Commonwealth IGF - The Cyber Crime Initiative

29 September 2011 - A Other on Security in Nairobi, Kenya

Session Transcript

September 29, 2011 - 11:00AM

***

The following is the output of the real-time captioning taken during the Sixth Meeting of the IGF, in Nairobi, Kenya. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.

 ****

    >> MODERATOR:  Okay.  I think we can give it another two minutes to see if other people come and then we'll get under way in two or three minutes.  Thank you.
(Pause in proceedings)

>> MODERATOR:  Test.  Good morning.  Okay.  Ladies and gentlemen, I think we should get under way.  First of all, I wanted, I wanted to first of all complement the Ugandan hosts on the organisation of this IGF, Kenya.  We could not have hoped for really anything, a nicer environment and the organisation that we've had for this.  So we thank very much Kenya and the wonderful work that Vini Alis has done in planning really for this. 

    Then I'd like to very much thank you for being here, the audience.  And this is the third IGF that the Commonwealth is participating in.  What we're planning on doing today is to very quickly give you an update on activities that the ICF has been involved in in the course of the last 12 months and very secondly, to give you a very brief overview of a use initiative that, you know, we launched earlier this year and then to give you an update on the charge station two kit.  And we have John Carr to speak to that who has been very much responsible for the development of the repository that ‑‑ on child protection. 

    Really during the course of the last year, our activities have focused on, we had three regional meetings.  The Secretariat has convened on the subject of the ICT development programme.  And in each of these meetings and other building programmes that the Commonwealth has organised, this year we have introduced a commodity on internet governance. 

And this is something that has been very well received and has also given us an understanding about the very lack of awareness of the internet and how it works and the lack of engagement that we have in many of the Commonwealth Member States.  There's a good deal of work that has been on the Web site.  It's been updated.  There's a new newsletter that is introduced.  Policies on child protection have been updated.  We have a blog and there have been various topics in the blog that have been sort of fairly active in the last few months. 

    But the centrepiece of our really workshop today is going to be security.  And we'd like to talk to you about an initiative that the Commonwealth secretary is proposal to undertake.  And this really emanates from, we have been around for, you know, two years.  And when we talk to people about, they see that internet issues have to do with the internet are, the subject that comes up time and time again is really security. 

It's a tremendous amount of community in a number of jurisdictions about site security and the distinction between that and Cybercrime.  And there's an obvious really lack of capacity in many number of countries with regards to really starting with legislation, having to put legislation in place and getting above that, beyond that, having the appropriate technical capacity for volunteering for investigative legal interception, for forensic or prosecution purposes.  And it is really out of a sensitivity of this really need for support.  The need for the development have the capacity underground to enable really countries to have the appropriate capacities over time to really play a role in the commenting of Cybercrimes. 

So the main presentation is going to be really dealing with that.  I'll be talking more about that when I'm introducing that presentation.  On the panel, we have today Lara Pace who is going to talk about the project.  We have John Power who was really a member of this panel last year, who was very active on the child development programme.  And then we have Zahid Jamal who is known to many of you who has been one of the team that has been involved in the formation of this initiative.  And I have really Mark Carvell, again known to most of you who has been one of the principal players in this as well as John.  Keeping these short because we'd like to really conserve as much of the time to get reactions from the floor. 

So I think without further ado, if I can turn it over to Lara Pace who will talk about this project.
   >> LARA PACE:  Thank you.  Last year this idea of meeting, youth engagement was one of the objectives that we set for 2011.  We decided to set up a collaboration with a university to have students have this professional practice exercise on the internet.  Students were asked to present, produce content for our Web site.  The best of content was awarded a prize.  He is here today.  And he is our CIGF official correspondent. 

The pilot has had very good success, very good feedback, positive.  And we've decided to re‑run it this year and open it to the Commonwealth countries.  An expression of interest is going to be published at the end of October.  And we will be inviting media organisations and institutions to participate in this youth engagement project.  Towards the end of the competition, we will hopefully have similar awards, inviting young people to attend the IGF and be correspondents the same way Louis.  He has been doing a very good job, has been Tweeting and commenting on online themes for our online audience.  We're delighted to have him here.  We hope that we'll have a larger participation in the next year.  Thank you very much.
   >> MODERATOR:  Okay.  Thank you very much.  Lara.  Now I'd like to bring on John Carr to tell us about developments on the child protection.
   >> JOHN CARR:  One of the things that we prepared was a joint publication between myself really and ICMIC, the international Centre for Missing and Exploited Children which is based in Washington, DC, in the U.S.A., fantastic organisation in all kinds of different ways. 

    One of the key things which they do every year is it updates its annual, it does an annual survey of the state of legislation in relation to child pornography, child abuse images in the ‑‑ in fact, originally it was limited to the 198 countries that were in membership of the United Nations but now they extended it and it covers, I think, around about 210 or 202, something like that, countries around the world.  So it includes a number of countries that are not yet, perhaps they ought to be, in membership of the UN. 

    And they produced a matrix of the factors which they used to judge whether or not any given country had met the basic standard in terms of legal frameworks at any rate for dealing with online child abuse images. 

    For example, a country would have to have a basic law that said the possession of child abuse images is illegal, that the distribution of child pornography, child abuse images is illegal; that there was a requirement to report it and things of that kind.  There were five fairly basic things which the ICMC, as I say, annually assessed.  And we brought out this document which the common wealth of the IGF, Secretariat kindly published. 

    Being a Brit, I looked at the countries that didn't pass the test, so to speak.  Let me put it another way.  Of the 198 countries that ICMC looked at, in their opinion, in my opinion, according to that matrix of five factors, only around 42 countries met four or more of the five basic considerations that exist for dealing with child pornography on the internet. 

Amongst the 150‑odd countries that didn't, as I say, being a Brit, I noticed that a very high proportion of them were from the Commonwealth, Commonwealth countries.  The fact that the Commonwealth IGF, I never entirely got my head around bureaucracy of the IGF, they published this document point to go this relatively poor performance on the part of Commonwealth countries. 

    So one bit of good news, and I'm very pleased that my good friend professor Marco Gerka is in the room because he's been centrally involved in this.  About five, six months ago, five Caribbean countries introduced comprehensive legislative change specifically to deal with this question. 

    Now, I'm going to claim that, I mean, Marco is a very charming and talented man so I'm sure a lot of the credit should go to him but I think we here at the Commonwealth can claim credit for bringing the subject to the floor.  It was the subject of detailed discussion in London earlier this year.  And that's great news that at least five, it could be more, I just happen to know about that because I've run into Marco at dinner last night and he told me.  And I'm sure he's going to come in later on and put his input.  I hope you will. 

    The other thing that was mentioned in the tool kit last year which I'll discuss and we discussed this in London was the stated play on the EU directive.  The European Union, the commission of the European Union produced a draft directive to update the laws and legal framework dealing with many things to do with child protection but also again specifically there was a section in there on child abuse images. 

    The original proposal which the Commission made had it been passed would have made it mandatory for every country in the EU to create machinery to allow them to track and then delete any illegal child abuse images that were found within their jurisdiction.  That clause has remained in and unchanged from the beginning. 

