 I am delighted to welcome you all this morning to our panel discussion on digital borders and technological sovereignty. We have a good group in the room this morning for 9 a.m. on a Friday and a great group of panelists. We're actually also live streaming and on Twitter at hashtag tech borders. Is that right? Okay. There we go. Throwing out a word like technological sovereignty in a crowd of political scientists or cyber wonks is definitely red meat, but it's also a topic that has gotten a lot of attention among regular folk and around the world I should say, maybe even more so than the United States and so we're delighted to welcome you here today for this all-star panel. And I should just say for the better part of 20 years I think we've been debating the contours of the role of the sovereign state in cyberspace. It's undeniable on one hand that this network of networks that we call the Internet has been a major force for the free flow of information around the world, the dissemination of knowledge, the growth of economic opportunity for people all over the globe. On the other hand is also very clear that when citizens participate in a global network, the ability of the nation state to shape their experience to protect them in some ways is much more limited. That's both a feature and a bug, as the technologists like to say. And in some ways this whole debate has unfolded in sometimes arcane corners of the political science and cyberspace world. It comes up in very critical conversations about the future of Internet governance, about the role of new or existing international bodies like the ICANN or the ITU. But it has been, I would say, even though it's important, probably a more obscure debate until very recently. And something has changed in the last year about this debate. It's taken on a new prominence. And we are seeing in the wake of the revelation, the Snowden disclosures and revelations about intelligence activities around the world, a marked uptick in interest in this question of technical sovereignty. We're seeing around the world, from Brazil to Berlin, new proposals for nation states to assert their technical sovereignty. Some of the proposals include things like changing the locations of undersea transmission cables, creating new capabilities for users to do end-to-end encryption, norms around how governments will do spying in cyberspace. Some of the proposals that we're seeing may be relatively innocuous. Some of them are going to have very real political and economic implications. And some of them may, as the technologists say, break things. Some of them may actually change some of our fundamental assumptions about how data flows and about the openness and free flow of information of the network that we call the Internet. So the stakes actually are quite high now. And to help us sort through all of these proposals and their implications, we do have a terrific panel today. I should say that this event is part of a two-year project jointly that we're doing with the Global Public Policy Institute entitled Transatlantic Dialogues on Security and Freedom in the Digital Age. It was launched at the beginning of the year. And it's funded by the EU delegation to the United States, which we're very grateful for their support. The topic of this event is also going to be the focus of a paper, a first paper coming out of the joint project that's going to be published in early October. It's going to analyze these European proposals, maybe some of the broader proposals, and offer an impact assessment. And we'll be discussing some of that today. So a little bit of a preview. I should say thank you to, particularly to all of you for being here, but especially to our guests who are coming from overseas. We are delighted and grateful to host you here today. To introduce our panel, I'm pleased to introduce our partner in crime here, Thorsten Benner, who is the director of the Global Public Policy Institute based in Berlin. He is also the founder of GPPI. And he will be here to kick off and to introduce our lineup today. So please join me in welcoming Thorsten. And thank you. Thank you very much, Al, and thank you to New America and the Open Technology Institute for having us, for doing the project together. It's indeed a terrific panel, and it's a pleasure to introduce the panel. From Brazil to Berlin is a good motto also for the panel itself. To my left is Carlina Rossini. She's vice president for international policy at Public Knowledge. One of the leading voices in the global debate on internet policy. She's Brazilian and very much follows the discussion in Brazil and will enlighten us with this perspective. She has previously worked, among other things, as a project director here with the Open Technology Institute at New America. From Brazil to Berlin brings me to Ansgar Baums. He's director of corporate affairs at Jullet-Packert in Berlin, has a very varied career starting out as an intelligence officer in Germany, then changing, among other things, to be the head of government relations at SAP, a leading German globally oriented internet company. And now with an American company and feeling the heat a little bit in Berlin of the fallout of the Snowden discussions. And he's, I should also say, one of the leading voices. He's not just a corporate lobbyist, but he is also one of the leading voices in Berlin working together among others with Ben Scott, who's also well known here at OTI on smartening up on digital policy issues in Berlin. It's a pleasure to have you. And last but certainly not least, Joe Nye, a towering figure in the study of international relations and also diplomatic practice over the past four decades. He's a professor at the Kennedy School at Harvard. He has always been very interested in the study of power. And I think the study of power has also brought you to cyberspace and has led you to publish a number of articles on what the diffusion of power means in cyberspace. And you're currently also a commissioner in the global commission on, global commission on internet governance and very interested in questions of fragmentation of organization and very happy and proud to have you here on this panel. And our guide through this morning is Tim Mora. He's a fellow here at OTI at New America that works on cyber security issues and norm evolution. He also works on global internet politics and in particular recently on the role of swing states in this debate, which I think also reflects on the discussion we're having this morning because sometimes we don't quite know where Brazil and Germany are fitting in this debate. And Tim is also the natural bridge in the project. He's also a non-resident fellow at the Global Public Policy Institute. We're very proud to say that he began his think tank career at GPPI as a research assistant and also very much profited from Professor Nye at the Kennedy School where Professor Nye supervised one of Tim's research papers on WikiLeaks with one of his first forays into digital issues. So with no further ado, Tim, please, over to you. Thank you, Torsten. And thank you, Alan. Welcome, everybody, here on Friday morning and also everybody who's joined us through the livestream. You can please participate in this debate before the Q&A already through Twitter. And before we get started, I wanted to briefly talk a little bit more about this first paper that we've been working on with the Global Public Policy Institute and we spent yesterday brainstorming this topic a little bit. And the reason why we're here today is because over the course of the last 12 to 18 months, we've seen this rise in terms of the political traction that some of these proposals have gotten. And the term technological sovereignty that you saw in the invitation is not an invention of ours and we are not going to define the term. The reason we picked it is because it's actually a term that is used in Germany quite a lot and is actually also mentioned in the coalition agreement of the German government where the government explicitly states that one of its goals is to enhance technological sovereignty and to regain technological sovereignty in Germany. So the goal of the paper was to dig a little deeper and find out what does that exactly mean and what kind of proposals have we seen being advanced by both politicians but also general thought leaders, not just in Germany but Europe more broadly. And many of you are aware that data localization was at the center of attention for several months at the end of last year. And when we started looking into this specifically in Europe, we realized that we're actually a lot more different proposals than just focusing on data localization and Alan already mentioned some in terms of undersea cables, calls for strong encryption. And what we are trying to do with the paper is to provide a fuller overview of what these proposals have been about. As you know, many of them aren't new. They've been floating around for quite a while but they gained significant political traction over the last year. And then in a second step, we want to provide an impact assessment of do they actually achieve the goals that the people who have been advancing them in terms of securing data? Is that actually achieved through that specific proposal? And then in addition to that, looking at the secondary implications for other internet policy making principles that we've been looking at. So stay tuned on that. We'll keep you informed and that we'll have more of that coming out in October. Today, we want to broaden the perspective a little bit and not