Internet Corporation for Assigned Names and Numbers (ICANN)
Barbora Bukovská, Senior Director, Law and Policy, ARTICLE 19
John Kampfner, Chief Executive, Index on Censorship
Tom Ilube, Managing Director, Consumer Markets, CallCredit
Atiaf Alwazir, Yemeni activist and researcher
Hannan Ezzat, Regional Director for Marketing and Communications for Middle East and North Africa, British Council, Cairo
William Echikson, Head, Free Expression in Europe, Middle East and North Africa, Google
Marco Gercke, Cybercrime Research Institute, Cologne
Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe, Strasbourg
Zahid Jamil, Legal Expert, Commonwealth Cyber Crime Initiative, Karachi
Barbara Stocking, Chief Executive, Oxfam
Sarah Jordan, Head, Digital Communications, Oxfam
Christèle Delbé, Head of Sustainability, Vodafone
Helen Clark, Administrator, United Nations Development Programme
Mark Graham, Research Fellow, Oxford Internet Institute
Charlie McMurdie, Detective Superintendent, Police Central eCrime Unit, Metropolitan Police Service
Simon Tee, Senior Performance Manager, Specialist Crime Directorate
Steve Mortimore, Assistant Chief Constable, Policing Policy and Practice Service Director, National Policing Improvement Agency
Greg Day, EMEA Security, CTO and Director of Security Strategy, Symantec
Lee Miles, Cyber Head, Serious Organised Crime Agency (SOCA)
Peter Davies, Chief Executive Officer, Child Exploitation and Online Protection Centre (CEOP)
Sonia Livingstone, Professor of Social Psychology, LSE, and Director, EU Kids Online
Mike Galvin, Managing Director, Next Generation Access, Openreach
Andrew Flanagan, NSPCC
Niketa Sanderson, Ambassador, NSPCC
David Pollington, Director of International Security Relations, Microsoft
Robert Marcus, Chief Executive Officer, Quantumwave Capital
Jeff Peel, Managing Director, Quadra Consulting
Owen Pengelly, Office of Cyber Security and Information Assurance, Cabinet Office
Mark Harris, Global Vice President for Labs, Sophos Ltd
Andrew Rogoyski, Chair of the Intellect Cyber Group, Roke Manor
Kevin Jones, Director IS, ADS
William Beer, PriceWaterhouseCoopers UK
Thomas Buchanan, PriceWaterhouseCoopers UK
Ed Gibson, PriceWaterhouseCoopers USA
LONDON CYBER YOUTH
A diverse group of young people from different parts of the UK took part in the Youth Forum, a parallel series of debates intended to feed into the conference debates and conclusions.
The Youth Forum covered the following issues:
The Future of Technology and Development opportunities
Young people at the LondonCyber Youth Forum were asked to think about the next generation of the internet and associated technology. Their future gazing covered:
- The use of cloud technology to make access to information more democratic and more affordable for developing countries
- The continued development of the social network into a hub that collects the best of the web, safely and supported.
- Increased coming together of different devices and the use of smart tech to merge virtual and real life closer together
- TV becoming more interactive and using internet technology to make TV watching more social
Economic growth and development
Young people recognise that the digital world is central to economic growth and can be a driver of economies in developing countries but that it is overlaid with social factors which need to be learnt from an early age in school. They believe the internet should be an intrinsic part of citizenship skills so that you learn that everything from safety to privacy at an early age.
- Some of us who have visited developing countries have Seen the power of the internet in changing the lives of communities but we all have a responsibilities to help them afford the new technologies. We think of the internet as a global phenomenon but large parts of the world still don’t have access to the digital revolution
- It seems that the newspaper industry is dying but this creates issues of reliability of information as it is much harder to know what we are reading is true and we are concerned about the power of governments to close down internet access. There is a human right to assembly in the real world and this should exist online as well.
- Young people are drivers of the economy and yet there is no consistency in what you can have access to at different ages. Being able to access to material is not just about age its about emotional maturity and conversations about age verification should take this into account.
- All companies operating in the digital world need to remember that yp are their most important present and future audience and continue to engage with us at the earliest possible stage
Hopes and Fears
The Youth Forum hopes were that:
- Their voice is not just a space but is acted upon
- Adults recognise young people are driving the digital world
- There is a balance between the excitement and opportunity of cyberspace, with keeping young people safe
- We come together and show although we are from different places we have a common vision to get YP better understood by the adult world
Their fears were that:
- Young people’s views could get lost in international political ideology
- Fast moving world prevents opportunity
- Young people could become more vulnerable
- Their participation could be seen as tokenistic
- Age verification: social networking sites should risk-assess emotional competence to overcome age verification, e.g. a set of questions to assess and answer before given an account
- Safe access: greater education directed at young people but with parents involved
- Parental controls: need to be young people led but assessed by their competence and in partnership with parents to develop a trusted relationship
- You can put up danger signs at the swimming pool but it is no substitute for teaching a child how to swim
The Conference recognized that young people have a critical stake in cyberspace and will be instrumental in its development over the coming years.
Their involvement going forward should never be tokenistic and the voice of young people should be an integral part of the international dialogue going forward to Budapest and Seoul.