Cooperation Working Group session
.
RIPE 82.
.
18 May 2021
.
16:00 (CEST)
.
ACHILLEAS KEMOS: It is four o'clock, I think we can start.
DESIREE MILOSHEVIC: Yes, please start.
JOHAN HELSINGIUS: Great.
ACHILLEAS KEMOS: Okay. Good afternoon, everybody. Welcome to the Cooperation Working Group. We are very pleased to have you back again to RIPE 82 meeting, the Cooperation Working Group session, and we are very pleased to welcome our new co‑Chair, Desiree Miloshevic, that was selected as co‑Chair during this winter selection procedure that we had. So very welcome, Desiree, she will take the floor in a minute.
.
Just to finish in a way with a couple of administrative things, the fact that we have a third co‑chair means that we can go on with the renewal for the other co‑chair's position, as Julf and myself were appointed at the same time, so leaving both of us with, that would mean that chairing the group orphan, so now we'll start in a way this procedure renewing the other Chairs at RIPE 83.
.
And just with many thanks to Gergana that is also doing the script for this meeting, but she did the minutes of our meeting in RIPE 81, just so that we circulated end of November to the list, the mailing list of the group. So just to check with everybody that if the minutes can be approved.
.
And with that, I would like to pass the floor to Desiree to start with the first chairing experience in this meeting.
DESIREE MILOSHEVIC: Thank you very much for your support and thank you to all the members as well. I look forward to serving the RIPE member Cooperation Working Group and the RIPE community.
.
So, the honour is mine. We have to introduce the speakers for this session of the Cooperation Working Group and we have published our agenda, and you will see that the Digital Services Act is dominant on our agenda today. So we have two speakers speaking to that. And also, a third speaker speaking a little bit from a different angle about the SSIDs.
.
Therefore, I would not say a lot since we only have a 60‑minute slot. You can use the Q&A session to ask the questions if you have a direct questions for the first speaker.
.
Maybe share your screen whilst I speak. Welcome. We can also see you. Are you all set for the presentation? I believe Julf will ‑‑ okay. You are still setting the audio, and whilst you do that, I'll just read the introductions and Agne Kaarlep.
.
She works for the European Commission on developing effective policies and she works ‑‑ she is a part of an international team that is negotiating the Digital Services Act, and also with the Council as well, with the parliament. And before joining the Commission, Agne actually worked as a diplomat in the permanent representation of Estonia in Brussels to the European Union, and she was covering a wide range of security issues.
.
Let's see how we are doing with sharing the screen.
AGNE KAARLEP: Hi. I am having trouble sharing or managing the slides.
DESIREE MILOSHEVIC: You have ‑‑
AGNE KAARLEP: It's there, it's uploaded, but I don't seem to be able to share it.
.
I hope my presentation will be interesting and I'm make up for this slide‑sharing mishap.
.
Is it okay, is it all right if I start?
DESIREE MILOSHEVIC: Please do. The floor is yours.
AGNE KAARLEP: Hi everyone, really great to be here, looking forward to any questions you may have and also the discussion and the next speakers as well and their interventions.
.
So, I am going to just give you a brief overview of the Digital Services Act, which we presented in December of last year. I don't have to, of course, tell you that the sort of the last comprehensive rules that we have on intermediary services are from the year 2000, and life has changed quite a bit in the digital world since then. So, the European Commission decided that it was time to revise this framework, notably for the intermediary services.
.
So, the Digital Services Act serves two key objectives. It serves to create a safer digital space in which fundamental rights of all users are protected, and it also serves to establish a level‑playing field to foster innovation, growth and competitiveness in the European single market.
.
And you will see how the building blocks of the Digital Services Act serve these two objectives in a manner that is proportionate to the different services.
.
So, the one key element or the one sort of key building block of the Digital Services Act is that we cover all intermediary service providers. However, we have different obligations depending on the different providers. So, on the very basic level, we have all intermediaries, so this, of course, includes most relevant to you, this group, internal access providers, domain name registries, and then we differentiate within this category for hosting service providers, so this includes online market places, app stores, hosting service providers, web hosting. So, those services which offer their services both to the publicly facing services and those who provide also other posting services which are not necessarily public facing.
.
And within this hosting service category, we differentiate online platforms, so these are platforms which disseminate content to the public. So these are hosting services and these are the services that I mentioned before.
.
And now further within this category we differentiate between very large online platforms, so these are online platforms, so also hosting services which disseminate content to the public, which have over 45 million users in the Union.
.
