FLOSS development is a best practice in cybersecurity
I participated in the 10th annual Internet Governance Forum in Guadalajara, Mexico last month in December 2016. My topic of focus for the sessions in which I participated and attended was on bringing a human rights perspective to cybersecurity through multistakeholder mechanisms.
One of the spaces for solid dialogue on this topic was one of the four IGF Best Practice Forums, the Cybersecurity BPF that in 2016 aimed to address "cooperation and collaboration between stakeholder groups". The goal of my year-long engagement in this BPF is to highlight work that engages civil society in a transparent and inclusive manner, such as that of the Freedom Online Coalition working group "An Internet Free and Secure", of which I am a member, and which produced a set of recommendations for cybersecurity policy that respect human rights.
The IGF BPF on Cybersecurity allowed space to highlight the FOC working group and other excellent initiatives like the Organization of American States' efforts in capacity building for policy makers. It is my hope that the cybersecurity BPF is renewed for 2017 by the IGF's multistakeholder advisory group. My comments in the session were to support a theme for the BPF in 2017 that opens the space to discuss free/libre and open source software development as a best practice model. The following is a corrected transcript from my intervention:
"I'm Mallory Knodel I'm with the Association for Progressive Communications and I'm also on the executive board of two private sector initiatives, one is an ISP and the other one is a software development firm. I was really looking forward to reading the submissions that dealt with multi‑stakeholderism within and with the private sector because I think often within this space at the IGF we're often talking about governments. And I would like to thank Hiroshi Esaki because without his contribution on the panel today it almost would not have been on the agenda at all. So I would like to offer an example, just to get us started about a best practice within it, which is the, sort of the way that the internet is built over the last couple of decades and that's to have free/libre and open software and also the concept of auditing especially when it comes to security-related protocols and software. So I would just think looking at the way that encryption protocols are created and adopted and then audited are really good practices and we can investigate specific ones. But that again often happens within the technical community, so looking at how that model, that existing model of free/libre and open software development and protocols standard settings can include more people and more people from civil society and more involvement and support from governments. So I think this is sort of supporting that considerations for 2017 item on transparency of sector cybersecurity policies but also private sector products, tools and software."