 fragmentation, a mirage, nothing to worry about. Is that what I'm saying? We don't have anything to worry about. No, not at all. We do have a problem. And the core of it is this. We have this rise of this connected world, and it has created all kinds of governance problems. And you know the litany, cyber crime, various kinds of cyber insecurities, all kinds of policy issues about the regulation or management of exposure to content. And what do we do to solve these governance problems? Well, unlike the internet, the world of government is not unified and unfragmented. It is territorial and sovereign. And so most of what people are mislabeling as the fragmentation problem, I want to relabel as a problem of alignment that is an attempt to force the round peg of global communications into the square hole of territorial states. It is alignment that leads to efforts to create gateways that filter content, to require data localization, to keep internet routing within state borders, to require governments or users to use local companies rather than foreign companies for equipment and services, and so on. It's about partitioning cyberspace in order to subordinate its control to sovereign states. And bear this in mind, the pressure for alignment is not just coming from authoritarian governments. It's coming from Brazil, Germany, Australia, the UK, the European Commission, even the United States. It comes from states, qua states. So the real question is not, you know, is it illegitimate to have any form of blocking or control or management of access on the internet? The question is, who does it? And for whom is it done? And how accountable are the people who are doing it to the people who are affected by it? So fragmentation is really a code word for a power struggle over the future of national sovereignty in information technology. The sovereigns just want to align that critical decision-making power with existing states, and this is assumed to be the only viable collective unit for making such decisions. And this book tries to make us think differently, to come up with an alternative to that presumption that states have to do that. And I thought it was time to directly challenge the relevance and viability of national sovereignty in the information sphere. I'm not saying to do away with governments completely. There's a big role for territorial governments. We need to have jails for people who break into houses and steal things. But in the information sphere, I think we really have to talk about completely new forms of governance. And in fact, we are actually evolving in that direction already. And so I speak somewhat seriously about a national liberation movement for cyberspace, in which we recognize that we're creating a globally interconnected polity around the internet. And perhaps it's time for this polity to assert its own identity and its own authority and come up with global institutions for the management of cyberspace. This may sound utopian, even crazy. I'm looking forward to some comments about that. But if you study the shifting forms of the state and governance over history, it seems much less so. Most, if not all, existing nation states are based on invented identities. And the scope of governance is consistently enlarging and changing over time. And indeed, we have already transferred governance of the domain name system to a transnational institution, ICANN, and now there's some interesting calls coming from Microsoft, among others, for doing the same with a cyber attribution organization, a stateless attribution organization. So I think it's time to have this discussion and look forward to what the panel has to say. Thank you very much. This afternoon, and to share the stage with such an August panel, prepared to respond to Milton's challenging ideas. And if they don't, I will. So our first presenter is Rebecca McKinnon. Rebecca is based right here. She's the director of the Ranking Digital Rights Project here at New America. Then to her left is Tim Maurer. Tim is at the Carnegie Endowment for International Peace. He's the co-director of the Cyber Policy Initiative. And finally, we have Angela McKay. Angela is at Microsoft. She's the senior director of Cyber Security Policy and Strategy. So let's turn first to Rebecca. Sure. Well, thanks very much, and thank you, Milton, for writing this book and for provoking everyone and your call to arms. And I think one of the reasons I'm here is that I published a book in 2012 in which I argued, among other things, that existing nation-state-based political and legal processes are not fit for purpose when it comes to governing an internet in accordance with human rights norms in a way that actually is compatible with human rights for everyone on the planet. And that how we get where we need to be is unknown. And so I appreciate Milton continuing to remind us that we need to move forward. And his call to sort of a new form of sovereignty I think resonates a lot. I think that the question is, how do we get there? How do you kind of develop consent of the networked amongst kind of a global internet using population full of people with lots of different interests and so on. And that's a big challenge. I don't think we're gonna come up with concrete answers today. But I think what's exciting is that increasingly people are recognizing that existing sort of geopolitical, political and regulatory structures are not fit for purpose and that we need to innovate. And there are starting to be a number of efforts innovation such as what Milton mentioned and we'll hear more from our friend from Microsoft about one effort. I think the challenge is also not only that governments are seeking to establish their sovereignty on the internet and kind of recreate the Westphalian system on the internet, but also they're trying to have their cake and eat it too and that they also want to use aspects of the borderless internet when it's convenient for them to extend their sovereignty globally. So we have the case that Microsoft has been involved in pushing back on US government efforts to access data that is not under US jurisdiction. There are efforts to impose the European right to be forgotten globally that are very controversial. And also you have examples say with China where users of internet services who sign up in China on Chinese phones are basically governed by the Chinese domestic terms of service no matter where they are on the planet. And so kind of different types of extensions of sovereignty. So governments want to have their cake and eat it too because that's what, no, when you're powerful you want to have your cake and eat it too. And you'll do so unless somebody stops you. That's how it works and that's how power works. And of course we have the sovereigns of cyberspace, the companies that have global constituencies that Microsoft has to demonstrate to its users around the world that it's gonna respect their rights equally. I can't say we respect American rights more than Kenyan people's rights. So they need to in order to sort of have legitimacy with their constituency so that people will use their products they need to really appeal in a more consistent way to everyone. So there's this kind of clash of sovereignties going on, the private sovereignties and the traditional Westphalian sovereignties. And then of course you have people, human beings who are trying to use these technologies stuck in the middle with all kinds of motives obviously. And that's where kind of the internet nation and how you build that becomes, how do you create sort of a, Milton makes an interesting argument where we need to sort of create an internet nationalism and an internet identity. And that's where I think it becomes challenging because I've been involved with creating a global citizen media network with global voices and find that people share common values but are also very connected to their domestic struggles. And so the question is sort of how you tie the domestic, how you weave the continued domestic reality with sort of the global interest groups that arise. And the environmental movement I think is certainly one area that one can draw upon for what is the global movement where people kind of, people with common interests and common values band together in an international movement and push for governments and private actors to adhere to certain standards. And obviously it's pretty hard and the fight never ends. And I point out that Mozilla has also been kind of drawing on the environmental movement with their internet health movement that they're currently building with the idea that we need to sort of build a movement of interest. However, I think we may, a couple of thoughts about, how do you get a movement that actually gets governments to cede power or that figures out how to organize the power relationships between private entities, governments and the people from whom both governments and companies derive different types of legitimacy. I think it may end up, and this is kind of drawing from a colleague of yours, Laura Dinardis, maybe rather than one large let's have a movement that kind of seizes power, it may come through lots of different efforts aimed at solving specific problems. So for instance, the attribution issue that brings together a certain community, the fight over encryption and the right to have encryption. We're seeing a global community coalesce