Updates on I-star Organizations From the Bullshit Police

3:03PM Aug 1, 2020

Speakers:

Keywords:

ietf

itu

icann

dns

network operator

privacy

technologies

network

discussions

people

policy

called

important

governments

protocols

standards

meeting

participate

amelia

organizations

more easily accessible to more network operators and so that's just extremely exciting original parallel work at the IETF as well but I will not preempt pkgs

future exploration of IETF

advantus as well. So I think

that's about it. I don't need to do more of a

if anyone has any questions, I triple E 802 and their privacy work I'm trying to respond to them later. But broadly speaking, good news from the IEEE 802 front, our electrical and electronic engineers are doing what they can to ensure that we have the best technologies available to us for protecting our privacy.

I can take the next, the next step here. So my name is Daniel Kahn Gilmore, or dkg. I am a technologist at the American Civil Liberties Union within the ACLU speech privacy and technology project. I'm going to speak here mainly about the IETF which I've been actively involved in as the Internet Engineering Task Force folks who are responsible for the RFC series. Defining internet standards, anywhere from TCP, to sort of higher level standards like calendaring systems and email and web transport work. The IETF has done so in a couple of years since we've done this session. There's been quite a bit of work at the IETF, some of the good, some of the traveling. One of the big focuses at the IETF has been thinking about how we reduce the metadata footprint of the protocols what information we need. This is a long term project. And it's, there's lots of multiple little pieces, Amelia spoke about packet padding, which is a good anonymizing technique. But it's only useful if the metadata isn't actually on the wire directly. So, some of the metadata that we're trying to cut down on are things like the DNS, the Domain Name System, which is traditionally clear. And when you make a TLS connection to secure tunnel the HTTPS uses, and also the same kind of handshake that's used for quick which is a new transport that's being used for the web, beyond TLS. Those TLS handshakes themselves leak information about what the name of the server is that's being contacted DNS packets are widely used for censorship and filtering. And so protecting the privacy of the DNS removes one hook the privacy is closely related to your ability to speak freely online, because without being able to identify it censorship is much harder to enact. But there's a there's a juggling act here, the DNS leaks information about what you're looking up the names are looking up, and the TLS handshake leaks information about what you're actually connecting to. And those travel through potentially different nodes on the network. We've had problems. Many years ago, getting either of those problems to be worked on because each one could point at the other one and say, Well, why should I bother fixing the DNS because TLS isn't leaking. Why should I bother fixing TLS because the DNS is leaking. We've seen action on both of those fronts now so that's the good news. The good news is, we have two different protocols for protecting the privacy of DNS queries do t and do h do t is DNS over TLS and do H is DNS over HTTPS. There's some subtle differences between the two classic IETF fashion is delivering two things to solve a problem and not, and then leaving everyone else to figure out what exactly to do, which one to choose. So it's not as straightforward as it was before and your queries are likely not currently protected by do H, or do t, unless you are using. Unless you're using Firefox, or you're using an Android handset and you've configured it to, to use a resolver that offers d o t. But the fact is, some people have their DNS queries protected today on the network and that means that we've moved to focus on the TLS handshake. The TLS handshake has server name indication which is the biggest leak multiple attempts to fix the server name indication leak have met with some sort of scattered success, but the process now is actually looking at encrypting the entire first packet and set what's called the client Hello NTLM. So if you're interested in this, you should look at the encrypted client Hello work that's being done. And for the DNS part of the difficulty with the DNS is figuring out how do we protect those queries, those DNS queries. And so there's a bunch of active work right now called adaptive DNS discovery, which is total sort of scattered disaster. We don't exactly know how clients are expected to configure their machines to receive. To get the benefits of private DNS.