So, basically, the DSA has sort of three key elements. It has the liability regime for all intermediaries, and it has due diligence obligations for mostly hosting service providers, online platforms and very large online platforms and as well a new governance and enforcement mechanism. I'll briefly discuss all of these as we go along in the presentation.
.
So basically, a couple of things about the liability provisions. The DSA harmonises liability exemptions and not liability as such, so it maintains the principles of the e‑commerce directive, it does not attribute liability. And further, it maintains that the prohibition of general monitoring.
.
DSA is also neutral so it does not define which is illegal, and illegality is defined by national or other EU rules.
.
And so whenever you read in the DSA illegal content, it is defined as content which is defined illegal in the national ‑‑
.
Further, DSA is also horizontal so it covers all kind of illegal content, it covers criminal liability and I think, important to note, some provisions can sort of cover harmful content but these relate to transparency and safeguards decisions under terms and conditions of the providers and systematic risks on very large platforms. So where it contains to removal of content, this only covers illegal content.
.
And also, very important, the DSA applies to services and not to actors. So, there are a number of platforms out there, or service providers out there that provide, for example, interpersonal communication services alongside hosting services, and different obligations will apply to different elements of these services.
.
Moving on. Also important is that the DSA clarifies that voluntarily own initiative investigations, as such, are still eligible to benefit from liability exemptions, so where service providers take action on their own, that in itself does not ‑‑ they don't in itself lose liability exemption as such.
.
And this also is covered, of course, the three key categories which have been now exported from the e‑commerce directive to the DSA, including mere conduit, caching services and hosting services. And just to mention on these, you can find examples of what we consider not a mere conduit services in recital 27 of the DSA.
.
So ‑‑ and also importantly, as I mentioned before, it maintains the prohibition of general monitoring obligations as in the e‑commerce directive.
.
It is still possible for member states to issue orders in accordance with national legislation as well as this possibility is also mentioned in the e‑commerce directive, but the DSA now also sets additional conditions to these orders, and I am speaking of Articles 8 and 9 of the DSA.
.
And finally, just to give you a brief overview of the sort of different due diligence obligations. On these slides, you can see how we have tried to ensure proportionality and ensuring that the obligations and the interventions are done where the problems occur the most. So the obligations on all intermediaries include to have points of contact, to a legal representative for those companies not established in the Union, but offering their services in the Union, clear terms and conditions, and also transparency reporting.
.
Here, important to note that small and micro enterprises are currently excluded from the obligation of transparency reporting.
.
And further down, for hosting service providers, there is a notice in action and information to the content provider for online platforms there is more extensive obligations and for very large online platforms you will see a number of additional obligations and there is an important systemic approach the DSA takes there where very large online platforms, given their role in facilitating public debate, will have to take a number of risk management measures and subject their services to independent audits as well as certain data access for researchers and there is a number of provisions there. If you are more interested, feel free to shoot a question and I can focus more on that as well.
.
As you see, these obligations are cumulative, so if you are a very large online platform, you will have to apply to all of these obligations. If you are on online platform, you will have to apply the obligations of hosting services and all intermediaries.
.
And then finally, and I promise this is actually the final slide, the EU governance for supervising digital services is made up basically of three levels. There are the national digital services coordinators; they have to be independent. They will manage and enforce the rules of the services which are located in their territories.
.
And then there is a European Board for Digital Services where they will meet, discuss. They can also have joint investigations. This is chaired by the Commission. And they can also recommend actions.
.
And then finally, for the very large online platforms, we have an additional role for the European Commission, also taking inspiration from competition law, if some of you are aware of it, and you see the provisions, you can find some similarities, and there this is mostly for the enforcement of rules on very large online platforms, which of course have an impact across the EU and in many member states.
.
And finally, yes, the breaches of the obligations may lead to compliance of up to 6% of the client's turnover.
.
And this is it. Thank you. If you have any questions, I am happy to respond to them, and I hope this was useful.
DESIREE MILOSHEVIC: Yes. This was very useful, Agne, thank you for giving such a succinct overview of a very large, I would say, topic. And whilst we are having some chats in the room, even suggestions for Polina, I'll ask Julf to see if we have any questions.
JULF HELSINGIUS: Well, we do. We have a question from Brett Carr from Nominet UK who asks: "If a service provider is located in non‑member state but provides services to people within the member state, are they subject to the DSA? In that case, who enforces the act against the service provider in a non‑member state should they be non‑compliant to the obligations?"
AGNE KAARLEP: The service provider is located in ‑‑ outside of the EU? Okay.
JULF HELSINGIUS:: But provides services to inside the EU.