around that. Much thornier, then there's the internet shutdown issue where you're seeing different actors coming together over that. The content moderation issue and government's desire to control content, much harder one. But I guess I would point to in every situation where I think power has been reorganized or ceded or there've been kind of victories around internet governance battles, it's been because you've had civil society, corporate interest and some segment of the political establishment from some countries kind of coming together with an overlap of interest and moving forward. So I think as we sort of build this global movement, it will require kind of strategic alliances around specific problems, addressing specific governance problems that are failing to be governed in a way right now that actually serve and protect and respect the rights of users around the world. And just finally I know more of the time, but in terms of kind of what the principles are, I mean I think we have them. I don't think we need to create a new universal declaration of human rights. There's been a lot of work done by a lot of multi-stakeholder groups of how you apply human rights principles to surveillance online, how you apply human rights principles to content regulation. They're not being followed, but there's a lot of standards that are being developed. And so I would suggest rather than sort of trying to create new manifestos and constitutions that we really work with some really solid principles that exist that people have already sort of started to articulate how you apply them online and then figure out how do we better hold governments accountable and get them to respect those rights, protect those rights, how do we get companies to be accountable as well and how you kind of mesh those together. Thank you, Rebecca. So let's see what Tim says and his initial responses. Great, thank you. I think I'm supposed to talk more about the national security and security dimension on this panel. I think that's what Milton told me privately. When we first met six years ago, it was actually at an internet governance conference and I think over the last six years it's been very interesting to see how the various narratives evolved and I thought in my remarks, I'm going to talk about two things. One, framing and then second, timing. I think the great benefit of Milton's most recent book goes to this first point about framing and how we think a lot about these issues and you tackle the framing of fragmentation and you essentially tear it apart in your recent book. I was particularly pleased you didn't use the framing of Balkanization in your book which Rob Morgus who is here at New America and I at one point wrote an article and said, please stop using the term Balkanization for the sake of the people on the Balkans who suffered enough. And I think you do that very effectively in the book in terms of your analytical framework and how you think about it and you mentioned it earlier, people having discussed whether the difference in language is actually fragmentation or not and I think a lot of times we don't think enough about to what extent this aspect of it is actually rather a sign of diversity online rather than fragmentation and a more accurate representation of the global community that is joining the internet. And I think your book is one of the most systematic efforts in trying to separate those analytically which I think is really important. There's also, your book does a great job and your research I think of how the various communities have evolved in the last few years. As I mentioned briefly when we met six years ago, you had more or less three or four various separate and distinct communities that were working on tech policy issues. You had the internet governance community that Milton has been a part of for a very long time. You had the human rights groups that in and of itself were split into two. You had the domestic tech policy groups like the EFF here in the US that didn't do a lot of international work and you had the international human rights groups like Amnesty and Human Rights Watch that were only starting to get into this field and then you had the cybersecurity community which again was split into two groups. You had the people working on cybersecurity from the individual rights perspective and through the framing of human security and then you had this growing community of national security experts that viewed cybersecurity and continued to view cybersecurity through the prism of national security. And I think that is really this last group, this growing community of national security experts that have started to take an interest in the internet of the last decade that has been driving a lot of I think what is this counter reaction that once the internet was commercialized in the early to mid-1990s, a lot more money became involved and then you had a few maybe handful of countries in the late 1990s that started to realize that they could do more than just espionage by manipulating data or sealing it that you all of a sudden started to see the military and intelligence communities around the world taking a much stronger interest. And I think to your point, Snowden was in many ways the wake up call of all those countries that hadn't been doing this secretly that all of a sudden this is something that they wanted to do. So I really liked your point about the third layer and the fragmentation piece and I think where we're at right now in terms of historical comparisons and I'm curious what your reaction is to that is in Europe when we built the railroads, initially there were railroads that were different in width, right? The Spanish railroad had used different trains for the railroad system in Spain than in Europe because it was meant to avoid that all of a sudden the French or somebody else would be able to take their trains and essentially invade Spain. Today if you take the train in Europe you can take more or less in most countries the same train but I think in the internet we are at the same point now where everybody's agreed we will use the same protocol, you can take the same not train but data and send it to me but that doesn't mean the way the railroad tracks are actually positioned doesn't have significant impacts on trade and then also how conflicts are being fought and I think that is where we are at today. So let me get to the second point about timing. And Milton is always great because he doesn't only provide an excellent analysis and framework but also a very strong normative call for action and tries to energize everybody in the room to like once you are now going back to your office to sign up and donate money to whatever organization supports it or at least buy Milton's spoke so you can have the theoretical framework underneath it. But just to Milton's normative point I wish we would be 20 years in the past because as you point out in the book the current trend of governments pushing for national sovereignty is embedded in this broader systemic shift where John Eichenberry in 2011 wrote his article about the future of the liberal world order, right? So we've been at this point of systemic shifts and now for six, seven years where it's clear geopolitics writ large is changing and if anything if we look back at the past six years yes you've had bits and pieces where there are signs some of the emerging and growing powers are buying into the international order. One data point for that for example is in the international cyber security negotiations there was a big debate until 2013 whether existing international humanitarian law would apply to cyberspace. So whether principles of portionality and distinction would apply to offensive cyber operations. And until 2013 China refused to sign up to what was the consensus among the rest of this group of governmental experts that existing international law should apply and they were pushing for a new treaty. This falls into this broader contestation of the liberal world order but in 2013 China actually agreed to this consensus language in the GGE that existing international law applies. So you have certain signs where China and other emerging powers are buying into the existing international world order but if the last eight months how long has it been has I think demonstrated anything we are I think further sliding toward much more of a near realist kind of view on the world among policy makers and decision makers in many capitals which raised the question to what extent your call for the globally interconnected polity happens to coincide with the counter trend at a global scale that diminishes the probability whereas if this would have been if we would be sitting here 20 years ago we might be in a very different scenario to what extent this would be able to move forward. So the way I would describe the current environment is as contested governance when it comes to the internet where you have these different trends play out and we don't really know where it will go and companies like Microsoft will be a main player. So I'm curious to hear it. Well let's hear what Microsoft has to say. So Angela. I'm just Angela, not Microsoft. I do happen to work at Microsoft. And I think it's probably is very obvious an industry point of view on the challenges and opportunities in this space. First I just want to like my colleagues here compliment Milton