There's a bunch of other interesting work that's going on, also metadata reduction work. Some of that is going on in the lamps Working Group maps covers email and cryptographic sealed certificates and in the last group we're now actively discussing how to protect cryptographically protect the headers of email as often happens in the IETF the work in the IETF is sort of rear guard action. There have been several deployments of cryptographic header protections for email. That is for email that is cryptographically and protected, like PGP or s mime. And the work right now that's going on in the IETF is basically trying to write down what people are doing and figure out how to standardize it in a way that other people can adopt it work that you should be worried about this happening in the IETF is there's a bunch of folks who are interested in figuring out how do we use the IETF process to encourage interaction between the user and the network, and some examples of that in the past have been tools like protocol proposals like spud and plus this year they're calling it network tokens, but you're also seeing it in some of the transport groups, those groups are actively trying to move metadata from inside encrypted protection to the outside so that the network charitably so that the network can optimize traffic and, and perform better traffic to a degree, but often those things are sort of stalking horses for the ability of the network operator to control what happens on the network. So, it's worth looking out for that stuff. It happens in a bunch of situations and a bunch of contexts. It's also used to claim that we can use this to better use the network to defend against malware attacks or fishing. And so, you know, if folks are interested I recommend getting involved in some of the discussions going on at the IETF around that there's a group that's discussing changes to the threat model that we care about the traditional internet threat model is the network is hostile, and I think you'll find today that threat model is more valid than ever. So there's discussions about how we add nuance to that in the face of people using devices that are running code that is itself hostile. But I think if we, if we focus on those devices, by claiming that the network is not hostile we end up losing the game so I think we need to expand the threat model concerns, and not there. So I'll turn it over, I believe, Yan is going to talk next, but happy to see questions in the chat too.

Thanks everybody.

Hello. Thank you. My name is Liliana Gala. I work for an NGO based in Chile, that it was established that working in Latin American scope. We've recently started to get more involved in this pure technical issues, trying to work in the intersection of these technologies and human rights, but knowing a lot more of human rights than this kind of technology so I will not speak about, like, Well yeah, and the big but access, because we think the or we feel like participating in it that access is a very urgent and important issue that their recent case of the pandemic has been a token, Central, like a focus in in the discussion so just in IDF in irtf. Exactly. There is a group named Gaia global axis for the Internet of all that has been worked. Specifically on access. But most of all, on infrastructure and broadband access to broadband infrastructure, peering and those kinds of issues were technical, but also recognizing the social and economic context in which they this technical issues can be deployed. And that this. In this version of the IETF, they were talking about environmental sustainability and also how community networks in rural areas in South Africa, for example, have like implemented different strategies to deal with the pandemic situation, rural areas where the industry is not really interested in deploying infrastructure, because of because it's not like a, and there are not like economic incentives to deploy. So, that's a very interesting place to start thinking about the intersection with the right to access and protocols and infrastructure. But also, in the case of the pandemics, where every meeting went to we're like hope. There is a discussion, which is a long term discussion but now is like in the case about how to guarantee the successful participation biltwell participation and decision making at ITF. And I think there are a lot of interesting things happening around how to. Or maybe an opportunity for groups, traditionally marginalized, like that, American people, African people African developers and Latin American developers participating actively in spaces like IETF and all this I started

annotations.

Because there are there are a lot of cut costs of participating, and it is usually here to participate in the decision making like being there. Going to the meetings and not participating virtually, even though, ideas, I think have the very best technologist technologies to vehicle participation. And just for say something that for me being in Latin America is very I think it's amazing like 40 hundred people participate interacting, spiritually in a meeting. For me it's something that never happens on don't happen anywhere else. And not participating like here that we are streaming the video and participating in an independent chat. For me it's very difficult to follow. But, interacting and, and discussing actively discussing. At the same session. Right, so that's another discussion. And for example, we during the pandemic started discussing a lot, not in idea, but in other spaces, about RTC technologies and how can we access to. Very quality communication through WebRTC technologies, and in the recent meeting. There were two discussions about how to encrypt the other hand, the communications in the application layer, and how to encrypt the RTP the transport layer. Heather. So, this is interesting for us but I don't really understand what does it mean, because I just think about the software, you know if you use zoom, or gt or WebEx or the Big Blue Button, and that's what I can understand that not a lot of more of that but I what I understand is that encrypting has an impact on the quality of communication on the speed of communication, and in countries where there are a lot of

