More than 370 visitors and 1300 online viewers watched 50 domestic and foreign speakers at the DIDS 2016 seventh Internet conference. This year’s Serbian Internet Domain Day was held on 15th and 16th March in Belgrade under the slogan Living the Internet... Globally – Securely – Locally, organised by the Serbian National Internet Domain Registry (RNIDS) Foundation. DIDS was held with the support of ICANN, with an accompanying programme the second day in the form of the Regional Internet Forum – RIF 2016.
Vojislav Rodić, Chair of the RNIDS Board of Governors, opened DIDS 2016 with an explanation that the role of RNIDS is “management of the national top-level domains”, but “that the essence of this process is facilitating personal and national online identity”. One topic of this year’s DIDS was the future of the Internet at the global level, particularly in connection with the decision of the US government to relinquish supervision of the IANA functions, but also with regard to the security of information and communication systems in Serbia and the region.
“Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.” These poetic lines from the introduction of the twenty-year-old Declaration of the Independence of Cyberspace served as the opening words to the first block of the 2016 Serbian Internet Domains Day (DIDS2016) titled Globally.
The topic which imposed itself in the first panel debate, moderated by Vladimir Radunović of the DiploFoundation, was the news that after discussion with representatives of the Internet community and regulatory bodies, the US Government had reached an agreement regarding transfer of the IANA functions to the global Internet community, specifically to ICANN (the Internet Corporation for Assigned Names and Numbers).
ICANN, just like RNIDS in Serbia, operates on a multistakeholder organisational model, which involves a form of self-regulation in regard to the governance of the Internet. This means participation by companies, associations and civil society organisations in taking important decisions and overseeing their implementation while at the same time taking into account the opinions of relevant state institutions.
Gabriella Schittek, GSE Manager, Central & Eastern Europe at ICANN, referring to the news of the agreement, said that before the celebrations could start we needed to wait 90 days for the US to consider all aspects of the agreement and officially ratify it, upon which “the Internet would become truly independent”. She also invited all interested parties to get involved in the work of ICANN, as an organisation that supports the democratisation of Internet governance and which is open to fresh ideas and expertise, both from civil society and the business world. “It may seem like a waste of time to companies, but if you think about it, why would you allow someone else to take decisions regarding the Internet – that you use every day – if you too had the opportunity to take part?” Gabriella asked the audience in the Crystal Ballroom of the Hyatt Regency Belgrade Hotel.
Mike Silber from South Africa, member of the ICANN Board, followed on from this, noting that the transfer of supervisory functions to ICANN had been agreed to even by those countries that had felt excluded from the process of the governance of cyberspace, and that probably the best solution for this problem was the transfer of these functions to a global multistakeholder Internet community and to a model that had proven itself successful through the work of ICANN.
Wolf Ludwig, Chair of the European Regional At-Large Organization (EURALO), emphasised the need for everyone to get involved in the governance of the Internet who wanted to, and that it would be good for more people from the CEE region to become active in this too. In this regard one should not rely heavily on those in legislative or judicial power since they, with a few rare exceptions, could not claim extensive knowledge in this area, he said. “Governance of the Internet should be from the bottom up, from the people to those in power, not the reverse. We all need to contribute to the dialogue on the key aspects of the functioning of the Internet, we need to advise but also criticise the decision-makers in order to make the network function better,” said Ludwig, noting that issues such as these were sometimes even addressed via referendum.
Marília Maciel, coordinator of the Center for Technology and Society at the Getulio Vargas Foundation, spoke to the DIDS audience via a Skype call from Brazil, noting that the topic of Internet neutrality was a very important one in her country and that her impression was that governments around the world were finally beginning to understand the importance of working with the civil sector in respect to governance of the Internet.
