Cooperation Working Group session
30 November 2023
JULF HELSINGIUS: Welcome to the Cooperation Working Group session, in case you thought this was something else, now is your chance to run away.
We are very happy to have a very, very dense agenda, and even then there are things where people said but shouldn't you also talk about this? And actually, in one of the presentations you are going to get a little bit of an overview of some of all the things coming out of for example the European Commission which was way too much to cover in depth in this session, so we will try to do a separate webinar or something in between the meetings to fill in on that.
Welcome and I am going to hand over to Desiree to introduce our first speaker.
DESIREE MILOSHEVIC: Thank you. And welcome everyone to our session. It is a great honour to actually announce that Ms. Carol Roach has kindly accepted our invitation to come and talk to us. She has recently been appointed as the Chair of the UN Internet Governance Forum multistakeholder advisory group, and she is also under secretary at the ministry of ‑‑ at the economic affairs in Bahama. She is joining us remotely.
And I would like to say just a couple of words to put some context to say that we are actually seeing that Internet governance landscape is changing and it's an inflexion point, and therefore we are really grateful to have her joining us here today to discuss some of these trends, and she has a huge background in trying to put a diverse set of stakeholders together. I hope she has joined us online and we should promote her as a speaker.
So, with that, I would like to give the floor, and also to ask you to give her a warm round of applause if she is online.
Carol, can you hear us?
She did join our meeting on Monday, and ‑‑ anyhow, while she comes back, perhaps we can say a few more words. The Internet Governance Forum, the UN initiative that she is chairing, is having its mandate review in a couple of years, so it's a very hot seat, and I hope that you will also have some questions for her as well. Feel free also for the online participants to click either on a mic or on the camera if you want to make a comment, Julf will be moderating any questions. Let's see if Carol managed to rejoin us?
Okay, I am hearing that she has rejoined us. We have a different setting this afternoon with two different streams, and hopefully we will be able to see her as well.
I am going to do a bit of agenda bashing, and perhaps ask our next speaker to come and take the floor until we figure out any technical details.
CAROL ROACH: Sorry, but your feed keeps coming in and out.
DESIREE MILOSHEVIC: Welcome Carol, can you switch on your camera as well, please?
We can hear you and see you. Welcome. And thanks for talking to us. The floor is yours.
CAROL ROACH: Thank you. Thank you very much. Participants, colleagues, ladies and gentlemen, I hope you have been having a great time. I have gotten out of my bed early some mornings and logged into some sessions, and they were very good. But it is indeed my pleasure to be here with you today at RIPE 87. It's an important meeting that brings together Internet Service Providers, network operators and many others. I am Carol Roach from the ministry of economic affairs of the government of the Bahama.
Just a few weeks ago I was appointed by the unit nationed secretary general as the Chair of the Internet Governance Forum multistakeholder advisory group.
I am proud to be that. As you know the IGF is a global multistakeholder platform to which all stakeholders can discuss public policy issues pertaining to the Internet.
At this meeting many stakeholders are present who greatly support the IGF, processes session operation, and its annual forum. As contributors to its inter‑sessional work and as donors to the IGF trust fund, I want you to know that we are all immensely grateful for your support. It is stakeholders like you who make the IGF alive, relevant and much needed.
We concluded the 80th annual IGF meeting in early October in Kyoto, the meeting hosted by the Government of Japan was opened with remarks from the UN Secretary General and the prime Minister of Japan.
As the Prime Minister rightly said in his welcoming statement, by pulling together participants from all over the world from different perspectives and bringing together their wisdom through multistakeholder approach, we can maximise the benefits of the Internet whilst reducing risk.
Indeed, with a record number of 9,000 participants in Kyoto, the IGF proved to be a remarkably productive multistakeholder platform enabling discussions among all stakeholder groups. Over 300 sessions took place and the overarching theme of the Internet we want, empowering all people. And around many themes ranging from digital inclusion, human rights, to Internet fragmentation, artificial intelligence and global digital governance.
The IGF leadership panel chaired by Vincent, well known as the father of the Internet, and co‑chaired by the Nobel Prize winner Marie Ressa, also took the opportunity to send their vision paper on the Internet we want.
The IGF leadership panel believes that the Internet we want is whole and open, universal and inclusive, free‑flowing and trustworthy, safe and secure and rights respecting.
I would like to encourage you to consult this paper, but also the Kyoto IGF messages that consolidated the major takeaways from all sessions. The next year's IGF will be hosted by the Kingdom of Saudi Arabia in Riad as a leading hub for tech development and digital in the region we plan to work with the host country to ensure that the 19th IGF is a success in terms of stakeholder engagement and programme quality.
The IGF is a forum that aims to identify areas for continued development and we are clear on providing a platform that benefits the technical community. As such, we would welcome any ideas that could contribute to the 2024 cycle serving you better.
We are at an important momentum giving several important processes happening. The UN Member States continue negotiating the global digital compact, aiming to have it agreed upon during the next year's summit at the future. The WHOIS plus 20 process which will take place in 2025 has already started active consultation process.
And it will mark a significant milestone of two decades of progress made in the implementation of the outcomes of the world's summit on the information society.
As a major outcome basis, IGF's mandate will also be part of this 2025 review and process.
