Roundtable on (Cyber)Security for stakeholder inputs to GCCS2017

Roundtable on security
Internet Society India Chennai Roundtable for stakeholder inputs to cybersecurity policy

The Internet Society India Chennai  Round Table for Stakeholder inputs was held on the on October 22 at The Raj, Residency Towers, Chennai during 6-9 pm. This event on 22nd gains added importance as an event that was  organised as a Preparatory event to the Global Conference on Cyberspace to be held at New Delhi, as a High Level global diplomaticand policy event later this year.

The Round Table topic goes well beyond Internet Security, and broadly and loosely examined how Internet Security measures spill over to everyday life and how various security concerns, valid and real, sometimes translate into restrictions that alter the way we live our lives. The intention has been to see if diverse view points could contribute to Security design and help evolve good Security policies. The session was open for remote participation and recorded. The recording of the session is accessed from the link below:

Roundtable for stakeholder inputs to Cyber(Security)

This Roundtable event was in follow up an earlier Roundtable event during an ISOC Chennai DNSSEC/KSK rollover policy session at GRT Grand Hotel aur earlier event during June at Chennai. The Report on July 9, 2017.  A writeup based on the June event was sent to the Internet Governance Forum (IGF) Best Practices on Cybersecurity as inputs and attached below for context.

Reference Documents from the earlier (July9) event: (links below)

Internet Society India Chennai Response to the Questionairre from the IGF Best Practices Forum on Cyber Security

Report on Internet Society India Chennai Roundtable on the policy aspects of Cybersecurity:

Internet, Internet Governance and the Stakes

We organized a round table event with a select list of 25 participants at Residency Towers on 22 October to discuss the broader policy aspects of (Cyber)Security. Prior to this event, on invitation from NIT Calicut Alumni (Chennai Chapter) we had a conversation on “Internet and Internet Governance and the Stakes”

The link below points to the recording of the one hour session with the Chennai Chapter Alummni of the NII. Please follow the link to watch the event.  Our voices sound  a little different due to a recording error.

https://drive.google.com/open?id=0BymSF9LysHAKR3pTSU13VjY0MGc

Pre-event to a preparatory event: Oliver Crepin-LeBlond and Sebastien Bachollett at an ISOC India Chennai event with the Chennai Chapter of NIT Calicut Alumni

Y2K20: Opportunities in design and testing for freelance application developers, small IT companies, medium, large and huge.

It was not uncommon to find the earliest of the Web Application Developers to assume that all domain names would end in .com, all email addresses would follow the format @xyz.com. While developers took into account newer domain names such as .info in due course, most continued to design applications to accept Domain names and email addresses in ASCII just as software developers in the 80s assumed that it would be unnecessary to have any more than two digits to denote the year, which led to the famous Y2K issue towards the year 2000.

y2k20
Imaginary logo of y2k20, a name that does not exist

Now there are new Top Level Domain Names (such as .family and .game) and Internationalized Domain Names (in various native non-ascii scripts of India and the world, such as .??????? and .???? (I typed India in Tamil and Devanagiri, displays here as ???) as well as Internationalized email Internet Domain Names that would allow users to have addresses in their native scripts.

If a browser or a form in a webpage limits acceptance of domain names or email addresses with a rule such as “a domain name must be in English and end with .com, or .net or .org” or “an email address must be in English or numerals” then it is archaic.

It is a problem far larger in its dimensions than the Y2K problem of year 2000 which kept the IT community of the entire world talking. On this problem of “Universal Acceptance” there appears to be inadequate attention to the problem in global public interest as well as to the commercial opportunities it presents for enterprising Developers and Corporations. This might emerge to be a huge commercial vertical in itself in view of the Design changes to be brought about and in terms of the testing requirements. #Deity #NASSCOM #WIPRO #TiE #TCS #Cognizant (If you are from a different country, please feel free to rewrite this post to suit your country and publish it. This post is not copyrighted.)

