Sixth Annual Meeting of the Internet Governance Forum
27 -30 September 2011
United Nations Office in Naiorbi, Nairobi, Kenya
September 29, 2011 - 09:00 AM
***
The following is the output of the real-time captioning taken during the Sixth Meeting of the IGF, in Nairobi, Kenya. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.
***
>> The Russians and Chinese, I think it was Turk and one other of the Stanes. Can't remember, but China ‑‑ I'm sorry. There was someone left that was pretty important. They've ‑‑ they're put something on the agenda, I think number 93 for the assembly about, ah, ‑‑
>> [INAUDIBLE]
>> Just on the most sensitive.
>> I didn't.
>> Yeah.
[Laughter]
>> Um ‑‑
My understanding is there were quite a few references to something called a compact. So I think it maybe interesting to, um, and I'm still ‑‑ in the interest of time and the technical challenges we are dealing, I will suggest on after your contribution, we close it for today and also participate in the workshop to the other room then. So please ‑‑ (no sound)
>> Ladies and gentlemen, we are ready to start. Okay. Welcome and thank you for joining this workshop on the governance dimensions on the internet of things. I am from the ‑‑ I am very thankful to have a very excellent participation most penniless and also, you know, the audience now. I hope we have a very active discussion. We have a lost speakers in the program. We want to keep the statements as cons traded as possible so it will have more time for discussion but in particular some very basic questions and the definition of the concept so it is still a limit bit mysterious what the Internet of things as you compare the Internet we know from our daily experiences. We have rearrange the presentations and I think very thankful we have not only the European Commissioning on the table, but all U.S. Department of Commerces. We have two government at perspective and our idea was to say it is probably good to hear first, you know what the governmental approach is to this Internet of things and then we will present very briefly the results of this research and then they will start to discuss and Patricia and then we'll get the perspectives. Patrik Faltstrom is not here, but Scott replaced him. I hope we have a really active discussion. Then Catio may be online. Tomorrow is a meeting of the Internet of things and so he could not make it to Nairobi. He's in process and we'll have the power point presentation here, but we will wait and see how this will work. Megan Richards is here and the department has done a lot of work. It is interesting to hear what you have to say.
>> MEGAN RICHARDS: I am going to show and trying to organize 27 different member states and going in the same direction. Some of the people refer to this as herding cats. It is not always easy, but I think in the case of Internet of things, we have as you said made some progress and there is a lot more to be done. I would just like to briefly tell you where we in terms of how we're organizing things in the governance of Internet of things. There are a number of issues that are of particular concern to us. They include insuring that consumers and users of Internet of things in the future can trust the system and make sure that it works to their advantage and that covers a number of issues like security, privacy, et cetera. So we're working on those. There are also many issues and, of course, many of you are technical people know about. We have to make sure that the model that is developed for governance guarantees unique identifiers, insures the security and stability of networks, supports competition to avoid data monopolies and that the proper use of data is insured. These are some of the aspects that we're looking at in Europe and because Europe is not alone, because the Internet of things is not specific to Europe as you all know very well, there are many elements that have to be looked at in this class and international perspective and has international implication, of course. And things like standards, interoperability all relate to the international domain. So those are all things we're look at not just within Europe, but also beyond boarders of Europe. So, with respect to what we've done in Europe on developing issues where the governor a we'll be launching a public consultation ‑‑ for the public to identify issues of concern to them probably towards the end of this year. I don't have an impact date, but some time in 2011. That's what we're expecting. And we have established an Internet of things expert group. And that expert group has a number of sub‑committees which look at things like privacy and trust, internet of things, architecture, ethics, et cetera, et cetera. So there are about six work groups. And they're all the working to the identify issues that have to be addressed and possible solutions to them and as we said, they're meeting again tomorrow in Brussels. So I could go on and on, but I think that's probably enough for the time being. I think it is more interesting to hear what you have to say about these issues and where your concerns and ideas are. Thanks.
>> Thank you. That's very helpful that we have an answer and what general framework is from the European perspective. I remember conference in Niece. This project was introduced and representative from the NTIA asked the question of whether what Internet thinks is in particular. I think we are still two years later, we still have to discuss the definition that we mean with the Internet of things. So I'm very, um, what Fiona has to say about the approach of the issues department of commerce. Fiona, thank you.
>> FIONA ALEXANDER: Thank you Wolfgang. I think that's still the question we ask at the department of commerce. The work we have done in the past is very specific on a different part of the building and working on those kinds of issues, but for us, what is the internet of things and it accomplishes a lot of different components and different networks and I think from our perspective, you've launched a very aggressive and complete work program, which I think it is to be admired and you guys are taking a look at T. we haven't seen the same demand as a collective and we also sort of question what is the role of government in that regard. So we haven't really been doing because we have struggled with what is the definition of Internet of things and what are we talking about. A few years ago, we were that the conference and there's one other conference I attend. And one of the panelists had said there is some conversations what is it we're talking about and what does everyone want to do? One of the panelists said we're missing the wow factor. What was my first experience on the Internet, right? And so you can't really ‑‑ people aren't able to relate that to things idea and I thank might be one of the things that ‑‑ it is interesting what folks have to say. But from our perspective, we haven't actively engaged in construct or discussion and Internet ever things. Government structure, we can see different people talk about it and there's different components and we're talking about different types of networks, they can be closed user groups. They can rely on different infrastructures. I think it will be sort of interesting to see where the conversation goes from there. Maybe I'll just leave it at that.
>> WOLF LUDWIG: Okay. I think we're all to a good start. So we have one more questions on the table and it starts with the definition. And, um, part of this research group for under the Euro F and also within two years a lost discussion about the definition. What is the subject and publicly we can summarize it a little bit what we have done and over to the [INAUDIBLE].