An organised, strong and active technical community is critical, very critical for a safe, secure, unfragmented and interoperable Internet and this further means that it is vital for its various stakeholders to participate in all Internet governance related processes, including the IGF.
In my role as a Chair of the MAG, I invite you to cooperate and collaborate with us. Join us in working together for a strong IGF that stands for good, multistakeholder governance of the Internet. We look forward to your feedback and input today.
Thank you for inviting me and it's definitely my pleasure to be here.
DESIREE MILOSHEVIC: Thank you Carol, thank you so much for being with us and we really know what it's like being in a small island in the Caribbean with difficult Internet connectivity. So, we are very grateful that you bore with us. And just for the transcript, when you mentioned the 19th IGF, it came out as the 90th. So..
CAROL ROACH: We will get there. We will get there.
DESIREE MILOSHEVIC: With you in the driving seat. I would like to see, as the audience here and our community to see if they have any specific questions for you in terms of how the IGF is either evolving or ‑‑ so I pass on ‑‑ you have a mic here object you can come up or you can send a question in the room. Let's see if there is anyone coming up.
AUDIENCE SPEAKER: Thank you, Carol. I was at the IGF, I found it quite interesting and revealing, but I was also surprised that there was very limited, from my own perspective, integration between the technical community and the other stakeholders and we frequently the perception was a little bit like a conversation and I am wondering whether this is a perception that exists and whether there are plans to try to address it?
CAROL ROACH: That may be the perception because of how we are organised with regard to sessions. And if you have ideas or any suggestions to how we could improve this, we are definitely looking forward to it. Especially for online participants, we are quite aware that sometimes they feel like second class citizens and we don't want that. So, yes, we would definitely like more input from the technical community. The areas that we cover definitely we need your input. So, if the RIPE organisation could put together some thoughts and ideas, we would definitely try to implement. Thank you.
AUDIENCE SPEAKER: Thank you. Robert Carolina. I am general counsel with Internet Systems Consortium. Madam Secretary, thank you so much for your time and congratulations on your appointment. As you look forward to the next few years of engagement with the IGF, what, in your opinion, would constitute the continued success of that project? So if you were to think a few years into the future, what types of things in your mind would constitute evidence that the process continues to succeed?
CAROL ROACH: Excellent question. I am actually part of the government stakeholder group, and what I would really like to see more is the government side also participating and learning and being able to make proper decisions based on the inputs that we give. Governments tend to shy away when it comes to the thought of anything technical. So, besides getting the technical community more involved, I think we need to also reach out more to the judicial part of countries as well as to regulators, because we, as a multistakeholder group, even though we come together, we make issues, we come up with great policies, great plans, it's really up to the government to actually Institute them within the countries, so they are a critical stakeholder I think that we can engage with and that would be one of my focuses in the coming years.
AUDIENCE SPEAKER: Blake Willis. Thank you very much for attending our conference and presenting today, it's really appreciated.
To respond to the first question, the Internet Society helps organise regional and local Internet Governance Forum meetings in probably most RIPE NCC member countries, maybe not all of them, but if you are interested in participating in this process, I would encourage anyone in the room, if you are in the Cooperation Working Group, then the IGF meetings locally will be your thing. There's probably one in your capital city. So I have been doing it for a couple of years, pretty much since Covid, and it's been great. Thanks.
CAROL ROACH: I will look out for the next meeting. Sorry, I am trying to read the transcript because of the poor connectivity. So I might take a little longer to respond.
AUDIENCE SPEAKER: Jim Reid. DNS guys and various participants and all sort of strange Internet governance things from time to time.
I hope you can keep up with the transcription with my really bad Scottish accent because that will cause problems. I have really got a suggestion for you.
You talk about trying to have more engagement for the technical community. This may well be a problem in IGF setting because these big meetings take place in far away places, and it can be quite expensive, both in terms of time and cost, to send people from industry to these venues when it's maybe not clear what the business investment or the return of that investment might be.
So, maybe another approach might be to ask your participating governments to see what kind of engagement they do nationally with their national stakeholders, the nationalised peers, the nationalised Internet exchange point, and try and get a view through that that that can be pressed at IGF. It's just a suggestion, Madam Chair.
CAROL ROACH: Thank you. I'm writing that down.
DESIREE MILOSHEVIC: Thank you also. Seeing there is no other questions in the queue, I would like to invite each one of you to thank Ms. Carol Roach for being with us here today and participating with us. So thank you Carol, and good luck with the job.
As we are running a little bit late with the agenda, our next speaker is Romain Bosc from RIPE NCC
ROMAIN BOSC: Thank you. Hi everyone, so I am Romain, I am delighted to be on stage for my first RIPE meeting. I joined the RIPE NCC three months ago actually, I joined the public policy and Internet governance team.
And I am here on stage to give you a quick regulatory update on the EU.
So, I will try to be brief and make this presentation fit in 15 minutes.
So, I will go through short context and present a few trends that in my sense will shape the agenda for the next mandate. Give a quick regulatory outlook and present a few engagement persistence for us moving forward.
First and foremost, I might be stating the obvious here, but why engaging with the EU in the first place?
So, the Internet was initially envisioned as a borderless digital realm, but increasingly governments are pursuing their own digital agendas, building their own segmented Internet infrastructure and introducing their own standards and regulations.