just focus on the European and the US context, which is why I'm particularly happy that Koelina is joining us this morning. And the way we'll start this event today is we'll spend about the next 40 minutes with a panel conversation and then we'll open up for Q&A to give you a chance to participate as well. And we'll start out with the debate in Brazil last year where as part of the debate about Marco Civil, the NetMund Yau conference earlier this year, which was this big internet governance summit, one of the proposals was centered on data localization. And there was a very intense debate in Brazil about this proposal. So, Koelina, it'd be very good to hear your perspective on from the beginning, where did this proposal come from, the debate in Brazil, and why it ultimately did not end up being part of the law. Sure, so good morning everybody and thank you for the invitation team. It's always our honor and pleasure to be back here. And I do see this has, I always say to folks when they ask me what happened in Brazil suddenly and I do see the six months period where everything changed in Brazil, right? If you have followed at all what happened in Brazil, we have been discussing Marco Civil since 2007 when the first draft came and actually came from the law school I was working at the moment at the time. And since it's very early inception privacy was in the core of Marco Civil as it was freedom of expression and neutrality. But focusing on the data issue at the same time that Marco Civil came into discussion, another issue also came into discussion which was the protection of personal data through another view that was running in parallel to Marco Civil. So I'd like to say that in Brazil we have actually three main legislations that would regulate the internet moving forward. Marco Civil, which everybody has heard and I consider the umbrella for all of those, the data protection bill and the copyright reform, which is actually running for even more time. But that's not the focus of us today. In 2013, the revelations really shocked Brazil and helped awaken the very high levels of our executive and also the legislative. Marco Civil was going on at that time for almost six years. There was a huge traction within civil society and also the lower levels of the legislative and some of the ministries even more with the Ministry of Culture being Gilberto Gil at the time really pushing forward to that bill and to really recognize internet has a central piece of society but also the economic development in Brazil. However, it was really hard to really knock and open doors at the higher levels of the our executive because that was not part of the agenda at the agenda Dilma at the time was environment reform, children's protection reform and other reforms. And I think that when Dilma realized that even her personal email was being surveilled and the surveillance was not just political but it was also economic on Petrobras and Vale, which are our big mineral companies in Brazil. She really got engaged and tried to understand. But has every first wave of reaction is the first wave of reaction was a very emotional way of saying we have to protect data of our citizens. Without exactly understanding how technology works at the time. In parallel to that, if you're following internet governance worldwide, we were having also in Brazil a discussion if multi set a variety of sectors should be involved or just states should be involved on regulating the internet, right? And her reaction was emotional and was also based on a reaction of what states needs to do, as sovereign states. And then the proposal was inserted in the bill just based in a conversation among governments and within Dilma high level government affiliates. And they introduced a new article in the bill that was not there before regarding that localization saying that if you deal with Brazilians, even if you are not in the country, you actually would have to have servers in Brazil and you would have to separate the data of Brazilians and the transactions done by Brazilians from every other transaction. That was something that we never have seen before in Brazil and got very strong reactions of all the stakeholders that actually depend on internet for a series of things, right? It got strong reactions from the companies, even Brazilian companies and got a strong reaction from civil society. A lot of people actually mistakenly say, Brazilians wanted that and that's not true. So civil society did oppose that strongly and tried to reach out to Dilma through our Internet Steering Committee, the CGI. And also companies reached out to Dilma saying, this is gonna represent our high transaction costs for us because we need our servers in Miami because it's much cheaper, right? So the companies were actually very compelling, I have that data. They did a lot of presentations on data on how much would increase their cost and would make their services prohibitive in terms of prices and also in terms of competition with foreign companies that were doing that. Which of course, if they had to deal with that, which would be a high transaction cost for them too, they would still do it. Because Brazil represents a big market for them, which would be, but that as could be competitive for smaller companies and small ISPs. Brazil has almost 3,000 small ISPs providing local Internet. So that would represent them a really big challenge to have that installation going. So that was the data localization. I think that when Dilma realized with consultations with CGI and also Fadi went down to Brazil, and that was within their agenda for their conversations, Fadi Shahadi, the president of ICANN, I mean. She realized that that was not the case, right? Data circulates around the world, data circulates around backbone cables, so would not localizing the data in Brazil would not solve the problem of surveillance. And of course, Brazilians were really concerned on the civil society point of view that that would be a threat to privacy and freedom of expression. We do have NSA, of course, is much less resourced than the American NSA. It's called Dabin. And we have discovering more and more that Dabin does do surveillance in Brazilian citizens, including human rights movement, the gay movement, and all the social movements in Brazil that are pretty strong. The environmental movement, the accession medicine movement. So that was discovered. So when it's not just tracking Facebook activities, actually more than that. So of course, that also meant a threat to civil society and human rights movement in Brazil, and we all said no to that. So I think Dilma, when she understood that, that would not solve the problem that was taken out of the bill. As we understand, the data protection bill is coming out of the oven finally at the end of this year. And companies are already very worried because of transaction costs. It will not ask data localization. The bill was intended to just be protection to personnel data in consumer relations, but then now the bill was expanded. So this is not really published yet, right? But in the conversation of the governments, that was what they tell us. The bill was expanded to include also privacy protection against government interference with citizen activities, which it's a good thing. Even more if a Marco Civil Put Privacy has the core of its content. So we are really looking forward for the bill coming out at the end of the year. We do not ask a data localization, but one thing that's really developing is informed consent. So informed consent, if you know it's very common in the health side. So when you go through a clinical trial or something like that, you have to sign lots of papers. It's different from what we sign on the doctor's office. It's something much broader and much larger and much detailed. One thing that I have been suggesting companies is a project that actually delivers informed consent very similar to what Creative Commons license did in copyright through a series of symbols and things that facilitate the person signing that to actually give its informed consent. So that we deal also with transaction costs and friction for companies offering services, right? So how can we do one type of informed consent that takes that risk out of the companies but also secure and make the consumers and the seats and understand what they are going to do with the data? There are a lot of restrictions in terms of data. All the companies that operate in Brazil based on the Marco Civil, that's already in Marco Civil, that was approved in April, right, 24 of April. We'll have to obey the data protection law and not just the companies that are physically in Brazil. So if you actually, even if you are in Japan or China, right? The Chinese searching engine actually is operating now in Brazil. They just opened a new office in Brazil. So even if you do some marketing direct to Brazilians, you're gonna have the jurisdiction does apply to you related to that. So you're gonna have to have informed consent and all those things. So I think that was the trajectory there specifically regarding data protection. In terms of cables and things like that, how long do I have? Like one minute, okay. In terms of cables, Brazil is a country that's very dedicated to bilaterals with Africa. We have strong cultural relations with the Portuguese speaking countries in Africa. So we are setting cables. We are setting another cable with Europe. And that's not to escape US. It's actually just to make our technology better and more efficient. 