>> Yes. I was fortunate to be the American in the European works and the work place where things come together. We did start with exactly that question of how do we define it and found many of the people in the group really did have different views of it. But once we stepped back a little bit, we looked at word Internet related more to the little I Internet. In other words, it was a network of networks and it was a network of net works more at the application layer or in the sense of the reasons between objects, the services of objects and the users of those. But once you accept that this was indeed an internet but it was an internet of things and it is something that's had many names before and it will probably have many names again. In some sense, I think of the internet of things as the fashionable name for this overlay network of dealing with objects, dealing with the relationships between those objects, dealing with the relationships of those objects to the users of the objects and following those objects through a complete life cycle. Now, as it does that, basically you find that this overlay network is sometimes actually over the Internet. It sometimes is subject to the Internet and using the Internets name, subject to the architecture and at all of the principals and issues that brings up. At other times, it maybe over a sensor network where the protocols structure and the rules and principals of the Internet are overwhelming and couldn't possibly apply. And other times, it maybe over other private networks that perhaps use an IP protocol, but are not subject to the same naming and constraint as a unique global Internet. It can do that. It can deal with that. One of the disadvantage of it is that there's no coordination of these things. So as an object or the representation of something moves from being in one network to being in another, but still in that, how is all that information? How are the policies? How are the protocols basically connected. And you find yourself in a position where you start to need a notion of an architecture both of how the technical pieces play together, how you gate way as it were from one set of technology principals and protocols to another set of technology and principals, but also you need to have a governance architecture that sort of helps you move from the policies that are inherent in one network type to the policies that are inherent and if you're going to build a coherent, um, internet of things that deals with issues like not only we're talking about things remember, but we've talking about the relationship of those things to the users and at various times, a user b someone that is surround by many things that enables that user to be trapped through time and space and, of course, that is bringing in all the privacy and other related human rights issues that kind of presence brings. You really need a more coordinate view of it. So basically what came out of this initial project was a way of looking at the Internet of things without everybody having to say but that's not the Internet which is the substructure true. It is an overlay of its own kind and therefore, it is something that once we start to understand it, we need to figure out both the technicals and policy governance architecture of that. So that's where I would leave it. Thank you.
>> WOLF LUDWIG: This was a very good clear orientation also for the future discussion and Patricia, you, um, lead us one step further down into this unknown territory.
>> Just briefly, I normally relate very well to the points that you bring up at these meetings. But I kind of have the anti‑view of what you just said. Each of the positions you took I would say no. It is exact light opposite. So there is this dimension of these that we can spend a lot of time talking about and I hope you will later.
>> WOLF LUDWIG: S have, Patricia.
>> PATRICIA LYONS: I am Patrice Lyons and part of the exercise early on, I really wanted to start with what is means to be the Internet, but you [INAUDIBLE] issue up. Big lie, little lie, all captions. We had a trademark for 10 years. It is generic. Doesn't matter, big I, little I, all caps. The folks that brought you the Internet got together and had a definition Bob Vent and a whole group of them. These are the days and Internet definition, FNC, Internet definition. They thought it was a global information system. Wasn't any particular net. This is becoming far more obvious today as you get into aps and the actual more dynamic things that go beyond the web in that context. Naming and addressing, that's not obviously there were first guesses made about naming and addressing. Bob chose the DNS, but things have moved well beyond that. So right now, you have numerous different kinds of information systems that live very nicely on the Internet. You have an IP network, that's another part of the Internet. So I don't want to go down too far because that wasn't what we were going to be discussing this month. I am pleased to take that offline because we have written and worked upon that for, gosh, well on 30 years. And so, I share Bob's concern. I would have to discuss with you each element of your perceptions there. And that's healthy in a group like this because I think that's one of the strengths s of the IGF to allow for these kind of exchanges and perhaps reach some understandings, but I wanted to start with the internet as a global information system. Okay? And as a global information system essentially the representation is in digital form. The devices and everything in that environment, they don't speak Swahili. You're down to the bits, the management and the bits. Let me focus now on what it means to be a thing in this context. Since I've been in Kenya, I've been talking to a lot of folks about the mobile internet because this has gone very, very popular here. I have a phone that's not as smart as some of the folks have, but this is a thing. In this thing, there's a SIM chip. As I understand and I haven't done a real in depth research on it, the SIM chip has an identifier. That's information. The plastic and silicon are the thing. Okay? So the identifiers embed or associated with that object, but in that sense, it's information as information is any kind of Internet implementation. And I would suggest that, ah, here they're using that in conjunction with registries where they register their identification and then they use that as a type of personal identifier for paying their electric bill and sending money to their relatives in rural areas. And so, I would suggest that's all part of the internet. The procedures and we've been focus on the interoperability of what is hetero genius information VRSs in that context. Whether or not they're made available in a thing, you're still talking about information. Information represented in digital form. You mentioned sensor nets. That was one of my examples and I was going to say a sensor net a bye bobbing up and down. It has an over and the sensor has identification information and Bob, perhaps you might want to say more from a technical perspective on that. Well, actually, I was going to move along. I had a lot more examples. I know last year at our Dynamic Coalition, I mentioned my favorite one about bills of laden and global commerce where you had the RFID on the container that's strapped on the ship at sea. The RFID, it is information associated with crate. It's not the thing. It's the information. And one of the beauties of that is if you can have interoperability, you can associate that identification or other information that maybe collected with identification in the banking and insurance that's all relevant to that particular cargo. So we consensualize what it is to be a bill of laden and say here we have the value. Now we're in the new world of the internet. What I am trying to do is look at a new capability that can be enhanced and things are all over the place in that context whether you have a piece of paper, which is a thing or you have a smart phone, which is a thing, but Bob, I think I said my peace here. Why don't you go ahead.
>> WOLF LUDWIG: Okay, Bob. You want to continue?
>> BOB: I guess there's a question for you. What I was going to talk about is the whole issue of inner operability and some of that trust. The question is: Is this the right time for that level discussion? Or do you want to identify on the issues of what things are? I can talk a little bit to that and get it later.
>> WOLF LUDWIG: Probably, mass mill yawn oh, you want to speak now or first continue with Bob? Bob, go ahead.
>> BOB: Okay. Then let me break this presentation into two parts. One, let me give you my take on what we're talking about. Two aspects assuming you're talking about a thing. One, how do you know what it is you're talking to, how do you trust is what you think it is and how do you get inner operability between other things that are managing things more globally? We will have a metadata standard and even if we did now, we will change it over time. So we're going to need a factor in all of that. To me, when I think of something that's a thing, I think that word is normally used to mean something that is like this bottle or, um, this piece of microphone system that's in here. So I break down to what the thing is from what the information that there might be about the thing. These things and principals don't do anything. They're inanimate objects. It is what's inside that is relevant the information about the things is critical to understand what you're dealing, but then the things that are the most interesting things actually can produce information and may accept information in both directions. So, really to distinguish from all three of those. If we say Wolfgang, you're a thing. I can ask. You're not plugged into the Internet in terms of your ENA. So ‑‑
>> Not yet.