What it means for the RIPE NCC, it means that we are operating in a complex and unstable policy environment with rising geopolitical tensions and regional conflicts, increasing fragmentation both on the technical and the policy side, inside and outside the EU.
The Internet is increasingly instrumentalised for political purposes. In order for us to fulfil our mandate as the regional Internet registry, we need to be more resilient in times of political, legislative and regulatory changes.
For this, we need to be part of the conversation with decision makers and we need to make our voice heard basically.
I think it's important to have in mind what has been driving the agenda in the current mandate and what might continue to do so in the next. The ambition to forge a geopolitical commission that is been a clear driving force and is having a direct effect on almost every aspect of EU policy making. Internally, in response to major crisis such as global warming, Covid‑19, the EU agenda has been focusing on fore storing the green and digital transition and building resilience.
It has a much more focus on the external action and the foreign policy of the EU. This is demonstrated by the intense activity and development in the area of economic sanctions and the promotion of international norms.
Then there is a new EU approach to economic security. There was a strategy published last June. The removal of critical trade dependencies has become an eye‑guiding principle and most policy proposals, including the EU's industry and digital strategies, really, really driven by this technology sovereignty agenda.
The EU is trying to exert more control on critical infrastructure and critical value chains and this is translating into a much more interventionist and prescriptive approach.
And finally, the new mandate will come to power following the EU elections in ‑‑ after summer next year. And one clear indication is a shift in focus from the policy inception and negotiation phase to the implementation, then enforcement and the review phases.
The reality is that the EU is pretty fragmented. We have a general lack of consensus on what digital sovereignty actually means, and what is the effect on competition and competitiveness. A clear case in point is the European Cloud certification scheme, where we see intense discussions and divisions among Member States.
There is also maybe a lack of consensus, so at least a lack of harmonisation on how foreign affairs and security matters are discussed and implemented. This is the case for sanctions again.
We can also expect some site turbulent elections, as the Dutch elections so revealed. We see a global trend towards basically traditional parties losing ground, rising smaller parties, rising contenders, and we can expect some new dynamics in the parliament and within the Council. Most probably the central right will be less prominent, which is quite new.
But, all that means for us, the RIPE NCC and the RIPE community, that we will navigate a more unstable, more volatile and unpredictable regulatory environment basically.
A quick regulatory outlook. I will discuss more in‑depth the sanctions in the Cyber Resilience Act, and I invite you to consult a recent article that we published on the RIPE Labs with my colleague if you want to access more detailed analysis on the other items. But indeed, sanctions is an important piece for us, the RIPE NCC.
The big news is that we received confirmation from the Dutch authorities that the Internet numbers, the Internet number resources and relevant trust anchorss are being exempted from the sanctions regime imposed on Russia. That means the RIPE NCC's restoring services for members and end users falling under the exemptions.
We also have an interesting paper that was published. Again you can consult on the RIPE Labs back in May led by an independent researcher, she is shedding light on the impact of sanctions on the Internet layers and operations. And on this basis, we are currently engaging with national and EU authorities. The EU is actually dedicating a lot of attention on the implementation of sanctions and harmonisations of sanctions implementation enforcement.
So we are now exploring long‑term solutions for all members across our service region.
Then the Cyber Resilience Act. I think that has been also discussed quite a lot within this Cooperation Working Group. It's an important file. It's actually still being negotiated and now there is the last ‑‑ potentially the last sessions to things are developing as we speak, so there is legislation common standards with products for digital elements. This regulation will apply to some of other services like RIPE Atlas. Again, discussions are still going on on how it would actually affect the free and open software community. We have been taking part in the response, in the public consultation, we have been reaching out to the MEPs in due time. We share the common concerns with the community about the scope, the disclosure obligations and some implementation time frames.
Well, what's coming next? Of course I don't have any crystal ball, but we see already again some trends, and there's been some hidden jems in the current strategy document that the Commission published. One is on the EU standardisation approach, where the Commission intends to enable the global leadership of EU standards promoting values. So that's quite an interesting one. The new so‑called strategies describing interesting wording on the creation of a multistakeholder governance process that will go beyond the remit of existing Internet governance institutions.
And finally, the recently published working programme, 2024, the Commission announcing a possible initiative on digital networks and infrastructure. That remains to be seen. And we will have a presentation following this.
What does it mean critically for us in terms of engagement? Well there is no silver bullet, but the main principles are, that we have to establish RIPE NCC and leverage its already existing position as a trusted source of Internet data and insight to educate policymakers on the functioning of the core Internet. We need to bridge the knowledge gap and share more evidence and technical expertise to inform the policy process.
And I'm here to actually facilitate this exchange and to provide a platform to engage with our community and the EU decision maker proactively and early on in the policy process. And this is how we mitigate persistent risks and challenges and explain the impact of sanctions and regulations on the Internet core functions.
So, that was it from me. Get in touch, please, if you are interested in Brussels business, I am the new Brussels guy, so don't hesitate to reach out to me and I will leave the floor to Innocenzo or take a few questions.
ACHILLEAS KEMOS: We will get to the questions at the end. Our next speaker is up now.
INNOCENZA GENNA: Hello. That's me. So, I would like to give you some information about what is going on in the future in the telecom framework at European level. So what can be the possible initiative from the Commission which will start the mandate tend of next year after the European election.