80% of our traffic pass through US now, 85% of our websites are hosted in the US. CGI is developing 22 IXPs in Brazil. Again, this is just to make better our internet and connectivity in Brazil. So countries in the rural areas do not depend just in satellites. So I wanna put this sherry in the ice cream there because it's not just about like we are fighting against US. No, we wanna provide better because that is in our broadband plan for more than five years. So I think that's a little bit the context in Brazil and I'm happy to give more details later. Thank you. Great, thanks a lot. And I think Brazil is a great case study for something that we've noticed as we've been doing this research that if you look at the universe of proposals, some of these proposals make more sense than others and something that we're trying to do with the paper is to point out which of these proposals are not a very good idea and which of these proposals deserve more attention. And I think the debate in Brazil, especially about data localization is a great example of a proposal that was made in response as a political response and most of the people who are engaged in this space and know the topic well said this doesn't make sense and it didn't go very far. I just got back from Germany and to stay with the theme from Brazil to Berlin. It sounds kind of like your next vacation next year to go over to Ansgar. In Germany I'm not quite sure we are at that level yet in terms of the debate and the level of nuance where we have that debate about what proposals are more sensible than others. So it'd be great if you could give us an overview of the current debate in Germany which of these proposals you see have gained more political traction and your perspective from. Yeah, thanks, thank you very much. First of all, thank you for building these bridges between Europe, America and connecting tech with politics. I think that's something that we lacked in the last couple of months. And I think we saw the negative outcome of it. So I think we underestimated a little the necessity to communicate on these issues in the past months. Yeah, maybe give you a short overview of what happened in Germany over the last month since the beginning of the Snowden Affair, the debate evolved quite considerably. So this is really a try to give you an objective description of what happened. I think we see currently three different understandings of technological sovereignty in Germany. And I think it's important to distinguish them. There's one debate focusing basically as technological sovereignty as the right of the individual. It's about you as an individual should be in full control of your data. You should have full transparency what companies are actually doing with your data. So the main threat which is discussed in Germany obviously are big tech companies doing data analytics without consent from the individual or having, I don't remember the name of the company, but there's one which is currently discussed hardly in Germany. Focusing really on the individual. That's number one, I think that's not really a new discourse. It has just got a new nuance from the NSA debate. The second one is centers around the function of the state, which is about how to protect government infrastructures and critical infrastructures from be it cybercrime attacks or be it foreign intelligence services. I would say that's the original NSA debate we had in Germany. We still have it. We have a committee in the federal parliament inquiring the details. It actually developed a little from focusing solely on what NSA did to what is actually our own intelligence services, what our own intelligence services are currently doing. And it becomes apparent that they don't distinguish themselves so much from each other. So we currently have a kind of a soul searching what intelligence services are allowed to do in relation to foreigners, to foreigners of nations which we regard as friends, and to our own population. As you may know, classical intelligence services distinguish between their own population and anyone else. So we don't have any friends in that term. There is no ally from the point of view of an intelligence service. It's either your German or your foreigner, be it French, American, Pakistani, Afghani. It doesn't matter in this system. And it has been, I think it's now coming up as a topic to the necessity to differentiate more in order not to have, let's say, 100% opportunity to spy on population of countries that we regard as friends. And the third debate, which is probably the most important one and the one which might become more important in the future, is basically about economic power. The core argument here is that the digitization of value chains, which is taking place in any given industry we see currently, we need finance, banking, production, automotive. That this digitization will lead to a shift of power away from the companies which actually use this IT to digitize their value chains towards big IT companies which provide digital platforms where all data which is collected through sensors, etc. PPP is gathered, managed, and then distributed and provided for someone who has an appliance, an app to make use of this data. This debate basically translated into a discourse of asymmetric power between big US companies providing these data platforms and German companies who are in the receiving end using it. But basically are in danger of losing their data, losing access to their customer, basically being the weaker partner in this relationship. So you could argue, what does it have to do with NSA? Probably not much. But the important thing is that both discourses are about asymmetry between a weaker partner in the current perception in Germany. It's Germany, Germany as a state or German companies towards a much stronger partner. And the other side, NSA on the other side, as it perceived the big IT companies, US based companies. And the difficult thing about this debate is I think it mixes some interesting, very important questions with some very wrong and stupid answers. I think the important part we should really focus on is actually to understand better what this digitization of value chains is actually doing. It's a new phenomenon, it's not well understood. Basically, these digital platforms are natural monopolies and we're not really sure what kind of governance do we want to have. There's now a big debate in Germany you may have heard, the split up of Google. It's an extraordinary debate because again, it mixes some important questions with rather stupid answers. But how actually these big digital platforms work is not well understood. And we're still about to define what a government, what kind of role government would play in this. So we now have heard that monopoly law shall be applied to a company like Google. I don't think it will work. But you can see that they're trying to find a way to calibrate the answer of government towards this new trend, which takes place in the economics. So there's an important question here. Obviously the wrong answer would be an attempt to build national infrastructures, national digital platforms. It has been contemplated in Germany. So this is not fiction, but it's actually a current debate. From our point of view as a tech company, obviously our customers are big German companies from car manufacturing, banking finance, retail, whatever. They are completely, have a different understanding of these platforms. They compete globally, they want highly efficient digital platforms. So they don't think in nation state terms here. So to apply a framework which is basically based on the concept of the nation state. Applying this framework on these digital platforms is highly dangerous. And we probably need to government sponsored initiatives to build up an infrastructure which is then not competitive, will not be used by companies and will end up probably as a bad venture of spending tax money on projects which do not make sense. So my estimate would be that the latter debate will play a bigger role in the future. We'll see a debate about economic power in the digitized world. And unfortunately, we have a very emotional discourse on these topics right now. So I think the main task we have now is to connect, to build bridges, and try to sort out the important questions and try to give rational and answers which actually are in the interest of the German economy. Emotional Germans, that sounds like a connection to resilience. Joe, we just heard from two countries, one that's often described as an emerging power in now Germany and Europe, that have intensely debated some of these proposals. You've written a lot and thought a lot about independence. And now you're also a member of the Global Commission on Internet Governance that tries to take a look at the global picture. And from my perspective, it seems that both what's happening in Brazil and in Germany is actually part of a more global trend. And there are things at play here that go beyond the two regions. So it'd be great to hear your thoughts, how to connect the two and how we can think about that. Well, I agree with both what Carlina and Oscar said. So let me just not try to disagree, but simply put a broader context. I wrote a paper for this Global Commission on Internet Governance, which was about international regimes for cyber. Now notice I used the word cyber, not internet. Governance of the internet 30 years ago was pretty simple. It was largely a coordination game in which it could be managed by technical people, the IETF would meet and not on national representational