on putting out a very helpful contribution into the ecosystem. Coming from my background I'm an engineer. I did happen to go to Georgia Tech as well. I think that one of the things that can be very difficult is when all these different concepts get kind of munched together. And so having a methodical analytical framework to move forward and think about fragmentation and alignment and using more precise diction I think is a very important contribution and very helpful in terms of forward progress. So thank you for that. What I thought I might do is just add a little context from an industry point of view and maybe four specific lenses and then frame it out in terms of that popular sovereignty idea or the polity. First is a little bit of philosophy, then technology, then looking at attacks and then looking at how governments and industry are responding to that. First in the philosophical point of view. One of the things that I think is really important when we start to look at fragmentation and alignment is basically how governments see themselves and how they respond relative to their own societies and that relationship looks very, very different in different places in the world. And so the concept of the role of the state relative to the population differs quite greatly. Clear examples here is if you look at the arguments about control of data and thoughts on that. In the United States, people would generally, not exclusively, but generally say, I don't trust the government to have my data but I'm much more comfortable with industry having my data. However, if you move over to Europe, then you start to have, I don't trust industry to have this but I trust government to have that. And then if you move, for example, to Asia, you have a construct that is oftentimes more where the state is taking care of things and so they don't worry as much about where the data resides necessarily but rather that the state is controlling this in a way that is meaningful. I also think that it changes in the context of how you think about security which is one of the main drivers for both the national security and human rights issues that Tim and Rebecca brought up. In this context, much of the Western world tends to think about the importance of protecting various systems. So critical infrastructure protection. What are the critical systems and what is the role of industry and the role of government in protecting those? Again, however, if you move to Europe, the construct of much of the regulatory framework is brought up about protecting society, not just the systems but what is it not just critical infrastructure but how do people use search engines to access the internet? That becomes important in the context of thinking about security. And then again, the concepts of privacy are very different in this space. I think that I wanted to bring in that context because as we talk about the next series of issues, recognizing that there are different views on the role of government, the role of industry and the context of what needs to be protected and who become very important. That's because we are in the middle of I think what everyone acknowledges is a great technological series of innovations that are coming much faster than most people and certainly governments are able to adapt to. This becomes very important in looking at how cloud adoption is going on. Why that becomes important is because you're going to start seeing a more homogeneous set of behaviors instead of characteristics as cloud adoption continues to grow, you will have servers and data that are managed by a smaller number of players and a smaller number of places. At the same time, you're going to have a more heterogeneous endpoint environment. What is coming with IoT is increasing the diversity of the endpoints. This matters because these become planes of control. It matters because the pivot points of where you're going to think about asserting sovereign power or managing security changes as you think about a more heterogeneous endpoints and homogeneous kind of core. I think that kind of brings up the space of another one of those things that's just driving the concepts of where to deal with control and that's the cyber attack environment. As we continue to see not only do you have an increase of the number of nation states in this environment, very clearly demonstrated by the WannaCry attacks, the access to advanced tradecraft is continuing to grow, not just in states, but the transferability to non-state actors and that concerns citizens and that concerns government. They're feeling a lack of control over their data and over the outcomes that are related to their personal rights. And so I'm just kind of bringing up, these are all factors that are playing into whether and how the polity will be able to assert itself in context relative to sovereigns. So what do we see is reactions. Very much so, what I see on a global basis, not as much domestically, is a very strong drive towards regulation of security and regulation of privacy in cyberspace. This is going on almost any place in the world. Right now we're tracking at Microsoft over 90 countries who have legislative proposals for cyber security, over 70 who have national strategy initiatives and over 30 countries who have declared offensive doctrine in cyberspace. And those numbers continue to grow on a regular basis. There is an attempt largely by states leveraging offensive capabilities informed by the national security context and somewhat informed by the privacy context to move into a space of more control. And they're trying to figure out how to think about those points of leverage that I talked about earlier in the technological environment. Is the point of control going to be at this diverse end points? Is the point of control going to be with cloud service providers or some combination of those things? You also have industry responding. And industry is not just responding to government regulation. We're responding to customer concerns. So we also are taking some actions that may challenge a broad policy kind of construct because we're responsive to concerns of our customers. Microsoft, for example, will let an enterprise customer choose the jurisdictions in which they want their data to be stored because we've had to respond to the post Snowden concerns about access to data. And so it's not just regulation that is kind of challenging some of these constructs. It's also the responsiveness of industry to our business demands. We have to think about those things. So I will tie up with the last 20 seconds here, which just says, I think what I really appreciated in Milton's book was the recognition that there are trends towards the global polity having an identity and asserting a series of, asserting its role in the management of these functions. But there was also pragmatism. You recognize even up here in your opening remarks that governments will not ultimately cede everything. And so what I encourage the room to think about is as we move forward in a shifting domain, technology and innovation moving faster, the geopolitical context that Tim brought up, the people's context that Rebecca brought up, we're gonna have to think about what is the role of government? What is the role of industry and what is the role of society? And how do we proactively manage this fragmentation, manage this alignment to move forward in a system that recognizes and achieves the global benefits to society and the values that you represent? Thanks. Great. So please join me in giving our panel a big round of applause. And we want to spend some time having a discussion amongst the panelists before we open it up to the audience, but we do want to make sure we have enough time for your questions and comments. So please get them ready and feel free to jump in. So the first thing I'd like to start with, Milton, is you raise this issue of a need for a cyber-libertarian movement, a liberation movement. And you talk about the need for creating the space where there's the opportunity for governments to get out of the way. How likely do you think this is given your assessment? Yeah, it's, I think, the, I always get asked this kind of a question. It's like, what's going to happen? And it's like, my answer is always, I don't know. I don't know what's going to happen. I know how I want, what direction I want to push things. And I think by sort of making this conflict extremely explicit and outlining an alternative that doesn't normally get articulated that I would be contributing to pushing things in a certain direction. So most people, they have a more moderate attitude. It's sort of like, well, of course, governments have concerns, of course they have sovereignty. We have to respect that. And I'm just saying, well, let's question that. Let's just, and see how far we can get with that. And drawing, when I was investigating a concept of sovereignty, historically, I realized that the concept arose in this early modern Europe in which you had all these overlapping kinds of jurisdiction and authority, very unclear. It was not scaled up properly. And so in some ways, at the information and communication sphere, you see a similar kind of structural pressure that says, there's just something not viable about this. I really like what Rebecca said, is that the governments wanna have their cake and eat it too. They want to have global authority