    The second clause that was in there initially would have required every country in the European union also to introduce the blocking mechanism for images that were not ‑‑ that were being housed on service outside of the European union which they, therefore, obviously couldn't themselves directly delete. 

    That proposal has not survived in its original form.  The legislative process is within the commission, within the European parliament, within the institutions, I should say.  What has remained in the draft which is now essentially been agreed, the deal has been done, I think it's actually finally voted on by the Parliament next month.  What has remained in there is a recognition that blocking of illegal images is a legitimate and proper way of tackling this subject.  And it's made optional for countries to do. 

    Now, both of those things are very definitely progressive developments because a lot of countries are already doing deletion.  And some countries were doing blocking.  The fact that they're enshrined in the legal instrument is a step forward.  And now I have another bit of good news for you. 

    Since last year, and again, this will be going into any updated tool kit In Hope, the chief executive Adrian is here.  I'm not sure I can actually say this.  But In Hope has been able to secure some new funding which will allow it to help countries that currently don't have a hotline to establish one.  And I believe it's correct to say that they intend to give a particular focus to countries from the developing world, the industrializing world. 

    So if your country, if you're from a country that doesn't currently have a hotline and you think you should have one and would like some expert help and advice in developing one, I'm on the advisory council of In Hope, by the way, which is how I know about these things.  In Hope may be able to help because it's now got some funding that may be able to help with that. 

    Actually, do you know what, I think that's all I really need to say by way of an update.  So a lot of good news, I think, in the last 12 months.  The ICMC, the next ICMC report is due out soon, so we'll have a comprehensive picture.  It won't depend just on me bumping into Marco in bars around Nairobi.  We'll have a more systematic update of the position.  And thank you very much for listening to me.   
   >> MODERATOR:  Thank you very much, John.  And of course, all this will be captured on our Web site which will be updated.  And now I'd like to really turn to Zahid Jamil.  Before doing so, I really want to say that I mentioned in my opening comments that this really initiative that we're going to be talking to you about now really comes out of this sensitivity that we have, this really capacity building that is required. 

And in the actual formulation of this initiative, which is intended to be really a holistic approach to addressing this really capacity issue, there have been intensive consultations, first of all.  So people who have been involved in the formulation itself which have included really the UK government and really we've had some from the Canadian government and also Zahid will be talking about the partner agencies that we're trying to join to this.  

    I'll turn it over to Zahid now.  Thank you.

   >>  ZAHID:  Thank you.  I'm trying to look for the screen to get it up there.  We have some problems with the slides. 

    Is there a...

    The purpose of the Commonwealth Cybercrime initiative was to look at the existing arena of Cybercrime and cyber security.  And what we saw was that there was obviously a mandated division between the two areas of Cybercrime being a part of Cyber security.  But more importantly, contributing to all those elements that are required by law enforcement and by governments to go after the bad actors once they've had a cyber security breach. 

    The Commonwealth is a group of 52 nations around the world which have and do share a common legislative tradition, the common law.  The advantage with that is that it becomes fairly easy for countries where within the Commonwealth to adopt policies, guidelines, legislation, modern laws that come from the Commonwealth. 

    Sorry.  I apologize.  I think... thanks.  So the slide should be coming up pretty soon. 

    What we'll do is we'll show you the map of what the Commonwealth looks like as well and speak a little bit about the proposal. 

    So the initiative is basically aimed at basically utilizing the comparative advantages that the Commonwealth platform provides in being able to go into these countries and say, "Look, we have a common shared tradition and legal tradition."

And what we have is also since 2002 a Commonwealth law on cyber computer related crime.  What hasn't happened in the last few years is that that model law has not been implemented in sort of a structured fashion throughout the Commonwealth.  The advantage of the Commonwealth model law is it actually conforms to various international ‑‑ sorry, various national best practices out there and international conventions, one of them being the Budapest convention on Cybercrime. 

In fact, it was modeled after the Budapest convention on Cybercrime.  The model law will provide a vehicle available to the Commonwealth to go into these countries and advocate, and provide training in those countries because a lot of the countries which are developing countries do not have available the expertise and technical assistance.  There are global policies that are coming up and the politics that may be taking place.  A lot of the on the ground assistance, the practical work that needs to be done, tends to find itself left on the side.  And what the Commonwealth Cybercrime initiative aims to do is to take and use this model law that it has down to these developing countries and have it adopted. 

    Now, let me read out certain aspects of what, you know, I wish the slides ‑‑ are we getting the slides?  It's coming.  Okay. 

    What I'll do now is just sort of give you certain blurbs which are on the slides and hopefully that will be helpful.  The model law, apart from being consistent with common law and also being based upon the Budapest convention, provides the implementation of the model law not only provides a comprehensive framework for taking action against Cybercrime, it will facilitate the harmonization of legislation.  It will encourage those states which desire joining treaties, etcetera, and to participate in international forums with regard to international cooperation.  

    So once you go ‑‑ the initiative will focus first on doing a health check.  Once do you a health check, do a status check on legislation.  Once that is done, to actually also focus on the regional perspective of regency in Africa and other countries like south Asia and say, what is it that we can do to have these countries conform to a harmonized standard of definitions.  And the reason why harmonization of Cybercrime is important is because it is the basis upon which cooperation across borders is going to be enabled.  If, for instance, in a country in the Caribbean and a country in Africa the definition of illegal acts differs, there will be great difficulty in prosecute ors, investigators to basically go after the bad actors and try to bring them to task. 

    So the Cybercrime initiative's first goal is to use the model law as a legislative tool to try to go in and create harmonization.  It doesn't stop there.  It provides, in addition to the harmonization on the bases of legislation, regulation.  Once you have a on wonderful legislation, how do you implement it?  What are the implementing regulations, etcetera.  And that is the second aspect of what the Commonwealth Cybercrime initiative is going to aim to do. 

    Are we here?  Oh, excellent.  So we're going back up to the lack of harmony.  So do I need to say, "next slide"?  Is that how it works?  Thank you for putting up with my lack of organisation.  I apologize for that. 

    So rolling back just a bit, the lack ‑‑ we can go back to the slide that was there earlier, please.  Thank you.  There's a lack of harm any and compatibility in the criminalization of behavior on the internet as well as the definition of cyber offenses.  This is the key reason why it is very difficult for law enforcement to cooperate across borders. 

    Next slide, please.  So what the Commonwealth model law will do is provide a minimum foundation of common definitions and threshold, harmonize critical laws, establish international cooperation.  That's the important part, international cooperation because Cybercrime is really fast and global.  Fast regime and fast and effective investigation and prosecution.  Yesterday in the workshop we heard, we can't wait months or years.  We have to do it within minutes or days.  But it will go beyond the monolog.  There is a need for enabling investigator that things such as monitoring and the capability within those countries to be able to do surveillance and monitoring and to be able to assist in Cybercrime investigation prosecutions and then in part, therefore, assist in cyber security is a requirement where this initiative will also help. 

    As I was reading out ‑‑ we can skip to the next slide.  And the next one.  One after.  Thank you. 