>> BOB: And probably never will be, but to the extent that you're a thing. We can ask or what's the information about this thing called Wolfgang. So he's about so high and he comes from Denmark or some place. And he went to school here. Here's where you live. The attorney general information is all metadata about this thing called Wolfgang. But now Wolfgang has this interesting capability of producing information. You can write papers. You can say things. You can have ideas. And those are related to the thing, but it's not the thing. So that's one example. Now, if I take the sensor in the ocean, same thing. Who manufactured it, what's it measuring, ah if it produces any output, how its structured, how is it formatted? What's lifetime? All these things are information about the sensor and then there's is what the sensor itself produces. Patrice mention it could be wave motions in the ocean. It could be temperatures or any variety of things that sensor was designed to detect. That's tip really what you want to know. In practice, this is exactly what today's Internet does except that we're talking here about more about managing information than we are about moving bits. So, in the original Internet context, our focus was almost entirely about how do we get whatever we have here to some other place without having to go through all the machinery and figuring out where's the other place and how do I rout it and what protocols are they using and the like. I think we pretty much slam dunked that for the short term. But ultimately, it was up to people to navigate this. Things on key boards. If you go back to the original, go back and illustrate it a bit. You can argue that was a network of things. Because the only things that were connected to this were these machines. The machine didn't do anything. You sat there and took bits in and took bits out. It's what went on inside the machines that was really important. That was almost always navigated by people or another machine interacting with it on the application area. So we've been dealing with things for a long time. I think the current view of things is really no different. So, as we strive to find different formulas for governance and different ways for achieving trust, I don't think it's any different than the normal problems we have in today's internet. So, if I'm dealing with a medical information facility, I want to know I'm dealing with the right place. I want to think that the information I'm getting from them is the authentic information. They probably want to know that I am who I am in order to release it to me. And that gets into a far more intricate set of issues about identity and trust in the identity as well. So, if you imagine a world where everything and by things I'm now going to represent it more broadly to say a program on a computer could be viewed as a thing. It's not very ‑‑ this is more [INAUDIBLE] than a bottle of water. It's a high level representation. This identity is only as trust worthy as the party that stands up for it. Now, historically, we have dealt with X509 Saturdays and the certificate authorities. I think as we move down in the future, we'll find lots more parties that are creating identifiers for things. And, um, been a whole series of discussions around the formulation of what they call trust authorities, trust frameworks and those trust frame works are intended to be trusted parties that will deal with identity. The problem ‑‑ for example, went U.S. government, there are various parties that will authenticate individuals and they have certain identifiers that will validate them. And then they go through serious background checks. They could be family checks. They could be finger printing. They could be retina scans. They could be DNA analysis. They could be very much there and there are other trusted authorities that don't do very much at all. I show up and say I'm Mickey mouse. They give me an identifier and ultimately you need a way for them to validate trust authority or at least understand what they do. That's one of the issues I've been deeply involved with is if the trust authority were to assert something about an identifier, how do you go about validating your trust authority that you have never seen, heard of or dealt with before? You want to know a certain number about those entity. You can view that as well. But you would like ton as a minimal, what do they do to validate this? Do they do extensive testing? Were they authoritative and probably you'll have a whole social Eco structure and system of places that are willing to assert who does a good job of amount generation. So, you might go to your favorite one and see if they list this trust authority on there and if they do, maybe just accept it or maybe you accept if for the first, but then you still want to see what they've done because this might be the golden medallion signature that you really want to be sure or not. So, trust and inner operability are really the two things I want to focus on. Let's ‑‑
>> [INAUDIBLE]
>> BOB: Um, so let me pick on the notion of our ID tags and crates. I think that's one of the topics that was brought up here. There are a couple of ways that you can approach that problem. One is to say that the RF ID tag is just simply a mechanism for identity that you stick on something. So you can put it on this crate and now somebody somewhere else can maintain manifest about what's in the crate. Or you can put an Oracle ID tag sort of immutable object that's in the crane. If that crate were let's say a package for a book, to me the ideal identifier that's in that RFIT tag is the identifier for the state structure that's in the book inside that crate. That to me would bed right thing to do. On the other hand, you can say we don't know about what's inside the crate because I pulled a random RFID chip. Now somebody else has to go to the process and figuring out how to map that over into information about what's inside that crate. And that principal can change over time. So, those are things I think that can get sorted out in the different industries as to what they need and what they want. I think if you took, you know, the book industry, you'll find they have extensive metadata registries about their information. So the last thing they want to do is go through two or three levels to get the information about the book when they already have those metadata registries. We will go through those iterations for a few generation until they finally decide on what's the most fortunate thing to do. Ideally, you know, the closer you can get to the end thing right off the bat and still be flexible enough in the operation of the overall system, that would be the best choice, but you have different parties looking at different parts of the puzzle and they may decide to deal with the identification one way because that's way things are done and then ten years later, there's a different way and so they try to switch in that. Then you have different system coexisting with each other for a very long time. The thing I want to say about inner operability, if you have a whole system where things and information about the things and like described in one metadata regime and then somebody else later on comes with another description or another metadata regime, one pocket is that people keep going back and keep recasting their own metadata and formatting. But that's a big burden especially on all the older stuff and some stuff that won't make any sense to do it, but it will still be every now and then useful to know about. So I think getting some idea of how to get inner operability between the metadata schemes is really the most fundamental task that we need to work on and I don't think tackling the problem of mapping this structure into that one is a solvable problem because there are too many combination. That would be everything else. Rather, I think, what we need is a higher level means of describing metadata that can be understood and dependent of the particular choice of the metadata schema and then having a semantic way of correlating different linguistic descriptions. This is a problem that's been dealt with for a long time in the medical community and the U.S., the national library medicine and the border regions I sat for many years. We spent a lot of time with something called mesh headings. The linguistic description of medical continues that might get mapped in lot of the different base and different systems. Heart attack was never one of the entries, but myocardio infarction or whatever the terms were, they can get mapped and understood. I think if we get the right structure in place, we can then turn that problem into one of semantics in the different disciplines to really understand it. We want to create this metadata and the hands of people who either provide the equipment or provide services or developing the, um, the amlets. You for your papers. The pineapple juice company, their pineapple juice and so forth. So let me just stop there. We can get a lot more detail on how one might do that, but those are the basic [INAUDIBLE]. I don't see any need for any different governor structure. I don't think it is any different than the Internet. On the other hand, it's a different domain to think about. So people are normally inclined to go and think this is really different. But it really isn't.