Just a short recap what has been done in the last five years with the current commission. The main work that's been done with respect to the Internet data and digital in general. So we had ‑‑ I'll just mention the most important piece of legislations, not everything. So we had the DSA and the DMA which has been dealing with the online platform. The data act which is trying to create a business for the data economy, not just data in general, Eidas about the digital identity and the Artificial Intelligence which is now still pending but maybe close to be completed by the beginning of next month.
The work on the telecom regulation was more marginal. Why? Because we already had a code which entered into force in 2018, which is made by the previous commission. So it was a time more of implementation, not of adoption of new roles. We have something new which is the gigabyte infrastructure act, Gigabit, which is an a symmetrical regulation concerning access to civil infrastructure. We had an assess recommendation which is less famous, but this is a way by which the Commission is pushing national regulators to deregulate the market. And then we had the hype, the first share, which I suppose you know very well, which has been been monopolised in the debate in the last 24, 18 months.
But overall result is that at this moment we can see that we can say in general we have a more balanced regulatory framework between telecom and the Internet. This is important to say because one of the most recurring claim which has been made by stakeholders and lobbyists was saying that the telecom market was too much regulated and the Internet, no. I would say that after the current mandate of the commission, we can say that there is a more balanced situation because you have much more roles applying to online platforms in general, and also with respect to the giant platforms, the ones which are considered the gate‑keepers, which is corresponding to what is an incumbent in the telecom market.
And on the other side we have time for regulation in the telecom.
I accept that these framework is not consistent yet because on one side we have a telecom roles which are very consolidated because they have a practice of at least 20 years, so the regulators knows very well what they are going to apply when they apply access to a telecom network. While, with regard to the new Internet legislation, well, they are a bit more complicated now because they are just entering into force, the practice is starting now. It will be more complicated to assess how to apply such roles on Amazon, for instance, and, for instance, how to oblige a Cloud provider to give access to some files, the host permits such files to be transported to another Cloud provider of making portability of the data, because if you want to create competition, you need the data to migrate from a data center to another, to a Cloud provider to another. This is very normal in a telecom network, so it's what we know the migration and portability of the numbers, very easy for data will be much more difficult.
I know I assume that you know very well what what is fair share. I don't need to tell you the story again because probably you heard about this in this event, also in other occasions. I just would like to remind you that this debate was really hacked in Brussels has been monopolising everyone, and why it did not succeed, for now.
Because, apart from the supporter takers who were pushing for that, which shows a big amount of big medium‑size telcos, the rest of the market was against, so small telcos, broadcasters, consumers, Internet community, the agency, and most importantly most governments. That is the point where the fair share failed because most of the governments were not convinced that fair share was something to be done. So this is why now it has been, for them being ‑‑ has been withdrawn from the agenda. It doesn't mean that it is completely disappeared, as I will explain to you but for the time being it is not any longer a priority in the agenda.
But I mention to you the fair share because it is connected to the future reform of the telecom framework. In fact, the two subjects, that have been announced together. If you go back to the speeches and interviews given by Commissioner Breton in the beginning of 2022 when he was announcing these possible remuneration way for telcos, he announced both fair share and a possible reform of the telecom framework. By the way also mentioned some very strange things about the code, because he was saying that the code, the current code for telecom framework was malfunction because it was concerning just ‑‑ it was conceived during the copper age. That's very, I would say, impressive to hear something from the head of the commission. Because everyone thinks everybody knows the current code is being drafted in order to close the copper and go into fiber for the GM and other networks. So somebody who is saying that he wants to revise a framework that he does not know very well.
So, then we had the European consultation, the explorative European consultation of this year regarding the fair share and the market in general.
And what is remarkable now, in the telecom Council they have learned the fair share has, been let's say, informally abandoned. It's been launched the idea, okay, to work on a new regulatory framework for telecoms, but the starting point is the ‑‑ are the same controversial assumptions. So, still the Commission is saying that there is a gap in investments to achieve the connectivity targets for 2030, there is a crisis in the telecom sector, there is too much competition, there are too many operators, why there is so much roles there, are many of the rules still there and what are, are they useful? Okay, it's not everything in the mind of the Commission, but those are all the arguments which were in the background of the fair share debate. So they failed for the fair share but they are now still there for the reform of the telecom framework.
At the beginning when we were talking about ‑‑ talking about this reform and the name was telecom act. So it was very ‑‑ the focus was telecom sector in general, and the main was fair share. Then when something changed because of the government explained to Breton that they were not really supportive of this reform, the agenda has changed a bit, even the name, because you know changing the name to the things makes up you do something completely new. Now we don't have a telecom act in the pipeline any longer, we have a digital network act. I mean what is the change in that? I mean as far as we know, this DNA will be a hypothetical reform, it will be launched next year by the next commission which maybe will take time, so you're talking about 2025, because the next commission will take ‑‑ will enter into force in the end of 2024, so it will take time to start to propose a new bill.
This will be anticipated by a white paper, which will be prepared by the current commission, which will lay down the possible reflection, and possible proposal, and analysis for problems in the market and in the ambition of the current commission, the next one should start a new proposal on the basis of this white paper.
