Remarks of David J. Redl
Assistant Secretary of Commerce for Communications and Information
IGF-USA 2018
Washington, D.C.
July 27, 2018
-- As prepared for delivery --
Thank you, Shane, and thanks as well to your co-chair, Dustin Phillips; the ISOC-DC chapter, which provides Secretarial support for the IGF-USA; and all members of the IGF-USA Steering Committee for volunteering their time to organize this important event.
I’ve been to IGF-USA events before, but this is my first as Administrator of NTIA. I’m grateful for the opportunity to speak to you today, and I’d like to use my time to discuss the Administration’s approach to Internet policy, and talk through some key issues that we’ve been addressing this year.
NTIA is an agency that sits within the Department of Commerce, and we are principally responsible for advising the President on telecommunications and information policy issues. We are in a unique position in the U.S. government of being involved in all aspects of Internet policy. Our approach is guided by a commitment to protecting a free and open Internet and supporting minimal barriers to the global exchange of information and services.
The Trump Administration is a strong advocate for the multistakeholder approach to Internet governance and policy development. Simply put: Bottom-up, consensus-based processes create policies that are trusted throughout the Internet ecosystem.
At NTIA, we engage in interagency discussions, work with stakeholders and Congress, and advocate in international institutions – both multistakeholder and multilateral. These engagements inform our approach on a broad range of issues, including privacy, cybersecurity, national security, and the broad arena of Internet governance.
The challenges we face aren’t easy to solve. There will be trade-offs and hard decisions. But in the Trump Administration, our driving force will be a commitment to meeting these challenges in a way that ensures America’s prosperity and clears the way for innovation. America has seen enormous benefits from this approach, so we must continue to give a green light to innovators to create a more secure, more open and more prosperous Internet.
Establishing privacy principles
The Administration’s commitment to prosperity will be our guide as we tackle the issue of consumer data privacy. NTIA, in coordination with our Commerce Department colleagues in the International Trade Administration and the National Institute of Standards and Technology, recently began holding stakeholder meetings to identify common ground and formulate core, high-level principles on data privacy.
Here’s what we already know. America has a strong privacy enforcement regime and a strong privacy regulator in the Federal Trade Commission. The FTC has brought hundreds of privacy and data security-related cases, including an expanded settlement with Uber earlier this year, and a children’s privacy case against an electronic toy maker, the FTC’s first case involving Internet-connected toys. The Commission will soon hold hearings on Competition and Consumer Protection in the 21st Century, which should help further illuminate these issues.
We know that many Americans are concerned about privacy, and that these concerns sometimes can deter their online activities. Data from a 2017 NTIA survey show that nearly three quarters of Internet-using households had significant concerns about privacy and security risks, such as identity theft or loss of control over personal information. What’s more, over a third of online households said that privacy or security concerns had led them not to engage in an online activity, such as buying goods or making a financial transaction, at some point in the last year.
We also know that industry is looking to the Administration to demonstrate leadership on this issue – they’re rightfully concerned about the potential for a fractured and stifling regulatory landscape. We will be looking to strike a balance between prosperity and privacy that is in line with American values – and we’re listening to a broad cross-section of stakeholders to find that balance. We want to learn how various sectors are coping with the uncertainties surrounding this topic.
Our plan is to publish the high-level principles along with a Request for Comment, so that we will not only be able to gather feedback on the principles themselves, but also begin engagement on how to move forward to reach the goals set out in the document.
Carefully crafted principles will build consumer confidence, boost our economy, and clear the way for innovation. Creating confidence in how we use data is critical for today’s technologies and those yet to come.
Securing the digital ecosystem
As I mentioned, consumer concerns about privacy and cybersecurity can hold back our digital economy. Cyber-attacks can have direct costs as well -- nearly $6 billion a year is lost to cybercrime, according to the Center for Strategic and International Studies. To ensure continued prosperity, we must create a more secure digital environment.
We have been engaged on several fronts in this arena, with a particular focus on the cybersecurity challenges raised by the Internet of Things, including botnet attacks. These attacks can be severely damaging. The threats are evolving, growing bigger and smarter, and affecting some of America’s most sophisticated companies.
Earlier this year, the Departments of Commerce and Homeland Security delivered a report to the President on how to reduce the threat of botnets. We are now working on a roadmap of actions that the government and private stakeholders can take to make our networks more secure against botnet attacks.
To be clear, the government cannot solve this on our own. Leadership must also come from the broader Internet and security community. We plan to play a coordinating and supporting role, helping to identify priorities and bringing together stakeholders to solve problems.
NTIA’s cybersecurity work is another example of our commitment to the multistakeholder model. We have convened multistakeholder processes to build consensus and make progress on a number of issues, including cybersecurity vulnerability disclosure, secure updates of IoT devices, and providing more transparency about data collected by mobile apps. Our ultimate objective with these processes is to foster a more resilient ecosystem through the creation of industry-led, market-based cybersecurity solutions.
Last week, we launched a new process focused on the transparency of software components – based on the idea that you have to know about any vulnerable components in your connected products if you want to keep them secure.
In our cybersecurity-focused processes, we start by acknowledging that our digital systems will never be perfect. There are countless efforts across the government and the private sector to improve security, but for the foreseeable future, some vulnerabilities will continue to exist. NTIA has focused on increasing our resilience in the face of a constantly evolving threat environment.
Second, we’ve tried to be timely, and take on issues where building quick expert-level consensus on a rapidly emerging risk can make a significant difference. We’re hoping to take advantage of the agile nature of multistakeholder processes.