    So the areas as you said, the first element is the model law.  It will start off with policy going into a country saying, what is your policy or strategy on Cybercrime.  Deal with harmonization of legislation.  As part of that, improve the investigative and procedural powers within legislation that will be provided to law enforcement, provide legal assistance and cooperation within the law enforcements within country and work on that.  But at the same time also provide as I was mentioning earlier, post‑legislative assistance on regulations. 

    Next slide, please.  Technical assistance, this will be done by initiating a process which will be regional outreach.  So it's not just going to be country‑specific but we're going to try to get harmonization, that's one of the things they want to do.  Provide status of legislation, are they up to mark, where do they need the changes, provide the technology to countries to say, we would like to know where we are in the world when it comes to Cybercrime legislation at the moment.  What do we need to improve.  And technical assistance specifically on drafting that legislation from the resources that will come through the Cybercrime initiative to actually provide them the nuts and bolts, expertise, technical assistance to be able to draft those legislations. 

    Next is capacity building.  Next slide, please. 

    Investigators, forensic experts will require in developing countries especially a lot of technical assistance and capacity building.  If you go to most of the developing countries, speak to law enforcement and say how do you attack, how do you investigate a Cybercrime. 

Do you have the forensic capabilities.  In most countries you will find maybe one, maybe two but there really isn't throughout the law enforcements this initiative.  What we aim to do is to bring to those investigators and forensic experts the ability and the capacity building to be able to try and improve the ability to do that.  In some cases, actually provide it from scratch because they don't have it.  And what this will do is allow those developing country forensic expert investigators to be more easily communicate, collaborate, and cooperate with international law enforcement. 

    Operational technical capacity building, setting up high tech crime units, cooperation setting up 24/7 points, helping them do that in their own framework depending how they want to take it; interagency between agencies; and providing the ability to do international cooperation.  And I will be mentioning legal assistance on the next slide as well. 

    Search, specifically mentioned, in several places in the our documents, the ability of the intent of the initiative to work on setting up searchs within developing countries.  And judges and prosecutors, it is extremely vital as a part of Cybercrime strategy that once you've trained the forensic expert investigators to bring the evidence to court, the prosecutors need to know how to argue it, present it, and the judges need to know what is the basis on which they're going to make these decisions. 

    As you can see, this follows in great respect the strategies already outlined in other best practices as far as the initiative is concerned.  And obviously, the more important one is awareness. 

    Next slide, please.  And more specifically on this, law enforcement agencies, prosecutors, judiciary, private sector awareness, I don't want to leave the private sector out, there's a very important role that the private sector can play.  We're talking about the development of law enforcement, private sector guidelines, example being guidelines.  And it's a private to private and a private to law enforcement cooperation that the initiative wishes to promote.  And obviously, the partnership within the initiative of private sector will be of extreme importance, awareness in this, awareness building. 

Let me talk about that for a second.  When you're trying to do this, it's not just useful to go in and speak to investigators, prosecutors but I think what we found in certain initiatives around the world is if you speak to parliamentarians, if you speak to those who are going to legislate, who make policy, policy makers, it makes a big difference.  Let's not leave civil society out either.  They're the ones who help children, individuals and basically the members of society to understand what it is that they need to do, one, to avoid and to basically provide cyber security awareness but in a addition to that, if a crime does occur, where do they go, who do they go to.  What are their rights?  What can they do?

Just about the last slide is the international cooperation bit.  The mutual legal assistance, which is the official legal mechanism by which countries will be able to cooperate with each other, becomes an extremely important part and has been mentioned in our initiative.  What do we mean by that?  A mechanism within legislation of countries so that if requests come from abroad, they can respond to those.  Now, that's only the legislation.  We'll talk about the legally binding or internationally binding nature of the second. 

    The scheme within the Commonwealth provides a basis for mutual assistance.  It's an accepted Commonwealth standard, a Harari scheme, and does incorporate several aspects like preservation of electronic data.  So it's fairly, as we will say, in compliance with cyber security, Cybercrime requirements. 

    So when we need to have international cooperation, there needs to be an obligation within countries and law enforcement that if a law enforcement of one country asks for information, the law enforcement of the country will be under an obligation legally to provide it.  That can only be provided by an international treaty.  Currently the only one that we know of is the Budapest Convention.  That plays a role in that respect and in that part within the initiative to try and explain what that does and to bring to the developing countries the plethora of the various resources and standards and treaties and best practices available internationally and to let the developing countries make the choice on the basis of best practice. 

    And lastly also to provide them with the assistance to liaison with the national organisations. 

    And last slide, again, just sort of a recap.  53 country, it's a collaborative programme between these countries.  The model law recognized by the Commonwealth members becomes therefore a perfect vehicle to go into this.  Last slide, please.  Thank you.  I'll let the panelists sort of give their response.  Thank you.

   >> MODERATOR:  Thank you very much, Zahid.  And if I can call on maybe Mark Carvel, who has been very much involved in the formulation of this initiative.  Mark?

>> MARK CARVEL:  Thank you very much, Joe.  We're still in morning, aren't we?  Good morning, everybody.  It feels like the afternoon. 

    And thanks to Zahid for running through the essential elements of this Cybercrime initiative. 

    Now, I just wanted to preface the discussion we're going to have with you here by underlining the importance of taking forward this initiative now.  This is an opportunity from my perspective as a member of the steering committee representing the UK government.  This is an opportunity for stakeholders in the Commonwealth, business partner, legal experts, law enforcement agencies, users, judicial institutions and the policy makers in government and cross governmental institutions.  This is an opportunity to ensure we have a fully developed initiative.  And that's why it's important for you here in this session to give us your feedback and give us your views on the initiative; it's priorities and its aims and the kind of mechanisms that Zahid has described. 

    In this way, we can present to the Commonwealth heads of government meeting next month a fully developed initiative.  And it comes from the involvement of stakeholders.  That's an important element which we want to underline when this is considered at the Commonwealth headings of government meeting. 

    And there is also a link across to another multi‑stakeholder forum that's taking place shortly.  And in fact, it follows hot on the heels of the Commonwealth heads of government meeting.  I'm talking about the London conference on cyberspace.  This is a conference that's being held in London on the 1st and the 2nd of November.  It's a follow‑through of speech with the UN secretary William Hague gave earlier this year in Munich about principles of behavior in the cyber sphere, in internet, in the world of the internet. 

    One of those principles was, and I quote, "The need for us all to work collectively to tackle the threat from criminals acting online," end of quote. 

    So the London conference will have Cybercrime as one of its five sessions, one of its five themes, each of which will have a session. 

    So this is a very timely initiative by the Commonwealth Internet Governance Forum is being developed here by a group of very expert partners.  And I believe it will help inform discussions at the London conference on Cybercrime because it presents an initiative which is constructed in a way that addresses some, we believe, the key elements that need to be defined and then worked through in terms of implementation, legal frameworks, capacity building, cooperation.  Those are the headlines elements which Zahid has indicated is a lot more in the detail. 