when they can get it and they wanna have territorial authority when it benefits them. And there's a contradiction. I say that in a book. It's like, alignment is something they can't resist going after, but it's something they can never really achieve. And there's these interesting contradictions at play. So at the structural level, I think it is likely that the contradiction provides an impetus for change. And that change could go in all kinds of directions, including really bad ones. And if we can articulate a concept of a global polity that has a very liberal, freedom-oriented approach to this problem, then maybe it will go in a good direction. Right. Before we turn back to Rebecca, so if we go back to the mid-90s, John Perry Barlow had a declaration of independence in cyberspace. How do you think about his concept? How does that relate to what you're proposing here? Well, I think it was kind of a very prescient and early, but fundamentally a rhetorical and lyrical ideal. And one of the problems was that everybody said, well, obviously he's discredited because things haven't gone in that direction. But Barlow was a lyricist for the Grateful Dead. He wasn't a political scientist. He wasn't a political economist. He didn't understand the intricacies of internet governance. So now it's time, in terms of a vision, I think that was very powerful vision. And I'm pretty much in accord with it, but I think you have to think through how it actually gets realized. So Rebecca, you talked about the institutions. How does this get done? So what do you see as the possibilities for moving in this direction? Or what kind of pushback do you see against it? Yeah, so I think we need to be kind of pragmatic and methodical and kind of look at specific issues and sort of build coalitions around how to address those issues. And I think in the process of that happening, then sort of broader interest groups that cross borders will form and we'll kind of figure out what the politics end up looking like. Cause I don't think we're gonna have like the United States of the internet with elected representatives to an internet congress or something like that, right? That would be gone, that would help as well. So I don't know sort of what the political innovation ultimately is going to be, but I think it's gonna happen in a very internet-y way, which is that there's not gonna be some grand thinker who's gonna say, I have this grand idea and let's all implement it. It's gonna be communities in a distributed fashion, seeking to resolve problems. Communities of interest that cross industry, government and civil society and technical community and government is often not the bad guy as well, both in terms of security, but also there are some really bad corporate actors who people need to be protected from. So it's not that the role of government goes away. I think the issue is, and this is where I bring up human rights frameworks again, so you take encryption. Let's just take the encryption battle, the right to encryption versus government's desire to assert sovereignty over technology so that they can access things for their purposes and claiming that it's in the public interest. But if you look at it from a global human rights perspective, it can only end badly, right? And the technical community and sort of the human rights community and a lot of the corporate community is sort of in agreement on that and governments are kind of seeking shorter term interests and seeking to erode encryption over a simplifying. But when you look at sort of what is the global human rights principle in here, this is a case where letting each government sort of decide how encryption is gonna be regulated and then allowing it to be addressed in that way is clearly not good for human rights. It's not good for security either, right? There's a whole bunch of things for which it is bad and it's probably not gonna solve the problem that governments are seeking to solve anyway. So this is an example where there's kind of a community of cross-cutting interests in a bunch of different sort of sectors that can come together and say, governments, we have to take this power away from you because you're not using it in a way that's actually in the public interest. And so the question is how do you align those forces together to do that, to achieve that? So that's a very concrete on just one specific issue. And I think then when it comes to content moderation, lots of governments are saying, okay, we have to make all the internet platforms pre-sensor everything and monitor everything so nothing bad ever gets said on the internet I oversimplified, but only slightly. And from the internet, from a human rights perspective, this will only end very badly. And so again, if kind of the national sovereignty approach is clearly not going to work, sort of how do you move it in a way that rational governance and rational decision making that actually is compatible with the advancement of human rights can happen. And so I think we do need to take it sort of beyond abstraction to some very practical and pressing issues and try and figure out how we get beyond the stalemates we're at. And as we sort of innovate in terms of policy solutions, then we'll kind of see where it's going and those tactics can be applied elsewhere. And then the message to governments, as it was back when monarchs were the thing and said, if you want, you have to evolve if you want to stay in the game at all, right? That they're not gonna change unless they're seeing a real threat and that there's frankly enough power that's pushing them in that direction. So do you or Milton, do you see any alignment with the current institutions that we have with the helping us to move in this direction? So we have the Internet Governance Forum entering its second decade. You have lots of communities of interest within that space. Are they organized enough to push us in this direction? Or, Milton, you talked about Ned Mundial in the book as having lots of possibility, lots of energy that somehow got dissipated as well. So I'm really interested in what are the potential mechanisms for enabling us to move in this direction if you see that? And do you see the existing infrastructure giving us a foundation for that? Well, I think the Internet Governance Forum and the Internet Governance Community, the kind of orbits around IGF and ICANN and the RIRs and the Internet Society actually are very important parts of the kind of the glue that helps to hold a global community together. And that's the only thing it does. It doesn't do governance. It doesn't actually create enforceable norms or any kind of actual governance structures and it has its own pathologies and weirdnesses. But in terms of getting those people who care about the global Internet together and forming those kinds of social bonds and identities, that's very important. And I think that the transition from ICANN away from the US government was an extremely important political step in terms of establishing the principle of a non-sovere and transnational governance agency. We saw the fight was very revealing who was against that and who was for that. And now I think the really the shift, the impetus now has to come from industry, civil society alliances and in particular industry has to be more involved because they're the ones who operate the infrastructure. They're the ones who have much more direct relationship to the control points. And I think if industry can do things like Microsoft's Digital Geneva Convention, which is a very welcome development, I think if things keep going in that direction, I think we can see some real progress. So Tim, we'll come back to you in a second since we're talking about this new initiative. Would you like to say a little bit more about that Angela? Certainly. So for those who might not have heard about it, the Digital Geneva Convention is a proposal that Microsoft formalized at RSA in February of this year. It builds on some longstanding work that we have done in talking about norms, cybersecurity norms specifically, and the role of governments and the role of industry in helping to promote security and stability in cyberspace. So as part of that initiative, we've talked about three primary pillars of work. One is moving a long-term aspirational goal of building on the voluntary norms work done, for example, by the UN Group of Governmental Experts and OSCE, and moving that eventually towards a legally binding construct. We recognize that that's gonna take a lot of permutations along the way, but we think that it is important for ultimately there to be rules that are established that are not just voluntary, that are legally binding so there can be consequences when certain behaviors violate the agreements. The second real big pillar of work is around something we've called a tech accord. You can think about that as the role of industry in saying we have commitments that we make to our customers and we have capabilities that we can also commit to that help to, again, increase security and stability in cyberspace. So if we, as part of our proposals and we do, articulate that governments should have a process for the handling of vulnerabilities with the propensity to report them to industry, then industry must also have policies and procedures in place to responsibly handle vulnerabilities that are reported to us and issue patches, et