Keynote: David J. Redl/transcript
>> DAVID REDL: Thanks, Shane. And thanks to Dustin your co chair as well, the ISOC DC support, and all the members of the steering committee for volunteering time to organize this important event. This isn't my first IGFUSA event but first as Administrator of NTIA, so thanks for having me here today. I'm grateful for the opportunity to speak and I'd like to spend time to discuss the Administration's approach to Internet policy and talk through key issues we've been addressing this year.
For those that don't know, NTIA is an agency within the U.S. Department of Commerce and we're principally responsible for advising the President on telecommunications and information policy issues. We're in a unique position in the U.S. Government of being involved in all aspects of Internet policy.
Our approach is guided by a commitment to protecting a free and open Internet and supporting minimal barriers to the global exchange of information and services. The Trump Administration is a strong advocate for the multistakeholder approach to Internet policy and government. Simply put, bottom up, consensus based processes create policies trusted through the Internet ecosystem.
At NTIA, we engage in interagency discussions, work with stakeholders and Congress, and advocate in international institutions, both multistakeholder and multilateral, and these engagements inform our approach on a broad range of issues, including privacy, cybersecurity, national security, and the broad arena of Internet governance.
The challenges we face aren't easy to solve. There are tradeoffs and hard decisions. In the Trump Administration the driving force is a commitment to meeting the challenges in a way that ensures America's prosperity and clears the way for innovation. America has seen enormous benefits from this approach, so we must continue to give a greenlight to innovators to create a more secure, more open, and more prosperous Internet.
The Administration's commitment to prosperity will be the guide as we tackle the issue of consumer data privacy, and NTIA in coordination with the Commerce Department, colleagues at the International Trade Administration, and the National Institute of Standards and Technology, recently began holding stakeholder meetings to identify common ground and formulate core high level principles on data privacy.
Here is what we already know. America has a strong privacy enforcement regime and a strong privacy regulator in the Federal Trade Commission. The FTC has brought hundreds of privacy and data security related cases including an expanded settlement with Uber earlier this year and a children's privacy case against an electronic toy maker, the FTC's first case involving Internet connected toys. The commission will soon hold hearings on competition and connection in the 21 Century which should help further eliminate the issues.
We know many Americans are concerned about privacy and these concerns can sometimes deter their online activities. Data from a 2017 NTIA survey shows that nearly three quarters of Internet using households had significant concerns about privacy and risks such as identity theft or loss of control over personal information.
What's moreover, a third of online households say privacy led them to not engage in an online activity, such as buying goods or Internet transaction at some point in the last year.
We also know the industry is looking for the Administration to demonstrate leadership on this issue. They're rightfully concerned about the potential for a fractured stifled regulatory landscape. We'll be looking to strike a balance between prosperity and privacy in line with American values, and we're listening to a broad cross section of stakeholders to find that balance.
We want to learn how various sectors are coping surrounding this important topic. Our plan is to publish high level principles along with a request for comment so that we will not only be able to gather feedback on the principles themselves but also begin engagement on how to move forward to reach the goals set out in the document.
Carefully crafted principles will build consumer confidence, boost the economy, and clear the way for invasion, creating confidence is critical for not only today's technologies but for those yet to come.
As I mentioned, consumer concerns about privacy and cybersecurity can hold back the digital committee. Cyberattacks can have direct costs as well. Nearly 6 billion a year is lost to cybercrime according to CSIS, the host for today. To ensure continued prosperity, we must create a more secure digital environment. We've engaged on several fronts in this arena with a particular focus on the cybersecurity challenges raised by the Internet of Things, including botnet attacks, they can be severely damaging as everyone in the room knows. The threats are evolving, growing bigger and smarter, and affecting some of America's most sophisticated companies.
Earlier this year the Departments of Commerce and Homeland Security delivered a report to the President on how to reduce the threat of botnets and we're now working on a roadmap of actions the government and private stakeholders can take to make it more secure against botnet attacks. To be clear, the government cannot solve this on our own. Leadership must also come from the broader Internet and security communities. We plan to play a coordinating and supporting role helping to identify priorities and bringing together stakeholders to solve problems.
NTIA cybersecurity work is another example of our commitment to the multistakeholder model, and we've convened multistakeholder processes to build consensus and make progress on a lot of issues, including cybersecurity, vulnerability disclosure, secure updates of IOT devices, and providing more transparency about the data collected by mobile apps.
Our ultimate objective with the processes is to foster a more resilient ecosystem to the creation of industry led market based cybersecurity solutions.
Last week we launched a new process, focused on the transparency of software components, based on the idea that you have to know if you have any vulnerable components in the connected products if you want to help keep them secure.