>> WOLF LUDWIG: I think it was very helpful. It is to understand that there's no need to reinvent wheel. We have already general policies or structure, governance structures in place and there's a new application and new layers can be managed on the basis of the existing mechanism or what has to be rad just. A workshop like this one can probably help to identify whether there's a problem or not. So, it's good to ask the question, but the question does not mean that we answer the question with yes and it can also be no. We do not yet know.
>> In one particular thing.
>> BOB: In one particular thing that aviary had said, I would take on straight away. She was describing things as an overlay. Okay. To me, it's just another use of the current Internets. I don't see where the notion of what comes into play. Um, and frankly the notion of overlay is a loaded term because in the history of the Internet, you know, there's always been this notion of layered protocols and I had a very good rationale for its creation when we did. But the notion of layering has usually been applied to groups or trying to build on something else that somebody else did. So, when you take a structure like the Internet itself and you pick a dimension of it where, ah, people are trying to improve its functionality or capability, it may not be layered O. there are many things layered with what is provide with functionality and capability. I think this is a case where much of what we're talking about is the normal use on the Internet where things are integrated and now there may be things layered on, but I think we need to be careful about what we're talk specifically so we know whether layered on make sense integrated with make sense. But I don't see this as an overlay. I see it as internet pure and simple. What we got what we will have.
>> WOLF LUDWIG: I think the debate was triggered by the fact that the ONS was on top of the DNS. I think both discussions in the European Commission is my understanding that you mentioned that data monopolies which are emerges and management questions are to own just, you know, and relationship between ONS and DNS. We have questions that don't have full clarity. It is different, or it's the same or just nothing need. We have whatever. There are a number of questions, but I think probably Massimiliano. We listen to him and the business and commercial perspective and probably Scott at something how he seized it. I think it's about numbers. Our location numbers. Do we have a special need, you know, to have a location policy, you know, if we link trips to objects and IP version 6, et cetera, or is it just what we are doing in the day‑to‑day operation of the IP address. But first, Massimiliano and then Scott.
>> MASSIMILIANO MINISCI: Good morning, everybody. Luckily, I am not doing DNS. I am not an engineer. So I work for GS1, a quick point about the organization and say it's a platform that's been set up by companies in regional consumer goods in the '70s to standardize the way to identify goods in the supply that it chained so that the management of the supply chain can be made more effective. And this is developed in a set of standards. It was adopted by companies that belong to the GS1 consortium world wide. It is consortium, but around 5 million companies over 150 countries. It only looks at ways to manage the information that I related to opt identifier for a specific set projects which are in the fast moving consumer goods and any other industries that are now starting to use identifier that are based on the experience developed by GS1. That was embedded in the bar codes in the '70s and '80s. The companies we work with are just one set of companies that might want to identify things that are a lot of veiled things out there that will be identified probably in different ways. The natural evolution of the identification worked at just [INAUDIBLE] was the RFID standards. A consortium promoted by the MIT and several other universities. Standardized DBC global system of identification that was embedded in, um, a particular use of RF ID, which is not the only one of the market. It is used by a number of companies world wide, but it's not ‑‑ it does not aim to be a D reference model. It is one model that is emerged out of companies interest and, um, usage, but it is by no means a standard that's pretense to be a reference standard for the entire application. So the point where the companies we work with come to this discussion is to understand how this different systems of identifying things will be interrelated in the future. As aviary and the others point out, I am sure people are not yet clear about what we want to put into this basket. It's something that we'll develop ‑‑ we've developed in the next 5, 10, 15 years by adding a lost different pieces to this picture. I think the concern the industry has at this stage is that the nature of the problem is quite tricky because it involves two basic dimension. One is, ah, the interface between developing technologies and, use that will use those technologies to identify things to exchange information to build services on those information. And the challenge that finding ways to, um, form rules around those business needs will need to be global by definition. And not just because the internet is part of the word Internet of things because those application might be global by nature. And others might be local. They might to interrupt one another in a closed environment, but there will be many different approaches to the various usage of information that are linked and generated by things or sensors or whatever its referred to as thing. The challenge the industry sees in the exercise that was started by the commission and that week is a very useful one in the process that the mission is set up is to find a way to sort of put together these two elements and evolving technology and evolving business uses of those technologies with an international setting of different doctors that are involved in this discussion at the government level, at consumer level, at the industry level. So I think that the exercise that was started by the commission is interesting because it tries to put together different points of view to identify what are the issues that may manage to be discussed at the government level and what other issue may more adequately be at rest by the technical community or by the business community. At this stage, the interesting question to see going forward what you get commission work will do is, I think to come up with at least, um, the right question that we'll need to be worked on. So I think it's really early days to understand what's the role of public policy. There are obviously some over arching team that are also present in other debates, the Cloud computing one that we've heard yesterday addressed? Different workshops pointing it very similar question around privacy, security, interoperability, standards. So I think there are commonalities in the over arching concern for the public policy point of view to make sure those technologies evolve in a way that benefit people that use them. So I think it's important that government get involve early on in the discussion, but it's really very difficult to understand at this stage what will bed issue in which we will need government intervention or government sort of work to develop a framework of rules around the evolving realities of the interest of things. Thank you.
>> WOLF LUDWIG: Thank you, mass mill yawn own. I think one of the things is privacy issues. In particular, if we look into the point when the opt meets the sent or what I think we said that you are surround by 20, 30 objects which can then, you know, be linked to and you then tracing and tracking and as I mentioned, the question is if this is specific of things or is it a general privacy question? When you started saying, okay. Already in the early days behind the computer, tracking was possible for the individual. It means what is new elements in the so‑called objects are linked or linked to the person. The concepts to chip is one of the answers. Benard was ‑‑ the question is the individual should have control over the data. It is how this can be realized and what policies are needed. In my eyes, this is not a specific issue. It's a general privacy issue for, ah, our work and this is also link 72 IP addresses. The debate also this IP addresses are version 6 enables now and you give each person 6 billion people of the world a permanent IP address and while your IP address from the ‑‑ from your person who at the end of your life it can be recorded. Doesn't have to do with the Internet of things. Bridge a little bit more light into it.