AGNE KAARLEP: Yeah. So basically the Digital Services Act fore sees that all providers which have a substantial connection to the union. So this includes providing their services or targeting their services towards the users in the union. They will have to appoint a legal representative in one of the member states. So they can choose which member state to appoint the legal representative in. You can find similar provisions also in the terrorist content online regulation, GDPR also includes a legal representative function and the e‑evidence proposals, for example, include a very similar sort of logic. And so these services which do offer their services in the Union are covered. And there, then, it will be that member state where the legal representative is is responsible for that service to make sure that they comply with the rules.
JULF HELSINGIUS: That was the only question in that Q&A.
DESIREE MILOSHEVIC: We have having quite a lively discussion in the chat, and I believe it would be really good if people followed up on our mailing list as well. And asking about policy, what would happen with the poll of our membership afterwards, so I think the group is still discussing options how to provide more feedback to DSA. It is probably good to know that there is an open submission to provide feedback on the DSA, and if there are no more questions directly ‑‑
JULF HELSINGIUS: Meanwhile, there is three more questions popped up. Two of them are actually follow‑ups to the previous ones. I'll do those first.
.
"When you talk about obligations I can imagine that as a penalty if the companies do not comply with the obligations. What are these penalties?"
AGNE KAARLEP: So, the DSA provides for very extensive enforcement mechanism. So we have ‑‑ for this, we have chapters 4 and 5, and for those of you who want to go and read it, I apologise already for the length of it. Basically, there are, of course, fines, so any obligation within the DSA is enforceable by a number of ways to do it, and the maximum amount for the fines is 6% of the global turnover of the company. So this will ‑‑ the actual penalty will, of course, depend on what the infringement has been, but there are fines for the companies if they do not comply with these obligations.
JULF HELSINGIUS: Then I have another question:
.
Just clarification on the previous answer that ‑‑ so, just having sites, having widgets, or whatever, in the UK, would not be covered if you have no specific targeting at EU customers?
AGNE KAARLEP: Having a site ‑‑
JULF HELSINGIUS: So let's say somebody just has a web shop in the UK but it's not targeting EU customers specifically.
AGNE KAARLEP: So, that's a good question, and the answer to that is it is always a case‑by‑case assessment. So, even if they don't do specific targeting to EU customers but there is a large, large number of EU customers that are using their services, potentially member states could still argue for this. So the ‑‑ there is always a case‑by‑case assessment in terms of who is ‑‑ who has a substantial connection to the Union.
.
But in this particular case where it says that there is a very sort of UK‑centric platform where you can only buy in pounds, there is really no real connection then. Arguably, then, I think that platform might not be covered, but this is always a case‑by‑case assessment.
.
JULF HELSINGIUS: Final question that I am going to allow from the Q&A, which is from Andrew Campling. That some large tech companies maintain that the Internet is its own jurisdiction. So it sits outside the reach of national legislation. I assume you don't agree?
AGNE KAARLEP: No. And I think certainly the EU, with the approach it has taken with the Digital Services Act would not agreed that Internet is its own jurisdiction. But what we do argue for is that these ‑‑ the EU creates its own rules and these need to be implementable online for services which are also offering their services within the Union. So not only ‑‑ so the e‑commerce directive, for example, is only applicable to companies established in the Union. With the Digital Services Act, we're taking a different approach, saying if you are offering your services in the Union, then you have to comply with the rules which are established in the Union.
JULF HELSINGIUS: Very quickly from Jim Reid: Who would make the case‑by‑case judgment for a non‑EU provider?
AGNE KAARLEP: It would be the different member states. So, for example, if you have a surge in one member state, you start seeing challenges and problems with a particular provider, that provider is not established in the Union, and that provider, for example, is not wanting to establish in the Union for one reason or another, then a member state can exercise its jurisdiction via sort of international agreements which already exist.
JULF HELSINGIUS: Okay. I think we have to cut the questions at this point and move on, but thank you.
AGNE KAARLEP: Thank you so much for listening.
DESIREE MILOSHEVIC: Thank you, Agne, again, and everyone with the questions. We will continue with that and we will continue with our next speaker on the DSA, which is Polina from CENTR. And Polina is the policy advisor in the Council of European National Top‑Level Domain Name Registries, where she leads its policy work and liaises with governments and other organisations in the Internet ecosystem. One thing to know about Polina is that she actually holds an LLI in international human rights and intellectual property law, and, before CENTR, she worked at the Free Software Foundation for Europe, where she was responsible for the free and open source software advocacy work, and she writes the legal network. With that introduction, Polina, welcome to the Cooperation Working Group session, and, not to lose any more time, the floor is yours!
POLINA MALAJA: Thank you very much, Desiree. I hope everybody is hearing me well.
