FEBRUARY 2018
IN THIS ISSUE
UPCOMING EVENTS
 

MARCH 
 
 
HKNOG 6.0
2 Mar, Hong Kong 
 
 
10-15 Mar, San Juan 
 
 
 
 
17-23 Mar, London 
 
 
19-20 Mar, Bangkok
 
 
19-23 Mar, Geneva 
 
 
20-23 Mar, Singapore 
 
 
25-29 Mar, Singapore 
 
 
APRIL
 
 
 
 
17-19 Apr, Selangor


23-27 Apr, Guam


MAY


22-23 May, Bangkok 
   
 
JUNE 


APEC TEL 57
3-8 Jun, Port Moresby   
 
4-8 Jun, Thimphu
 
 
3rd Meeting of the APT Preparatory Group for PP-18
18-21 Jun, Melbourne
 
 
24-29 Jun, Kuala Lumpur
 

26-28 Jun, Singapore
   
 
27-29 Jun, Shanghai
 
 
JULY
 
 
8-12 Jul, Bangkok


11-13 Jul, Tsu


14-20 Jul, Montreal  
 
 
15-17 Jul, Singapore 
   
 
AUGUST
 

2-10 Aug, Dhaka
 
6-10 Aug, Auckland 
   
 
13-16 Aug, Port Vila
 
 
4th Meeting of the APT Preparatory Group for PP-18
21-24 Aug, Kuala Lumpur


30-31 Aug, Sydney 
 
   
SEPTEMBER
 
 
6-13 Sep, Noumea
 
 
18-20 Sep, Singapore 
   
 
OCTOBER
 
 
ITU Plenipotentiary Conference 2018
29 Oct - 16 Nov, Dubai


NOVEMBER


3-9 Nov, Bangkok 
   
 
Connect with Us
Facebook    Twitter    LinkedIn
 
 
This is a monthly e-newsletter published by the Internet Society's Asia-Pacific Regional Bureau. It has updates on the Bureau's activities and features insights on the transforming Internet landscape in and around the Asia-Pacific region.

If you like our e-newsletter, you can share it by clicking on the social media links above.  
Re-thinking Privacy in Asia-Pacific
It's no secret that the world's most powerful companies hold the largest treasure trove of personal data, having collected it from millions of their customers worldwide. This trend will not change anytime soon, as emerging technologies such as artificial intelligence and the Internet of Things will make it easier for more granular information about us to be gathered, aggregated, triangulated and cross-referenced. A key end result will be new information that can and will ultimately be used to shape our behaviour, influence our decisions, and determine our entitlements, for better or for worse.
 
While legal norms around data protection have largely reached alignment through dedicated policy and regulation, the same cannot be said about privacy, which remains highly contextual across cultures and societies. In 2017, the Internet Society's Asia-Pacific Regional Bureau organised and supported a series of online privacy workshops across the four sub-regions of Asia-Pacific: the Philippines in Southeast Asia, Hong Kong in East Asia, India in South Asia, and Vanuatu in the Pacific, culminating in a regional conference on Building Trust in the Digital Economy in Singapore in November last year.
 
Through these workshops, we were able to thresh out the different privacy dimensions that mattered most to local stakeholders. We were also able to feed relevant issues into ongoing deliberations in economies that have yet to formulate data protection policies (Vanuatu), are in the process of developing one (India), have just implemented one (Philippines) or are about to revise existing legislation (Singapore and Hong Kong). A number of these issues were specific to the local environment, but many resonated throughout the different sub-regions. We'd like to highlight some of the key takeaways:
 
1. Online privacy and data protection are evolving concepts . New technological trends like big data analytics that allow for personal information to be de-anonymised, or aggregate bits of what we may deem inconsequential data to build profiles about us, are changing the definition and nature of what we consider "personal" data. New standards, such as the EU General Data Protection Rules, which seek to address these concerns, imposes new obligations on data collectors and processors, including breach notification requirements and heavy fines for failure to comply. But it also assigns new entitlements to users, such as the right to erasure, data portability and object to profiling. Such policies, which have an extraterritorial scope, will force us to rethink our own data protection and privacy policies, perhaps prompting us to focus on the impact of data collection on privacy, rather than the act of data collection itself.
 
2. Users want control over their personal data. Users want to have the choice to opt out of data collection - even if it means having reduced access to services. Participants in the India workshop suggested that businesses can make available different levels of service, for instance having more personalised service for users who opt into having data collected about them. More generally, users believe that data collection needs to have a clear and identifiable user benefit associated with it.

3. We need to keep it simple for other stakeholders. Participants lamented that technologists tend to design privacy measures that are too complex for other stakeholders to follow. They emphasised the need to strike a balance between usability, or the convenience of access, and making sure the data collected by these services is secure. This may involve taking a more holistic view of privacy measures, to ensure that users and decision makers are drawn to the important details, instead of being overwhelmed by a wall of technical information. In the case of terms and conditions, one possible solution is to take a layered approach - wherein the policy is spelled out in easily understandable language in one page, with the more detailed policy on another. This will also help make privacy policies more digestible to communities that have low levels of literacy.