basis, but on technical criteria to decide what were the appropriate standards and so forth. This really changes long before students. It starts to change really in the, I think I'd say at the end of the 1990s, when the web makes the internet the basis for international and national supply chains. And it becomes the substratum for essentially the economy. It's no longer a small community of scientists and academics and so forth, it certainly becomes basic to economy. In fact, there's a paper that you wrote, Tim, that has a nice chart that shows a hockey stick effect taking off in terms of use of the internet, the web in the 90s. Once this occurs, there are enormous economic benefits. There are also enormous vulnerabilities. Once there are vulnerabilities, you introduce security issues. And security is an area in which governments traditionally have always had to play a major role. It's an externality which isn't handled by markets alone. And so essentially what you see is the sovereign state beginning to intrude into what previously had been largely a technical coordination game. And that is, you see, if you look at attention to these issues, there is a spike of attention early on in the, when ICANN is first founded and the Commerce Department has given control. There's a certain, if you look at press accounts, there's a certain spike of attention that actually tapers off. Believe it or not, even during the period of WISIS, 2003, 2005, there's not a lot of attention. It's a little bit like Carolina said, top political leaders had other things on their agenda. But it starts to become more important, even before Snowden, globally, as states realize that there are a lot of other issues. For example, we talk about fragmentation of the internet. Well, China's great firewall, which fragments the internet. After all, China is a pretty big fragment. It's about half the internet or getting to be half the internet. But that goes to the question of political control in China. The Chinese want the economic benefits. They don't want to lose control by the Chinese Communist Party. And you see essentially a segmentation. So a Chinese citizen experiences the internet in a different way than a Brazilian or a German citizen deals with it. And what I'm arguing is that this current dispute about localization, which follows Snowden, is merely a continuation of a trend that was ongoing anyway, of sovereign states being drawn in because of the security and vulnerability issues. And I think we're going to see more of this, not less of it. There's a very nice paper by Jonah Hill, which is in the July issue of lawfare, in which he says, localization is political gold. This is just a way to combine protectionism and authoritarianism and put it in a grand package of anti-American populism. And it's very hard to turn that down. The fact that it doesn't help much, if you really want to have privacy and communication, doesn't matter whether the email goes from Sao Paulo to Brazil via Miami or goes directly. There's a difference between the issue of where the data resides and how you get access to the data. And the Americans, the Russians, the Chinese can all break into your email unless it's encrypted properly. And it doesn't matter whether it goes inside Brazil or whether it goes across through Costa Rica. But in populist politics, to say that I want my German email to be strictly inside Germany, it's got to be on a server inside Germany, the fact that that doesn't stop the Russians from reading it for the Americans or the Chinese or the Germans doesn't register in the populist mind. The populist mind says, we want this protection that's ours. And then big business interests have a strong protectionist interest in reinforcing that. Yeah, if I'm Deutsche Telekom, of course I like that. And I'll feed that. So I think one of the interesting questions if the trend is toward the increasing role of sovereign states, and if you find that for a variety of other reasons, other motives, there are forces that are pushing this, both populist forces but also commercial forces, how do you try to get as much protection of an open internet as possible, A and B, as much protection of private communication as possible? And the answer to that, I think, is going to put much more emphasis on systems of encryption than it is on localization. But localization is so attractive for a populist politician. It's so much easier, right? It's cheap, it's easy, it fits your other agendas, and so forth. So I think for people who care about an open internet, the original vision, we've got to be realistic. It's not an open internet now. There are large chunks of it that are segmented. The internet in Iran or Saudi Arabia or China is already a different internet. But if the internet is sort of a meta-net, it's a connection of many internets, we have to reconcile ourselves that there will be different internet experiences in different parts of the world. We have to protect against anything that disrupts the central functions, which essentially allow the meta-net to connect nets. And for those of us who care about privacy, democracy, and security, we have to figure out ways not to let populist appeals destroy or corrupt the experience of the internet in societies which remain open. I mean, we're not going to change China. But Brazil is a great democratic success story. I don't know what's going to happen to your elections, but just in following the press, anybody who says Brazil isn't a democracy, this is really a very interesting election. And Marco Seville strikes me as a great example of the right kind of process. Net Mundial was a very successful international conference, well managed, I think, by the Brazilian government. So it would be a pity if the quality of the internet for Brazilian citizens was reduced because of a mistaken analysis of how you increase protection. And so I say this merely to put the issue that's currently on the table because of Snowden into a larger long-term context and sort of, as you asked me to think of it, how it fits in a larger perspective of sovereignty and the traditions of what sovereignty means in international elections. Carolina, before I ask you to talk a little bit about the global internet governance debate right now, Ansgar, because you mentioned the three different ways to think about the debate in Germany. And if we take that and combine it with what Joe just mentioned in terms of the trend of the sovereign state becoming more involved, what, from your perspective, is necessary for the debate in Germany to be able to reach that next level in terms of sophistication, the nuance between what you describe in terms of the three debates. And more specifically, I was actually struck by the Financial Times that published three articles this week related to this topic. And one quote from one of the articles that was titled, Europe Strikes Back. I don't think the authors get to choose titles in this case either. It was the political pressure in Europe for greater controls on the internet economy is mounting, particularly when it comes to the data handling regulations that set the basic rules of the road. So we assume that the political pressure hasn't subsided, as in Brazil, and it's going to continue to mount. How are we going to juggle those three different debates and what do you think is necessary to make it a little bit more productive in terms of the debate we've seen? Maybe first of all, I think the key issue in a German debate is not the control of the nation-state in terms of this land grab, you so well described of exercising state control on this infrastructure. I think this debate in Germany will be very limited due to a very strong tradition of liberalism, civil rights in Germany. Still, there's a lot of mistrust against state power and governments actually having access to data in Germany. So I think there are clear limits to that debate. What I'm more concerned about is that, first of all, talking about the first level about individual rights, we currently have a big split actually between what consumers actually do and what so-called defenders of consumer rights preach politically. So every consumer, every data protection officer in Germany is claiming that Google is evil. On the other side, we have a 90% user rate of Google in Germany. So it's interesting that the country which has probably the highest user rate in Google is also the one where it's politically so difficult for to defend. So I think that limits also the grab, the access of the government to this debate. With the, on the economic level, I think the strongest defender of the open internet will be German companies. German companies are very able globalizers. Otherwise, we wouldn't have this economic growth over the last years. So they know pretty well what they're doing, how to compete. And they compete by employing digital technology and actually by using an open digital infrastructure which is called the internet. And these companies don't think in these national categories. They think about their value chain and they think about the partners they work with. To give you one example, if now there's a great debate in Germany about the connected car. And many raised the questions, is it good news that now German car manufacturers are cooperating with big American IT companies? Who will be the loser of this? Who will be the stronger partner of this partnership? If you talk to the car companies themselves or companies like Bosch, they have a completely different perception to say, well, we don't think that Google can