.
And I also hope you see my slides.
.
So, good afternoon, and, once again, many thanks to the Cooperation Working Group Chairs for having me today.
.
So, helpfully already introduced by Desiree, I am Polina, and I am a policy advisor at CENTR, and for you ‑‑ for all of you who might not know who is CENTR, a quick recap who we are.
.
So, we are an association by and for European country code top‑level domain registries, and we have been around for over 20 years now bringing together ccTLDs across Europe, sharing the practice, expertise, industry statistics and policy analysis.
.
So, here at CENTR, we have been closely paying attention to the DSA and the discussions around it. As we already heard by Agne, as proposed by the European Commission, affects the providers within the technical layer of the Internet ecosystem such as DNS service provider and domain name registries.
.
The links to several statements within different legislative stages can be found on this slide, as you can see. And the latest comment on the DSA proposal we published in the end of March this year.
.
And the overarching theme of this statement is essentially asking policymakers to exercise caution when considering the role of Internet score infrastructure in the content moderation debate.
.
And as we heard earlier, the DSA is essentially an update of the e‑commerce directive. And the e‑commerce directive provides framework‑regulating information society services that fall under the category of online intermediaries, such as mere conduits, caching and hosting service providers. And these categories of providers are subject to a so‑called limited liability regime for content provided by end users and using their services.
.
And in the year 2000, when the e‑commerce directive was put in place, the DNS service providers including domain name registries, were considered to be intermediary service providers, as the definition of these intermediaries under the e‑commerce directive do not reflect the technical functions of DNS. And specifically, if we talk about the domain name registries, they do not provide access to communication networks, do not store, or transmit any content through their managed infrastructure as suggested by the definitions of these three categories in the e‑commerce directive.
So the intention of the DSA is to update that legal framework to reflect technological reality of digital services available to consumers today, in addition, of course, to contributing to online safety. And in this sense, the update of the e‑commerce directive in the current legislation is a welcome step.
.
And the Commission's proposal reinforces some of the core principles of the e‑commerce directive that we also consider to be essential for the viability of different services online, and so, such as the principle of the limited liability regime and the prohibition of general monitoring obligation. So this is also something that we welcome from our side in the DSA proposal, and that, I think, is worth being mentioned again.
.
However, when it comes to making sure that the provision of the core Internet infrastructure, such as DNS, is not disproportionately affected, I'd like to highlight three key areas where further attention and clarification, in our view, is needed from a ccTLD perspective, of course primarily, and so in order to serve the intentions put forward by the policy makers in the proposal.
.
So, first, it is noteworthy that the Commission proposal recognises the limited but very important role of certain technical auxiliary functions of Internet infrastructure services as evident from recital 27, you can see on my slide. Notably, the proposal also confirms that domain name registries are intermediaries and should be able to benefit from a liability exemption, to the extent that their services qualify as mere conduit, caching or a hosting service. However, as we have mentioned or have established before, at no point in time can registries be considered to offer services falling in any of these three categories.
.
So, in our view, this creates more legal uncertainty for DNS operators and specifically domain name registries, as their technical DNS‑related service cannot be shielded from liability and practice, despite the intentions from the policy makers.
.
That's evident in the DSA proposal and recital 27 specifically.
.
Second, the definition of the illegal content, as we see it in the proposal, can also benefit from further clarification. At the moment can be interpreted that any reference illegal activity in addition to illegal activity itself can be considered illegal. So, in such reference in practice could, in our view, include unlawful activity such as reporting, so a reference to an illegal activity taking place or even the provision of the underlying technical infrastructure. In essence, the domain name can provide a reference to a website connected to this domain name, and that website may include illegal content and registry cannot be aware of that at the point of the domain name registration, and also cannot effectively judge whether the content on the website is legal.
.
So, coupled with the lack of the effective means to shield domain name registries from liability for online content that they don't have effective control over, as, remember, the no content actually passes through the infrastructure managed by domain name registries, this, in our view, can have a serious effect on provision of digital infrastructure.
.
And third and the final point, from our view, that also would really benefit for further clarification, are the powers of digital services coordinators, so the special authority to be established under the DSA.
.
These authorities, in special circumstances, can mandate the suspension underlying infrastructure if we read Article 41 if, and if, of course, the infringement is serious and persists. So while the limits of such drastic measures are, in our view, well‑defined in the proposal, so, it includes such criteria that there should be a case of serious criminal offence, there should be a threat to the life or safety of persons, and of course it should also be done via a request to judicial authority. In our view, it is still important to make sure that these authorities actually demonstrate their due diligence before resource certificating to such drastic measures. So that these authorities demonstrate that they have tried within all the powers available to them to address illegal content as close to the source as possible and with the intermediaries either closest to the content. So before mandating an action from a domain name registry.