Of course this is not mandatory because the next commission is not bound by the current one. But normally there is a kind of courtesy between different commissions to say okay, the starting point is what we have as a legacy from the previous one. As far as we know the DNA will focus in part on industrial policy, in part on regulation. Industrial policy will be about submarine cable and then investment in smart networks and Cloud. The regulatory policy will be about how to incentivise with roles, investment in the telecom sector, how to increase consolidation between operators, so merging, and how to create a telecom single market, so not just any longer 27 national markets but just one. Then a review of the current code, the one which is old‑fashioned. And then what I name a long tail of fair share. So what I expect is the fair share saga for the time being has ended but do not exclude some small details will happen, especially when you are going to revise the code.
As regards the regulatory core of the DNA, so not the industrial part but the regulatory part. So the main discussion is if I listen to the current pronunciation of the commission is, like I say, is there is too much regulation or competition. For me, it is a fine questions, because it doesn't matter whether there is too much regulation or competition. What matters is that you achieve the objectives that you want, that you want connectivity, you want affordable services for everyone. This is what you should be looking at. Then if you achieve it with too much or too few regulation, in my opinion, it doesn't matter. But, the debate, if you come to Brussels, will be: Is regulation too much or too few? Is there too much competition? Are there too many operators?
Then the other case which is whispered, not screamed, is about are mandatory rules still fit for purposes? This is the kind of discussion that no one really wants to make clear, but this is the discussion, because many stakeholders are saying quietened up with a fair share debate because the rules are not fair because they are creating an advantage for some and not for others. But consider that there is no political margin to change the current neutrality framework because no one will ever support for a change. But neutrality rules are not rulings, they are principles. There is a lot of margin of operations. Because in neutrality rules they want to give freedom of choice to users and when you are talking about freedom of choice, you have a lot of interpretation there. So do not expect the rules to change, but do expect some theories about different implementation to occur especially when we are going into a 5G environment.
And then the case about there are too many operators. For me it's still a silly case because what really matters is are the operators providing the services you need? Yes or no. That's what should be the case. So too many, too if you... but this is one of the cases which are there.
So, we are going to face a deregulation of the telecom market. Deregulation means deregulation of access roles, which means it's more and more difficult for operators to get access to networks to others. So the principle will be about commercial agreements. But if there are no consents on commercial agreements, the rules will be less effective. So this will be a change in respect of what happened in the last years where you had a regulated access to networks a bit everywhere.
There will be a request for relaxation of antitrust rules for merging, but it's just an omission because antitrust authority are independent. You cannot force by way of regulation. Any trusts authority to do something given. And there will be requests for consolidation with a reduction of operators in the market.
Then, what I imagine as the so‑called fair share long tail, even if the debate is going to become less prominent ‑‑ debated let's say ‑‑ there will be not that conferences and big status on the matter. Since there is the intention to revise the code and there are some rules in the codes that concern inter‑connection, I would expect somebody to appear to say we we have to start to revise the way inter‑connection works in roles, so how to define a network, a public network, who has to be obliged if you are a content provider and so on. And it's something that could appear at a certain time and may have an impact on the the peering market, because a peering market are then completely unregulated from the point of view of negotiation.
Then what I would expect is there would be discussion about how to apply neutrality rules that would remain formally valid and binding and then there may be some pressure to say that in a different environment, there must be apply different, which is a legitimate case, I'm not against. But just follow this debate.
Thanks. I tried to stay in the time. Maybe I did it. And I'm ‑‑ I am available for questions now or later if we are here in front of a drink. So...
ACHILLEAS KEMOS: Thank you. Any questions?
AUDIENCE SPEAKER: Blake Willis from Zayo. First, I had a question for secretary Roach if she is still online? I thought that this was ‑‑ okay, anyway...
I had understood that it was general questions. Anyway, please keep going. Will I continue then?
My question was: Given the recent disruptions of sub‑sea cables in international waters potentially by state actors, presumably that would fall under the UN laws of the seas and I was wondering if there was any policy or other activity or discussion in this regard? That's to Secretary Roach, sorry. I can ask another one if you need to come back.
DESIREE MILOSHEVIC: I am going to ask you to maybe wait and post this question in the chat and we may be able to get an answer in the Q&A section. We understood you had a question for this speaker, so, therefore, if you have no questions for him, please just resend the question to Carol in the chat room.
INNOCENZA GENNA: I can reply that in the Digital Act there is attention to the submarine cables and with respect to all the value chains, so creation of the cable, insulation, maintenance and preparation. Because there is the awareness that there are very few skills, let's say, in Europe in order to make this. Apparently what I heard, there are only three boats in Europe which are able to repair submarine cables, and this is a strategy issue, which is okay in the agenda of the commission.
ACHILLEAS KEMOS: If I may add to what you said because you had referred in your presentation about the learning forming capsule, it was something raised by the Member States there and next we are going to have the normal Telecom Council in Brussels, so maybe there's going to be more there about this issue.
AUDIENCE SPEAKER: Peter Koch. Not an ISP actually. On your presentation on this Digital Networks Act, so first this smells like the EEC repackaged as a regulation rather than a directive. Could you elaborate on that? Because that might have some influence also on smaller ISPs which are not necessarily covered by their domestic transposition of the EECC but may be affected here. So that for this Working Group there might be some work to do at least in terms of when is raising and dissemination and making statements or something. Thank you.