broadband and speed

and low latency for communications is very different for countries like ours where we have a lot of people in, and we have no infrastructure not good infrastructure we have electrical problems and other things. So, what we are doing now is trying to better understand how different protocols interacting the application and transport layer, and maybe try to participate in these kind of discussions to look for a better quality communications exactly in terms of access, not necessarily in terms of privacy which is very interesting and very important issue that, which have attention in this kind of spaces. But in terms of access also not not one or another but also privacy and access, and good and, and took says, I don't know. Yeah, a high quality access to the communications to the real time communications in this case. So, I think it's a very good opportunity what what is happening on the new group, take home, meet only online, because the people who can travel on long trips to go to their face to face meetings have to meet online and they are trying to find the best way to interact and to have all the conversations, one can have face to face. So if anyone is interested that is think interesting, a discussion on slack is open, and it's about how to continue discussing not only around. Working Groups issues but others in centralized or decentralized federated what does that mean and how to have good meetings, and how to take this opportunity to really get more people in like more diverse people involved in this kind of discussions. So for people who have never think it is possible to actively participate or permanently participate in in this discussions and meetings. I think this is a new opportunity to say there in the same conditions to every other to any other people. I don't know if the same quality communication. But, yes, every one will totally. And, yes, I think that's all I wanted to share.

Thanks.

So I'll pick up next. So again I'm Mallory nodal I didn't introduce myself before so I'll do that now I'm the CTO at the Center for democracy and technology, and now based in DC, but I also used to work for article 19. And there we and still today now I participate in some of the ICER organizations as best I can, as a team of one essentially. And so, yeah, as was mentioned that the IETF was meeting this week. There have been ongoing meetings for the I triple E, as per their usual online meeting, and I can also met last month. In July, and they're all trying to figure out how to meet online, I think, Leanna you brought up really important points. But today I drew the short straw, too, so to speak, and I'm going to talk about I can there, it's a it's a distinct, it's still an iced organization it's setting important standards for the global DNS, but it's a lot more around policy development, and not really at all technical specifications the closest you get is that some of the numbering folks, interact with the IETF are around the back end of how the DNS works, but for the most part, I can is a very large, very global, more and more place to develop policies around the, the entities the businesses, the governments that are selling or managing top level domains or country code top level domains. And there's a lot that's actually been in the news around, I can in fact, I remember distinctly two years ago when I was talking a bit about I can then and how who is had basically just gone down because the GDPR went into effect earlier that may in 2018 and Amelia corrected me to say that actually the, you know, European Data Protection Law data protection law from 15 years ago was ignored by ICANN and notes only once. GDPR came into effect because it included fines that who is needed to be taken down with a swiftness. And so it has been done so back in 2008 the update was that I can had come up with what they called a temporary specification so who is went dark. And then there was basically just a placeholder while they put in, where they installed, people that represented the larger ICANN stakeholder community into something called the emergency policy development process, and while you and I might imagine that emergency is like a 911 call I can tell you and with a straight face that it is taken, it's still not done the emergency policy development process that was put in place in May 2018 is still continuing its work, although it has produced since the last time we spoke, something called an interim policy. So the interim policy. Basically continues the temporary specification,