cetera, et cetera. So think about that as complementary. And then the last one that I think is getting a lot of discussion right now, particularly in a post WannaCry context, is around an attribution council. So how can industry, from a technical point of view, share data with each other, potentially also with governments in a neutral forum, so not into the UN process per se or not into a particular government, but do technical attribution of data and demonstrate and show evidence because one of the main problems with attribution right now is that there is attribution going on, some by states, and then they say, just believe us, but we can't show you because it would reveal sources and methods. Or it's by those in industry who are very good players but who also have particular business drivers associated with attribution. And so we think that there are, again, I think is highlighted, and I really wanna pull on the point that Rebecca said, there are issue-based ways of thinking about new models for handling particular issues. And I do also agree that that is going to be one of the things that move forward. I talked about public-private partnerships, probably three or four years ago at the SICON conference in Estonia, where we talked about the attribution council recently. And at the same time, I said the same thing I would say now, which is these, you form communities around issues. It starts to help you know which stakeholders need to be involved because everybody has an interest. But do you have an equity or capability to bring to the table to solve a particular problem that's coming to bear? This is moving and changing so fast that I think an issue-based construct is going to be the one that allows for sufficient agility to deal with the range of concerns from a threat perspective and an innovation perspective, and helps to define what the appropriate model for inclusivity should be. Because if it's everyone all the time, we're never gonna get anything done. So, and Angela, you and Rebecca both see these issued networks as multi-stakeholder issued networks? Sometimes. Sometimes, not necessarily. Not necessarily. Even in the Digital Geneva Convention proposal, you saw that the legally binding pillar of agreements among governments is a government-to-government agreement. Industry and civil society can help inform what that agreement is, but ultimately we believe it's states agreeing or not agreeing to certain behavior between them. We can influence that. The Tech Accord is an industry-to-industry commitment. States and civil society should have input, but the agreement is there, and so it's not going to be one or the other. It kind of gets to my who has capability and equity, not just who has an interest. You can inform a lot, but you've got to kind of figure out who has to be at the table versus who wants to be at the table. Yeah, I agree. I think each problem, there are different sets of actors that need to perform different roles, but it also relates to accountability. So, whatever constructs solutions get devised, how do you ensure that when, whatever mechanism it is, when abuse takes place, when abuse of power takes place, it's identifiable that the abuse took place. It's possible to know who abused their power, and that they can be held accountable, and that victims have redress. And so in terms of how you build that system, I think in a lot of cases, there's going to have to be, in terms of impact assessment and risk assessment, and who's being affected, and just how grievance mechanisms get set up. Again, I think you need multiple stakeholders, but is every kind of issue going to be dealt with by the same construct, that would not make sense. If you're dealing with content controls, I think you need a much broader set of stakeholders than you do with certain technical security. So, Tim, so states have responsibilities to protect their citizens, to address some of these ills in the dark side that Milton sort of alluded to as well. What's the role for states here in terms of national security issues? What are the kinds of issues that you see as important in addressing Milton's concerns? Frankly, it's unclear, and I think how hotly contested this space is, and the roles and responsibilities is clear by the fact that you have a major company that is, I think, going beyond what I would consider conventional activities of a company in pushing its agenda. The fact that you have the CEO of Microsoft pushing this notion of the digital Geneva Convention and the Attribution Council and the Tech Accord tells you something about how much of this is still in flux in addition to Milton's call for the liberation movement. So I think a lot of this is right now up in the air, I think for the next couple of years looking forward, a key data point will be who else will be signing up for this, right? Will you have the continued division between some of the companies and civil society, or will they join forces on specific issues? Microsoft has been the leader in this space when it comes to rules of the road for cyberspace and the more like conflict angle and road, but if you look at the surveillance debate post-Snowden, it was also Microsoft, but it was primarily also Google and Facebook that were the lead in that. So I think some of those questions and to what extent you will have companies beyond the United States becoming much more active in this, be it Huawei, be it European companies that I think have been fairly quiet on this, but will be as affected as others, especially as we move to the Internet of Things and you have German car manufacturers, you have French companies and Silicon Valley springing up all over the world. And so far we haven't seen that. So I think that'll be an important data point in the next five years. Else we'll be jumping on the bandwagon for this. And then to go back to final point on that, the timing again, right? I think timing will matter incredibly in the next five years. The regulation that are currently in the pipeline among 90 countries, if in the next five years you don't have a major terrorist attack in one of the, in the US or in Europe and by major I mean more than 1,000 deaths because we've seen several terrorist attacks in recent months and years. Or if you have a major incident with regard that will affect the encryption debate, right? With the encryption, I think all the positions are kind of clearly staked out. Now it's coming down to the politics of it and who will ultimately prevail in this battle of ideas and what should be the fact. And that will incredibly depend on what will happen the next five years. And then it'll become path dependence will come into the picture. Whatever decision will be made then will set the path for the next few years. And I think at one point we will have to figure out what is the ideal governance system that we think is the most, is the most effective the most accountable because once we've reached that point the next question becomes how do you implement as many veto players as possible so that if there is an external shock to the system the veto players will make sure that there won't be any traumatic changes to the governance system. So at one point you'll have to identify okay where is the ideal balance that we found here and then you have to think about how do you make sure that there won't be any easy changes to that system and that you build veto players and that he's increased the cost while making any changes to that system. Great. Just to add you also need to identify and reinforce your political allies sort of in the conventional political systems of these nation states. If in the UK Theresa May feels that she will continue to get re-elected by imposing draconian regulations on internet companies and weakening encryption that's not good. So the question is, are you actually going to be able to cultivate a set of political leaders in key countries who feel it's in their long-term political interest to align themselves with this movement and not with some other perspective? And I think strategically there probably hasn't been enough work done. I wanna pull out two things that Tim said is the international context this is why I brought up philosophy in the role of government in the role of industry doesn't look the same in different places in the world. So we're sitting here having a panel in the United States and it's very easy to think about the how industry operates relative to government. I can't tell you so that we get a lot of folks who are very supportive of the fact that Microsoft sued the US government and has been not complying with orders for extradurist-dictional access and you would think right that some governments and other places in the world who don't want that data access would be like very good. And actually in many contexts they're like industry should not be disagreeing with government on that. Even if they like the outcome of that decision it's a different cultural context between industry and government and as Tim highlighted and as I tried to say in my remarks with the change in what is happening in IoT it's not just gonna be tech players it's gonna be players across different sectors who are tech players who are coming up in different parts of the world and so it just adds a degree of complexity to this conversation that I think is sometimes underestimated. Right. There's a lot more I want to pursue