Events News Policy

How to Regulate the Internet Without Breaking It

How to Regulate the Internet Without Breaking It

19 June 2019 – 6:00pm to 7:00pm

Joseph Gaggero Hall | Chatham House | 10 St James’s Square | London | SW1Y 4LE

Andrew Sullivan CEO Internet Society
Speaker is Andrew Sullivan, President and CEO Internet Society

To Register interest –

Internet regulation is increasing around the world creating positive obligations on internet providers and exerting negative unintended consequences on the internet infrastructure. In some ways, most of this regulatory activity is justifiable. Governments are concerned about the increased risk that the use of the internet brings to societies. As a response, many governments have been enacting regulations as their main approach to dealing with these concerns. The main challenge is that most of the current regulations are either ill-defined or unworkable.  

On the one hand, several governments have established procedures that seek to analyze the impacts of new regulatory proposals before they were adopted. However, there hasn’t been enough attention aimed at analyzing regulations after they have been adopted and only a few have measures in place to evaluate the impacts of the procedures and practices that govern the regulatory process itself.

On the other hand, much of the regulation creates unintended consequences to the internet itself. It undermines many of its fundamental properties and challenges the integrity and resiliency of its infrastructure.  

This event will be followed by an informal drinks reception.

This event will discuss current practices in internet-related regulation and the related challenges. Panellists will discuss how governments can enforce regulations that achieve their intended purpose while at the same time protecting the internet’s core infrastructure and its properties, including its openness, interoperability and global reach.

CONTACT – Calum Inverarity, Programme Coordinator and Research Assistant  +44 (0) 207 957 5751  Email

Events News

DCMS Consultation on regulatory proposals for Consumer IoT Security (Webinar now available)

A significant announcement has been made last week by DCMS as a follow-up to the Secure by Design UK Government Code of Practice for Consumer IoT Security. As mentioned in prior emails, ETSI has launched Technical Specification 103 645 – and all details about this are included in the email below.
This new consultation includes *lots* of very interesting data as well as guidelines for labelling. Comments from outside the UK are encouraged too.
As a special treat to our members, the DCMS Secure by Design Team conducting the Consultation will be presenting a summary of the contents of the consultation and be able to answer any questions you might have in a Webinar organised by the UK Chapter of the Internet Society.
The Webinar will be recorded.

Topic: DCMS Consultation on regulatory proposals for Consumer IoT Security
Time: May 20, 2019 3:00 PM London

——– Forwarded Message ——–

Subject:Consultation on regulatory proposals on consumer IoT security
Date:Wed, 1 May 2019 12:03:05 +0100
From:Secure by Design Mailbox <>

Dear colleague,

I am reaching out to raise awareness of our consultation on regulatory proposals for consumer IoT that we are launching today.

As you are aware, the Government published theCode of Practice for Consumer IoT Security and its supporting documents in October 2018. In February, ETSI, the European Standards Organisation, Iaunched Technical Specification 103 645, the first globally-applicable industry standard on the cybersecurity of consumer IoT. TS 103 645 builds on the Code of Practice, but has been developed for wider European and global needs. Signatories to the Cybersecurity Tech Accord endorsed the ETSI TS 103 645 in March.

As the IoT continues to grow, establishing an effective baseline is an increasingly urgent issue to protect consumers’ privacy, security and safety. Following ministerial steers, we have undertaken work, alongside a number of stakeholders, to establish which appropriate aspects of the code to mandate.

Our regulatory proposals centre around the top three guidelines of the Code of Practice, namely:

  • Mandating that IoT device passwords must be unique and not resettable to any universal factory setting.
  • Mandating that manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy.
  • Mandating that manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.

We see the above proposals as the absolute minimum baseline security that should be required of consumer IoT products. This should be seen as a first step, and in the future, we expect to expand the criteria to include most or all guidelines in the Secure by Design Code/ETSI TS 103 645 to further drive the baseline level of security in products and reflect this in future legislation. As we stated in March 2018, we will also continue to update the Code of Practice in response to the ever-evolving threat landscape.

Through engagements with external stakeholders and evidence gathering, it is clear that consumers would value having more security information for devices they are considering buying. DCMS funded Harris Interactive to conduct a survey of 6,482 UK consumers to test various DCMS label designs. The key findings from the survey were that:

  • Consumers ranked security the third most important piece of information when buying devices/products, more important than product design, brand reputation and online reviews.
  • Of the 3,317 consumers that didn’t rank ‘security’ in their top four buying considerations, 72% said this was because they assumed that security was already built into devices that were on the market.
  • 73% of participants stated it was important or very important to introduce a labelling scheme based on DCMS labelling designs. This contrasts with only 11% stating it was unimportant.
  • The Icons with Text Underneath design ranked highest out of the four labels across every monadically-tested metric, such as ease of understanding and influencing consumers to switch brands if a product had the label.

A separate PETRAS study reviewed the current landscape of documentation and online materials provided for 270 devices and found that only 10% of devices provided information which explicitly referenced security updates.