The topic of the second panel debate, titled Securely, was trends in Internet security, moderated by Slobodan Marković, ICT Policies and Internet Community Relations Advisor at RNIDS. At the beginning of this year, a new Law on Information Security was passed in Serbia, setting out measures to combat security risks in information and communications systems, establishing the accountability of legal entities managing and using these systems and defining which authorities were to be responsible for the implementation of security measures, coordination amongst stakeholders in security and monitoring the proper application of the prescribed security measures. This lays down a legal framework for the future functioning of CERTs – bodies which are set up to prevent security incidents, as well as help minimise their occurrence through education and raising awareness in the general population, in the business world and in public departments, regarding the importance of ICT security.
Nebojša Jokić, Chief of the MUP-CERT set up by the Serbian Interior Ministry, said at the conference that this CERT had been in existence for a much shorter time than those in the surrounding countries but that in the 20 or so months it had been operating an organisation had been put in place which would be able to face future challenges while at the same time working towards improving the knowledge and awareness of all employees in the police force.
His Slovenian colleague, Gorazd Božič, Director of the SI-CERT in ARNES, shared the experiences of this body, which last year celebrated 20 years since its establishment. He explained that in this time cybercrime had become a great deal more sophisticated and that professionals working in CERTs needed to keep in step with technological advances at the same pace as lawbreakers did. One significant development was the emergence of malicious software created to be leased to others (CaaS – Crime as a Service) for use in attacks on particular locations on the Internet, which had effectively become a new Internet business model. Božič said that in Slovenia banks were the most common targets for hackers, who sought to access data which could be used for the personal gain of the attackers. However, he noted that banks, as well as many other institutions, had become aware of the need to safeguard against hackers and other forms of online attack.
Filip Vlašić, Computer Security Specialist at HR-CERT, CARnet, said that the CERT had officially existed in Croatia since 2008, but had effectively been in full operation since 2010, when a great many changes began to come about in the business of security. Five years ago there was not such a variety of devices capable of accessing the Internet, nor was there such widespread use of smartphones running different types and versions of operating systems. This all made the job of information forensics harder, but also underlined the need for bodies such as CERTs, he added.
Dušan Stojičević, member of the SEEDIG Executive Committee and former Chair of the RNIDS Board added that RNIDS planned to establish its own CERT which would cover the local domain space, i.e. the .RS and .СРБ domains. He criticised the above-mentioned law for not defining critical infrastructure, and stressed that there had to be constant cooperation between the private sector, which owned most of the infrastructure, and the supervisory bodies.
Sava Savić, Deputy to the Serbian Minister for the Information Society, Ministry of Trade, Tourism and Telecommunications, touched on the Law on Information Security but also talked about the dilemmas facing Internet users on a daily basis, as well as answering questions such as whether the right to privacy should be subordinated to security concerns. “There is an institution that protects citizens’ rights to privacy, and other state authorities often make compromises with it. However, where data that could save someone’s life are concerned – for example in the event of the kidnapping of a child, whose mobile phone signal can be tracked – then of course saving the person is paramount and nothing can take priority over that,” he said, adding that this did not mean that anybody from the security services could abuse access to data on citizens with impunity.
The third block of DIDS, this time titled Locally, facilitated by Radomir Lale Marković of TAG Media, presented an overview of prominent websites on the national .RS and .СРБ domains. Representatives of 12 home-grown websites and online projects talked about their experiences and their road to growth.
Full information on the programme and participants of DIDS 2016 can be found on the site at dids.rs and дидс.срб, with the hashtag #dids2016 being used on Twitter.
The second day of DIDS comprised the Regional Internet Forum – RIF 2016, bringing together some fifty delegates from national Internet registries from south-eastern Europe, from state bodies, from local Internet communities and from global Internet organisations, as well as legal experts from the region with a wealth of academic and practical experience. Some of the topics of this industry gathering were projects in the area of e-Government, problems concerning IDN domains and copyright and other Internet legal issues, as well as Internet security from the aspect of education, raising awareness and legal compliance. More detailed information about the participants and programme of RIF 2016 can be found on the site at rif.rs and риф.срб.