here but let's open it up to the audience and see what questions or comments we have. Do we have a mic in the audience or there it is. We have one here in the blue shirt and then on the right side. Thank you so interesting. My name is Courtney Raj. I'm with the committee to present this. And so I have two questions. One, this idea of the internet or internet and kind of the debate right now around capitalization of this and is there an internet or multiple internets and which way of thinking about it and therefore capitalizing it or not gets us further to what you are envisioning is the future Milton. And then the second question is regarding industry and correct me if I'm wrong but ultimately the main global actors the Silicon Valley based actors are only accountable to their shareholders. They're accountable to their users to the extent that it impacts the shareholders. So what does that mean for governance for it's obviously great to have initiatives like a Geneva convention and participation in things like the global network initiative but ultimately the legal and fiduciary responsibility are to stakeholders. So what are the implications for kind of trusting the role of private companies in this debate. Thanks Courtney. Well yeah I mean in some ways the capital I on the internet is sort of stating that if you use these protocols you are somehow buying into an integrated system and that is a globalized compatibility system but I don't think the issue of how this plays out will turn on that. I think it's more a question of the degree to which where do you locate this authority to manage and limit access. And again I don't think it's possible for anybody to say you should never manage your limit access and you should never moderate content. Ideally there's a perfect competition and if Facebook moderates content in some way that we all find silly and overreaching then we just migrate to another platform right. Although that obviously that level of competition doesn't exist in that particular environment but the point is not that it's bad to moderate content. What's the problem is who's doing it for whom and how accountable are they to that unit. So I'm saying most people have said these governance issues have to be dealt with at the level of the state. And I'm saying it's probably the worst unit with which to for it to play out. I mean it's too big on one hand. There are too many different interests and different policy alternatives even at the national level. And it's too small in the sense that it doesn't really deal with the global as too much conflict built into the nation state relations at the global level for that to really work. So let's devolve lots of decisions to autonomous systems, to markets, to other kinds of arrangements and then let's push a lot of stuff up to new global institutions. The shareholder, I assume you have. Yes. I think I can be very brief. From A, so I'm an engineer, not a lawyer but my understanding is from a pure legal perspective the legal constraints are around the shareholder. But maybe what I could explain is more broadly how we think about this which is in delivery of shareholder value you have to think about a lot of different components including legal, regulatory, financial, security, risk. And what I thought was really important in how you phrase the question was how do we ensure that you can trust the company? What's interesting and maybe can be illuminating is the conversation inside of the company which is how do we ensure that our customers trust us? Because trusting the company is one construct and that gets to the legal and shareholder value. But if we have diminishing trust in ourselves or our technology then we won't be able to deliver that shareholder value. And so I'm just kind of highlighting that the inside of a company at least inside of ours and many of my peer community is really thinking and one of the reasons we're so engaged whether it's on domestic regulation or these transnational issues like security and stability and international security is because we're thinking about trust in the technology and trust in the company so we can continue to deliver the societal impacts that have been driven by technology. That's what we worry about. Great, here on the right side and then one in the back. Thank you for the great discussions. I'm actually the Chinese translator of your book. It will be published by Tsinghua University Press. And but when I was translating there is a kind of confusion about the title, the main title, the subtitle of your book. If somehow I think it will be more informative if we use the subtitle like globalization and sovereignty and the service space as the main title. Why I put the question mark as the subtitle? Will that significantly change the way of your writing if we do it that way? No, in fact, the original idea for the book was indeed the subtitle and the publisher wanted a catchy question which they have, as you see it's part of a series in which one of the other is like a technology good for education and then there was another as China buying the world. So they wanted a single simple catchy title. And will the internet fragment seem to be a question that was on many minds, but you're right, the substance of the book is more in the subtitle. So good, good for you. Ha ha ha ha ha ha ha ha ha ha ha. Back in the corner there. Hi, Kathy Kleiman. I'm internet counsel with Fletcher Hilden-Hilderith and Hilda Milton and Rebecca and everyone on the panel. Great discussion. So one of my questions, it's not really a statement than a question, which is it's not just governments who want to bring their laws onto the internet, it's people, netizens do. We want to bring, everyone in this room wants to bring the First Amendment onto the internet at least to protect our speech. We don't want to be restricted by the hate speech laws of Europe. Europeans are passionate about bringing their data protection laws online so that they can be protected with the privacy laws that they're used to. So we have that also coming from netizens, from people participating. But to switch over to the question, it was mentioned briefly, but let me bring it up. Instead of IGF, how is ICANN as our model? It's really the kind of 800 pound gorilla in the room that there is this multi-stakeholder model with all sorts of flaws and flams and by disclaimer, Milton and I and many people in the room are very involved in ICANN. So how does ICANN help us with the multi-stakeholder model? And talk about, since I was hearing about kind of issue-based coordination versus kind of one umbrella to bring all the issues in. Fragmentation of the issues may be an issue of itself, kind of following, especially for a civil society. Is it better to have one umbrella or multiple umbrellas? Thanks. So I guess the question of who is here from ICANN, by the way. So I can say pretty much anything I want. To what extent is ICANN a good example? I think it is a fundamentally good example in a sense of being based on the right idea that we're going to transnationalize governance by privatizing and devolving it down to a contractual relationship among private actors rather than to try to govern through an intergovernmental treaty among states. So in that respect, the ICANN model is very good. In terms of the accountability relationships, everybody at ICANN remembers me probably negatively because I was so critical of them in the beginning. And in fact, even though everything I said has basically turned out to be true and they've tried to rectify these problems, they still know that they don't like me. They don't know why exactly, but they just don't like me. But basically we went through, we said in 1999 that you have no accountability. They said we're going to create a membership that's going to elect the board. They did that. They got elected people that they didn't like. So they abolished the membership. And then we said you have no accountability. And then it became more and more obvious that they had no accountability in the community, not just civil society, but the business interests in particular started saying they have no accountability. So we got these reforms tied to the transition. And that was a good thing. And we're still seeing how those things play out. But I think in general, ICANN is, it's an example of what you have to do to do global governance. And in some ways it segueing over to the other part of the questing, Kathy, it supports Rebecca's idea that you can do this better when you're focused on particular issues and particular problems. So with ICANN we're focused on DNS governance. One of the reasons in that Mundial initiative kind of ran aground was it wasn't clear what was the scope of this initiative and were they going to try to use all these sort of self-selected structures to handle a bunch of other internet governance issues that maybe weren't really properly or legitimately constructed in certain ways. And so the idea that we know how to do name and number governance right is, I think, very important, both as a limitation on the scope of governments and on the fact of effective governance is that we know what we're doing and we have a community around that. And in many ways, if there's one criticism that can make up ICANN right now it's that they are so avidly encouraging open participation in the multi-stakeholder system that they're getting flooded