This is why our preferred option for regulation is to mandate retailers to only sell products that have the following security label (the content of which we will also be consulting on), which will indicate compliance with the above mentioned top three guidelines of the code:


Following initial feedback from industry, the label will initially be run on a voluntary basis from Summer 2019 until regulation comes into force, and this voluntary “grace period” will help avoid placing too heavy a burden on manufacturers and retailers who have extensive international supply chains (and are bound by existing supplier contracts).

We invite you to read the consultation and welcome any feedback that you and your organisation may have. We would also be grateful if you could raise awareness of the consultation amongst your organisation and interested contacts. If you would like further information on the consultation, please reply to this email address ( and a member of the team will pick up your query.

Kind regards,

The DCMS Secure by Design team

Events News Policy

UK Internet Governance Forum 2018 session recordings now available

Following on from an open call for agenda items, the 2018 UK-IGF was held on Thursday 22nd November.

This year’s UK-Internet Governance Forum meeting focused on Solutions for The Digital Age.

Over 110 participants attended this annual meeting, the 11th since the first UK Internet Governance Forum in 2008, then the world’s first National IGF. Participants found that this year’s edition was the best UK IGF so far.

The UK IGF has a steering committee and secretariat. The committee members can be found here and the secretariat function is provided by Nominet, the UK’s national domain name registry.

All tweets from the day can be found at: #UKIGF18

Agenda with video recording links

9:00 – 9:30 | Registration and Welcome

Nick Wenban-Smith, General Counsel, Nominet (Chair)

View on LiveStream:

9:30 – 9:40 | Opening remarks: Russell Haworth, CEO, Nominet

View on LiveStream:

9:40 – 10:10 | Keynote speech from the Minister of State for the Department for Digital, Culture, Media and Sport, Margot James MP

Play on LiveStream:

10:10 – 10:25 | AI Explainer: The potential impact of AI on my generation, and how we can plan for the future – Kari Lawler, Founder, Youth4AI

Play on LiveStream:

10:25 – 10:45 | Coffee Break

10:45 – 11:45 | Online Safety – Making the UK the safest place to be online

A goldfish bowl panel to discuss how the UK can be the safest place to be online with a focus on cyberbullying, hate speech and marginalisation.
Professor Sonia Livingstone, Professor of Social Psychology, London School of Economics; Douglas White, Head of Advocacy, Carnegie Trust; David Wright, Director, UK Safer Internet Centre; Vicki Shotbolt, Founder and CEO, ParentZone; Barbora Bukovska, Senior Director of Law and Policy, London Article 19; Jodie Ginsberg, Chief Executive, Index on Censorship; Michael Tunks, Policy and Public Affairs Manager, Internet Watch Foundation; Orla MacRae, Deputy Director, Online Harms, Security and Online Harms Directorate, DCMS

Play on LiveStream:


11:45 – 12:00 | Algorithm Explainer: Ansgar Koene, Senior Research Fellow, Horizon Digital Economy Research Institute, University of Nottingham

Play on LiveStream:

12:00 – 13:00 | Lunch

13:00 – 13:45 | Mapping the progress of GDPR and the Data Protection Act 2018

Nick Wenban-Smith, General Counsel, Nominet (Chair); Neil Thacker, Chief Information Security Officer of EMEA, Netskope; Rosalind Goodfellow, Domestic Data Protection Team, DCMS

Play on LiveStream:

13:45 – 14:20 | Countering data exploitation – In Conversation with Ailidh Callander

Ailidh Callander, Legal Officer, Privacy International; Alex Krasodomski-Jones – Demos

Play on LiveStream:

14:20 – 14:40 | Afternoon break

14:40 – 15:10 | Lessons learnt from Paris and Dubai

Reflecting on the insight and debate from the global IGF in UNESCO, Paris, on 12th-14th November and the ITU Plenipotentiary Conference 2018 in Dubai.

Richard Wingfield, Legal Officer, Global Partners Digital; Mark Carvell, Head of International Online Policy, DCMS; Desiree Miloshevic, Internet Society UK Chapter Lead Team and Internet Society Board Trustee

Play on LiveStream:

15:10 – 16:30 | Cybersecurity and the Internet of Things – ‘Security by Design’

Introduction by Edward Venmore-Rowland, DCMS.
Chair: Olaf Kolkman, Chief Internet Technology Officer, The Internet Society (Chair). Panellists: Talal Rajab, Head of Programme – Cyber and National Security, Tech UK; Stephen Pattison, Vice President of Public Affairs, ARM; Eva Blum-Dumontet, Privacy Research Officer, Privacy International; Matthew Shears, Director of Cyber, Global Partners Digital and Board Member, ICANN; Joyce Hakmeh, Cyber Research Fellow, Chatham House

Play on LiveStream:

16:30 – 17:00 | Sum up by Olivier Crépin-Leblond, Chair of the Internet Society UK Chapter and David Souter, Oxford Internet Institute

Play on LiveStream:

Events Project

Workshop on Algorithmic awareness building for User Trust in online platforms

Algorithmic awareness building for User Trust in online platforms

Time: Friday, November 30th 2018, 18:00 to 20:30 (UTC), London
Place: Cloudflare offices, 25 Lavington Street, Southwark, London (link to Google Map)


As part of the increasingly personalised service offering of online platforms, algorithmic systems such as personalised product recommendations, news feeds and search results have come to dominant the online experiences of many users. Despite the ubiquity of their application however, awareness about algorithmic systems remains very low, and often confused.