provide the whole technology stack. We're actually working closely with them in order to enable them to make this happen. So it's a very different point of view. It's about partnerships, value chains, organizing them along most efficient ways where the internet is absolutely crucial for. So I think we have now a long way to go, I think to sort out our proposals made on technological sovereignty. The more obviously faulted ones are already no longer really on the agenda, on the political agenda. Others are still there and we need to sort it out. It will take some time, but my impression is German companies will be more engaged in the future and they will probably will raise pressure if they feel that there is a kind of national protectionism basically preventing them from globalizing from Germany on. And another interesting part would be probably the famous startup debate in Germany where we have a lot of political attention to startups, the growth hub of Berlin and we want to have the next Silicon Valley. I think they will realize at some point that it doesn't fit together. You cannot have a nation-centric protectionism in the digital age and on the other side try to promote startups. Startups in Germany need to internationalize very early on because their home market is considerably smaller than in US. So you need to globalize, go abroad very early on and in this early stage every requirement of data localization adds to the costs of internationalization. So if you really mean business with startup we need an open infrastructure and open ecosystem. And I think this will be one of the, there will be a development in that direction that we see. We're not the victims of globalization, of digitization in Germany. Actually we're profiting from it over the last decade and this will become clearer in the next month. I hope so, please. Not you'll have to come back in a year and we'll have another conversation like this. But Curly, so Ansgar just pointed out how in Germany the German companies will be kind of pushing the pressure and Brazil you mentioned was a lot of civil society pressure that was involved. If you take the internet governance debate right now we have the IGF, the ITU Plenty Pod is coming up and what Joe just described in terms of states trying to be more assertive in their role in internet governance. Where do you see this, where we currently stand and with the ITU Plenty Pod coming up? So I think, I just wanna make one comment regarding our comments and then I can jump on that. So I don't remember the correct expression but one of our big authors always said that the companies are, I think the third state or something like that. So companies do exercise a lot of power, right? And I think we have to separate the awareness of consumers and informed consumers and our day by day use of the internet. I use Google, I use Facebook, I use Twitter. My whole family's in Brazil, I wanna put pictures of my beautiful three-year-old online for them to follow but the point is, I think we have obligation and a social responsibility if you wanna put under that category for companies to actually educate but also to really bring the consumers and civil society has informed stakeholder in this debate and I think it's really important to understand of course like who here reads the 15, 20 page contract or every kick-true you do? Nobody, not even me, I'm not a lawyer. I cannot lose an hour reading every kick-true contract I sign every day, like every app you download that has, can I access everything in your phone? And this is Android, it's not even iPhone anymore. So I think we need to be very careful here to not mix phenomenons of your consumer office saying Google is evil and everybody using it. It's very different. In Brazil we have very strong consumer, public interest organizations, public knowledge, actually started has a very strong consumer organization and has expanded to other issues but always from a consumer point of view. So I think the companies also have obligation even more with this loss coming out now and being passed out, this views passing into law to actually explain to the consumer what is being done with their data and then giving the consumer the choice and then of course the consumer will balance what they wanna give up, right? They wanna less privacy and more services or they wanna to unplug from society and have absolutely privacy which I personally think it's impossible nowadays. But anyway, but that's like I informed responsible consumer and even with students, right? We are developing online course now exactly to kind of form the next generation of leaders. I think it's obligation for all of us here to really think about that even if you teach in high school or if you have interns, you know, like how to have the responsibility in the back of your mind every time. Anyway, so this is something that because I was very a little shocked with your comment on there. In Brazil, Brazil is a huge country. We have almost the same square footage than US. We have almost the same population. We are developing parts of the country are actually has developed countries and Brazil realized that we do need to play a more central world internet governance. The fact that I can't came from US, you had the NTIA oversight position there. Even if NTIA didn't have the decision-making power within the ICANN role, it looks like American hegemony, right? A lot of international politics is very what's look, what looks like, right? And how that reflects on hegemony of a certain power state within international. It's very funny that when I arrived in US, like seven years ago, I said, Brazilian CUS has a hegemony state. And a lot of folks here have not even heard hegemonic. So that was very funny for me, how US see itself and how other countries see itself. And Brazil is a democratic country and Brazil has much better dialogue with countries like even Iran, right? And sometimes US could think, okay, can we partner with Brazil to talk with more difficult countries which we cannot do directly. So that's one of the things that will come up at ITU. Iran is doing like very strong propositions regarding the expansion of the ITU. Has it happened in the weekend? CETEL, which was the American organization or the meeting of the Americans preparing to ITU just happened. The Asia meeting just happened. The Africa meeting just happened. So you have a bunch of new resolutions coming up now. I would really encourage you guys to get involved from public societies just PK within the US delegation. So I have a lot of restrictions, what I can say. But the fights that we fought in the weekend will be fought again in the ITU Plany Pot in late from 20th of October to 7th of November. So I would wish more people would be there. And Brazil is playing a very important role on trying to become a leader on international politics, on internet governance. So Brazil hosted the NetMunjau has a way to really strengthen the fact that I'm here, I should be heard. And the confidential MOUs between the Five Eyes, which are the Anglo-Saxon countries that do surveillance should be publicized maybe through the ITU or somebody else. That's not what we agree with, but what's maybe coming up soon, right? Brazil is pushing forward UN resolution on human rights and privacy. We are also pushing forward the same thing through the renew of the mandate of the IGF and so on. Why? Because I think at the end of the day, since privacy is not taken on the technology side, we need to rebuild a new international social contract on what is allowed and what is too much, right? Because what happened, even knowing that this comes from the late 90s with the commercial internet, it's very important that at some point there should be a ethical or a social limit to what countries can do no matter what, right? So I think that's a little bit what we stand and I really hope folks do pay attention to the ITU because we're gonna have big challenges coming out of Iran and some of the BRICs including Russia. I don't see the BRICs aligned for ITU, but you have the pressure from Russia and India who actually did not legitimate the results coming out of NetMunjau. So the big powers are there and they're gonna play in October and November. Before we open up for Q&A, Joe, did you, is there other lessons learned from the regime theory and the article on complex regime theory that you just wrote that might be useful for us to think about the looming internet governance discussions? What I try to express in this article on regime theory is to say that what we're seeing in the cyber world is not totally unique. I mean, we've seen it in other areas. To look at what's happened in international trade, you go from a situation after World War II when the Americans are dominant in international trade. In 2012, China became the largest trading nation even ahead of Germany, but the trade system hasn't broken down. Yes, we haven't had a new Doha round, but the dispute settlement mechanism, the Americans obey findings against them, the Chinese obey findings against them. Others, despite the fact that the American hegemony in trade has declined as the American hegemony in the internet is diminishing as the net spreads and that will be increasingly true since the next several billion people to go on the internet are going to be in the non-Western world, doesn't mean that you can't develop a regime or sustain a regime. So if we look at other areas of light trade, you'll see that even when the American hegemony in that issue area has diminished, there's enough interest in other