INNOCENZA GENNA: This is a possible development because if you look at most recent piece of legislation which I mentioned, they are in general, they are regulation and not directives so that they are directly applicable and Member States, they can negotiate the text but then the implementation becomes something not necessarily longer because the rules are directly applicable. So this is why the gigabit act has been directed and previously ‑‑ and it's going to replace a directive which was focusing on the same subject.
You can expect a possible development also for the code. Although the code is very extensive piece of legislation because it deals with many areas from authorisation to universal service to cybersecurity, so what you could expect is if you are going to reveal the code, it can be somehow dismantled in the way that part of it will remain a directive, part of it will become a regulation. But normally it should be a long process, because although the current commission wanted to accelerate the view, that's what Breton wanted, the Member States were against it, so we will review the code according to the ordinary people. So it means it will have to start in 2025, as it was provided in the code itself. And of course, the possibility to turn it into a regulation, it will be an option, and a possible option if you look at what has been done until now in the recent legislation.
PETER KOCH: Thank you. Maybe one question in particular. Again on the scope. There might be a couple of ISPs small enough to not be covered by the telecoms regulation, but do you foresee the network act then being more ‑‑ and we have seen that with this directive, NIS 2, for example, covering more and smaller entity, so would you suggest that even smaller ISPs get alert and follow this? And the Working Group might help in spreading the news there, relying on your contributionings of course.
INNOCENZA GENNA: In general I see that the cybersecurity rules are expanding. So if you look at the way it's been developing, they are expanding to, I mean to Internet exchange, to any kind of a critical infrastructure and banks and so on. I would say that ISPs, they should be really small not to talk about this legislation.
ACHILLEAS KEMOS: Thank you. Niall, you are on the queue:
NIALL O'REILLY: There are about three different buttons you have to click. I have something I wanted to say to Romain, if that's all right? It's simply to welcome him on board and to his first RIPE meeting on behalf of Mirjam, the RIPE Chair, and myself. Mirjam is busy in the other parallel session. And to say that his task is important for the whole RIPE community and beyond the operational needs of the RIPE NCC. And that I look forward to seeing him from time to time and also to his contributions either on the Working Group mailing list or on RIPE Labs, which will be for the benefit of the whole community. That was it. Thank you.
ROMAIN BOSC: Thank you, Niall. I can only concur and say thanks for your welcoming words, and indeed it's a good timing to engage in Brussels and I'm looking forward to our future adventures.
ACHILLEAS KEMOS: It is a pleasure to find a general man after ten years that we were colleagues in Brussels, and I hope that you are going to be permanent there, much more staying there than we had for sometime before.
So maybe now Ignacio. And we have the pleasure also to announce Ignacio because he is also a fluent Greek speaker, so it doesn't happen very often but the floor is yours.
IGNACIO CASTRO: Thank you very much. Hello everybody. I am assistant professor at Queen Mary University and I am going to be talking about pretty much the same topic that has been covered today.
If you were in the Plenary on the first day, you probably remember the violence of Randy Bush made the statement that the Internet has become a critical infrastructure. And the stakeholders that are the and the civil society are there and they are going to become more relevant. That's precisely what I want to talk ABOUT. I want to talk about what are the potential ways in which we can bridge the gaps that exist. Those gaps are a challenge.
I think as a community there is one that I think this we do very well. Very, very open and transparent and we are proud of it. However, I think we frequently confuse open with accessible. We have really not very accessible. We are very open but the volume of information that is there does not make things easier. We have very long processes, VERY communication intensive, talking about arcane, complex, unusual, technical issues. Most of the people outside of technical area cannot follow it. I can guarantee you anyone outside of the technical community doesn't know and frequently doesn't care and sometimes they don't care because they don't know.
We produce a huge amount of data. And I am going to be talking about how we can leverage this data to provide information that can be consumed by others to help bridge these gaps. I am going to be talking about the standardisation, but I think this applies more broadly to a technical community.
Why I am going to be talking about standardisation. Well, standardisation is kind of useful for this purpose because the Internet needs to be interoperable. In order to be inter‑operable we need to see room in the same mailing list and we need to have conversations about how do we solve common problems that are inter‑operable. Even if you don't know what the Internet is for, which I presume most of us know, this is very simple. Lots of people trying to solve a problem that needs to be compatible roughly with with everyone. In the process of doing this we have lots of e‑mails, minutes and participants and we have them from before the first packet was ever sent.
What can we learn by looking at that massive amount of information? We can learn the dynamics of the standardisation forums, evolution of the Internet, regulatory challenges, competition suss else, innovation cycles, security threats. I am going to be talking about the first one.
Let me start by this. What we found is that conversations have become much more complex, publishing a standards has become increasingly difficult and at the same time, influential minority has emerged. This is all about the IETF.
So, let me start with influential minority. What do I mean by that? I'm not going to get too much into a nitty gritty of it but the way in which we look at it is with look at the mailing list and calculate between us which is a metric that is commonly used to infer influence. And what you can see here, is that this is the people that are more influential and towards right you have the people that are less influential. What you can see is over the decades the people that are more influential have a bigger share of authorship of the drafts that are produced at the IETF.
You can also see how again the more influential people cover more RIRs. And if you follow a little bit what has happened on the Internet it makes sense after the revelations we had add add layer of security to everything. That meant that most of the conversations need to have someone from the security area. So, generally, what has happened is that the people that are more influential seem to be able to bridge over multiple RIRs.