The EPSRC funded UnBias project has spent the last two years engaging with young people (13-17 years old) and industry, civil-society and academic stakeholders to better understand the needs and concerns regarding awareness of algorithmic systems and their characteristics. Based on this outcomes of this work UnBias produce a set of “Awareness Cards” that are part of an algorithmic “Fairness Toolkit” for online platforms.


This workshop will be in interactive session aimed at exploring awareness building around the use of algorithms in online platforms, through the use of the UnBias Awareness Cards. A facilitator from the UnBias team, Liz Dowthwaite, will introduce the awareness cards and invite everyone to take part in activities designed to encourage critical and civic thinking for exploring how decisions are made by algorithms, and the impact that these decisions may have on our lives and the lives of others.


  1. Welcome and Introduction (20 minutes)
  2. Small group activities using the cards
    1. Case study – based around real examples of bias (40 minutes)
    2. Exercise – Explore how bias, trust, prejudice, unfairness and discrimination operate (30 minutes)
    3. Process – Be the algorithm. Consider the inputs, steps and factors which influence an algorithm and the consequences of its decisions (30 minutes)
  3. Whole group feedback and discussion (30 minutes)

Time: Friday, November 30th 2018, 18:00 to 20:30 (UTC), London

Place: Cloudflare offices, 25 Lavington Street, Southwark, London (link to Google Map)

With thanks to:

Join us, learn more and share your views!

As this is a workshop, we regret that remote participation will not be possible.


10 participants met at the Cloudflare offices and divided into two groups to take part in the workshop. The groups first followed several examples as described in the “Example” cards, to frame the issues of bias, trust and fairness in algorithmic systems with real world examples. Each participants having been dealt with a random set of cards placed them on top of the example, whether data, rights, factors and values, explaining how that pertained to the example. A typical example would be the personalisation of data according to an individual’s preferences, but also habits, or a determination of its gender etc. The participants then looked a process cards and discussed a process from an algorithm’s point of view (“be the algorithm hiring staff”)- data gathering, factors, and how these might be framed or countered by existing rights which most people are not aware of.

This was a fascinating workshop that used this excellent deck of cards which contains a wealth of information. After 75 minutes participants had spontaneously launched into critical thinking regarding algorithms and how they might be affecting everyone in a way that was sometimes intended and sometimes not.

If there is a demand for a further workshop, we might repeat one in the New Year.

Many thanks to Cloudflare for hosting us and to Liz and Ansgar for organising this excellent workshop.

Events News Policy

The Internet: to regulate or not to regulate?

ISOC UK has submitted a response to the House of Lords committee on Communications consultation on “The Internet: to regulate or not to regulate?” This follows Dr. Konstantinos Komaitis, Director of Policy Development for the Internet Society attending the House of Lords Select committee on Monday May 7th on behalf of the Internet Society UK chapter. (bio on )

Our submission and attendance followed a consultation held by the UK Chapter from the 3rd May. It can be downloaded here.

House of Lords Inquiry_ Internet Regulation – FINAL

Published on the Lords Select Communications Committee page.

Proceedings of the House of Lords evidence session was recorded and can be seen on
Tuesday 8 May 2018. Witness(es): Ms Rachel Coldicutt, Chief Executive Officer, Doteveryone Mr Julian Coles, Independent digital media policy consultant Dr Konstantinos Komaitis, Director of Policy Development, Internet Society


Events News Policy

Multi-Sided Trust for Multi-Sided Platforms


This discussion being held on Thursday, April 12, 2018, 6:00 PM – 9:00 PM BST brings together representatives from different sectors to discuss the topic of trust on the Internet. This particular panel will focus on consumer to business trust; how users trust online services that are offered to them. Such services include, but are not limited to, online shopping, social media, online banking and search engines.

Recent developments involving Social Media makes this a particularly hot topic.


Ansgar Koene – Senior Research Fellow at Horizon Digital Economy Research, University of Nottingham, researching algorithm bias


  • Catherine Miller – Director of Policy at Doteveryone, who have recently published a ‘Digital Attitudes Report’ ( )
  • Kate Green – ISOC 25 Under 25 Awardee doing research on user experience and trust in online health communities
  • Geoff Revill – Founder & Managing Director of Krowdthink Ltd, an SME/platform provider
    Slide Deck
  • Robin Wilton – Technical Outreach for Identity and Privacy at the Internet Society
    Slide Deck


  1. Welcome and Introduction (Ansgar Koene) (10 minutes)
  2. Round of opening Statements – including slides (30 minutes)
  3. Follow-up questions from Moderator (15 minutes)
  4. Discussion (30 minutes)
  5. Conclusions / Next Steps (5 minutes)

Topic: Multi-Sided Trust for Multi-Sided Platforms
Time: Apr 12, 2018 6:30 PM London (5:30PM UTC)

WebCast Recording