countries to preserve a set of rules because it's in their self-interest to have these rules. So I think we can aim for thinking of that in some aspects of cyber governance. It'll be easier in donating name systems and root servers and so forth than in areas like espionage where it's much harder to get governments to have an overall agreement. And so the paper basically distinguishes a number of sub-issues within cyber, some of which have a reasonable chance to have a set of international norms. I mentioned the domain name system, but also I would argue criminality, which we haven't talked about, but the extent of criminality is extraordinary, this free riding on the system, and that hurts everybody, hurts China and Russia as well as others. On the other hand, if you get an issue like free speech, China and Russia have a very different view than Brazil or India. So I think we're gonna see different progress in different parts of creating a regime from the internet. There's not gonna be one overall regime where you're gonna see different sub-areas where you can actually get norms with agreement. And we ought to then take those areas which have the better prospects, build on them, see whether we can get a set of norms, and then gradually hope that that will spread to other areas. That's the gist of what I wrote for the commission, whether the commission will accept this or not, I don't know. Well, International Corporation is possible as a great theme for a transatlantic dialogue event. With that, let's open up for Q and A. Please make sure to state your name, your affiliation, and make sure that it's a question. We have mics coming. And please also point to who you'd like to answer the question. Hi, I'm Tim Wright out from the German Marshall Fund. I'm a fellow there. I do have one brief comment before the question. I don't know if you're familiar with Barry Buzon who coined the term interaction capacity, sort of the structural logic. And I come from more international relations theory background. So basically with people's ability to interact, trade, conflict with each other, the logic of the system changes is the theory. So with the internet and the proliferation, it seems that we're still operating on a nation state system, but the structural logic has somehow changed. And I don't see how we square that unless we come up with new governance structures along, you know, a new social contract that Carolina was talking about, new government structures, new regimes. And I wonder if the ITU and ICANN are equipped to handle it. And I wonder if you guys have any comments on that. Well, I personally don't want to, ICANN and ITU handle it, even if they are capable of, in terms of resources. I really think that the effort that has been done here and Kevin Bankston from OCHI is here, really like through legislation reform, what are the limits we are willing to accept in terms of what's done in name of security, right? So I was in Cambridge some time ago in Massachusetts and the taxi driving who was driving me around in MIT said, oh, here is where the police died after the bombing of that competition. And he said, yeah, it's good that everybody's looking at our emails to prevent that. That was not preventable actually, but still you have different limits that people are willing to take. And that's when I say a social contract to understand these limits and different, and how different those limits are on society. What Kevin is pushing here is appropriate for the American situation. Is that appropriate for the Brazilian or the German or other situation? So that's what we're gonna discuss. And then is it appropriate to have an international agreement on these or not? We are not there yet, right? And I would prefer that first we've set the ground on a human rights basis through the UN resolution on privacy and the study coming out of it. And then we implement through the technical bodies and security bodies. That's how I would like to say this, but I don't know if that's how it's gonna move forward. And one thing on trade I wanna mention. I think US lost the hegemony on the WTO, that's true. For example, Brazil, we won a case against US in the Cotton case, but until now we have nothing forced of the case. And that's why you see the proliferation of bilateral and multilateral trade agreements. Now, I don't know if you guys follow the area, but we have the TPP, the Pacific Trade Agreement, the CETA, which is Canada and Europe, and the TTIP, which is Europe and US. And all of them have internet issues on the e-commerce, IP, and service chapters. So what I'm trying to open the eyes of folks that follow internet government is that the binding rules are coming from trade. And if we don't pay attention to that, we keep discussing it here, but the rules are coming from that, including privacy, because all these agreements have free flow of information in the e-commerce. So when you see free flow of information directives in e-commerce and not in a general chapter or yeah, a general chapter, because there's no human rights chapter on that. That's not freedom of expression. That's actually free flow for business, which means dealing with data. And there is no privacy there. I think in the corals, which is US, South Korea, there is some privacy. And in the ones with Europe, Europe is trying to push for that, but it's still, so we need to pay attention to that too and see, okay, what is the social contract that are coming from binding laws from trade agreements? I agree with what Carlina said. In this little paper that I mentioned, I draw an oval of things that govern cyber. And the interesting thing, some things are strictly inside the oval or sort of within cyberspace. Things that regulate domain name system or root service. A lot of things that regulate or set rules and regimes for cyberspace are really on the edge of the oval. They're half in and half out. So the WTO is not a cyber organization, but obviously trade agreements have a huge effect on cyber. And they don't only affect what we think of as trade issues, but issues of privacy and what does it mean? Probably going to be negotiated by the U.S. and the Europeans in TTIP, and that rather than as a special cyber meeting as such. And so I think she's absolutely right that when, there are many other areas of cyber which the governing areas are on the border, so to speak, of what's inside this oval and outside. We haven't talked about military security, but if you take the laws of armed conflict, those really, or the whole UN Charter, those are not cyber issues per se, but they govern cyber. And the GGE, the Chinese have now accepted that the laws of armed conflict do govern cyber. So there are lots of areas where the governance of cyber is influenced not by some special contract that says cyber in the headline, but is governed by things that are on the, what I call the periphery of this little oval. Yeah, I completely agree. I think we, if you look at it long term, you could argue that the old model of internet governance was developed in an era where nation states were probably completely underestimating what's going on there. So we had like strange animals develop like ICANN where political scientists were struggling with to understand what's actually happening there. I can remember when I was studying like all these scientists writing papers about ICANN, what is it? What kind of animal is it? It doesn't fit in our models. And you could argue that now we see a trend that nation state take the internet definitely very seriously for economic reasons, homeland security reasons, whatever, that they apply their logic, their very traditional logic of a nation state to the internet. And as the internet influences almost everything, it's very natural that it's probably the end of this exceptionalism, this internet governance exceptionalism that we had for basically 25 years. So the question I have for you Joe is, are we entering the age of digital realism? Which means very classical concepts of nation state power are applied to something which has been basically born in a, let's say in a shadow of 25 years of underestimation from government side. Well, I hope that it's not pure state control. I think the idea of multi-stakeholderism is not that governments are excluded, but that governments are not alone making norms, but civil society and private sector are also involved. And whereas if you compare that with the views that are propounded, let's say by China or Russia, they want something where governments are much more in control because that's the way they run their societies with the government control. And so if you're interested in free speech or human rights and so forth, having an internet contract which says governments are in charge of security, well, China and Russia, if you look at their resolutions at the UN, define security as to include speech which they see as threatening to the regime. So if somebody who's in Germany sends an email to somebody in Shanghai that says, I think Xi Jinping is cracking down too hard, that email could be rejected because it's a threat to the stability of the regime. Well, I don't think we want a system where governments have that degree of control. So I think the idea of, I mean, multi-stakeholderism is a terrible term. It doesn't exactly trip off the tongue, there's a good bumper sticker. But it does illustrate that pure sovereignty, just to have what Chris Demchek in an article called the Westphalianization of the internet is not good for people who are interested in independent role for civil society and