4. Governments also need to think about privacy by design. Many economies in Asia-Pacific are in the process of, or have plans to, roll out digital ID systems, as a means to provide citizens access to public services online. Having privacy safeguards in place at the onset of designing these systems will drive governments to limit data collection to only the information necessary for the designated purpose, to ensure that data is adequately protected while it is in use, and disposed of properly when it is no longer needed.

5. Data can be a burden as much as it is an asset. A very large pool of data is often considered a great organisational asset. But with it comes an equal responsibility to protect that data. Limiting data collection to what is only absolutely necessary, and destroying it when it is no longer needed, will help reduce the associated costs and legal liabilities to keep it secure.
Noelle Francesca De Guzman
Regional Programmes Coordinator for Asia-Pacific 
IETF's Role and Activities, and Need for More Collaboration Between Different Internet Bodies 

This article is a continuation of my previous blog. It summarises IETF's role as a standards developing organisation and its key activities, and stresses the need for more collaboration between different Internet bodies to ensure an open and trusted Internet.

IETF's Role

All aspects related to IETF are documented as RFC / BCP documents. RFC series contains technical and organisational documents about the Internet, including specifications and policy documents produced by four streams: IETF, IRTF, IAB and independent submissions . RFC3935 defines IETF's mission . RFC2028 describes key individuals ( RFC Editor ) and organisations ( IETF Secretariat , IAB , IANA , IESG , IRTF , Internet Society ) in the standards-making process. RFC2026 documents the process used by the Internet community for standardisation of protocols and procedures, stages in the standardisation process, requirements for moving a document between stages, and types of documents used during this process. RFC4440 explores the relationship between IRTF, IAB and IETF.

Recent Trends in IETF/IRTF Activities

While IETF focuses on short-term issues of engineering/standardisation, its research counterpart IRTF focuses on long-term research issues related to the Internet.
  1. There is an emphasis to design Internet protocols keeping in mind human aspects and rights. The HRPC Research Group is chartered to research whether standards and protocols can enable, strengthen or threaten human rights. 
  2. Encryption and authentication measures are the focus of attention across all IETF working groups. The IAB statement and documentation in RFC1984 promotes strong, ubiquitous and opportunistic encryption and authentication mechanisms, which are turned on by default, and these concerns are particularly relevant after Snowden revelations. RFC7258 declares pervasive monitoring as an attack. DNS Privacy Project and DPRIVE WG aim to cryptographically secure DNS, one of oldest and critical Internet protocols. There is also a dedicated IRTF Crypto Forum Research Group. 
  3. Additionally, work is underway at various stages of protocols' design and development for emerging technologies and modern Internet protocols like TLS 1.3, Internet of Things, QUIC, Multipath TCP, Captive Portals, YANG model, DANE, Home Networking, IPWAVE and SIDR.
Need for Collaboration

IETF is amongst many standards developing organisations that formulate Internet/Networking standards - others being ISO, IEEE, ITU-T and W3C. Further, IETF is one of the core Internet organisations/forums - others being Internet Society, ICANN, IGF, IRTF, IAB and RIRs. Each of these organisations have clear mandates with respect to the standards they produce, policies they formulate, and collaboration they do with other organisations.

These organisations do not work in isolation, and have liaising mechanisms in place. For instance, IETF has liaison relationships with other organisations. The primary contact for IETF liaison negotiation and representation with outside organisations is IAB. Establishing a liaison relationship can: (1) prevent duplication of effort, without obstructing either organisation from pursuing its own mandate; and (2) provide authoritative information of one organisation's dependence on other's work. For more details refer to RFC4052 and RFC4053.

Other areas of collaboration include the following:
  1.  The ICANN's Technical Liaison Group (TLG) consists of four organisations - ETSI, ITU-T, W3C and IAB. The purpose of the TLG is to connect the ICANN Board with appropriate sources of technical advice on specific matters pertinent to ICANN's activities. The ICANN bylaws ask these organisations to each provide two technical experts. All TLG participants are also members of ICANN's Technical Experts Group that confers with the ICANN Board at ICANN meetings.
  2.  IETF and W3C jointly developed the WebRTC protocol.
  3. IRTF, ITU-T, ISO, W3C and IEEE are currently doing research on Blockchain and distributed ledger technologies (DLTs). These organisations should collaborate/liaise to minimise duplication of work, identify dependencies, and come up with interoperable standards for Blockchain and DLTs.
The views and opinions expressed in this article are those of the author and do not reflect the views of the Internet Society.
The First School on Internet Governance in Nepal
Group photo of participants at the First School on Internet Governance in Nepal

by Santosh Sigdel, Senior Vice President, Internet Society Nepal Chapter 

Last month, the Internet Society Nepal Chapter organised the first School on Internet Governance ( npSIG) in Kathmandu in collaboration with the Forum for Digital Equality. The npSIG was jointly inaugurated by Laxmi Narayan Yadav, Director General of the Government of Nepal's Department of Information and Technology, and Birendra Kumar Mishra, Chairperson of the Nepal Internet Governance Forum's Multi-stakeholder Steering Group. Bikram Shrestha, President of the Internet Society Nepal Chapter presided over the inauguration session.