which means that

there's still no centralized mechanism for screening requests to who is. But you can still get who is data if it's old and it's still relevant so any data that was about any personal data associated with domain registration records pre 2018 can still be found online because there were loads of mirrors and you basically can just do a search. If you need updated personal data for domain registrants from 2018, you can still get that but you have to ask for it, and you need to be an important person who asks for it through. You know, I think, essentially, which was like an M lab process for law enforcement. It's now the interim policy is sort of codifying that a bit more So, essentially, you can become an accredited user, not necessarily an individual I suppose also institutions that then can get streamline access to domain registered data as a whole so it's not one by one record requests, you can get all of it, if you're accredited and it's, and we don't know exactly what that looks like because they're Of course still implementing the interim policy. And then what's next is, they will they are still tasked with coming up with what will be in an ICANN policy referred to as the registration data policy. Now that work is ongoing, it's just been sort of renewed and refreshed after the interim policy was agreed upon by the ICANN Board, but we probably shouldn't expect that until around a year from now and even then, it still needs to be implemented, and that would be, that'll be a feat, so that it'll it'll take a while. But again, like remembering that who is was kind of a bummer and we're glad that it's gone, and we are not rushing to replace it with anything. In fact, there's a lot of questions around streamline data access for law enforcement, that the civil society partners and pro privacy people are still fighting really hard to rein in so that there's not like just basically a firehose of personal data that can be gleaned by people who have this sort of accredited streamline access. Another thing that I might mention. Yeah. Is that also, again you can imagine that some of the reasons why these policy policies take so long is that I can is really trying its best to be a multi stakeholder space, it could be probably moderated a bit more because you have a lot of special interests, still dominate and things get gridlocked really easily. I don't even know if there's a whole lot of opposition to this work but back in. 2017 now. There was developed like a lot high level commitment made by ICANN to value, human rights so to do its best to create its policies in line with human rights standard across a variety of human rights such as freedom of expression, most notably but also privacy. Freedom Association all that, it's now up to people who are advocating in the spaces to monitor and watch policy as it's developed to see if the, you know, the various entities, the sub entities within ICANN are actually following process because it's not also about the outcome of the policy it's like is the process of the development, you know, following human rights so it's very meta discussion. And I think that's important to follow.

As

the, you know, I can sort of has made those commitments itself through running its own human rights impact assessment for the whole of the ICANN organization, and then the idea is that each individual sort of sub entity, like you know the governments that are looking at cctlds and things like that that their processes for policy development are also following human rights. I'll just pause there for a second and say to that I think it's an important thing for folks who are going to engage on this or thinking about it is, um, I don't know that we actually need the Human Rights Impact Assessment model to hold governments accountable for human rights. When we have other un processes for that but that's something that I can needs to work out. It's probably a lot more direct to go straight to the UN to hold governments accountable, and that trying to do that through ICANN is a bit too oblique and sounds kind of like, where some of that advocacy might spin its wheels a bit too much, but it remains to be seen. And then just lastly because I think my time is almost up I wanted to make sure I addressed a bit of what was also very much in the news this year around the.org sale, which is not really, in my opinion, something that I can had to deal with I mean I can did step in, I think I can you know listened to a much broader set of concerns from the, from the community than I sock did, which to its credit, we all appreciate, but it was not necessarily an ICANN issue, because the cut the contract between. I sock and I can for the ownership of. org was not really in question right it was more about what I saw was going to do with it and they totally underestimated and did not value enough from the beginning and still in my opinion, not today, the concerns of people who hold.org domains and the larger sort of civil society sector that whether or not. org is their home felt like they had a stake in it and weren't properly listened to or consulted so I'm not going to go into that much further. There I think that this might have been parts of discussions and other sessions and hope but from my view I'm always of course having happy to. Yeah, talk about and one thing I would just like to say, and this is just coming from my opinion not trying to give you information I think that one of the problems with the way that the the biggest problem if I could criticize how the sort of saved or campaign happened it was just that they called in the California Attorney General to get I can involve which undermines, a lot of efforts to try to make, I can truly global like we don't want to be encouraging the US to get in and arbitrary on various decisions that are going on, I can we really do want the community to be able to handle that. And so I just think, I just hoping that we don't see more of that. I hope we don't see the Attorney General, from California getting involved in a variety of extremely concerning things that are happening and I can, we'll just try to do do our best to advocate, within the policy development community itself, however slow and frustrating that might be. Anyway, I'm going to turn it over to Memphis now.