freedom of speech. Hi, my name's Joe. I'm with the Center for Democracy and Technology. Thanks for this discussion. I'm a technologist and the debate here has often been characterized by passive surveillance. But the US and its partners are doing different things than that even. So there's something we filed today, filing with the UN, or a couple of days ago with the Human Rights Commission that, among other things, talks about something called quantum which is an automated attack infrastructure which doesn't merely do passive surveillance but actually can respond in real time to things it sees, trigger it and install malicious software on the end user device. I don't see, part of the problem with this is that the journalists who revealed this stuff, it was amongst a din of stories about this and I don't know if they did a very good job explaining the significance of this stuff. And I'm wondering, do you see there being a distinction between passive surveillance and active attacks in this debate or are they merely a different flavor of the same thing to the government that care about these things and the people that might make these very powerful political arguments about nationalism and sovereignty? That's worst actually, right? Let me try a little bit to answer your question. So you are talking about malware and attacks and things like that, right? So I think those are a little harder for civil society and actually society in general to understand, but I think that they are more known because of the years and years. For example, Brazil has amazing bank system actually. When I arrived here I was like cultural shock because the Brazilian bank system was so much better than the American bank system. But exactly because of that, Brazilians are extremely conscious of all the, what you call active attacks because of so much training that the banks have given to their customers. But that doesn't, but I think when a state uses that, should we be thinking about, okay, what is allowable and what's not and what represents war and what's not and when it represents even like some type of civil war. So how this is gonna characterize moving forward and again, what is ethical and legal and what's not. I would love to hear from you what actually you think about that, you know, but I think one of the things, I think the piece of the automation I think is one of the key pieces in what makes us potentially different from others. But I think that's part of a much larger debate where automation is covers of why, if we're talking about how to respond to cyber attacks generally, if we're talking about just military systems generally, and there seems to be something there about the automation piece and at what point the human needs to be looped in to make that determination. But I don't think that's limited to surveillance. That's a much broader debate. I think that was something. Frank Torres with Microsoft. Isn't one of the challenges that we face, another aspect of this is that existing law or existing law didn't contemplate some of what technology can do today. And part of the question is, how do we more or less update the laws to take that into account? For example, here in the United States, we've got the Electronic Communications and Privacy Act that was passed back in 1986 and Congress is in the midst of revising that to kind of keep up with the way technology works today. My own company, Microsoft, filed a case recently pushing back against a warrant that is seeking data that is kept in a data center abroad. Well, when ECPA was passed, who thought that we'd have data centers and who thought that they'd be located around the world as companies become more and more global? Just yesterday, Senators Hatch, Coons and Heller introduced some legislation, also trying to address this issue of kind of the global scope of warrants and what this all means. So, yeah, I guess my question is two-fold. How do we keep up with the challenges of technology so that the laws keep pace with what's happening in the real world in real time? And the second part is, given the global nature of the internet and the way companies are operating and working today for all the right reasons to bring all the benefits to societies around the world, what's the role for international dialogue and cooperation? It seems like that needs to play a very big and vital role here. Well, on law, law is always gonna be plain catch up. I mean, if you look how long it takes to pass any law anywhere and you look how volatile the cyber world is under Moore's law, a different kind of law, they're never gonna fit. What that suggests is the more you can find ways to supplement law or avoid becoming too rigid and log better, one of the ways you can do this is developing in the security areas, developing effective security markets. I mean, sorry, insurance for, so that if a company, if you pass a law, says you can't do X, then it's locked in place. If a company says, do I wanna spend on this or that? And it turns out their insurance broker says, if you spend on it, it may cost you more now, but your insurance range is gonna go down. That leaves flexibility. And so, you're gonna have to supplement law by market mechanisms and also by general social norms because you're always gonna be playing catch up. And on the international level, you're absolutely right. What's interesting though, is the extent to which there is beginning to be a dialogue. And though there's, you don't only have these large conferences, I mean, WISIS plus TANDA's next year and so forth, and I do you play detention and so forth, but you have a lot of informal meetings. And discussions, which are developing expectations and norms. And some of these are large conferences like Net Mundial. Others are track two or track one and a half in which you have a dialogue, which is with people who are close to government, but not speaking officially for government. And this has had an effect of advancing the way people think about it. I remember at one of these meetings talking about, which I think it was the British Conference on Internet and Society a couple of years ago in London, and talking with one of the Chinese delegates and about the issue of crime. And he said, well, you know, yes, it's true that you and we define crime differently, but what we can do is have an agreement on things that are doubly criminal. They're criminal in both our systems. So sending an email that seems destabilizing, it's a crime in China, but not the US. But stealing credit card data, that's a crime in both countries. So we can, but in these kinds of dialogues, we start to identify the places where you could get agreements. And I think law is gonna be crucial and agreements are gonna be crucial, but you gotta be very careful to keep the dialogue going and keep flexible the type of instruments we use. Maybe to add to this, I think we're in desperate need of policy innovation. The tools with which we try to shape these markets are often completely outdated. In Germany, we see a widening gap here. For example, German data protection laws almost exclusively aim at consent as a tool to allow data processing. The consent tool is completely overestimated because in the end, what you mentioned, you click on every consent button which appears on your screen, right? So it's not an effective tool. People do not really have a choice when the consent button appears if it's too complex to it. So to add to this, I think probably a change of the rules which Mozilla Foundation defines to its browser has probably a bigger impact on privacy in Germany than any change of law, right? So in that sense, code is law, yes. And I think it makes sense to reevaluate the role of legal mechanisms of law in this sense. If you start to think from where you actually want to, what's your aim and then start from there looking at the different tools you have at hand, maybe nudging as something which was explored, especially by UK government, as a tool of influencing consumer behavior, trying to influence what actually associations, companies do with their standard setups and their products, might be a much more efficient way than to achieve your goal than adding another law which has probably only very limited reach out to the customer. So I think we need to be a little more flexible here. Taking law as one option, but there might be very different new engagement roles which are much more efficiently. So that's rather saying we have a problem here. I think we need to be a little more innovative here than widening the gap between the legal status in the country and what's actually happening in the market and how consumers behave and how they're interacting with technology. We have time for one more question or if we have two we can combine them. So if you could, we'll take both questions at the same time and then we can combine them. You want to go first? My name's Tom Sites. I'm with Washington Analysis Group. I think this is probably more for Professor Nye but I'd love to hear everybody's opinion. And I apologize, this is about net neutrality which I'm sure we could have a whole nother debate on but here in the States they are one path the government is considering going down as regulating the internet under Title II which is essentially utility type regulation and I understand that they could forbear a number of the provisions of that but what kind of signal do you think that sends to the rest of the world that the government is going to be more in charge of the internet and disputes aren't gonna be settled more in the private sector? Does