For more information, follow the publicly archived, transparent discussions in the IETF forum, at ICANN and at the Internet Society on this issue. You could also write to isocindiachennai (At) gmail (dot) com for additional pointers or any clarification. Or ask your Executives at a higher level to take part in ICANN meetings that are open and held as multi-stakeholder global meetings. And also join the Internet Society India Chennai Chapter. Such participation would lead you to positive involvement in the global Internet and also connect you to business opportunities not only in the y2k20 (there is no such term, the term is coined to describe the issue and the opportunity) but also in DNSSEC, IPv6 transition, Internet of Things (IoT) and new gTLDs.

What does the phrase “Universal Acceptance” mean?

“Universal Acceptance of domain names and email addresses” (or just “Universal Acceptance”, or even “UA”, for short) means that all apps and online services should accept all Internet domain names and email addresses equally.

Universal Acceptance is an important concept these days because the Internet is changing. One way that it is changing is that addresses no longer need to be composed of ASCII characters. (ASCII characters are the 127 Latin-script letters, numerals and punctuation marks that are dominant on the Internet today. All the characters in this document so far have been ASCII characters.)

Most people on earth are not native speakers of languages which use the ASCII characters, so moving from a character set limited to 127 characters to an alternate which can support more than one million characters is essential for those people to fully use and benefit from the Internet. This alternate is called Unicode.

Another way that the Internet is changing is by allowing lots of new domain names. Not only are there simply more of them, but some are longer than any of the older domain names and many of them use the same Unicode system mentioned above.

Note: “Universal Acceptance” is sometimes confused with “Universal Access” or “Universal Accessibility”; those phrases refer to connecting everyone on earth to the Internet, and to building Internet-connected systems for all differently-abled people on earth, respectively. Universal acceptance is limited to domain names and email addresses.

A special group called “Universal Acceptance Steering group (UASG) has been created to work on issues related to Universal Acceptance. UASG doesn’t work on anything else (e.g. Universal Access or Universal Accessibility).

How does an app or an online service support Universal Acceptance?

Software and online services support Universal Acceptance when they offer the following capabilities:

A. Can accept any domain name or email name as an input from a user interface, from a document, or from another app or service

B. Can validate and process any domain name or email name

C. Can store any domain name or email name

D. Can output any domain name or email name to a user interface, to a document, or to another app or service

Unfortunately, older apps and online services don’t always offer those capabilities. Sometimes they lack support for Unicode; sometimes they make wrong assumptions about new domain names, or even assume they don’t exist. Sometimes they support Universal Acceptance in some features but not in all.

How can Universal Acceptance be measured?

Universal Acceptance can be measured in a few ways.

1. Source code reviews and unit testing

2. Manual testing

3. Automated testing

#1 means inspecting the source code and verifying that only the correct programming techniques, software libraries and interfaces (AKA “APIs”) have been used, then verifying that the app or service works by testing against specific test cases for the capabilities A-D listed above. #1 is only practical for app developers and online service providers.

UASG is reaching out directly to the community of app developers and the largest online service providers to encourage them to perform source code reviews and testing to determine the level of Universal Acceptance in their offerings. UASG is also providing a list of criteria which can be used to develop test cases for the capabilities A-D listed above.

#2 can be done by anyone, but it’s labor-intensive. Examples of #2 would include submitting an email address when registering for an online service and verifying that it has been accepted. Since there are lots of potential online services to sign up for, and lots of potential new email address combinations, one must pick and choose which combinations of app, services, email address and/or domain name to test.

UASG is developing a list of top web sites, apps, email addresses and domain names suitable for testing.

#3 requires up-front technical work, but is more scalable to large measuring and monitoring efforts. An example of #3 is the recent gTLD investigation performed by APNIC on behalf of ICANN. <http://www.potaroo.net/reports/Universal-Acceptance/UA-Report.pdf >

UASG is investigating methods of automated testing for Universal Acceptance and will share these as they are developed.

Internet Society President on engaging Global Multi-Stakeholder Community on Internet Governance

This blog post by the Internet Society President Lynn St.Amour on Internet Governance issues is intended to share background with and invite comment from the Internet Society community on how we might strengthen the Internet governance model central to the Internet’s success. Of course, as always, I encourage and look forward to input more broadly, so I welcome input from anyone who shares our vision for an open and global Internet, and a vibrant and engaged community to support it.

As I mentioned in a previous blog post, there have been many developments since the Montevideo statement, in which I* leaders agreed to catalyze community-wide efforts towards the evolution of global multistakeholder cooperation.