Third, we know that not every participant will agree with one another but avoiding contentious issues will not lead to progress. The power of the multistakeholder proceeding is in the expression of differing perspectives, which ultimately helps identify areas of overlapping interest.
Addressing domain name issues
At NTIA, we understand that successful multistakeholder processes start with transparency and openness. That’s why we continue to advocate for increased diversity, accountability, and transparency within ICANN. Through our role in ICANN’s Governmental Advisory Committee, we will support recommendations to ICANN’s Board that aim to achieve these goals. These recommendations reflect two years of hard work by dedicated volunteers in the multistakeholder community. We hope to see these recommendations forwarded to the ICANN Board later this year.
NTIA also expects the third Accountability and Transparency Team to begin its work in earnest next year. In a post IANA Stewardship transition environment, these community reviews are critical. We need ICANN’s processes to be trustworthy and effective because the community has complex issues to solve.
The most pressing issue facing ICANN right now is updating the WHOIS service in light of the European General Data Protection Regulation, or “GDPR.” The WHOIS is a service that, prior the GDPR’s effective date in May, provided public access to domain name registration information, including contact information for the entity or person registering the domain name.
This WHOIS information is a critical tool that helps keep people accountable for what they put online. Law enforcement uses WHOIS to shut down criminal enterprises and malicious websites. Cybersecurity researchers use it to track bad actors. And it is a first line in the defense of intellectual property.
Unfortunately, European authorities have indicated that the collection and public provision of domain name registration data violates the GDPR. Because of this, as of late May, domain name registries and registrars have stopped providing important domain name registration information contained in the WHOIS. This is an unmitigated victory for the spammers and scammers that plague consumers and businesses.
NTIA and the highest levels of the U.S. government are engaging with the European Data Protection Board, the European Commission, and European Member States to provide clarity and guidance to the community as it works to facilitate access and accreditation to WHOIS information, which is now private. This access mechanism is critical to meeting the needs of law enforcement, cybersecurity, and rights protection. NTIA will take a lead role in the process to develop this access mechanism and will fight hard for the important governmental and commercial equities in the WHOIS service.
Preparing for the ITU Plenipotentiary
Elsewhere on the international front, NTIA has been working with the State Department and other interagency partners preparing for the ITU’s Plenipotentiary Conference, which will be held in Dubai later this year. Plenipotentiary conferences, held every four years, serve as the highest policy making events for the Union, and NTIA has a number of goals and objectives for this year’s conference.
First, we want to re-elect the United States to the ITU Council and elect U.S. citizen Doreen Bogdan-Martin as Director of the ITU’s Development Bureau. The U.S. been a member of the ITU Council since its inception in 1947 and is one of nine candidates for the nine seats allocated to our region, CITEL. The ITU Council serves the critical function of supervising the overall management and administration of the Union, and continued U.S. representation will provide a vital mechanism for advancing U.S. interests at the ITU.
If elected to lead the Development Bureau, Doreen Bogdan-Martin, an ITU veteran and former NTIA official, would be the first woman in the ITU’s 152-year history to hold one of the Union’s five elected positions. She is uniquely qualified for this position, having spent more than 25 years in the telecommunications sector, including 14 years on the development work of the ITU. Doreen is a strategic leader who is known for her ability to bring teams together around a common vision, and she will undoubtedly bring new partners to the work of the Development sector.
NTIA also wants to strengthen the governance of the ITU. We are working with the broader U.S. delegation to develop proposals that would improve transparency, accountability, member state oversight, financial management, and the ITU elections process.
Finally, we remain concerned by efforts to create a cybersecurity operational or oversight role for the ITU. Consistent with longstanding policy, we will resist these efforts and are considering a variety of options, including addressing cybersecurity issues in a forum that cannot lead to prescriptive regulatory outcomes.
That’s where we stand at the moment. As we move forward, we will continue to engage with stakeholders and be responsive to a technology world that is rapidly changing. Just last month, we asked for feedback on NTIA’s international Internet policy agenda, focusing on how NTIA can best work to meet the Internet policy challenges of today while enabling innovation to continue.
We received more than 90 comments on diverse subjects including data privacy, trade, cybersecurity, the multistakeholder approach, artificial intelligence, and intellectual property, just to name a few. Right now, the hardworking team at NTIA is carefully reviewing and analyzing the comments we received.
On behalf of the agency, I’d like to thank all of the commenters for sharing their thoughts. We anticipate that it will inform not just the work of NTIA, but our interagency partners, both within Commerce, and externally with the State Department and others that we work with in the international arena.
Finally, let me briefly note our work on intellectual property issues. As you may know, we have a strong team working on IP issues at NTIA, and we have a collaborative relationship with the U.S. Patent and Trademark Office, which is also housed within Commerce. This relationship has allowed each agency to leverage the other’s subject matter expertise to promote a healthy balance between the availability and protection of IP and innovation in the Internet economy. We also are deep in middle of the “triennial review” process under the Digital Millennium Copyright Act.
My time is about up, and I’ve only covered a fraction of what we do at NTIA. The world of Internet policy can sometimes feel impossibly large, but we manage it by remembering what’s worked, and sticking to our principles.
Around the world, and even here in the U.S., we are hearing arguments that we must toss away the light-touch regulatory regime that has allowed the Internet to flourish. That somehow security means embracing an Internet that is fractured and walled off, or that protecting privacy means every Internet company needs a massive compliance department. That’s taking the Internet in a direction we simply don’t recognize. As Americans, we support a free and open Internet because freedom and openness are among our fundamental values. We are a nation of innovators. We don’t ask for permission to change the world, we go out and do it. I’m confident that if we hold fast to our values and work together, we can blaze new paths to prosperity.
Thank you for your time.