>> It would be a dooms day scenario indeed. But let's pop up a level and go back and talk about what an IP address is. Either a version 4 or a version 6 address. It is a locator and identifier. It's a contact specific locator and identifier. It locates what within a particular network or subnet. That particular network can be the Internet or it could be some private network in some ladies back yard. But it's a combination of locator and identifier. The idea of assign addresses like [INAUDIBLE] addresses because that's where we got the numbers of them to objects independent of where they're located doesn't make any sense. Because the address contains a locator function. You can do this in the telephone world. You could assign people telephone numbers from birth [INAUDIBLE] on their forehead or whatever you want to do because in the telephone world when you initiate a call, it does a look up to match to do a matching between that number and the location of where you really are. So, if I'm going to call you to use a telephone number, the first thing that happens is the system does a look up to find out where you are and what the underlying network locator is for you with your new telephone number that. Doesn't work in Internet protocol because you have to do that look up in every packet and doing seconds of look up on every package doesn't technically work. So the idea of assigning or using IPv6 addresses is something other than a network address determiner or routing tag doesn't make it any technical sense. It's been proposed a number of signs. Sony proposed to burn a V6 address and consumer products a while back, but it simply wouldn't work. The routs tables would explode and you have to interaction of look up and we don't have the time to do the look up on a protocol. So, we can put that aside as a non‑starter technically. We can't do that, but go back to what the general theme here is about identifiers. Megan talked about unique identifiers and I think that's the wrong concept. Their unique. You have we talk about RFIDs. There are a number of different flavors or RFIDs. It's a different standard that are on the tanks and the ones on the crates and going across the Atlantic. There are different number sequences. They're unique within the context of that meaning. Who Bob of the talking about is if this is just the Internet and the ways to use it, yes. You don't use the underlying network identifier, which actually is not the IP address. It's Mac addresses or something like that to identify things at a higher level. That's one of the abstractions that's really moved in the internet protocol on the Internet in general is you have the layers of identifiers. The bottom layer identify just tells it how on the wireless network in the room the packet is going to get to my machine versus Avri's machine. On top of that is the IP address that's mapped locally between the IP address and the Mac address. So the packet that's delivered is delivered using the Mac address. It's not delivered during the IP address at the local land level. Above that is the DNS. DNS is a way to map the human friendly name into a temporary IP address. I say temporary because you can change it with the name staying the same. We have the layers and ways to map identifiers. I don't see any particular difference with the Internet of things. We have different identifiers with RFIDs and zig bee identifiers and all kinds of different local contactual identifiers. There is no reason you would need universal. That doesn't mean there isn't a privacy issue. V6, one of the modes of V6 is to map the Mac address into the V6 address. That is one of the mechanisms. You don't have to use the Mac address there. But as long as you are communicating and the packets and the data is coming from you going to some place else, at least for a period of time, the time I'm sitting in this room with this laptop doing anything is going to have the same IP address on it. When you move to a room down eye stairs, we have a different IP address. But for a particular period of time, that's identifying. It's identifying all of the things die for a particular period of time and there's a real privacy issue. It is not one that will be easily involved and I don't think it's one that will be remotely specific to things. What Bob said, it is problems we already have. So that's ‑‑ it's not ‑‑ I agree with Bob it's not treating things consensually is probably the wrong consensual mechanism. But in reality, that's what it is. But the whole Internet is overlaying networks. The whole Internet is way too make use of a transport system for 19 different functions and each of those funks can be seen as an overlay network.
>> WOLF LUDWIG: Thank you very much and I hope new to look for discussions. All the questions we very copied and processed. Something told me the audio doesn't work. He has five or six slides and I don't know whether we should start now with the slides or whether we should just use [INAUDIBLE] in the room and continue with the debate and we certainly can also put the slides then on lines that you can go at the end of the guy and end of the discussion. We just go through the slides and he's not accessible now via audio.
>> This is Brian houseman. Dan has e‑mailed me and said he cannot hear. He asked if I can just speak generally to them.
>> WOLF LUDWIG: Yeah, yeah. That would be wonderful. We will respond to issues. Let's present from that and then, you know, we have half an hour for interactive dialogue. I think that's good. By the way he's a member of this European EI task force and he's in process for this meeting, but he's basically watching.
>> My name is Brian from the Intel corporation. Going to the second slide. So, Dan, I think is talking about some of the issues we have been talking about which is a privacy that's going to be a key element of the Internet of things and in continuum device ‑‑ let need give my personal example. We're referring to the Internet as the computing continuum where all of your devices will be connected to each other. They will be able to speak to each other. There are great benefits and your cell phone will know you're in the car and will read your text messages as opposed to be on the phone. You will be able to turn your oven on or off.
It will be great benefits to consumers, but there are obviously privacy issues and consumers must trust in the free flow information between the devices. It will be private and secure. So, what Dan is talking about how we need to protect privacy and enable innovation. Next slide.
So, he's talking about how the Internet of things is changing from computing from a centralized model to one that's distributed. He talked about some things he already talked about what this reflects. Next slide. So Dan's main question is, um, what should the framework be for this new internet of things concept and it's asking whether the current policy model is the new world pervasive computing where everything is connected to each other and to the Internet and Dan believes that the fair information practices but some of the long‑standing principals need to be considered. On the next slide, he talks about challenges ‑‑ I think this is really the key slide here. If we take as the premise that the information practices are so important and guiding, how are those applied to this pervasive computing world? Do we want to treat all data equally? How do you provide notice and consent when you're talking about, um, a computer that's in your refrigerator or your oven or some other device? What's transparency mean about that? How do you incorporate privacy by design into all of these new computing devices. And how can consumers have access to this information if there's really not a direct interaction of the computer and the computing device. I think this slide is whether we started to discuss and I think these are the key challenges of this new world if you go to the next slide, you ‑‑ some of the challenges are opportunities. If we take these concept of privacy by design and privacy impact assessments as key to the new world of computing, they can be mean to assess and mitigate the risks that we have. I think privacy by design is really just speaking personally as very key to that to making sure that as we have all these new technologies and connected devices that we do incorporate privacy protections from the get go. And then Dan also believes that we need to focus on protecting us the most sensitive information for that. So the next slide, his last one is take aways. Dan encourages all stakeholders to become involved in the upcoming commission. Consultation process that was mentioned. He thinks that we should not focus on such concepts as the right to be forgotten and what he calls to [INAUDIBLE] but instead on some of the fundamental issues that we're been talking about and I think he also thinks we need to spend time on what is sensitive and providing enforcement mechanisms for that information. So those are his slides. I hope that was helpful.