In our cybersecurity processes, we start by noticing our digital systems, quite frankly, will never be perfect. There are countless efforts across the government and the private sector to improve security, but for the foreseeable future, vulnerabilities will continue to exist. And NTIA focused on increasing resilience in the case of this threat environment.
Second, we've tried to be timely and take on issues for building quick expert level consensus on a rapidly emerging risk can make a significant difference. We're hoping to take advantage of the agile nature of the multistakeholder process. Third, we know that not every participant will agree in these processes but avoiding contentious issues won't lead to progress. The power of the multistakeholder proceeding is the expression of differing perspectives, which ultimately helps identify areas of overlapping interest.
At NTIA, we understand that the successful multistakeholder processes start with transparency and openness. That's why we continue to advocate for increased diversity, accountability, and transparency within ICANN. Through a role on ICANN's Governmental Advisory Committee, we'll support recommendations to ICANN's Board that aim to achieve these goals.
These recommendations reflect two years of hard work by dedicated volunteers in the multistakeholder community, and we hope to see the recommendations forwarded to the board later this year.
NTIA also expects the third accountability and transparency team to begin work next year. In it a post stewardship environment, the community reviews are critical. We need ICANN's processes to be trustworthy and effective because the community has complex issues to solve.
The most pressing issue facing ICANN right now is updating the who is service in light of the European General Data Protection Regulation, GDPR. it's prior to the effective date in May, provided public access to domain registration information, including contact information for the registry, the domain name.
The information is a critical tool that helps people, keep people accountable for what they put online. Law enforcement uses WhoIs to shut down critical enterprises and malicious websites, and cybersecurity researchers use it to track bad actors and it's a first line in the defense of intellectual property. Unfortunately, European authorities have indicated that the collection of public the collection and public provision of domain registration data violates the GDPR. Because of this, as of late May, domain name registries and registrars have stopped providing domain name registration if it's contained in the WhoIs. This is an unmitigated victory for spammers and scammers that plague people in businesses.
NTIA and highest levels of the U.S. Government are encouraging with the European Data Protection Board and the division and member states to provide clarity and guidance to the community as it works to facilitate access and accreditation to WhoIs information which is now private.
This access mechanism is critical to the needs of law enforcement, cybersecurity and rights protection users, and NTIA will take a lead role in this process to develop access mechanisms and will fight hard for the important governmental and commercial equities in the Who Is service.
Elsewhere on the international front, NTIA has been working with the State Department and interagency partners on a conference to be held in Dubai later this year. The conferences held every four years serves as policymaking events for the Union, and NTIA has some goals and objectives for this year's conference.
First, we want the re elect the United States ITU Council and elect Doreen Bogden Martin as Director of ITU Departmental Bureau.
The U.S. has been a member of the ITU Council since the inception in 1947 and is one of nine candidates for the nine seats allocated to the region. The ITU Council serves the critical function of supervising the overall management and administration of the union and continued U.S. representation will provide vital mechanism for advancing U.S. interests at the ITU.
If elected to lead the Development Bureau, Doreen would be the first woman in the ITU 152 year history to hold just unions five elected positions. She's uniquely qualified for the position having spent more than 25 years in the telecommunication sector, including 14 years on the development work at the ITU.
Doreen is a strategic leader who is known for ability to bring teams together around a common vision and will undoubtedly bring new partners to the work of the department sector.
NTIA also wants to strengthen the governance of ITU. Working with the broader U.S. delegation that will develop proposals, member state oversight, financial management, and the ITU elections process.
Finally, we remain concerned by efforts to create a cybersecurity operational or oversite role for the ITU, consistent with long standing policy we'll resist the efforts and are considering a variety of options, including addressing cybersecurity issues in a forum that cannot lead to prescriptive regulatory outcomes.
That's where we stand at the moment. As we move forward, we'll continue to engage with stakeholders and be responsive to a technology world that is rapidly changing. Just last month we asked for feedback on NTIA International Internet Policy agenda, focusing on how NTIA can best meet the Internet policy changes of today while allowing innovation to continue. We received more than 90 comments on diverse subjects including data privacy, trade, cybersecurity, the multistakeholder approach, artificial intelligence, and intellectual property just to name a few.
Right now, the hard-working team at NTIA is carefully reviewing and analyzing the comments we received. On behalf of the agency, I'd like to thank all of the commenters for sharing their thoughts. We anticipate that it will inform not just the work of NTIA but interagency partners both within the Department of Commerce and externally with the State Department and others that we work with in the international arena.