So, we have an influential minority that dominates creation, discussed more areas and we have discussions that are more complex. What you can see here is the number of participants in blue. And you can see how it started to decrease around 2007. But you can see at the same time, how in red, the number of e‑mails has remained roughly stable. The IETF has become really chatty. It's not that it wasn't, it has become more chatty. That's not the only thing. I am not showing that here but I have it on the papers. The areas have ‑‑ the discussions cover more areas, more drafts are references. This means if you want to be part of the conversation you need to be aware of a lot of drafts that are relevant to that conversation. You need to know about security and at the same time about routing, and just makes the conversation more complicated.
As a result, probably or related to that it has become much harder to publish. What you can see there is the number of days from the first draft to the publication of an RFC. It does increase. It triples over ten years, sorry over over 20 years. The number of days that it takes to create ‑‑ to publish an RFC has tripled.
The number of drafts that are produced in the process, has also increased. It has doubled. I mean, what all this means is that this is becoming really difficult, it's becoming very time‑consuming, it takes longer time, so you need to participate for longer, you need to be aware of more drafts, more affiliations are involved, different cultures, different technical RIRs, different authors.
So, what's going on here? We have an influential minority, complex discussions hard to publish, just an influential minority taking over the IETF. Well, not really. We looked into that and basically what we found is that they seem to be facilitators. Like, it has become so complicated that we thought that Surba that, they can help navigate the process. It just seems to be quite difficult for things to go forward. So what he did is we annotated a bunch of e‑mails, quite a few I don't remember right now the numbers. But quite a few, and what you can see is that the influential and less influential people have very different type of communications. So more influential people are more responsive, have more concise communication style, make more decisions, propose more actions and we also check a few other things which seem to reinforce this idea that there is a class of facilitators that are helping the process because the process has become very complicated.
So, we have been looking at this extensively and you can see all these figures in the papers in the project that I did with the University of Glasgow and we have also a research group in the IETF about research analysis of the standardisation processes where this kind of studies are being discussed and promoted.
And that's pretty much it. And I am very happy to take any questions.
AUDIENCE SPEAKER: Leslie Daigle speaking for myself. I don't know if one of these papers would actually have more of a science behind this to explain a lot of what you are articulated were oral collations but you implied causation. So for instance, the fact that there was a group of people that are both influential and writing all of the documents doesn't mean that only influential people write documents but perhaps writing documents makes you more influential.
IGNACIO CASTRO: That's absolutely right. This is my just personal interpretation. What I saw here at correlations and the correlations and they are the interpretations are actually way more complicated. And I think that everyone here probably has a slightly different opinion, but from the feedback that I have got, it seems to be quite aligned with the perception of many people. But again, the facts is what I saw. The rest is my interpretation.
ACHILLEAS KEMOS: Any other questions? No.
DESIREE MILOSHEVIC: I also have a question, if I may. If you go back to the slides, the blue ones, where you have ‑‑ yes, that one, stated decision. I just wonder whether you could a little bit explain what is meant by that?
IGNACIO CASTRO: That means that someone declares that decision on something. So, we got link wishes to annotate the segments of the e‑mail so the e‑mails is chopped up into different pieces and several annotaters notate them individually. Some of them are tricky, some of them are more obvious to decide and for some of them it was difficult to get agreement between the annotaters, so they cap a score which is used for some things was very good, for other things it was tricky. Also if you have participated in these conversations you might be well aware that frequently the decisions are stated in a very tacit way under these agreements as well, not necessarily stating a disagreement, but sometimes possessed in a question that diverts the coverings into a different direction.
DESIREE MILOSHEVIC: Thank you. It's a very packed presentation. And I thought maybe you would have taken us through each of it. My last question is, because you have been researching this, is what do you think are the solutions? Is anything coming up to the surface when you mention complexity of the work and also the complexity and the number of things that one needs to know. How could young people get involved? Are there any solutions coming up to the surface? .
IGNACIO CASTRO: I think that part of the problem is natural. People in Wikipedia for example have found similar things. The first time that you solve the problem of routing, you can pretty much publish anything once BGP is there it's very difficult to publish the second BGP. So as we have solved many of the problems that we have, many of the new things are really difficult to fit. And they are very interdependent with the rest. For example, if tomorrow quantum computing was to be a new thing, maybe the conversations would be more open and there would be less dependencies because it's something completely new. So it probably depends a lot on what we're talking about and it's also true that innovation goes in cycles. We find a problem, we find a solution. And then things come down and then a new problem emerges and new solutions come and drops come like families. If you think about DHCP streaming for example it's a whole family of standards that writers and once we sort it out, the rest was frequently slightly marginal, not meaning that's not important, but it just fits a smaller niche.
AUDIENCE SPEAKER: Robert Carolina with ISC. Thank you for your presentation and I apologise because it's a lot of information to take in and I am trying to understand part of what the impact of the data is.
First, is it a fair interpretation of your data that the process of standards adoption at the IETF has become a much more resource intensive process? Because you are talking about much longer span of time to adopt and much greater degrees of communication? And if that is a fair interpretation, does that suggest any type of a cautionary note or any kind of a warning that the standards process might devolve into what we, I suppose you might call, a standards making oligopoly, one which can only be influenced by those who have the support to dedicate the resources to the process?