.
And just to quickly recap these three key recommendations that we feel that would benefit the legal clarity for domain name registries and the DNS service providers in the DSA is, first and foremost, to include a clear liability exemption that does not fall under the three existing categories but is in a form of a fourth category separate, reserved for the technical auxiliary function of the DNS.
.
Second, we go for a clarification in the definition of "illegal content" that omits the wording that could cause further misconception and affect the functions of the Internet.
.
And thirdly, we call for digital services coordinators to demonstrate due diligence before resorting to these exceptional powers under the proposal, including mandating action on the infrastructure level.
.
And with that, I would like to thank all of you and I am very happy to answer all your possible questions and, yes, if you would like to stay informed of CENTR's things, please do check out our website and subscribe to it. And, of course, you can always contact me via this e‑mail. So thank you very much. And I look forward to the questions.
.
DESIREE MILOSHEVIC: Thank you, Polina, very much, especially with these three requests and saying what the CENTR really wants for its members. So, let's see from Julf if there are any specific direct questions coming to you.
JULF HELSINGIUS: There is one from Andrew Campling: "Thanks, Polina, a great summary and some helpful insights. Given that it's possible to obscure the geographic origin of a query to a DNS resolver, how do you think operators can comply with the often conflicting requirements of individual member states?"
POLINA MALAJA: That's a very good question from Andrew, and yes, that's indeed one of the difficulties to enforce, and especially also for these special new authorities to be informed on the DSA, the digital service coordinators, so yes, this indeed is a challenge, and, of course, for domain names, well, it will be always ‑‑ I mean, if the action will be taken on the domain name level, then it would depend on the TLD rather than the source of the DNS traffic,
DESIREE MILOSHEVIC: No further questions. Maybe there is some key dates, Polina, that you want to mention to our members as the next steps for DSA?
POLINA MALAJA: Yes, as next steps, of course, the text is now with the co‑legislator in the European Parliament and in the Council of European Union, so I would really encourage everybody to share any concerns and any insight that also I'm sure the audience is well aware of the DSA and has also other interesting insights into how this can affect additional infrastructure specifically, as the DSA is really no longer about pure content moderation but it affects really the full stack. So, I would just really encourage everybody to engage with their respective parliamentarians and authorities on the national level to make sure that your voices are heard and the technical community voices is taken into consideration when we are talking of the legislation that does not only concern platforms.
JULF HELSINGIUS: I have one more question from Niall:
.
"Is there a boundary of scope between DSA and NIS 2 or do they overlap?"
POLINA MALAJA: Also a very interesting question, and NIS 2 is another important reform that I'm sure has been under discussion within the RIPE Community. So, yes, the overlap is not that evident. However, it can become more pressing as NIS provides a definition for DNS service provider and a TLD registry. So, in this sense, even though at the moment, of course, the DSA stays, as Agne was saying, that it's focused on the service and not so much on the operator, yeah, so let's say that some inspiration for definition, for example a DNS service can be perceived in the context of a content moderation under the DSA, could be taken from the NIS too, as NIS 2 provides these definitions that DSA lacks, and as we, of course, have to consider EU legislation in a bundle, and none of these regulations exist in ‑‑ on their own, so we could definitely see some further overlap as the discussions on the definitions under NIS 2 advance.
JULF HELSINGIUS: Great. Thank you. That's all for the Q&A for now. Shall we move on?
DESIREE MILOSHEVIC: Let's move on, whilst I introduce our next presenter, that's Rob van Kranenburg, and he is first of all a prolific writer on many issues concerning the IoT, and maybe to mention some of his works; he wrote the 'Internet of Things' and the 'Critique of Ambient Technology'. We are all seeing network of RF ID. But in this particular presentation, I think the title is disposable identities and a solution to privacy, security and infrastructure of an IoT world, which would be interesting to our members because it's trying to describe a different self‑sovereign framework regulation and proposal, how the public institutions and corporate actors and citizens would benefit from this new framework, and so especially using this very viable credentials by W3C.
.
So, I'll stop here and welcome Rob. Welcome to our session today. I see you are all set. So the floor is yours!