that send a bad signal in your view or do you think that that's just way overblown by the folks that oppose a Title II type regime? We have two more questions here. That sounded already like an event in and of itself, the first question. Thanks, I'm gonna see if I can link my question to that, Sri Ramaswamy with McKinsey. I wanted to pick up on something that you said and you said digital platforms are natural monopolies and I wanted to kind of see if we could elaborate on that because many corporations do have private platforms and even in the consumer space, yes, Google is sort of a monopoly but Amazon, Etsy, eBay and now you've got Alibaba coming out. So I wanted you to see if we could clarify that and then broadly to the rest of the group the implications of that, if you do have competition in private providers of digital platforms versus monopolies, how does that change the whole governance structure and what policy should do? And we take, yeah. Mine's enough different that you may want to focus on those. Looking at technology and the tension between aggregation and disaggregation, countries, corporations, et cetera and kind of getting back to the first question, the focus on how governments or countries are affecting the internet is one I would be interested in thoughts on how the internet is or technology is affecting sovereignty and where you see that debate, kind of the new tensions about sovereignty and rulemaking taking place. Maybe starting with the last question. I think the interesting phenomenon we see is that, I mean, in political science we understood probably what globalization means to a nation state 20 years ago. That's a rather old debate and we analyzed what does this restriction of sovereignty actually means if you're entangled in this web of global interdependence. But I think now we can feel the punch and that's the difference. Everyone experiencing now how limited actually the response of German government is to these revelations of Snowden and the other questions in digital realm. It's a different feeling, understanding things but seeing actually the outcome on it. So I would say from the analytical side the Snowden part split up a lot of the things that we already knew. So it's not too much new actually to understand there but it's just, it's awkward to see it in practice and look at the roles of parliaments after the whole Snowden debate. I think that's really interesting. What role played German parliament in the holy bait? It's a very limited one which is a serious question we see here. If parliaments are a core for our democracy, but what kind of effect did they have? They were, in the end, they were dominated by executive powers first and I think also Snowden made it pretty clear what he thinks how effective parliamentary control is of intelligent services, not too much. Otherwise he would have gone to a committee in Congress and not to the Guardian. So I think there's some really important questions to address with the regard to how the digital world is restricting sovereignty. With regard to the data platforms, the problem is I think we haven't really understood how these markets really function. In the end you could argue that platforms provided by single companies who have a market reach of 80, 90% are something like a monopoly and they could be very beneficial. So from a government point of view it might be acceptable to have this monopoly in place because everyone benefits. But at some point it might be a necessity to intervene. We have very bad analogies for this situation. I mean everyone now relates to is Google the new standard oil or is company X comparable to the beginning of when the railways took off in the US, et cetera. So it's not well understood. Sasha Lobo, a German blogger, used the term of platform capitalism as a new phenomenon where basically there is an intermediary between the customer and the companies. It's a platform with a certain governance which basically restricts access, defines the rules of engagement and someone is doing that, right? So take the example of an app store. It's great for companies to be able to scale their innovation and reach so many customers with simply tapping into an existing infrastructure like an app store. That's great and it's a huge innovation. But on the other side, someone is making the rules how this platform works, right? And who has access and who's not. Currently we would probably say an app store for mobile operating system is a great idea. But potentially it could be a problem because we're not really, basically a single company is making decisions which affect in the end a large part of an economy. So I would suggest we need some more research on how these data infrastructures will function in the future. We're now discussing, you know, coming from the German perspective, platforms for the connected car are immensely important for the future of the German economy. How they're actually gonna be structured. Who will define the rules for this? Who will govern them? And this is something where I think German politicians taken legitimate interest in to understand what's going on there because it affects quite a lot of jobs in Germany, right? And I think, so there's a legitimate interest to be engaged in that debate from a political side. The problem is simply I see it, even we in the industry have not really understood what's happening there and how it will play out in five to 10 years time. So it's difficult to describe a clear role of government, what to do and what not to do. The danger is that we will have probably our classical anti-trust law does not fit and it's dangerous to employ it too early on. This is basically what's happened in Germany right now with the Google debate. The call for a split up of Google is nonsense. It doesn't work. Anti-trust work cannot be applied to that case other than maybe the ad market. But if you talk about the big shadow of Google on the car, connected car market, on home appliance market, there's not even revenue from these fields. So you cannot apply anti-trust law to it. So I think we're in the beginning of the debate and trying to understand what's going on and any input really welcome. I checked for, did some desktop research on this. I really didn't find much. So if you guys have some thoughts on this, it would be really interesting to feed this into the debate in Germany. As a think tank, we always like calls for more research and that keeps us happy. We're running out of time. We're running out of time. So Joe Corrolina, if you had any final thoughts. Well, as a representative from public knowledge, of course I'm here and I support Title II and that's what we feel comments on. And I think that does not send a bad signal. States have to regulate sometimes. They have to intervene. It's within their powers, within their authority. And if they are supported by a consensus of stakeholders, that's what should they do. The comments were very supportive of Title II and I think that's it. And we don't wanna pay prioritization. The same discussion is gonna happen in ITU on the resolution of international internet connection. So we should pay attention to that, to what's coming out of that. And I think that's very important. And I think FCC regulation is much more flexible over time than legislation coming back to your Microsoft representative question. Legislation takes forever. You learn that at first year of law school, they will never catch up. That's why John Perry Barlow did that declaration of states out of the internet in the 2000s. But I think sometimes regulations is needed and that's how social contracts are expressed. I think that's it for now. I had another comment, but I can come out with it later. Since we're out of time, I'll do very quick answers. I agree with Carolina on that neutrality. On competition, when you have something as volatile as cyber, I can't get too excited about this threat of monopoly. Remember 20 years ago, Microsoft was taking over the world. We had huge problems about how we were gonna break up Microsoft fines against Microsoft. Nobody's worried about Microsoft taking over the world today. What we should be asking is instead of breaking up Google, who's gonna be replacing Google in five years? I mean, any technology as volatile as this, it does strikes me applying traditional monopoly law of thinking is probably not very useful. And on the last question about how does the internet affect sovereignty? But basically, I like to ask or use a very nice phrase. We, in democracy, at least, we have three sets of values. We have liberty, security, and economic welfare growth. And we want, it makes a triangle and it's not that you wanna be caught in any one corner of this triangle. You're continually trying to balance a place in the middle. But the interesting question is who does the balancing? It should be done in principle by legislatures with the oversight of judiciaries. And we should have procedures for that. But what's interesting is what happens when an individual, like Snowden, decides he's gonna determine the balance. And because of the capacities in the cyber world, he is able to suddenly do that by himself, one individual. And we're entering a world where we have democratic procedures, which tell us how this should be done, but which empowered individuals, right or wrong, can suddenly overthrow procedures that democratic theory tells us is how to do it. And we haven't figured that one out yet. On that note. Thank you all for coming, especially thanks to the panelists. And please join me. Thank you.