The main objective of npSIG is to enhance the capacity of young people on Internet governance issues and promote their participation in the Internet governance process. Additionally, npSIG aims to build expert forums on Internet governance through the alumni of the school.

This first two-day npSIG helped participants better understand the global and regional Internet governance actors, issues and processes. Speakers included:
  • Osama Manzar, Founder of Digital Empowerment Foundation, who highlighted the importance of ensuring Internet access, particularly in rural and remote regions.
  • Baburam Aryal, Chairperson of the Forum for Digital Equality, presented the Internet governance ecosystem in Nepal.
  • Binaya Bohra, Managing Director of Vianet Communication, examined key challenges regarding access, affordability, relevant content, safety and security, and privacy.
  • Subhash Dhakal, Director of the Department of Information and Technology, presented the Nepali government's role and perspective on Internet governance.
  • Hempal Shrestha, free and open source activist, introduced the core values and principles governing the Internet.
  • Ananda Raj Khanal, Senior Director of Nepal Telecom, discussed the use and access of the Internet by persons with disabilities in Nepal.
  • Sanjeeb Panday, Assistant Professor of the Institute of Engineering, explored the Internet of Things, artificial intelligence and their implications for Internet governance.
From the Internet Society Nepal Chapter, I made a presentation and facilitated a discussion on privacy and data protection, and the Secretary, Tanka Raj Aryal presented the importance of cybersecurity in Internet governance.

The npSIG also featured panel discussions, role playing and forums. For instance, there was a panel on blockchain, cryptocurrency and the digital economy. There were two role playing sessions on the Internet ecosystem (facilitated by Shreedip Rayamajhi), and on name and numbering stakeholders (by Srinivas Chendi from APNIC). In addition, a forum was organised on ways to participate in local, regional and global Internet governance forums. There was also a lightning talk session where speakers introduced key topics related to Internet governance. Topics presented included net neutrality by Sahajman Shrestha, country-code top level domains by Suraj Adhikari, internationalised domain names and new generic top-level domains by Balram Bal, gender in Internet governance by Jyotsna Maske, and youth and Internet governance by Alpha Rani Shrestha and Udeep Baral.

The nPSIG was made possible through strong partnerships with government organisations, academic institutions, the private sector and civil society organisations in Nepal, as well as with regional and international organisations. Support from the Internet Society, ICANN, APASA and APNIC contributed to the successful organisation of this first npSIG. The Internet Society Nepal Chapter aims to develop sustainable partnerships with all these organisations and with other interested organisations to make npSIGs more effective in the coming years.
Naitik Mehta, India - Awardee of the Internet Society 25 under 25 Program
Photo of Naitik Mehta

Over the next few months we will be featuring awardees under the Internet Society 25 under 25 program from the Asia-Pacific region. The program selected 25 exceptional young people under the age of 25 from around the globe who are using the Internet to make a difference in people's lives - six awardees and one honorable mention recipient are from the region. This initiative was part of the Internet Society's 25th anniversary celebrations, and a special recognition ceremony for the 25 under 25 program was held on September 18. Watch video here.

Naitik Mehta is an advocate for equal opportunity and social inclusion. He is the co-founder of NextBillion.org, a social enterprise that is bridging the gap between people with disabilities and the technology industry. The organisation offers mentorship programmes that connect people with visible and non-visible disabilities to both industry mentors and job opportunities.

Naitik and his team have completed two mentorship cohorts with 70 participants matched with mentors from top companies such as Google, Microsoft, Facebook, PayPal, Palantir, and Uber. NextBillion.org's mission is to empower people with disabilities to reach their full potential, and they aim to complete 11,000 mentorships by 2019.

With new local mentorship cohorts launching across North America, Naitik and his team are focused on leveraging the power of the Internet to provide employment opportunities for world's largest minority.
Myanmar's Cellcos Reach a Combined 50m Subs
Myanmar's mobile operators - MPT, Ooredoo Myanmar and Telenor Myanmar - have announced they have reached a collective 50 million subscribers. Extrapolating from the latest UN estimates, Worldometers projects that the total population of Myanmar is around 53.6 million, meaning the nation's mobile penetration is approaching 100%.

Recent report, "Big Data in Chinese Businesses", highlights Chinese businesses' major investments in big data, which are putting the nation at the forefront of opportunities in artificial intelligence. The volume of data and users provides more accurate predictive models, richer analysis, and supports more advanced machine learning and deeper learning techniques.

According to a new research commissioned by Cisco. Malaysia's leadership on this front stemmed from initiatives such as the establishment of a national agency to consolidate and coordinate a cybersecurity agenda, and drafting a cybersecurity bill and comprehensive plan to develop cybersecurity professionals to meet growing demand.

The scheme requires agencies and organisations in Australia that are covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm", as soon as practicable after becoming aware of a breach. The scheme uses the phrase "eligible data breaches" to specify that not all breaches require reporting.

Not yet signed up to receive our emails? Join Now