    So it's important that we do have your views and subsequently through the Web site, through direct contact with us, on the initiative, on how it is going to be best implemented, questions like where do we source the capacity building, who are the key actors and partners we should engage within the Commonwealth countries, how do we carry out the direct training, who is best placed to deliver that training, give us your suggestions on experts to involve in individual Commonwealth countries; really think about not only the concept of what we're trying to achieve in terms of capacity building and cooperation but actually delivering on it and it's imperative that that delivery follows through quickly and effectively and in a fully developed way that embraces all members of the Commonwealth, those who already have things in place, who already have experience to impart, those that really have gaps to fill who really need to engage and benefit from cooperation with other experts, with stakeholders in other Commonwealth countries to underline really that this is going to work only if there is true stakeholder involvement of the key people.  And the key people are identified. 

So those are my opening remarks and suggestions for issues, questions to think about in this discussion and subsequently.  Thank you very much.  

   >> MODERATOR:  Thank you very much, Mark.  I'd like to call on our next speak torr really give us a perspective of really the challenges associated in the implementation of the appropriate frameworks in Sri Lanka.

   >>  Thank you.  I'm Gia Fernando, director of the agency in Sri Lanka policy agency.  I was involved in the drafting of the computer crime, a series of amendments to the law to adopt the electric tropic banking environment in Sri Lanka and also help to establish Sri Lanka CRT, which is part of the global community. 

    Let me briefly outline what I would like to say here and why I'm here to support this initiative.  With reference to some background that might help you understand the difficulties we encounter in the formulation of our law in Sri Lanka. 

    In terms of background, we embarked on a journey a couple of years ago, the year 2000 to be exact, we embarked on process of law through multiple channels.  And in the review processes that went, what were conducted at the law commission, we were grappling with what models and options we should consider in framing our national legislation. 

    So many options came out.  We had the Commonwealth model law and discussions around it.  And we were informed of the convention that was gradually gaining conclusion and going through some process of completion.  So we waited to see the way the trends are moving.  So it was a long wait, being the 2001, 2004, and in the final stages of formulation, and through 18 sessions of the parliamentary section of crime finally decided that the best way for us to get some kind of mutual assistance and cooperation was through following the Budapest Convention but also looking at the model law of the Commonwealth as a framework in consideration of the legislative approach. 

    Now, in getting this process forward, the challenge we encountered was the lack of capacity.  Lack of capacity, knowing which options and models we should look at, lack of capacity in building and creating for law enforcement and service.  And understanding the frameworks that we need to put in place most notably through third kind of models to prevent cyber incidents.  So this is a Commonwealth initiative that has been proposed here.  I commend the initiative for the reason that it provides a platform for capacity building and providing nations within the Commonwealth with options and tools that I would develop around the sphere of Cybercrime prevention that we are able to see today. 

    So there are so many options.  So every country can select the best option and the mode he will for them and make it a steppingstone to whatever international norms and conventions that they would like to sign to in getting better recognition within the international framework and being part of the global community, prevent and deal with Cybercrime issues and be part of the global community there. 

    Now my final conclusion is that the Commonwealth framework, the Commonwealth of country has perhaps the best, perhaps ‑‑ provides the largest block of countries that have adopted similar evidence rules coming from the British common law traditions.  And this is one area I believe in giving input in this process, will be perhaps providing inputs from the government of Sri Lanka for this initiative, that one aspect we would consider is providing some kind of tool kits and guidance in terms of electronic evidence admissibility.  And that is one aspect that we are grappling with at the moment because in Sri Lanka, we have a dual, one for proceedings and another one for Cybercrime leading to different standards in terms of probative value.  So that aspect is something that I would like to lay on the table and conclude with those thoughts and once again say, we will be supporting this initiative wholeheartedly.  Thank you.

   >> MODERATOR:  Okay.  Thank you very much.  Before I turn it over to the audience here for commentary, really a couple of points I really wanted to make in this, is that first of all, this is really a Commonwealth initiative and by that, we mean that the Commonwealth really by virtue of its membership is the catalyst.  They have really precious little by way of capacity whether financial or technical resources to really do really much of this. 

And so the idea really behind this initiative is to really draw on the wealth of resources that really presently exist.  And we have been really working with really a broad range of partners in this including the Council of Europe in the formulation of this, the IGU, the telecommunications organisation, ICANN is a partner in this because they have really a part of responsibility for this as the Commonwealth moves forward.  I'd like to turn it over to Alan for some comment on that.  The ICMC, the parliamentary laws association. 

    So a range of partners in this, and the objective in this is to draw on that really capacity that there is in order to really start tackling this issue that many countries are desperate for and this is something that is in the global interest.  I'll turn it over to the floor but perhaps if I can start off with Alan Michael who has been very much involved in the initiative of the Commonwealth from the outset.  Alan, thank you very much.
   >> Thank you very much indeed.  Firstly, can I pay tribute to the way that you have held this together.  We wouldn't have come as far as we have in the last couple of years if it hadn't been for the personal leadership that you've applied.  And that's greatly appreciated. 

    Zahid referred to legislators.  And there's a very worrying factor about legislators and that is that they tend to legislate.  And a couple of truisms are necessary to apply.  The first is that laws rarely prevent what they forbid.  I repeat this at every opportunity because I have that temptation to legislators, but laws rarely prevent what they forbid.  And the whole point of exercise ought to be to make the world a safer place, not just to have laws that look very nice and express a particular view. 

    And then the second thing is that legislation is often passed on the basis of need or prejudice.  What's around in the news at the time, rather than on two things which one is the evidence of what will actually improve the situation and secondly, the values that need to be applied in legislation. 

    So the fact that this initiative is based on the values of the convention is extremely important and exchanging experience across Commonwealth countries. 

    I'm a member of the UK executive, the Commonwealth parliamentary association.  We as UK branch gave evidence to the eminent persons group that focus on internet‑related issues was extremely important within the framework of the Commonwealth for the future.  And I contributed an article to the magazine for the CPA's 2011 conference which was held in July and which had a series of articles saying N. these are the big areas of challenge for the Commonwealth future, one that I did outlined that internet governance is the big opportunity for the Commonwealth parliamentary association and shouldn't be treated as another thing that can be dealt with through legislation or expanding intergovernmental bureaucracy.  The Commonwealth is an I deal place to lead the way

    I strongly endorse the approach to focus on the broad rather than pretending it is possible to do everything.  So the focus on children's issues with John Carr, again using the experience that's been developing in the partnership over a period of time, is an extremely effective approach and the engagement of young people, I think, is extremely important, delighted with this idea of a scholarship and the way that is being pursued from the UK, we have young people here this week from Child Net.  And they're contributing a great deal, I think, in forming the learning that we're getting out of the event here.  And I think we can take that further.  I've been talking to somebody about partners for the school in Kenya so that young people are engaging with internet issues in one of the schools and my constituency might be involved in exchanges. 

    Coming particularly to the Cybercrime issue, I think this is where we are starting to tackle the really big and serious issues, and that is entirely appropriate for the Commonwealth.  I worry, as I've said in other places, about the term, using the term Cybercrime.  I'm afraid for many people, it means that you put it in that box which is understood by techies and which the rest of us don't have to worry about, whereas actually the phrase, I think it's intended to refer to human activity which happens to make use of the technology and the software and the opportunities that are created by internet development. 