As the community’s discussion and the pace of developments continue to accelerate, including at the Buenos Aires ICANN meeting, now is an opportune time to consider opportunities for moving forward.

The path to where we are today

Shortly after the I* CEO’s met in Montevideo, a meeting in Brazil on Internet governance emerged—and was confirmed this week for Sao Paulo on 23-24 April 2014. At the Internet Governance Forum last month, numerous meetings were held with individuals from Industry, Civil Society, governments, I*, and others in order to assess what might be done to catalyze cooperation in evolving, and strengthening multistakeholder Internet governance arrangements. Since then, a mailing list has been launched at 1Net. This has sparked further discussion in many communities about what, exactly, 1Net ought to be.

Opportunities for moving forward

And, this is where we all play a role, as our collective experiences can inform that exploration. Speaking personally, fostering successful multistakeholder engagement and dialogue requires broad engagement, and it takes time. The result of this shared investment of time and effort are sustainable efforts that effect real and positive differences for the Internet and in the world.

For example, our experience with the World Summit on the Information Society (WSIS), the Working Group on Internet Governance (WGIG) and, of course, the IGF provides an important perspective. The Internet Society was asked to participate, and was represented by Daniel Kaplan from the French Chapter, in the initial discussions in 2001 that led to WSIS and ultimately the IGF. For the past seven years, the IGF has been a key forum for bringing people together. Today, the IGF encompasses not only the global meeting, but also regional IGF events around the world. The breadth of the community the IGF convenes around Internet governance is remarkable.

The Internet Society itself has grown and evolved significantly over the past two decades. In fact, we just welcomed the Paraguay Chapter of the Internet Society as our 100th Chapter, and we now have nearly 150 Organization Members. Together our members and Chapters are very active in policy and development as well as technical matters at local, regional, and global levels. Together, we have all done amazing work to build and strengthen the open, global Internet. Their work, and the work of organizations throughout the Internet ecosystem, has informed a framework that provides a way to understand and highlight the distributed, collaborative stewardship that is the hallmark of the Internet’s success, and how the challenges it faces are addressed.

You might ask, as 1Net is to be a dialogue on global Internet governance, does it stand alone? Does it work alongside or through the IGF and related processes? Or, you may be wondering how 1Net and Internet Society fit together?

Whatever you believe, we would like to have a discussion here, as ISOC Members, in order to inform the 1Net evolution. How can we, as a community, best strengthen Internet Governance cooperation across the world, for all?

Of course, we are all invited to participate in the 1Net discussion directly.

All of us in the Internet Society, look forward to hearing your thoughts, so please do share them.

Google Glass: Augmented Reality

Project Glass by Google
Google Project Glass: Wearable Computing

On Wednesday, Google gave people a clearer picture of its secret initiative called Project Glass. The glasses are the company’s first venture into wearable computing.

The glasses are not yet for sale. Google will, however, be testing them in public.

The prototype version Google showed off on Wednesday looked like a very polished and well-designed pair of wrap-around glasses with a clear display that sits above the eye. The glasses can stream information to the lenses and allow the wearer to send and receive messages through voice commands. There is also a built-in camera to record video and take pictures.

The New York Times first wrote about the glasses in late February, describing an augmented-reality display that would sit over the eye and run on the Android mobile platform.

A video released by Google on Wednesday, which can be seen below, showed potential uses for Project Glass. A man wanders around the streets of New York City, communicating with friends, seeing maps and information, and snapping pictures. It concludes with him video-chatting with a girlfriend as the sun sets over the city. All of this is seen through the augmented-reality glasses.

Google Project Glass
Project Glass could become Project Contact Lens

Project Glass could hypothetically become Project Contact Lens. Mr. Parviz, who is also an associate professor at the University of Washington, specializes in bionanotechnology, which is the fusion of tiny technologies and biology. He most recently built a tiny contact lens that has embedded electronics and can displaypixels to a person’s eye.

Project Glass is one of many projects currently being built inside the Google X offices, a secretive laboratory near Google’s main Mountain View, Calif., campus where engineers and scientists are also working on robots and space elevators.

From New York Times