ROB VAN KRANENBURG: Well, thank you very much. I am delighted to be here and I apologise upfront that I will not (inaudible ‑ connection lost) speakers to the situation, but I think that the issues that are briefly discuss will ‑‑ are coming up more ‑‑ across the broader spectrum, especially as (inaudible ‑ connection lost) thinking about identity management, and this notion of this very, very recent framework of self‑sovereign identity that now also being pushed quite sort of strongly to Germany ‑‑ Angela Merkel is pushing for it. (Inaudible ‑ connection lost) this can play out in terms of the current (inaudible ‑ connection lost) maybe that (inaudible ‑ connection lost) in the same realm as data and form is an identity and digital identity is something (inaudible ‑ connection lost) that will actually sort of ‑‑ that the sort of trigger new ways of thinking about this, and the way you can look at this sovereign identity at the moment is that it's a kind of a win, win, win, or (inaudible ‑ connection lost) we all say, institutions, industry on the one hand and citizens on the other (inaudible ‑ connection lost).
DESIREE MILOSHEVIC: Sorry, Rob, you are cutting in and out a little bit and if you maybe switch off the video, it may enhance our experience, but let's try that.
ROB VAN KRANENBURG: Very good. Is this better?
JULF HELSINGIUS: It's good so far.
DANIEL KARRENBERG: Very good. So (inaudible ‑ connection lost) renegotiate the kind of balance. I want to talk about (inaudible ‑ connection lost) a specific kind of this type of sovereign identity. They have a toolbox within it which is kind of a hard coding GDPR which is this idea of data minimisation. We talk (inaudible ‑ connection lost) real (inaudible ‑ connection lost) identity of disposing identity or (inaudible ‑ connection lost) so basically envisaging kind of self‑sovereign identity framework in which from this self‑sovereign identity, basically every data transfer will have a separate identity (inaudible ‑ connection lost) will be always be (inaudible ‑ connection lost) smart contracts are separate identity based on any relationship with any new relationship with any new service provider.
.
(Inaudible ‑ connection lost) to continue with realtime tracking, tracing of identified users, so, instead, operate (inaudible ‑ connection lost) identities. And it's generated for every single interaction between user and service object disposal identities, and that's kind of a way of thinking that seems (inaudible ‑ connection lost) only recently to provide sort of utopian or in a different realm, but is beginning to sync in different contexts.
.
So these are slides that are part of the requests for information from the object management group. So the object management group has a request for information out on this (inaudible ‑ connection lost) new identities. And as it said (inaudible ‑ connection lost) supposable identities take a step further by providing SSID unique to a specific context. And this (inaudible ‑ connection lost) goes now into the kind of thinking that is also being pushed in Europe by the asset lab new open goal, which is basically calling for insurance communities, (inaudible ‑ connection lost) organisation that basically kind of start just (inaudible ‑ connection lost) trusted third party providers. (Inaudible ‑ connection lost) and so it's very much about this context specifically (inaudible ‑ connection lost)
.
In case of time, I will sort of ‑‑ I think I will skip this one. But this is I think ‑‑ so it's about this (inaudible ‑ connection lost) contextual trusted third parties. Where disposable... (inaudible ‑ connection lost) should choose a trusted third party for a specific context. For example, this means that I can choose a trusted (inaudible ‑ connection lost) context, and also, a third party (inaudible ‑ connection lost) and so these are the questions that are being raised today in context.
.
Now, the context of the object management group is also very much about Internet of Things and IoT and in the industry (Inaudible ‑ connection lost) but so basically what we are going to see (inaudible ‑ connection lost) in a framework that's (inaudible ‑ connection lost) from people and object (inaudible ‑ connection lost) rates and go down to the level of basically (inaudible ‑ connection lost).
DESIREE MILOSHEVIC: Try disconnecting your audio and connecting it again for just one second. We might be able to overcome. Try that.
ACHILLEAS KEMOS: There is a reconnect audio button on the bottom right.
ROB VAN KRANENBURG: I could hear everyone very well. Is this better? I'll be quick then.
.
So basically (inaudible ‑ connection lost) there is a request for information out on disposable or ephemeral identities and (inaudible ‑ connection lost) the person to contact is Mike Bennett, but if you go out and look for (inaudible ‑ connection lost) a disposable ID (inaudible ‑ connection lost) basically you will find it.
.