    But I think in communicating more widely, we need to be careful that the term Cybercrime doesn't become something that makes it not a matter for us, for people in legislation and in government around the world. 

    Parliamentary engagement I think is extremely important.  I and my colleague Joyce for the ministers are involved in trying to lift discussion and the informed nature of discussion about internet‑related issues of the agenda in the UK parliament, has tended to be left to a small number of people who have an interest and with the speaker's support, we're trying to engage it in the more general debate of parliament. 

    And finally, we're looking at some of the issues of mapping and measuring Cybercrime and its impact within social developments within the UK.  There's some work that will be coming out later this year which hopefully will help us not just with our big stuff, of how this is dealt with through the law and through legislative frameworks and through action by law enforcement but also how you can help to deal, as we have done through local crime partnerships, to not just have to wait for legislative opportunities in order to tackle the things that are day‑to‑day nuisance for people in their everyday lives and in the use of the internet.  Thank you very much.  

   >> MODERATOR:  Thank you very much, Alan, for that really very valuable input.  And on the issue of really cyber security and the norms and behavior, we have some suggestions relating to language that we can be using in the document.  We're very grateful for that.  Thank you very much.

   >>  Thank you, Mr. Chairman.  Mark called for some comments that you might want to include in the initiative.  And John already referred to something that is happening.  My name is Marco, a law professor, I'm currently involved in an EU, CEO co‑funded project dealing with capacity building.  In Pacific, sub‑Sahara, and the Caribbean.  And I'm currently working with, I would say, half of the Commonwealth 11 states, especially 11 Caribbean countries, a couple of Pacific countries and in the near future some African countries. 

The title, I'd just read the title is, enhancing competitiveness in the Caribbean through the harmonization of ICT policies, regulation.  So what they're looking into is E‑commerce, E‑transaction but one important pillar is Cybercrime.  What was happening, especially in the Caribbean and the Pacific, exactly what you are plan to go do right now, was taking place.  So 15 Caribbean countries came together.  They did a full assessment of their Cybercrime legislation.  I'm not only speaking about substantive criminal law and procedural law but also aspects for admissibility of evidence in court and the liability of internet service providers, regulations dealing with the reporting of crimes as John mentioned.  So the full, really a very comprehensive approach. 

    So they did an assessment of the current legislation.  Then they mapped it with regard to international standards.  They were looking at the Budapest convention, the Commonwealth model law, at what the Europeans were doing but also what the United States did and others because what we've seen is that, I'm a great fan of the Commonwealth model law because it is going beyond the Budapest convention, it includes admissibility much evidence and it is more language specific with regard to the commonwealth model law ‑‑ sorry, with regard to the Commonwealth legal system.  So I really like it.  But still it needs an update.  There were things that happening.  And some of these developments you find now in EU legislation or in the United States, good examples, good practices. 

What was done, there was a gap analysis.  And then these countries, experts from these countries came together, legal expert, policy experts and drafted policies and Cybercrime, first of all, because they said we can't go into legislation before they have policies.  They have very lanced policies that deal with all different aspects.  Then they developed a model framework which is specifically dealing with aspects which are relevant for Commonwealth countries, for example, the question who is authorizing an investigation, on what basis, swear an oath or whatever it is, is an affidavit which we don't use in the civil law system. 

    And then now they're implementing this legislation, as John was mentioning.  I've heard a couple of times from different organisations like the Council of Europe that if now harmonization of legislation is taking place, it will take very long.  I think the Commonwealth can do something like this in a short period of time because the 15 Caribbean countries last year decided about the legal framework on signer crime which by the way includes something like getting Alaska sets to a child pornography Web site or ‑‑ access to a child pornography Web site or it enhances the definition of pornography by saying it also covers not only something that visually depicts a child but also audio files.  All of this including spam, everything is in this framework.  And a couple of countries have already implemented it right now.  That means they're moving at fast speed. 

    And the final point, this project also includes capacity building.  That means you can see that there is training for law enforcement, closed training sessions.  There is training for judges, prosecutors and all of this. 

    So I think the Commonwealth countries, and these are experts.  I'm not claiming that I get credit for this but the people I am working with in the countries have knowledge.  It is not ‑‑ this is the only point where I disagree.  You said that in many much those countries, there is nothing they don't have the capacity, they don't have anything.  You have very advanced people in small developing countries like St. Kitts, St. Nevis. 

I was working with people with legislation.  I've been working in this field for 15 years.  I was using the Council of Europe definition until Caribbean experts told me, it says visually depicts and it excludes audio files.  We need to improve it.  So I'm really touched by this.  And I think the only thing that I would like to give you is maybe look into this.  It's all on the web.  You have a good contact to the ITU.  You have good contacts to the EU.  Learn from this great thing.  The Caribbean was first.  The Pacific copied what the Caribbean did.  And this includes by the way in‑country support.  So it's going on for two years.  And it can already be done.  So why not hook up, why not merge this and make something bigger of this.  Thank you very much.  

   >> MODERATOR:  I thank you very much for that.  And certainly I think that the thing that we have really attempted to do from the outset is really not to replicate anything that is already taking place but really to capitalize on that. 

    Having said that, I'm sort of very interesting in that particular feedback.  At the same time, it's interesting that the reading that we have, some of the regions that we talked about, and this is interactions that we're having for people on the ground, both in the Caribbean and the Pacific is really quite different from that.  So it's at variance with that.  So I think where we have to start off in this, I think this is something that is very, very critical, is to really get a reading on really what the state of play is in these countries. 

And it is so vital to build on really what it is.  And the capacity that we have to use in order to complement whatever needs to be done is capacity along the lines that you are really talking about.  So this is really not in conflict.  We'd like to really build on really what have you done. 

    But having said that, we are getting a different reading in terms of the realities on the ground.  It's interesting because I spent some time just really before coming here with Virginia Moyer.  She counselled me about this, is very much interested in this activity.  They have really similar concerns.  And they really have been really talking about an approach not dissimilar to this in terms of the holistic approach, the need that takes place, the legal technical.  But I would not comment about that, very quickly some additional reaction, not spend too much time.  I'd like to start here, we've got a lot. 

    It doesn't seem to move.  I'm sorry.

   >>  Thank you.  It sounds like the Caribbean has a solution.  I'm sure there was excellent work done.  We had a meeting in Malta where a lot of people from the Caribbean expressed the importance of this.  It is telecommunications from Caribbean countries showed an interest.  Also let's not forget Africa and Asia‑Pacific and south Asia.  And they may have their own views. 

And it's difficult sort of to state a smaller version of 15 countries in the Caribbean, but it is something that I think is very useful.  It could be brought in as one of the resources, like the Budapest Convention which is an international document but it's a treaty. 

    So providing all these resources to countries will be very, very useful and also at different levels, at different countries, when you go into a country which already has legislation, now you're working to add value further.  The initiative doesn't stop there.  The initiative goes even further and says, you got legislation.  What do you need after that?  What do you need even after having regulations?  Do you need training, prosecutors and judges being trained, forensic experts, etcetera.  It is very holistic.  It doesn't go to every country at the same level.  It will go to whatever level the need might be. 