Thanks Mallory. So my name is Michelle and sorry, I am head of digital at article 19 which is an organization you've already heard a couple of times from Valerie and Amelia so I don't need to intro it too deeply here. I am going to be talking about the it EU or the International Telecommunication Union. Unlike a lot of the other organizations we've talked about the ITU is a un specialized agency, which means that it's intergovernmental, and it's mandated to address transnational aspects of telecommunications infrastructure. What's interesting about it and something that we talked about a couple of years ago is that more and more of the ITU is interested in internet related issues and standardizing them. Up until now, the ITU has largely been dismissed as an internet related standards body as a body that has a lot of clout it when we think of internet infrastructure and that's really because it's been largely ignored by US and European industry. That does not mean that the work coming out of the ITU is not deeply problematic for the impact that it has on internet infrastructure as it's deployed around the world. In terms of updates, really the big news is that the ITU t which is a technical standardization, a sector of the ITU that's where all of the internet related standards are developed within the mandate is coming up at the, it's coming up to the end of its four year study period cycle. It's technically supposed to be ending in November, but due to the covid 19 pandemic it's been extended slightly into February of, 2021, and that's when the world telecommunication standardization assembly or the W TSA is set to meet. This is really important meeting, because it's going to set the mandate and the agenda for the ITU t over the next four years. And that's the meeting. That's going to set, exactly what issues the ITU t will be able to address. It's important, it's an important space because especially in the last couple of years we've seen an explosion of really problematic internet related issues crop up. And this again has to do with some of the things we talked about at the last update that we did, which is the fact that the IQ is not multistakeholder, it's really opaque. It's not very transparent, it's dominated by the interests of governments and to a far lesser extent, industry and civil society or public interest representatives are just not represented in fact, the ITU is quite hostile to input from civil society and we saw that quite clearly in 2018 at the highest level conference that's a treaty level conference for conference called the plenipotentiary. We tried to advocate for more openness and more multi stakeholder ism at the ITU and we were unequivocally shut down in the strongest terms possible because it turns out governments are not so interested in having multi stakeholder input in IQ decision making. So that really makes what we've been seeing in the last couple of years very important because even though us in and European industry is not so interested in the it as a decision making space and it's largely been dismissed. Chinese government and Chinese industry have been really been really interested in the ITU and that interest has only grown in the last couple of years, the ITU because of its position as a un specialized agency because of its international clout and the legitimacy that an itu standard brings in terms of in terms of adoption from particularly from global South governments is really made it an interesting space for for China, and its industry to start participating in to a wider degree so we've seen a lot of really big Chinese industry players spend a lot of money, a lot of resources, a lot of time in the EU, trying to develop standards for everything from the Internet of Things and smart cities to AI, machine learning

to quantum computing DLT and blockchain. Really, what the interesting thing that we've seen is that these big industry players I'm talking about Huawei and ZTE but also the big players like big telecom players like China Unicom China Mobile China Telecom kind of that that trinity of telecommunications players that are now developing infrastructure, all around Europe and Asia as part of China's Belt and Road initiative, are really focusing on making the IQ, the hotbed for standardization of emerging technology issues that they then want to implement as part of developing infrastructure in global South contexts. So, the WETA in that context is really important because the, the mandate and the guardrails that are going to be set around these issues will determine how standardization and the it works for the next four years. And we're already seeing the adverse impacts of not having those guardrails in the last couple of years, for example in study group 16 in the ITT we've seen, not one but three or four different proposals for facial recognition architectures and frameworks that are really problematic because there are absolutely no discussions in place from a user centric or public interest perspective there again because it's multilateral and opaque and it's just government's talking about this and we've already seen how governments have bungled up discussions around facial recognition technologies. A lot during the last update session we talked about the digital object architecture, which is the architecture that was being standardized to the IQ as sort of an alternative DNS in that same vein of trying to find alternative systems alternative architectures to what we consider the, the internet. We're seeing the development of what's called new IP in the EU it's been quietly developed for a little over a year and the ITU T is created quite a stir in November, because it finally reared its ugly head in the IETF where a lot of stakeholders finally started paying attention. This is a standardization, or standardization effort that's really being led by Huawei, and the proposal is in very early stages in the ITU t but it's really looking like an architecture for interoperability for heterogeneous networks and if that sounds familiar to you it's because it probably is it's meant to be some kind of some kind of supplanting architecture for what we consider to be IP and the internet as we know it. So obviously, because of the lack of accountability the lack of transparency in the IQ and particularly in the ITU t these kinds of efforts are problematic, and they're only going to grow in in nature because of the lack of transparency and accountability ever seen there. So I think I'm gonna end it there so that we can hand it over for questions, I'll hand it back to Mallory yeah so that's

the plan is we're going to go into responses to questions, but also responses to each other because I think that, you know, there's a lot of overlap. Well, there's where, where there's overlap between some of these eyesore organizations there's some interesting stuff. And I think we all sort of have a bead on what other folks are doing and then we can now go a bit deeper, deeper by riffing on that so we're just going to do the same thing just a tour of the table, starting with Amelia and going back through so keep the questions coming, we can do this as many times as we need to until we run out of time. Go ahead.