with all kinds of people who love going to these meetings and love participating but they know absolutely nothing about domain name policy and so you and I end up writing all the public comments saying, oh my God, this policy is a disaster, right? The same old people that were doing it 10 years ago. So that's my response to your question. I think others might want to. Thanks Kathy. Hi, you know, I was talking to somebody the other day about various internet governance challenges and also about the challenges that some of the companies face, vis-a-vis pressure from governments and how do you create sort of an alternative power center to better counteract unhelpful pressure from governments and I kind of threw out this thought which is what if one kind of form of governance experiment that were to be conducted would be if for example, Facebook allowed the creation of user chapter or maybe we don't need their permission. We just create sort of some hybrid of ISOC, internet society and ICANN sort of models where you get chapters of Facebook users around the world, sort of union of Facebook users chapters in different parts of the world maybe they have regional chapters and then maybe there's a non-commercial stakeholder group and a commercial Facebook user stakeholder group and God forbid there's a government advisory council or something and they elect like a board that then goes and negotiates with Facebook, the corporation about issues that, I don't know, just a thought experiment but do we need companies, would it be in companies interests particularly when they're just kind of faced with this conflicting set of demands from lots of sovereign governments that'll contradict one another and it's kind of hard to respond constructively and they're also trying to solve problems of their own that are just sort of like how do you manage content in a way that doesn't just anger everybody and et cetera that you can derive more legitimacy amongst your users by actually bringing them into decision-making processes in some way. I'm not a lawyer because I know lawyers would hate this kind of idea from the corporate side but maybe there needs to be some types of experiments in that regard as well by either just kind of initiated by users or that the companies might welcome some of us. I don't know, I'm just throwing this out there as sort of a crazy thought for people to, so part of what I heard in Kathy's question as well is this fragmentation of venues. So you've got ICANN, you've got IGF, you've got all of these different conferences and venues that are starting to emerge that happened with NetMundial as well. People started to worry. Now you have this whole new set of processes as well then you have the one that came after the NetMundial initiative and all of their activities and so what I was getting at earlier around say the dynamic coalitions within IGF, is that the kind of issue network? At least that's a place where even though where all of these different issue networks are still coming together rather than just going to the privacy conference or just going to one of the other, the intellectual property conference or whatever the case may be. I just, I'm trying to be a little bit pragmatic and think about how do we see progress in this front creating yet another multi stakeholder global institution from scratch to make this happen or make the ones that we have work better? Well one of the things that I understand is that you can overdo governance. So it's not like everybody needs to collectively vote on everything that happens in the world at every moment in time. Indeed one of the values of markets and limited government is that you try to find ways where when people disagree, you know, you don't have to have a vote on my tie, right? I choose my tie. If you don't like the color it's just too bad, right? And I, you know, you got an orange shirt and that's okay, okay? So. I think we need to vote on it. So we need to radically restrict the number of things on which we need to reach collective agreement and there's a very clear dichotomy between progress, technological and market progress on things that can, people can take private action and things where you have to come to collective agreement. So for example it took us more than a decade to come up with internationalized domain names because that required collective agreement through the governance structure. It didn't take that half that much time, a fraction of that time to come up with actual representation of alternative scripts in websites because that was private action. So one of the keys here to having rational governance is to limit the scope of governance for those things where you truly need collective action. I forgot exactly where I was going with that but. Asvatu was next and then we've got three over here. I'm Ash, I just graduated from American University. Thank you so much for such a great discussion. I just wanted to hear your thoughts on yet another institution that I understood as having quite a bit of significance to the whole debate of internet fragmentation, the wicket. I'd like to know if it does for five years after the ITI, if it does have significance now and also do countries need the kind of justification provided by wicket in order to assert their sovereignty and if so, how do we deal with it when internet governance is reduced to intergovernmental treaties? And just because we're at the end here, let's get these last three questions and then a final round of responses. So there's one, two, and three. Hi, Tim right out, thanks everyone. I'm wondering about, this is more specifically to Angela but anyone can feel free to answer is as tech companies, so for the example of the attribution council or whatever, as tech companies do take on more power and influence, then people are then gonna wanna hold them accountable directly if the government is more pushed aside. Are the tech companies prepared for this? I mean how does it, obviously if you're attributing you're taking on an investigative function that is normally the police and as Facebook takes on more and more and I mean, I don't trust Facebook. They perform social experiments on their user base without their consent. I mean, so the question is then are you prepared to basically become the government in some form? How does it interface, I mean obviously you're not gonna go around arresting people but when you give information about attribution to someone, you know, what does that look like? I mean, I don't know, I'm genuinely curious, thanks. So we've got the gentleman in the blue shirt here and the gentleman in the bow tie. Hi, I'm Chris Savage, I'm a lawyer and actually a professor in this space. I wanna put a dystopian image out there and see how the panel responds. Something that governments have that companies don't is armies, guns and the ability to put people in jail and take property and not have to go to jail for it. And so what occurs to me is the reason this panel exists is because we don't realize how recently it is that the internet has actually become important. And it's really only in the last couple, three years, maybe an election or two that the politicians and the governments are coming to realize, wow, this really matters. And if the government thinks it really matters, they do all kinds of things, revoke section 230, for example, there goes content, totally consistent with First Amendment or regulate internet service as a utility on price, which is a lot of the issue in the net neutrality. And I'm wondering whether this discussion appreciates the full power of government if it actually gets interested in what we do. Yeah, that's a perfect lead in to the end of the conversation. And my question really is more common to Angela tried to emphasize this issue of context. And I see this conversation as somewhat of a context-free conversation. So the real question is what's the objective? What's the result that you want? Because technology, internet governance is inherently a technology question. It really is. The operations of it is a technology question. How are we going to govern it? At least I thought it was about connectivity, about free data, about data flows, things like that. And when we first started talking about fragmentation, as you said, it was really the issue of governments putting walls using that to create several internets and lots of things like that. But what's happened is you're talking about rights. Well, what are human rights? There is a declaration, there's disagreement, what we consider right here and others. So those are governing things. And if we use governing words like power and primacy and things like that, then we're adding to governance something that has nothing to do with the flow of information. But it has everything to do with replacing things. So we have to be very careful about thinking what the result is. And that means we must do it contextually and carefully use the language that applies to the things and say what is the result we're looking for and what will that result probably do? In World War II, and after that, we saw one result of free flow of information. And that was, of course, Radio Free Europe, the American. Let's go ahead and finish up this a little bit. And that kind of thing. So I'm just posing that as there's a context for the conversation that really is important for resolving. So let's start with Angela