    And also let's not forget that certain regional maybe models may be useful but the Harari scheme in the Commonwealth provides mutual assistance across the breadth of the Commonwealth countries and that would be extremely valuable.

   >> MODERATOR:  I hope I didn't mention your name in vain.  Did you want to come in now, say anything or comment later?

   >> JILLIAN:  Thank you.  No, no problem at all.  For those of you who don't know I'm Jillian.  I work for the UN office of drugs in crime.  I had been speaking this morning with Joe about this because obviously, at the global level the UN institution covering crime prevention and criminal justice issues.  We have many mandates to work on this.  And they have been reinforced in the last year after a crime Congress or crime commission, governing body this year.  These are specifically to do with technical assistance and capacity building for developing countries. 

    And when I heard about this initiative, I actually approached Joe.  I think that there's room for everybody to work together in this.  My approach to this would be that the way forward is that all the partners bring whatever value they have to the table.  And we tackle this in a comprehensive and holistic approach.  And that's the only way we're ever going to get long‑term sustainable capacity building in developing country.  And we have to look at ought all the angles, but also for law enforcement, prevention, public awareness, everything. 

    And one of the things my office is actually working on right now is, we're developing a needs assessment methodology.  This will be published sometime in the near future.  We've done this, we've got a lot of background and technical assistance in other area, not necessarily Cybercrime, I agree.  But in corruption, organised crime, assisting countries, trafficking in human becomes, firearms.  These are the areas we work in. 

    We have 25 field offices throughout the developing world.  And obviously, this can help.  So I think that we should actually partner, work together and try to take this forward.  That would just be my approach.  Thank you.  

   >> MODERATOR:  Thank you very much, Jillian.  We have first a gentleman over here and then one in the back and then Nick, please. 
   >> SMITH:  I'm Smith, here with the British Computer Society.  I work in the field of cyber security, basically everything from counter‑fraud to counter‑terrorism. 

    One of the things that I keep coming across, we've been talking about legislation and trying to get harmonization of legislation.  One of the things I keep coming across is organised crime, terrorist groups, especially people on the network, using legislation to their advantage.  Quite often now you see them using things like human rights, privacy legislation, laws around encryption and things in the UK, we have RPA, we have Part 3 which we can use but in other countries, that's not possible because of human rights. 

    What's being done to try to harmonize the legislation so that organised crime and other groups are not able to use liberty enhancing legislation to their advantage?

   >> MODERATOR:  Thank you.  In Europe as well in most countries, there is a requirement, especially in the Commonwealth, a very strong rule of law, common law basis which believes in certain safeguards, especially judicial ones.  You'll find that in Article 15 of the convention.  You'll also find a lot of that in the model law. 

    So it's difficult to say that we should take human rights and privacy and all these things and throw them out of window.  It won't be possible to do that. 

    I also work with law enforcement.  I'd love to see that happen, but it will be difficult to have countries where you go down and say, give all these rights together of civil liberties.  That is a decision that individual countries will have to make at that level when we go in and provide them different principles that exist maybe in Europe, America, and other countries.  But it is important that when we do provide this technical assistance, we do inform them that judicial safeguards and legal safeguards have to be in place. 

But it has to be balanced.  It shouldn't hamstring law enforcement from doing what they can and trying to keep a balance between say, for instance, privacy and security which is again a topic that we discussed at the IGF, but to completely take it out from the purview of the initiative will be I think difficult and difficult for countries to accept.

   >> MODERATOR:  Thank you very much, Zahid.  I should mention at the outset that we have some really people who are participating off‑line.  And so if I could turn over to Tracy, and I think we have a question.  And then we're going to go to Nick in the back, to Mark, and the gentleman across.  Thank you.  Tracy?

   >> TRACY:  Okay.  Thank you.  There's a question from Kenya remotely.  How are we preparing at‑risk communities to deal with Cybercrime even if it is a complicated pursuit. 

(No audio)
   >> That input that we've had from the multi‑stakeholders and in terms of the really addressing the situation which is going to take some time, we have to use all the available capacities that are there and, you know, can be tapped into.  So Mark, you wanted to comment before the ladies and gentlemen.

   >>  MARK:  Yes.  Thank you.  I just wanted to come in very briefly on the point raised by the British Computer Society about criminals using liberty enhancing legislation to their advantage.  I think this, while we should not be too ambitious with this initiative, it does provide the opportunity through the engagement of so many experts and key actors in so many countries to collate information, data, and experience with regard to that factor that would be a valuable resource for informing discussions at a later date whether within the Commonwealth or globally. 

So I think this initiative has the potential for enhancing through the kind of stakeholder interaction and sharing of experience and data that it has the opportunity to inform the global community.  So it's highly consistent with the aims and experience of the Internet Governance Forum, the global IGF.  Thanks.

   >> MODERATOR:  Thank you very much, Mark.

   >> JIMSON ALUTI:  Thank you, Chair.  My name is Jimson Aluti.  I'm the president of the Industry Association of Nigeria, the vice chairman for the world of technology and services alliance, responsible for modernizing society in Africa.  I also have the privilege of representing the business community in the CSD working group to IGF. 

    First and foremost, I would like to really commend this initiative.  And I think this is one of those outcomes that we can see from IGF, very positive outcomes among many, but a substantive one indeed.  In fact, I've come to address the issue of confidence on the internet on the use of the cloud and use of resources.  And on that frame of IGF, we talk about internet development.  And this actually affects more the people in the developing nations.  And so that is why this is very important, combatting Cybercrime. 

But the process of getting it done is a concern here.  We know of many initiatives that are slowly getting to the ground.  This has to move fast by really cooperating the view of all stakeholders, involving all stakeholders, aligning it in the private sector, the bar association, the industry associations, society.  And then perhaps using the strong States, to pass it through. 

    Right now just about maybe 10 percent penetration of internet in Africa, for example.  And we expect development to really take place on the basis of internet adoption.  So if you are having these challenges right now, earn cans in the developing world, it is going to be greater if you don't do anything fast right now

    So my question is, how to lead the process using the examples.  So I think that should be a major concern here.  It's a good thing.  Thank you.

   >> MODERATOR:  Thank you very much.  I think that, you know, we have a really a sense of urgency that there is really about this.  First of all, I think that is the really the whole reason why the initiative has been put forward.  And I was going to be talking really towards the end about the progression of this, where it is going from there. 

    We realise that this is something that, you know, has to really get off the ground really as soon as possible, mindful of really other things that are equally useful things that are taking place. 

    But I think because of developments, we're seeing now in the internet in terms of policy and the rapid expansion that we have, there really is a desperate need to ramp up really this initiative as soon as possible.  Thank you very much. 

    We go to Janice Richardson.
   >> JANICE RICHARDSON:  Thank you, Chair.  Janice Richardson, I'm the coordinator of the In Safe network which exists across Europe.  I'm speaking now in the name of In Hope and In Safe because we work together under a joint agreement. 

    We are talking about resources, but we have a resource which perhaps could help some of the countries here to step up at least their awareness raising and perhaps also the implementation of a hotline. 