I try to be brief in my presentations, but I was very so I thought maybe this connects well to what marriage was saying on the International Telecommunications Union and the importance of political decision making at the global level with respect to what networks we have, but also tying into dkg message of positive engagement in in technical standards organizations and if you want to make use of the fact that there's at least some organizations that are trying to do good things, some of the time. What do. And so the fact that there are privacy recommendations in the IEEE 802 community of course it's not so valuable in and of itself, they're just a bunch of nondescript recommendations that are not mandatory for engineers to comply with or or implement, they can serve as guidance for engineers if they want to produce privacy preserving technologies, but ultimately the companies that participate in chip standardization, they're very big multinational companies and they respond to economic incentives. So if one is of the mind, that one wants to have stronger privacy protections in the wireless communications equipment that is being deployed for smart cities, or in you know your local mall or your airport or wherever you need to start thinking about whether there is a way that your local council or your local airport, or companies that purchase these network equipment or services from network operators. If they can start requesting implementation or adherence or maybe some kind of checklist from from these privacy recommendations. So I think one of the very strong points of the privacy recommendations that are now going into like the final form, I triple E is that they have a checklist in them for what privacy preserving wireless and wired network technologies would look like it's very it's like modeled after the IETF document, RFC 6973 on privacy recommendations for internet protocols that you could actually go to I think if it costs, eight, and just, you know, check, check that does the technology that I'm trying to purchase fulfill this privacy requirement the other privacy requirement and so forth and if we can get people that put money into network technologies or network technology services to start requesting adherence to that checklist that will of course incentivize the chip vendors to look at the list more closely when they develop new technologies and in the absence of economic incentives. A lot of the existing privacy work might not pan out positively for networks. After all, and so I thought that would be like an important thing to raise like the endgame is regulatory. So big companies will not be doing good stuff unless they believe that good stuff is profitable for them. And that requires work not only in the technical standards organizations, but also follow up work outside of the technical standards organizations. I think dkg might also be able to talk more about stuff like the captive portal standard at the IETF, which is super important and allows network operators, not to man in the middle attack their users. And so having more public Wi Fi providers airports malls, all of these entities. Make use of such technology, technological developments will for sure be very important if we're looking at getting more robust and secure infrastructures, or as all

SRL under, see if

somebody else wants to

go ahead and DK to you, we're just gonna go down the list and you can pass or say as much or as little as you want really

sure. Yeah.