>> WOLF LUDWIG: Thank you very much. We have been criticized saying we don't have to consume a voice here among the speakers. Though that's certainly a missing point, but there the be opportunities and when we meet this afternoon for this coalition meeting, probably you know, we can try to look for partners which represent more the consumer side. But AVRI and Fiona, if you want to respond to some of the statements here, that means we have ‑‑ AVRI, somebody else? Okay. Yeah. Yeah. Okay.
>> AVRI DORIA: Thank you. Actually I appreciated the comments. I actually think at least in the way I'm identifying things there's less disagreement than you see. Or than you say. One of the realities that I'm accepting is that all of these objects from the side of beef to the piece of leather in a saddle bag or the steak that we do or don't eat. It will always be possible as you have an identifier at application level translated down to an IP network. I think first of all that global that says this is an overlay of just the Internet as we know it and I apologize for misusing the word that you marked and defining it in many ways. I have no other way to talk about it other than we're use the internet in many meetings and unfortunately as a researcher and somebody that came out of philosophy school. I have to take. So I apologize for misusing a branded word. But, ah, so I think that that notion of yes all layering is an overlay is indeed, true. In this case, I think that we are overlaying more than just the Internet as we know it, the Internet as defined today in its addressing in naming and various principals. I think that the view that you present and I think feeling some what Utopian, but it's great gold that we come up with an over arching abstraction so that all names could at their metalevel be in a similar system so that we could move from once and I think we already have much of the ability to do that in the URL system that allows to you define a name in a context with an authority and the meaning of the name is defined by the context that is also included in the name. So I think a lot of those tools exist. So I actually think that the wording is different I think I'm seeing a perhaps more diverse reality of many different people coming into this. Many different people, ah, starting to name things, starting to move things and us needing to find a way to perhaps reach that Utopian goal of a global metadata, a global metaway of expressing things, but it's going to take us a while to get there and that's where an architecture of technology and governance comes in as ‑‑ the way to do it is it a better naming system. How do we arrive at that? Is there one existence that works for us sore there something that goes beyond that? There are many different groups that are all striving to do this at the moment and each one of them is going to need to be connected to the other and we've going to find ‑‑ need to find the way to move from the cow in the field to the multiple steaks so the cow in the field get sick and the stakeholders get notified. That was accidental. I apologize.
>> We don't need to move from the cow in the field to the desk in front of us.
>> We used to have something called the Bessy tracker. So all that information had been managed. They wanted to use our digital object architecture. It didn't happen.
>> I wanted to point out that we're all consumers. I don't think we need to bring in a consumer perspective. This is something that is personal information whether fridge is ordering food or what's on our phones. This is something we all need to be concerned about. Thanks.
>> Thanks. I wanted to maybe expand a little bit. I started off by saying in response to all the activity the commission has on specific Internet of things that we as government wasn't doing anything specific to that. We are doing and actively engaging and looking at, you know, copy right of free fall information and privacy cyber security and we had active consultations. We are trying to save the stakeholder domestically, but you should have an administration paper on. I think what we're seeing though ‑‑ I would sort of say this is Cloud computing as well. A lot of the policy issues cut across the subsections and that's how we're looking at it. I don't think you see consideration and nothing specifically. We're looking at it you just have Cloud computing and all these different issues. Privacy will cut across all of them. So you need a regime you can deal with all of them as collective. We're working on privacy as sort of fundamental baseline legislation of a consumer bill of rights and a [INAUDIBLE]. Potentially as these things evolve, we need to have can something on one of these topics. I didn't want to leave you that we're not doing going. It is not physically directed based on technologies whether it's on things, whatever that may mean. That's still even listening to very smart people in the room, I don't think anyone agrees what it is or like on [INAUDIBLE] computing and things like that.
>> I would like it address the point you made about the way we allocate the addresses and whether they'll be a change to that. Well, the way we allocate the IP addresses, um, is defined by the policies by community. Whenever there is a need to adapt these policies, the community does it no matter before. The procedures to adapt the policies according to the needs of the community are there.
>> You.
>> Let me start from the upper layer as you told say according to the technicians. I think there are a couple of things. First of all, let me underline that in the European Commission and in the European union because ‑‑ but the work we're doing now is not excluding, ah, aspects like Cloud or any other aspect related to the internet. Wean very well that the Internet of things is just one aspect of Internet as a whole. So we're not thinking in any way of establishing a governance framework that would be Rex exclusive to the things. The reason we're looking at e net of things is we think there is some very particular issues that arise in this context that leads to privacy and data protection, et cetera. Interoperability that needs a particular look. We're also looking at Cloud computing and their whole series of issues are intercepted. There is no question about that. I hope to put you a limit bit at ease. And we've not developing various regulatory or legislative provisions that would block any further development or set certain standards that no know else could meet. At beginning, it's work that's taken a global context in the context of the internet, et cetera, et cetera. At other side, I think it fleds further reflection and studies. It's true. We are all consumers, but perhaps we have a particular view that other consumers don't have. That's why I think in the public consultation, it will be very important to hear what consumer associations and consumer groups and sales society have to say. And this means, of course too, that the consultation, the questions that we ask have to be posed in a very clear manner so that we clearly identify what we're talking about. And then with respect to identifiers, I did speak about unique identifiers, but I don't mean that we should necessarily establish either a new system or an I don't know. Any of the technical aspects. I leave that all to you. But what is important is that when these identifiers are used and they relate to each other and they manage things that they work in the interoperable way and they work around the world and don't cause trouble on the Internet and as you have pointed out very well and it's our concern too that we respect privacy concerns, et cetera. So, there are lots of other issues, but I think I'll leave them to you.
>> WOLF LUDWIG: We still have quarter of the hour. It's you and [INAUDIBLE].