    We have study visits where we can offer any country who puts up good project and chooses one of our 13 member countries as the site for a visit.  We can, therefore, cover the costs of the visit.  And I think that this is a very good way of rapidly building knowledge, drawing on the expertise that exists so this is funded by the European Commission.  But I would like you to take note that this possibility is available.  And you can contact Adrian Weir or myself about it.  Thank you.
   >> MODERATOR:  Thank you very much.  And we'll take note of that.  We're having these discussions and we're going to be following up on this.  And we very much value the prospective partnerships I think with your organisation. 

    Thank you very much.  We can move to the gentleman here and then to you.

   >>  My name is Risin from Nigeria.  I want to talk on, just to mention some of the things we discussed.  On the issue of capacity building, of finding capacity, there are some, with respect to Cybercrime, there are some processes already on like the Arinique and Afrinook.  There will be a meeting in Cameroon in November, 25th of November.  And African is a group, we have a training session.  So if we can get the name of the director is Parid Nigu. 

So groups like that, if we can get groups like that and critical group of capacity through using an approach for youth, for professionals and others.  We have a particular time, would lead to resources for some workshops or conferences like that.  We can show people like it's done in India, cyber security in India.  There are locations on the risk for communities, pieces where it is assumed or believed that they are coming from. 

    My friends who are doing research to identify using IP address, to determine if the Cybercrime is actually originates from two places where it claims to be.  So some of this, we can welcome.  Thank you.

   >> MODERATOR:  Thank you very much.  We'll take note of that and be following up.

   >>  Thank you very much.  I'm an executive director of In Hope.
  >> I'm....
  >> Thank you, Mr. Chairman.  I am Ashrad Atkinson.  I am a legal advisor and also practicing member.  I have a letter of intention to the remarks of the honorable Michael and a good friend regarding the deficit they have found in terms of result from the legislative provisions.  It's true, they do exist.  But when I read the initiative, I found for one that the kind of deficit they talk about which exists is one of the reasons for the initiative because the biggest deficit is found in the respective aspects of Cybercrime, the sanctioning, the prosecution, the investigation. 

So long as this aspect of the logistical aspect of Cybercrime is not ‑‑ doesn't go up in standard as seem to propose the initiative in terms of training, in terms of exchange of information, in terms of availability of sources too new about how to drive forensic evidence.  I think they have a point but the initiative does take care of it according to my humble opinion, that if we go in the way which is paved by the initiative, of course, it won't happen overnight. 

    At some point, we'll have many jurisdictions where there be capable people, capable police officer, capable and trained prosecutors and judges who would do the side of the job. 

    Right now, when we look at the growing, thriving professionalized crime economy which exists, I think the initiative brings in a very good answer in the meantime to tackle this problem.  Though I will not lose sight of the remarks of the honorable Alan Michael right now. 

I have to say that if this initiative gets the chance that it deserves, and I hope it does in October when the heads of state meet and gives the Commonwealth work at this model again based on what they want to build in terms of legal logistics, I think we will have come a very long way. 

    In fact, I would advocate that we read, especially practitioners, this initiative with a lot of care.  It has got a mine much information, a mine of things that we could do, especially for those, I can pride myself in saying, we have a satisfactory legal answer.  But in terms of results, I don't see it.  In fact, the Cybercrime is central, placed in a very dark corner.  It's where they are placed.  But we can bring it to the forefront because this is the crime with which we have got to come and grapple in the very short term. 

    Now, to come to the point which was raised by my good friend on the side, the members from the African community that we have got law enforcement agencies meeting twice a year when we have our policy meeting and if one goes to the Web site, you will find it there.  And to end on one note, one person raised the issue of civil liberties.  Those who have been changed in the legal culture, our institutions which, in fact, protect the liberty of suspects.  We have to do with it some time as a defense lawyer, I am, I would like that these things, they become harder again to protect the defendant. 

But let this try to balance the thing, what is the right to the accused, what is the right of the victim, what is the right of the complain ant and also through this initiative, I think we're a long way in trying to get the balance right. 

    I'll end by saying, the initiative is not going to being a treaty.  And it is flexible in the way you did use it that is standard.  If it is used as a standard, if it is used as a yardstick to put your legislation, the kind of legislation you want, it is a good initiative.  I thank you, Chairman.

   >> MODERATOR:  Thank you very much.  We are out of time.  But I'm going to take the Chair's prerogative, we started a little late, to go on for 10 minutes, if you can make your comments very brief, identify yourself, and we'll try to wrap up in 10 minutes.

   >>  ADRIAN DWYER:  Thank you very much, Chair.  My name is Adrian Dwyer, executive director of In Hope, the umbrella association for the national hotlines in partnership with In Safe, part of the safe internet programme from the European Commission. 

    We can't have 40 hotlines around the world.  Two years ago, we lost our first, had our first member here in south Africa. 

    I would like to say, we talk about developing countries, myself coming from Europe and having worked at the internet watch foundation for several years, I very seldom saw images of black African children as victims in this child pornography or images of child sexual abuse. 

    South African hotline is currently seeing 25 percent of the images that they deal with of African black children.  So here we are saying that there is a market here for offenders from Africa are using the internet to share their images. 

    I think it was also quite pointed to say that from Australia yesterday afternoon, during his presentation, showed the IP addresses of several people here in Nairobi who are actually sharing known images of sexual abuse on the internet. 

    So this offensive, the distribution and the sharing of images of child sexual abuse affects everywhere and also in the developing world itself. 

    So as a result of that, In Hope is making an effort to assist in the development of hotlines in developing and emerging countries in order to provide a reporting facility for the community and for society to pass their concerns on. 

    There are many having to deal with, but also many other concerns which the Society raises.  And it provides a valuable conduit for the society to actually inject their concerns into the system. 

    So executive director Hope, I ask anybody here who is interested in setting up a hotline or establishing a hotline in their country, please let me know.  And we look to work with you.  Thank you.

   >> MODERATOR:  Thank you very much, Adrian.  Please note, so we can go to the gentleman in the green suit and then the lady in the white blouse, please.

  >>  Thank you.  I am Ko Chaus, I'm a Kenyan working as a web master.  I would like to echo what the previous speakers have spoken on on this important topic.  There have practical exams that we have experienced currently within, we have problems, examples, with our users and our institutions.  For example, we have had our Web sites hacked.  And people have....  of Cybercrime.  People have actually suffered and it has affected the users somehow that being driven away from using the internet. 

    So my issue, my question was, how can this forum first track this process so that this authority could take up this matter, so they don't turn away from using the internet.  Thank you.
   >> MODERATOR:  Thank you very much.  I think that the process would be fast tracked really from where we are in terms of launching the process.  It's very much dependent on really national governments in terms of how quickly they're able to take this up.  So the demand is going to have to come from really national government I think as far as that is concerned.  We can talk a little more about that. 

    The lady, please.
   >> ATHENA:  Hello.  My name is Athena.  Well, lowering the initiative in the legal framework is very important and endorse and so on.  I would like to focus on the guidelines which you said that they are also very important.  And I agree with that because the implementation of the law is a very delicate matter.  And sometimes we see, we do not see the proportionality there. 