IGNACIO CASTRO: I think that's a challenge that standardisation bodies will face, in particular as a technical solutions are proposed in areas that are very well covered a lot of dependencies exist.
AUDIENCE SPEAKER: Just to follow‑up. Do you see any evidence in your data of such an oligopoly or any evidence against the existence of such an oligopoly?
IGNACIO CASTRO: As I replied to the first question. I see clear correlations, the interpretation is way more tricky and I would be wary of making them. I think that one thing that would be needed in order to address that would be to look at the specific drafts or families of drafts, or periods in the lifecycle of innovation area. And probably you could see that, there was ‑‑ if quantum computing is a thing, a lot of standards are imposed the freedom to publish is much bigger, and the amount of stakeholders is probably smaller because not that many people is expert to talk about it and therefore the conversations evolve faster. If you try to, as I was saying for example, something related to BGP or I mean IPv6, 20 years talking about it and we are still there, it's way more complicated. So I think that in order to answer, to try to answer that question, we would need to categorise different families of standards and different periods in the lifecycle. But I think it's a risk.
REMCO VAN MOOK: Thank you.
AUDIENCE SPEAKER: Rudiger Volk: Well, what I am hearing and what I'm looking at is the message, well, okay, this is all getting more heavy weight, more costly and so on. And kind of, my observation is there is a process called entropy and that certainly also goes into the systems we are operating and the standardisations and so on, and kind of, that is inevitable.
The question that comes out of that observation is: Well, okay, can we get an understanding of how much of this is inevitable and how much is actually contributed in excess of what is kind of naturally happening? My observation would be, oh yes, there is lots of stuff that is not really necessary; and of course, in an open environment, there is essentially no way of controlling the ongoing process towards simplifying and limiting. The openness means that, well, okay, everybody can show up and even if they are not in the influential circle, they may gain traction where it would be better well if, okay, it was contained.
IGNACIO CASTRO: That's a very good point and I completely agree. This is an open process and it comes with advantages and disadvantages. And the fact that maybe there are conversations that we think at this moment that are not needed might not be necessarily true. Actually retaining expertise and retaining a sense of community and being able to establish links between different people, industries and companies is something very valuable that is not here and we cannot measure. And there are many things at the time were not that useful and then suddenly a few years later, that becomes actually a solution for a problem that was just waiting for it. And there are several messages that I want to deliver with this. One of them is that these are the trends that you see by looking at the data. Interpreting them, as I say, is very difficult. But, what this means is that for external actors that are not part of the technical community, this is madness, it's impossible to know what's going on. I have been talking about some regulators they tell me I want to be aware of what's going on because it might affect me. And sometimes I might affect them. But I don't have enough expertise and enough people to put boots on the ground and follow all these conversations. And they were actually interested in this type of analysis because it's just a way to have a rough idea of which things they should be looking at. But I think that more generally all these wealth of data that we produce has a value and we are not leveraging that value and I think that they as a community we should focus on doing that and not just on being open and transparent, which is very good, but it's far from enough.
ACHILLEAS KEMOS: Thank you, there is a question also from the chat ‑‑ from the net. Avri Dora who is asking: "Will be discussed in the details in the RSP IETF research group?"
IGNACIO CASTRO: We discussed a lot of this, I have also presented this in the Working Group as Chair forum, and in the ISC. So, yes, this has been discussed on the ISG, has seen all these results and they were actually quite interested in ‑‑ I mean, it's a bit of having like x‑rays of our community. It doesn't mean that you see everything through the x‑rays but you see some of the trends and the shapes that are happening. Some of them might be debatable, some of them you might have ability to steer.
ACHILLEAS KEMOS: Okay. Thank you. I also have a personally a quite provocative question. I mean, you have demonstrated that the process is getting more and more complex or somehow more difficult to follow. If then you have an actor that is heavily subsidized and puts massive resources on it, could he somehow hijack the whole process?
IGNACIO CASTRO: Potentially, yes. Practically, it's a bit more tricky. But I think we are all aware of companies that can put a lot of people in a room and steer things in one direction of or the other. Yes, probably you can and actually we are now looking into the affiliations which is a bit tricky to infer the affiliations from the different people and we also want to look at the overlaps with something, at the end of the day, the whole point is that this represents the stakeholders. In some cases it's not that many and therefore they have a greater ability to establish their view.
AUDIENCE SPEAKER: From what I'm observing in IETF, I would say well, okay, hijacking the old process does not happen, but a lot of the unnecessary complexity is introduced by small interest groups injecting ideas and technology it is really not necessary.
IGNACIO CASTRO: Just to add, you also have cases where a draft gets back at home and is brought to the IETF for rubberstamping to some extent and of course if you have something that is already very solid, it has been discussed and very polished, it's way more difficult for people that have not been exposed to it to disagree or influence it and you might have an RFC that has become because people had the capacity and the ability to push it forward. But I mean this is an open process and it's almost impossible to prevent it, I think. Maybe we don't want to.
ACHILLEAS KEMOS: Thank you very much. Now we move to general Q&A please.
DESIREE MILOSHEVIC: So, with that, I think we would all like to thank you for your participation, your questions and being with us, and we would like to give you back your 15 minutes and go for an early break because there is no more questions. Thank you again and we will see you on the list.
See you online. Thank you.