It's kind of (inaudible ‑ connection lost) thinking that (inaudible ‑ connection lost) have to be considered in a framework in which identity itself only partly is what you present in terms of credentials (inaudible ‑ connection lost) in all this kind of sovereign framework. But it's also (inaudible ‑ connection lost) that (inaudible ‑ connection lost) just things environment. And the third part is being (inaudible ‑ connection lost) so there is a practical design framework which is now called coalition.org, and it is being (inaudible ‑ connection lost) visual (inaudible ‑ connection lost) kind of model, in which (inaudible ‑ connection lost) every act that can (inaudible ‑ connection lost) with your left and, over time, you (inaudible ‑ connection lost) with the right or (inaudible ‑ connection lost) is a number. And of course this will run in a nest and this is run in the cameras and so this whole notion of (inaudible ‑ connection lost) cannot be (inaudible ‑ connection lost) from the (inaudible ‑ connection lost) connectedness of the kind of (inaudible ‑ connection lost) connectivity they have. So trying to still think in terms of relative (inaudible ‑ connection lost) standalone notions of identity as people presenting (inaudible ‑ connection lost) it's not really helpful in this case.
.
And the last thing I would like to basically touch upon is is the fact that (inaudible ‑ connection lost) these types of new modelling does facilitate all kind of encrypto, new types of machine that will interact, is now ‑‑ is leading to what was being called the third wave in Blockchain which is called Dfinity, which has recently emerged after five years of experimentation and (inaudible ‑ connection lost) it's been seen as the third wave after a bitcoin and (inaudible ‑ connection lost) and it may actually see it in its idea of really sort of building this kind of new Internet as a real new Internet itself which, after the first ‑‑ last 50 years of (inaudible ‑ connection lost) will be (inaudible ‑ connection lost) because all these (inaudible ‑ connection lost) really (inaudible ‑ connection lost) the environment in which there is a fully infrastructure that is emerging, and I would say that that's very interesting to (inaudible ‑ connection lost)
.
So sorry for the ‑‑ well, you see the video but sorry for the sound. I hope sort of it came through and thanks again for having me. Apologies for the sound.
DESIREE MILOSHEVIC: Well, thank you Rob. I think we may have some questions for you, and it was also suggested that if you try and switch off your wi‑fi, disconnect and connect, sometimes it helps, and maybe you are using Chrome, which is better than Safari. So, if you do that, it might just help.
.
Julf, you can see if people have managed to read the slides and have some questions.
JULF HELSINGIUS: So far, I don't see any questions.
DESIREE MILOSHEVIC: We have eight minutes left. Let's see if Rob reconnects successfully with us.
.
There you are, so if you connected successfully, let's try your voice, Rob.
ROB VAN KRANENBURG: Yes.
DESIREE MILOSHEVIC: We can hear you perfectly well. So if you feel like sharing the last slide again, please do. We have seven minutes left, but we still have no questions for you, direct questions.
JULF HELSINGIUS: Meanwhile we do have an old question for Agne, so if we don't have any other questions, we could take that one, if Agne is still online?
DESIREE MILOSHEVIC: I believe she is. She posted something in the chat.
AGNE KAARLEP: I am here.
DESIREE MILOSHEVIC: Let's go back to Agne's question.
JULF HELSINGIUS: So Andrew had asked: "Currently, the requirements on content etc. are very significantly across member states complicating compliance. Do you see these converging?"
AGNE KAARLEP: So, as I mentioned also in my presentation, the DSA, similarly to the e‑commerce directive, does not regulate what is illegal. What we will improve, compared to the current situation, is that we legislate the procedures and the requirements around how it can be requested, what needs to be taken down, for example. So, currently, a number of member states have legislated taking their own notice and action procedures, for example, and now we would suggest that this would be harmonised set of procedural rules which can then facilitate what content can exactly be removed.
.
I think this is the key sort of value proposal also for the Digital Services Act and why we also consider that this will help. And also, for example, there is an obligation to appoint contact points. This includes a language regime, for example, so there is a number of other provisions you which will ensure that there is a uniformity in how companies can be approached for different types of matters.
.
So all of this will ensure that differentiation in national procedural rules will not hinder offering services across the single market.
.
So while we don't take a content approach in that sense, because harmonising ‑‑ I mean, harmonising across the Union is not in the purview of the single market. This is the purview of the criminal law. So this is also outside of the scope of our competences, as such. I hope that's helpful.
JULF HELSINGIUS: Yes. Thank you. Still no other questions.
DESIREE MILOSHEVIC: Right. If there is no more questions from the floor, I am happy to ask Rob to come on again and tell us if Dfinity hopes to offer this first truly global Blockchain network. How do you see this developing and protecting? What are the next steps within the groups that you work and associate to have a pilot programme doing this and where could we find more information about this.