So I'm not saying that the LEA's, the law enforcement authorities do not have the technical knowledge.  Of course, they do.  It's just that for some specific technical aspect, when they try to implement the law, maybe, you know, a corporation with the appropriate organisation, the agency, we do come in touch with law enforcement authorities from our region which is Europe, Middle east, and central Asia.  And I think this is something we should also take into account when we are talking about these initiatives.  Thank you very much.

   >> MODERATOR:  Thank you very much.  We have really John Carr, Mark, I'd like Alexander to come in very briefly and we have a gentleman here, be very brief and I'd like us to conclude in the next several minutes.  Thank you.  John?

   >> JOHN CARR:  Two quick points.  First of all, I was very interested to hear Marco's points about the work that was already going on in the Commonwealth and the resources that appear to be available. 

    When I was working with the ITU, we did a survey, questionnaire was sent to every government and membership of the United Nations.  And about a third of the governments replied.  Almost universally, they all say, "We need help.  We haven't got the capacity."

That could simply be, our questionnaire went to the wrong guy in the wrong ministry.  That kind of thing never happens in Britain, by the way, because we've got such a smooth, well‑oiled machine.  It's impossible to imagine that happening.  But I'm told in less fortunate lands, that kind of thing can from time to time happen. 

    But my impression traveling around the world is that lots of people need lots of help.  One of the values of coming to things like this, of course, is that we hear about things.  It's a way of coordinating and hooking up with each other. 

    Second point I want to make is in reference to Alan Michael's familiar refrain about the uselessness of legislation and not preventing.  Many years ago, and Alan will recognize this story.  We had a very famous politician called Bevin, comes from the same part of the world as Alan does who make a speech against unilateral nuclear disarmament.  This is a man who was a passionate supporter of unilateral nuclear disarmament.  He was worried about the secretary, Nevin, because he said, and I quote, if you pass this resolution committing us to unilateral nuclear disarmament, what you are doing is you are sending a British foreign secretary into the negotiating chamber naked. 

    In other words, to kind much bring that back, if you're not going to gamble when you're dealing with high tech companies, legislations is useless, governments don't know what they're doing, you've already given away a substantial part of the power and position that you potentially have. 

In my dealings, and I deal with these guys day in and day out, if the industry does not believe that you are willing to legislate and that you are willing to act and that that is in your mind, you might as well take up missing because they ain't going to listen to you.

   >>  If I can just respond briefly to that, John as always is right but missing the point because the remarks between Bevin and his foreign office colleague, of course, were personal and not a lot of things come down to the person who you trust and who you don't trust. 

    I absolutely agree that it must be very clear that you will use legislation where it's necessary.  The danger is that you start with legislation rather than starting with a solution and then looking at what legislation is necessary to make things happen that will provide the solution to the problem. 

    And it depends whether your audience is the people in business or the people who are developing the technology, in which case John is right to say that you have to make clear that you are intending to do things or whether you're talking to legislators or policy makers, if Mark doesn't mind me saying this, civil servants in my experience are brilliant at producing a strategy and legislation but not necessarily as good as developing the partnership to get all the participants in the room to ensure that the legislation is the right legislation at the end of the game. 

So as usual, I'm not disagreeing with John.  We're just refining each other's opinions.

   >> MODERATOR:  Thank you very much, Alan and John. 

Mark, very quickly.
   >> MARK:  Thanks so much.  And just on Alan's point, I think I'm starting a revolution in the UK government in terms of our work being rooted in practicalities and what's realistic and what's implementable. 

    Anyway, I just wanted to comment quickly on the point which was a very good one about criminal abuse of the domain name system and so on.  We have, I'm the UK representative on the governmental advisory committee at ICANN.  We've been talking to fellow commonwealths and ICANN members about this initiative. 

I think we can bring that particular element certainly on board for the initiative.  It's very important.  And through our contacts and contacts with the other international registries, we can, I think, formulate an active element with regard to that within this initiative.  Thanks.

   >> MODERATOR:  Thank you very much, Mark. 

Alejandro? 
>> ALEJANDRO BISANET:  Thank you, sir.  Alejandro Bisanet, chapter in Mexico.  I apologize if what I'm going to say was included, but I never saw or heard any reference to the units we call CERTS, and certainly in the discussion, doesn't seem to give them enough weight.  And also a valuable contributor as mentioned by the lady whose name I didn't remember.  Go to the core internet technical communities of every country.  They are far in advance in most cases.  They are much better connected than even the well connected police forces, law enforcement agencies in the capacity to come up with capacity, try to take into account into the national and international conference. 

    I believe that the Commonwealth has a particularly strong case for cooperation and to become a world class example because of the mechanisms of cooperation, the alignment among the legal and governmental structures.  But going to these technical communities and universities to build these structures from the ground and the capacity building from there up is vital.
   >> MODERATOR:  Thank you very much, Alejandro.  I'd like to call on Alexander who is being, one of the principal really players involved in the formulation of this initiative, to make some final comments.  Thank you.
   >> Thank you.  This initiative is at some point aimed at being very, very pragmatic.  And that's a strength of it.  It's also trying to be multi‑stakeholder, and that complicates many things.  So you have to find a way to overcome that, also. 

    We have been arguing for a number of years that a lot of instruments and tools on Cybercrime are already available.  The model law is one of them.  The Budapest convention is another one.  The main problem is the lack of capacities to implement tools and instruments that are already available.  This initiative is addressing exactly this problem.  And that's why it is so much welcome.  We need this initiative and we need at the same time also continue all the other initiatives that are already on the way.  And all we have to do is avoid that there are inconsistencies and get a minimum of coordination without strangling the different initiatives.  That's very important. 

So from a Council of Europe perspective, the way it is formulated now, how it was formulated at the end of the day, we can be supportive.  We have been asked by a number of government representatives, and not only government representatives but also other interlocutors, whether you're not sending out a confusion of message to countries. 

The Commonwealth is now an alternative.  The model law ‑‑ no, I don't think so.  The Commonwealth model law is very much built on the Budapest convention.  There is a scheme, Herrara scheme, consistent with what the Budapest convention does, a country that fully implements the law and the scheme is very, very close to the Budapest convention that is very, very welcome and therefore, adds long as this is the case, as long as it closely coordinates on this, as long as we can see the Commonwealth model law and the Herrara scheme as a possible steppingstone to the Budapest convention, I think there is no confusion at all, there is complementary, in the sense from a Council of Europe perspective, we will be happy to cooperate.

   >> MODERATOR:  Okay.  Thank you very much, Alexander.  I would like really to conclude.  I think that is a really good wrap‑up as any.  I would like to adjourn.  I see they are gathering outside.  We're also competing for your lunch.  I value very much really your feedback.  I think we have taken note of pretty much this. 

The process of concern is a major presentation at our Commonwealth business forum which is taking place in conjunction with the Commonwealth headings of government and then cyber security is really one of the terms on the heads of government agenda and we'll be keeping you informed of really developments, the launch of this to our Web site.  So I thank you very much for really coming here and the valuable inputs.  Thank you very much. 

(End of session.)