So I want to speak a bit to Emilio's point about the captive portal protocols and also to some of the questions that we've seen in the chat about about naming and some of the issues around the centralized name systems. So captive portal was a great example of one of the really tricky protocol design projects. So the goal of the capital word or group within the IETF is to provide a mechanism that the network operator can use to to basically indicate to the user that they need to do something. In order to continue on the network. So you've probably all seen this when you've been traveling, you get onto a network and all of a sudden your browser pops up a web page that you didn't go to but why is it popping up that web page, so that's being done, basically sort of by accident. There are some gaps in some protocols and the network operator basically intercepts all of your traffic and sort of forces, this webpage on you. And it's not done in a very well centralized way currently, and it's, it can be pretty sketchy I've actually documented some attacks you can do with existing implementations where you can, if you know what someone's doing on their computer you can sort of fish them. If they join your network. So they kind of put up projects tries to define a well, a clear standardized way for the network operator to say hey here's an easy to do to continue on the network. Now, there's a, there's a spectrum of things you could let the network operator do to your device that run anywhere from extremely constrained things where the network operator really can only get you to acknowledge that you're on their network or something to arbitrary user interface operations the user was never happy we can sort of control, take over control of your machine as soon as you join the network and and what is being shown on the screen at that device. Obviously, well, maybe not obviously but I personally prefer the network operator to be more constrained, I would rather they didn't do any of this stuff. But by developing the standards. The goal is to say, Hey, stop doing all of the horrible nasty shit you've been doing and pick up just this particular constraints dialog constraint interaction. The balance here is that they're currently doing really bad stuff and they're not actually paying much of a cost for doing that. If you want them to adopt this other approach. It's not clear what their incentives are so I think I want to echo what Amelia was saying, which is that the return on this end game is regulatory, I'm not sure if regulatory like government regulation is deducted but the financial incentives that you highlighted are really, really clear. I don't know exactly how we muster that strength but I hope that folks who are here who are at hope we're interested in the implications the social impact of tech. We'll think about that, if we have the standard available, how do we force folks to use it, who otherwise might do even worse things real quick I want to just mention there are questions in the, in the, in the chat about about the centralized nature of the Domain Name System. I will point out that the DNS that's a new naming system which aims to not have quite the same centralized mechanism and offer some additional protections for queries, is the GNS project has presented at the IETF has been presenting for the last few times, they're not making much traction within the ATF. And that's in part because of their communication strategy around their technology. So I encourage folks who have thought about sensitization and who are interested in these alternate naming strategies to get involved with the standardized standardization process and see how you can help sort of streamline the pads for those projects. I want to. We've only got about five minutes left and I want to make sure I do have a chance to talk so I'm gonna turn it over to whoever wants to speak next.

I can jump in then, um, I wanted to make two comments one is just a general comment about, about a few things we're seeing so the things that message mentioned in the EU, brown, China's efforts are spilling over into the IETF as well, which is really interesting so there's one particular set of redesigns of the way the internet works the IP protocol, they're calling it new IP and they're really pushing that at the ICU, first and foremost, and it's meeting with some resistance, because of the issue of mandate creep. One of the ways that it's been able to be kept somewhat within like under you know the lid has been kept on of it is because folks are saying like, this is not the role. This is for the IETF. So they've come to the IETF Now, a few times to talk about this idea of redesigning completely the AI, the IP stack which would just create a lot of, you know, opportunities for things like network tokens and things like that it's just not all, it's not very user friendly let's just the end user friendly model of IP, and so they're coming to the IETF, which of course the IETF doesn't really want to work on it, either because of all these problems the IETF has a lot more privacy and and thinks about these things a lot more carefully. But there is some value now though in perhaps, looking at how this work might continue to be discussed in the IETF otherwise it's just going to get kicked back to the EU. So there's a bit of a delicate balance there. There was this week, a meeting at the IETF 108, about what they're calling new IP but also different acronyms that all kind of mean you know the same sort of thing, but I wanted to spend the last few remaining minutes, I hope, we'd have time for you as well members to respond but there's a lot of questions about, I can. And I just want to reiterate a couple things that may not be super obvious from what I said before. One is that I can is policy and it's binding so unlike the I triple E the IETF you know places where the specifications are really suggestions for implementers of the best practice way to do thing, I can create a policy that is contractual for anyone who is managing a top level domain. That's why the stakes are so high, and also we have to remember that the alternatives are not great, so something like to do a beverage mentioned before is not ideal, It is like is compelling and interesting for authoritarians because then they don't have to deal with I can where I can is a multi stakeholder process. So just remembering that when you're thinking about the same. org situation right,

having one

government or one entity controlling this is not the idea we are actually trying to move away from that that was what the Ayana transition was all about which was an effort that went from like 1998 to very recently, trying to get it so that I can is fully independent and that the people and the entities that are engaging in that space are doing so on equal footing, where you don't have the ability for one elected official from one government to be able to come and make changes. I don't think that we have time for much more but Nevis Did you have anything to say at the end,

we're unfortunately out of time Mallory, thank you so much to you and to all of the panelists for the conversation we've had here today. We're looking forward to having another panel up next we have the FF panel the Aussie FF panel up in 10 minutes. And so we'd ask everyone at home to continue watching as we put on the bumps and our info Beamer and we'll see you at the top of the hour for us the E FF Thank you very much.