Finally, let me briefly note work on intellectual property issues. We have a strong team working on IP at NTIA and we have a relationship with the U.S. Patent and Trademark Office also housed within the Department of Commerce. This relationship has allowed each agency to leverage the others subject matter expertise to provide a healthy balance between the availability and protection of IP and innovation in the Internet economy.
We're also deep in the middle of our process under the Digital Millennium Copyright Act. My time is probably about up, and I've only covered really a fraction of what we do at NTIA. The world of Internet policy can sometimes feel impossibly large, but we manage it by remembering what's worked and sticking to our principles. Around the world and even here in the United States, we're hearing arguments we must toss away the light touch, regulatory regime that has allowed the Internet to flourish, that somehow security means embracing an Internet that is fractured or walled off, or that protecting privacy means every Internet company needs a massive compliance department. That's taking the Internet in a direction we simply don't recognize.
As Americans, we support a free and open Internet because freedom and openness are among our fundamental values. We're a nation of innovators, we don't ask for permission to change the world, we go out and do it.
I'm confident that if we hold fast to our values and work together, we can blaze new paths to prosperity. Thanks very much and good luck for a successful day.
>> MODERATOR: Dave has volunteered to take questions. Remember, we have a mic runner. Questions? Up front here?
>> AUDIENCE MEMBER: Thanks for your presentation. My name is Vivian, and I think it's really important and the Internet is very critical, but I think not only in other people, there is Internet of social media or even in their email or even snail mail this is from ancient ages. Now individuals, their communication will be intercepted or obstructed, so I think it's very important if there is anything that will be obstructed from participating and I'm gracious to have a chance to speak.
I think it's important for an exchange of ideas. In current day, a lot of organizations, especially like science, mainly put the PBP reflect a stream for a crime, including murder. So if they are using this approach a recipe for jail, we see a lot of people must in conservation, and that is terrible and think all issues are interrelated, so Internet, if we want to explain for development but really basically is to benefit a few and in people's home and house and everything, so it's not going to solve the problem but just benefit a few, benefit a few, and major population just suffered, so I just wonder if you can think about an interrelated social issues and really put justice and fairness upfront so nobody can take away the rights away and their property away.
>> DAVID REDL: We'll certainly keep that in mind. It's not an issue we have typically engaged on, but I appreciate the way we framed it, and we'll certainly keep that in mind.
>> AUDIENCE MEMBER: Morning. Steve. David, you spent many years in Congress on the staff overseeing the Commerce Department from that side of the table, so I would ask you just two quick questions. One of the biggest surprises that you've had to encounter as you moved into the administration side of Internet policy, and then how would that inform the people in this room as to how we modify, the way we approach say the Congress Department at NTIA versus the way we approach the Commerce Committee over in Congress? They're really not the same thing, are they?
>> DAVID REDL: No. Oh, the list of things I wish I knew when I were a Hill staffer is long, long, long. Isn't that the value of having a new job? You get a new perspective. I'm thoroughly enjoying being on this side of the debate. I think the thing I'm most surprised by at NTIA is the depth of knowledge at NTIA. As a Hill staffer, the Hill gets to see a small percentage of the number of people who work at a given agency, so people you've asked to go be spokespeople for you on Capitol Hill and having a chance now to work with the almost 300 people that work at NTIA and see their dedication and, it's very, it reminds me very much of a comment I made as a Hill staffer at an ICANN meeting, which is the first time you go to a multistakeholder meeting like ICANN and you see the number of people there who are passionate and dedicated in doing this, not because of personal gain but because it's something they truly believe in, it's humbling. It was the same experience getting to NTIA. It is humbling how many people there are experts who could be doing many things outside the U.S. Government but feel passionately about making a difference. I think that's the thing to bear in mind when you meet with us.
>> MODERATOR: We have to get moving to the program so
>> DAVID REDL: One around the corner if you want to do one more.
>> MODERATOR: One last question over here?
>> AUDIENCE MEMBER: Thanks. Hi, I'm curious, do you get a sense that the White House is going to issue any kind of guidance on privacy given, I guess, they had that private meeting with industry recently?
>> DAVID REDL: So we've been at the Department, doing a number of meetings as I mentioned in the speech. We've been doing outreach on the behalf of the Department of Commerce and Administration to stakeholders in the privacy arena to see if we can come up with high level principles to reflect how the U.S. feels about privacy in a world where we try to balance innovation and prosperity with our personal beliefs on privacy.
We're obviously working with our colleagues in the White House and we look forward to trying to put together something that we can put out for comment.
>> MODERATOR: David, thank you very much. I appreciate it.
>> DAVID REDL: Thanks, everybody.