and work our way down. Lots to think about. Lots to think about. One to Tim's question, hey, Tim. Everybody else got to do a shout out, so I do it. Particularly relative to the Attribution Council, what I would highlight is maybe a very tactical point relative to your question than a more strategic one. In the context of the Attribution Council, technical attribution is not the taking of actions that would hold accountable the actor identified in attribution. So one of the reasons we've talked a lot about the technical attribution is that that is different than effectuating consequences for behavior inconsistent with a norm. At least in our model what we've talked about is attribution and the credible evidence being shared publicly, which then allows states to carry forward the sanctions that they deem appropriate on that attribution. So it separates that out. But I think your broader point about as industry continues to have data and capabilities that historically used to be more resident in governments. There are changing dynamics here, and I think that that's really important. I think that we don't want to become the government, first of all, not nearly as agile, certainly not good for innovation, and not good for all of you in terms of liking new innovations that are delivered to you. But I do think we have to think about what are the mechanisms for accountability. Rebecca raised this point earlier. There's certainly ones that industry can drive ourselves. So things like transparency reports, the transparency centers that my organization have done that provide visibility into code base are voluntary mechanisms for accountability. I do also think that we're going to see whether it's through the regulatory drive or through other things, greater systems of accountability put on industry. And I think that that's one that's gonna be, as we talk about governance challenges broadly, the system for accountability relative to control, we see this coming up, for example, with AI, right? Like who's designing what the algorithms are doing? It's still designed by a company. What is the right way to provide visibility into that? So maybe just to the question at the end, what is our objective? I don't know if I could speak for all of Microsoft, but I would say maybe specific to the conversation on the Digital Geneva Convention, because it's come up a lot here, is what we are seeking to create is a sufficiently stable ecosystem and sufficiently secure ecosystem that addresses trust. And it's that question back at the beginning. It all comes back to trust. The citizens are able to trust their governments, citizens are able to trust technology and technology companies to represent their interest. But the context point becomes incredibly salient there because interests are different in different places in the world. And I think not just from a geographic point of view is what I highlighted earlier, but these are changing, the identity systems are changing very dramatically because of technology. And so when I say represent interest, it's a conceptual thing as opposed to a very pragmatic or tactical thing at this time. Yeah, anyway. Thank you. Tim? Just building on that point in terms of the dystopian future, I think we're in the midst of that battle playing out right now. After all seven, the Estonia and DDoS attack, Staxna became publicly known, Snowden, I think we're in the midst of the resurgence of sovereignty in the nation state. And to the stability point of view, I think there's a really interesting question to the objective, what do we mean with stability? It's different from security and it's different from peace. And even if you would just look at peace, I work at an institution that has peace in its name. You can go to Yuan Galtung and we can have a conversation about negative peace and positive peace and what we mean by that. So I think that'll keep us busy for the next few years. Thank you, Tim. Rebecca? Yeah, I mean just briefly, I think human rights are pretty tangible and do relate directly to the free flow or to the flow of information and the governance of the flow of information. As a Zimbabwean blogger said on a panel at WSIS back in 2005, which almost got shut down because it had human rights in the title. If I don't have freedom of speech, I can't talk about who's stealing my food. And so what this is about ultimately is people's ability to secure resources to obtain the opportunities that they have a right to obtain and to have the security, that the right to life that they have and the right to hold power accountable and to speak, to obtain information and not to be subject to such arbitrary surveillance that they can't do any of these things because if they're the wrong religion or color or sexual preference, they'll be persecuted. So I think the end goal is human rights and I think that is a tangible thing and it's not a context free thing and I believe very strongly that that's what we need to organize our kind of governing principles around. And let's give Milton the last word. Okay, well before I answer the four questions which are all very profound, I'm going to do a plug. So before everybody leaves, I've got a small number of copies of the book here which you can buy for $13 if you have it. We were supposed to have more here but the publisher distributor actually messed up so I've only got this small number here but I'd be happy to transact with you. Yeah, it couldn't be. It's like it's rule, right? This could be a collector's item. It's maybe the only copies we ever see. So just bear that in mind as you're bidding on the prize of this. Okay, so we had four questions. Wiccot, which is the World Conference on International Telecommunications. We had a very interesting question. Are our companies ready to take on the accountability expected of governments? We were asked whether we appreciate how much power governments have. Yes. And about this statement that it was about the free flow of data and not about rights and governance. So to begin deal with Wiccot first, I'm gonna have to deal with that really quickly but basically that was a 2012 meeting to revise and update the international telecom regulations which were written in 1988. This was turned into a proxy war over the role of the ITU and internet governance and had almost nothing to do with the ultimate treaty that was passed or not passed. The whole world split around this fundamentally not so relevant treaty and really had very little to do with anything in the final analysis. We wrote a series of blog posts about it which I would direct to you at the internet governance project. You can look back at the archives and get the full sort of our treatment of that. I think I'm taking a slightly different view than Angela on the question of corporate accountability. I think that insofar as we shift or migrate some of these governance functions to private non-state actors, let's say. No, we don't want Microsoft to be a government or be held to the standards of governments but we want it to be a private corporation. But when we create this international attribution organization or we're talking about ICANN, even those who are non-state actors, hell yes, they are going to be held to the same standards of accountability if they're doing this global governance function and ICANN has learned that the hard way. At first they said, we don't really do policy. Oh yes, you do. Yes, you're going to have essentially procedural protections, you're gonna have notice and comment, you're gonna do all these things that governments have to do because you are governing. So on the how much power to government, I think Tim pretty much answered that in the sense that the reason I wrote this book is because I saw this reassertion. I fear it. I think we need to understand what might be lost in that process. We need to have a better articulation of that and we need to question the basis for it which is of course this idea of sovereignty and the idea that every state has some kind of absolute power over what their citizens do regardless of this global community that we've created by default. And finally, when you say it's about data flows and not about rights or governance, then well, think about what it means to have free data flow between countries. It may be that the data is violating the privacy laws of a particular country. It may be that you're enabling commerce that bypasses all kinds of regulatory restrictions on commerce so you cannot avoid talks about rights and governance simply because the technical system has enabled. That's what's so wonderful about the internet. We sort of just created a globally compatible protocol that connected everybody first and then we thought about how do we govern this? And I thought that was a wonderful mistake. Some people think that was a terrible mistake but if we thought about how to govern it first which is what the Europeans always do and then created it, what we would have gotten would have been completely bad and ridiculous and overly restrictive. And so we kind of are doing it the right way. We created the capability, now we're figuring out step by step in a kind of a common law basis how and when to regulate it and when not to regulate it. So everyone please join me and continue on the publication of this new book and to thank the panel for their wonderful insights. So thank you all very much. We are adjourned.