>> Thank you. I would like to know if the Internet of things is an overlay of the Internet? I would speak just about what I know. My colleague Massimiliano was speaking about. You have to be aware that to track and trace products to give them identifiers is something that we are doing for 30 years. As the Internet in itself, so from our perspective, we you could also think that internet is an overlay for our system. We are doing that for 30 years and we have seen the Internet as a good tour. We'll integrate those into our systems. So perhaps the reality of this is there is a network infrastructure. There is a physical world. Both have been existing for third years with their own problems, their own usage and their own governance. And now we are trying to merge them. What would be the outcome? We still don't know. I think we should be very ‑‑ we should advance very carefully, but not saying that one is going to put governance of [INAUDIBLE] is something that we have to think a plan and I don't have to forget that on the physical part of the Internet of syncs they'll use a [INAUDIBLE] and this involves physical products and we are also taking into accounts what we want to do with this physical products. There are prices between partners about a change physical [INAUDIBLE]. You cannot forget the business practices. Thank you very much.
>> WOLF LUDWIG: Very, very helpful. I think it's ray really perspective way sometimes to ignore. You know, good thing the Internet things together. Everything is everything and sometimes we have a narrow perspective looking at the world from the Internet perspective, but there is also a world outside. The Internet comes together. I think there was you and then Bob.
>> Know I want to jump make a comment on the privacy issue with the Internet of things. I think the key thing here is, um, associating things like your refrigerator and the food in it with the individual is just the same as associating other attributes with an individual like the height, the weight, et cetera, and where they're located. I think the key thing if you're considering privacy issues in this case is the sensitivity of that data because that data becomes very sensitive if what you're associating is the meds you're take perhaps or diagnostics as they're associated with you. So I think the key thing on privacy as with all other attributes associated with an individual is to focus on the things that really are sensitive and make sure you are protecting them well and I don't see that it's any different from the protection about the sensitive data.
>> WOLF LUDWIG: Okay. For the areas, we have to ‑‑ we have an option for the policy on this for beg sensitive and non‑sensitive data that you have different approaches. So far you can really ask the question: What is the specific privacy that you mentioned on the Internet of things. It's a general privacy issue, you know, which is growing and growing and more applications and you have the same issues also in facebook or [INAUDIBLE] networks and search engines and the Internet of things. So, is there a difference? My understanding would be no, Philip. It's the same challenge whether we in facebook or we are surrounded by objects or whether we have to do our search by Google and leave a lot of private things in the data stores of research engine. I think the word ‑‑ yeah.
>> Just a brief comment on what was just said the moment before and then I get to the comment I wanted to make. One comment about your remarks is I don't think you have to worry about what you're doing is on the internet and vice versa.
It will all be integrated together and that is to say you won't have some more issues to worry about that you had before. But I think to the extent that people are working in different areas and they will continue to be in charge and in control of those areas setting the standards and protocols and another way to interact with a larger community. I wouldn't worry too much about getting the definitions there exactly right. If I look at the internet, there are only a few important principals that stood the test of time. [INAUDIBLE] was involved in a number of others, but, you know, clearly open architecture is ones, the principals that have come through and another one that none of us really recognize the importance of, but I think it's clearly understood widely now is this multi‑stakeholder approach figuring out what to do. Particularly in terms of how the social structure work. And the third one they was pointing out sending how to deal with metalevel approaches to problems rather than specific technology approaches. If you ‑‑ you think about the Internet as a technology contribution, it's been around for 40 years. It may last another 40 or well beyond that. There are few technologies that last that long and if you had asked me why is it that the life is that long? I would say it's because ‑‑ it's not a contribution that's specific about the technology evolutions that take place. It was not about any particular network, ATM or otherwise. It was always level above. You can have whatever network you want. This is the way of making them more together. You can have whatever computing you want. This is a way you get whatever application. It was a medal level structural approach. I think it took time to evolve because it didn't come prescribed and all of the networks done by others. Let me talk about how this revolution is now taking place in the identifier world. Um, to get to the point that you had made before, when we did the very first network, which was the ARPA net, all of the addressing was done by wire. It was on wire 1. That machine office wire 2. There is no way that kind of description could ever be persistent. In fact, the [INAUDIBLE] went away in 1990 and the notion of wire 1 on the net is a consensual figment at this point. There's no reality there. Further more, you know, it was telling you that's where the machine and was if you wanted to do something, you have to manipulate that machine with your fingers on a key board. When we got into the mobile network environment, the wire then might have gone and did in most cases to another network. So it wasn't sufficient to say send this to a computer that's out because that was another net. This is the reason the IP addresses were introduced. The domain name system was a simple way of having people not have to [INAUDIBLE]. I used to keep them all in an index card in my pocket. It made no sense to go down that path. That's why we picked the DNS. They went one step further and we want to actually take about the information on a particular file on a particular machine, which is what the URL describes. What we've been bur suing now for more than 20 years and it is adopted in quarters is the idea every one of those is technology specific. But what we were looking at is a waif actually identifying the data structure itself and with the set of [INAUDIBLE]. That's yet Pudge inchers found this approach so interesting because when they put something on the digital shelf whether it's an electronic journal or can be a government putting out official of documents they want to preserve, neigh don't want to have somebody come back in 100 or 1,000 years and say let's see. What was don wire worn on the Internet a thousand years ago or what does the following IP address mean way back then? Or what was in this file on that particular computer. They want to basically get the information. So the idea of addressing the data structure itself seems to me is a metal level concept that is not only powerful, but I wait we need to go in the future. Various ways to do it. We have people come up with different approaches and inner operable is critical. I think it's important to really understand that moving to this metal level whenever we can and getting ourselves unhooked from the technology today is really what's essential to making this thing work. There's no area where I think this is going to be more important than at interfaces between the machines and devices themselves. If we invest in building a good medical electronics infrastructure in the United States, for example, you got to assume other countries of the world will do things slightly differently and even if we could get agreement globally on what the interconnection should be, you know how hard it's been to go from IPV4 to 6. It's going to be impossible to change that mechanism because you have to get everybody in the world to change it if you want to get inner connection. Having a metal level strategy and I'm not going to get into what that could be today, but we have some thoughts on that and other people probably do as well. But a metal level strategy will allow us to change and evolve the basic inner connection structure over time to meet needs in the future. So that's a very important third policy and it comes into plan in virtually every one of the discussions we have in the future on inner connectivity.