ROB VAN KRANENBURG: At the moment (inaudible ‑ connection lost) which is (inaudible ‑ connection lost) in relation to the Internet. And that's what basically I am a partner and my expertise in Internet of Things for the past kind of 20 years and the IoT Expert Group in 2009 and 2010 which was then headed by Gerard Santouchi, that it wished with Article 29 working party was that basically sort of where GDPR sort of emerged from, and at that moment in time, in 2010, we tried to get everybody to load the object (inaudible ‑ connection lost) and the emergent (inaudible ‑ connection lost) of situations that would (inaudible ‑ connection lost) make a tremendous amount of traffic that would be using the machine and personally related things would actually be not that relevant point. It would all be mediated through all the (inaudible ‑ connection lost). We didn't get this message across then and people started (inaudible ‑ connection lost) and as if people still have this agency of clicking on (inaudible ‑ connection lost) some cookie or not a cookie and sort of like (inaudible ‑ connection lost) basically if you look at the amount of relationships going on around them through their objects, this is all quite irrelevant, I think, at some point.
.
So what we see is a huge amount of decentralised and actually Dfinity (inaudible ‑ connection lost) fully new protocol so we see a lot of new protocols emerging and coming up and so I think it's very good for the community to look at these new developments because these new developments are basically also creating new roles. So in a certain identity (inaudible ‑ connection lost) work, kind of the role of the new ISP or a new service would be the issuer of credentials and issuers of viable credentials. So what we see is this huge push of Microsoft in this space, we see issue of credentials of providers with eye on and locked in and all of these sort of ‑‑ all of these sort of different small tools creating a really new toolbox so (inaudible ‑ connection lost) situation that's been 50, 60 years old has basically not been changed dramatically, but it's not set in stone, and sort of the reason for having these PIP basically having speed and resilience, and not having an identity, people are now say the Internet didn't have identity layer. Of course not (inaudible ‑ connection lost) it was deliberately sort of built that way. (Inaudible ‑ connection lost) so the (inaudible ‑ connection lost) not now because that's probably not going to work, but I would just think it's important and interesting to the community to look at these new projects (inaudible ‑ connection lost) of Cardano, but also Dfinity and sort of ‑‑ because if they get (inaudible ‑ connection lost) investment by major (inaudible ‑ connection lost) by the people investing in the Internet (inaudible ‑ connection lost) the people that basically also build the first web services, so I think it may be that a lot of the functions that are now tuned to a lot of the actors may change and may (inaudible ‑ connection lost) because of the rapid, rapid move of all these developments, there are then also going to be tied to this notion of self‑sovereign identity which I think is being pushed tremendously hard in the Commission also at this time because (inaudible ‑ connection lost) of honestly, we are still (inaudible ‑ connection lost) and we are between proposals that aim to bring identity into the Internet layer, and we are in between commercial identity providers like we have in Belgium, like itsme.be, who have 2 million people in their system, that is basically fully commercial, so the Belgian government has notified the digital identity provider consisting of four banks and three telcos and Microsoft as an enabler, and 20 million people use it and think this still has to do with something (inaudible ‑ connection lost) it's actually full commercial company. (Inaudible ‑ connection lost) we're in between (inaudible ‑ connection lost) of digital (inaudible ‑ connection lost) management and (inaudible ‑ connection lost) so a lot of (inaudible ‑ connection lost) are beginning to see that the self‑sovereign identity is not something for a few gigs; it's actually the only way of national states to ‑‑ basically to keep themselves sort of going and hide their legacy in verifiable claims and credentials. So that's basically what a lot of actors are seeing now across the (inaudible ‑ connection lost)
.
Also, the things being proposed and things like disposal identities and if mere identities may seem quite radical, but it's just hard‑coding GDPR, and so all of these things are now moving together and once there is this kind of wallet that is ‑‑ that, again, is being pushed very hard at this moment (inaudible ‑ connection lost) layer (inaudible ‑ connection lost) then we may have a protocol (inaudible ‑ connection lost) fully centralised system (inaudible ‑ connection lost) old infrastructure may not be that different any more.
DESIREE MILOSHEVIC: Thank you for sharing your concerns and a vision with us and with better luck of having a better connectivity, we may have to repeat some parts of it in some of our other Cooperation Working Group meetings post‑RIPE, and would welcome you to come back again and discuss, and, with that, we'd really like to thank and give a huge applause to all our speakers, Rob, Agne and Polina and everyone else who was here with us.
.
With that, I pass on to you to adjourn the meeting.
JULF HELSINGIUS: I have nothing to add, so Achilleas can say the final words.
DESIREE MILOSHEVIC: Maybe he will type his final words. Yes, please do not forget to rate the sessions on the RIPE website and we'll see you all online and we continue with your suggestions. We now have a wonderful coffee break. You are typing. Okay. Fantastic.
.
Thanks all again. Thank you.
JULF HELSINGIUS: Thank you everybody. Enjoy your coffee.
.
(Coffee break)