>> I want to back in to more about overlay networks. Bob mentioned that the around Annette started as address wires. That's a phone. I mentioned the phone numbers earlier, but I didn't go back far enough. Phone numbers used to be the way the phone system found you. They were locators only. They were a way that you have different part of the phone number where it says down to its this wire. This physical wire going to this physical location. The first branch away from that was three numbers. 800 numbers in the U.S. and that set of number elsewhere where the number no longer referred to a particular telephone. It referred to a conception of somebody, somebody's phone. And the way that was done is a look up. You dial the 800 number. It looked up and found a real phone number which was the real locator for the real physical telephone. Got fancier, 1‑800 dominoes got you that closest domino's pizza slob, but it was a way to do the Marching of a consensual name to a physical instance of that. Wherever number portability has been added in the phone system is expanded this from beyond free phone calls to everything. So now whenever you dial a phone in the U.S., it always does that look up base any one of those numbers could have been moved between carriers and therefore could have been moved between the underlying networks and therefore, no longer identify a physical wire or identifying the person. We've done talking a lot of identifiers. The phone number which otherwise the physical wire that goes to my desk at home is an identifier. When you dial my phone number, you're not dialing that number. You're dialing another identifier. It gets mapped just like the IP address gets mapped in the Mac address and the DNS gets mapped in to an IP address. It has to be global. There is no reason at all it has to be global. There has to be a way for me to get to it from other phones. It doesn't have to be a way for me to get to it from my refrigerator. So when we're talking about overlay, I consider overlay in a didn't contact, but it's still the same idea. I don't necessarily need to be able to on a global scale from any device talk to any other device because the devices are purpose. Those RFIDs on the Atlantic, I don't need to be able to get a URL to get me one. The people tracking the shipment need to be able to get there and I might not need if I'm a customer of that company, I will need an interface to say where's my shipment and then some magic happens at an interface which then finds out where the crate is anyway looking at the RFID and finding information that's useful to me. They're not going to have the same data for everybody. When I go look up something, I want something that I can understand. So there will be interfaces and those interfaces are connecting together chunks of virtual network which are overlay net works or whatever. I don't see a reason to have a global identifier space identifying everything that's in the Internet of things. You need to have it in the context of a particular application.
>> Okay. I just want to address. Mr. Ben Hamou was not here. Okay. All right. He's an attorney in Washington and so am I. But, ah the privacy issue. It depends upon what you want to have private and I'd like to take a allergy approach to this. You're really talking about in my humble opinion managing that itself. This is where you get the representation in digital form and you can actually have the metadata, what you can do with the data and you can encrypt it. Because you have a medical record, then that's what I want to keep privacy. So it's not an abstract notion and systems for managing that information is one that's been a major focus and getting down into the object level and just one other thing. Scott with the crate on the ocean. My suggestion was that you could authenticate the bill of laiding and associate that information about the location of the crate and even have video if there's a storm at a city. It can then be managed as an information resource that you could then communicate say with a bank to say oh, this bill of laden now has this issue approached to and it might be reflected on that.
>> The customer doesn't need to be able to address that video camera and looking at that crate in real time.
>> It is building an architecture that would allow for the interoperability and then the context would be obviously the thing that would be important.
>> What about unauthorize the access to this data which brings security issues and ‑‑ and it's can we trust? The user of the data is available and it's really stopped at border of the purpose and so there are some [INAUDIBLE] which at least can produce some missed sources and suspicion. So we have to at least if we want to have the consumers really accept all this new opportunities. We have to be on the safe side. We have to at least give answers to corrections which are very justified questions. We have to come to a close now and I would ask Massimiliano and Fiona and very, very short last comment.
>> MASSIMILIANO MINISCI: The point of the challenges that we will face going forward and the corporation had the international level from all the different players would be a fundamental ingredient that we would construct to this emerging issue.
>> Thank you. I want to ‑‑ in following the tradition of a great role moss of mine, I have three points I would like to make. One of the things I think I've been calling an overlay architecture is what I think as I listen is what other people are calling a metal level abstraction, plus the definition of interconnections, plus the system of look ups. And once you've got all that together, you've created yet another level extraction which I am determining the overlay. I think in terms of the privacy and it's one of the things that make its different, at least it is one that make its different silent level of complexity. I think you have much more data from many more resources, more combination, more movement, more location and that basically a sort of normal thing from complexity theory at a certain point. This make its something that has to be looked at in a different way. And my third point is looking at a history I don't normally get myself into history, but one of the successes I think of the Internet itself was its ability to overlaid telephone network and not be restricted to that telephone network, but overlay a cable that was run did or wireless or something. So I think we error much in that same sort of notion.
>> Thank you.
>> FIONA ALEXANDER: I think it's funny the evolution. Again, all the policy issues that are being raise are not specific to the net of things. And I think we're looking at it from a much more holistic perspective and the same way. We'll have to follow the commissions and I think being informed by it.
>> I think that there are two very important elements amongst many others. One is the multi‑stakeholder and third I would is a please respond to the public consultation that we will put out towards the end of the year because what we need is your ideas and your voice in order to develop something that suits us that doesn't constrain further development.
>> WOLF LUDWIG: Thank you very much and it brings me to the final announcement. We still don't have enough knowledge. We do not understand every element. So we have to continue to debate. And the idea was blast year in the IGF and we activate the collection on the internet that use the terminology even if we have some doubts. But if you have introduced, ten tell me and sometimes you cannot escape for me like digital device, which is also a bad terminology, but everybody understands what it is. So it is also this deep and I made collection of the Internet on these things and I invite to you join. The internet is the first afternoon session today. So that we can discuss a little bit what should be the next steps? Should we have a paper should be a workshop or [INAUDIBLE]. We will continue the debate and probably plan discussion on the forcing coming IGM in the year 2012. Here we need still more debate and mighty stays holder debate so that we get all the perspectives. It's not the time at the moment to make decisions or conclusions and policies or rules, but, ah, if we come after a discussion, you know, to result, that's a general question. There's no need to do anything. But then we're on the safe side. We understand why we do not need anything. If we need anything, then we have to do something, but this is still an open question. I thank you for your debate for your discussion and I hope you will join us with this dynamic collections. We hope to collect also and [INAUDIBLE] to inform you and we cannot haven't. Probably consultation process at European Europe is a put up opportunity not only for Europeans, but for the rest of the world. The room for the [INAUDIBLE] coalition is ‑‑ conference room 3. That's in the very bottom floor. Right after lunch. Thank you.
***