ISOC organized an event in Prague before the IETF to discuss several big-picture-Internet problems, in an effort to assist ISOC to engage government policy makers and help them understand better Internet developments, or the impacts of regulation on Internet. As background, ISOC had reviewed on what they call "Internet invariants" (global reach, general purpose, permissionless innovation, no permanent favourites, and so on. ISOC had also recently worked on consolidation trends in the Internet, and the unintended consequences of regulation. Materials are available here: [1] 2012 Invariants "Internet Invariants: What Really Matters" https://www.internetsociety.org/internet-invariants-what-really-matters/ [2] "Splintering the Internet: The Unintended Consequence of Regulation" https://www.internetsociety.org/blog/2018/10/splintering-the-internet-the-unintended-consequence-of-regulation/ [3] https://future.internetsociety.org/2019/ Some personal conclusions from the workshop in Prague: 1) Observation: this is a complex topic, easy for the discussion to go from tech details to ways of doing regulation to content of regulation to market failures to surveillance economy. Future discussions, e.g., organized by the IAB need to think carefully about scoping discussion. Also, overall, all individual discussion pieces were interesting and valuable, but it was difficult to connect the different items together. There's little big picture view in this space. 2) Observation: Regulators, as well as most of the rest of the world only sees the end product, the applications, and their effects. It is difficult to have detailed conversations about other aspects or layering of the Internet. Side note on ISOC focus: There was a question about where ISOC focuses on. Apparently the CEO believes they should primarily focus on layer 3. I believe ahving ISOC also care about the big picture internet and the applications would be necessary, not just the narrow layer 3 interpretation. ISOC is an internet policy & understanding house and they need to be on top of this, or they are not believable. 3) Observation: The invariant model probably needs some adjustment, at least for applications on top of the infrastructure. I'd advocate thinking about this in terms of desirable characteristics and that's a good tool to have when being in discussions with regulators. They can understand unintended consequences to other industries that could be caused by, say, a badly implemented regulation of a large social network at the wrong technical layer. 4) Observation: We may need a big project to fix the Internet, e.g., "surveillance free Internet services". 5) Observation: Technology developments keep changing the Internet and will also have an impact on policy and business. The original end-to-end model has evolved considerably in recent years with cloud computing, for instance. Or the division of work and information between different components in a system keeps evolving due to bigger and bigger fraction of communications being encrypted. Some of these changes cause ripples in the business ecosystem as well as with the governments' wishes. 6) Focus: It is too easy for us techies to think about governmentation regulation as the problem. Try to avoid focusing just on regulation as the problem. There are many problems in the internet. Very happy that you've done work on consolidation, for instance. Centralization of the Internet is a clear problem. Surveillance economy may be another problem. There's bound to be technical issues, too. 7) Topic: On regulation: We can't stop regulation, but can hopefully inform what the implications of various different paths are, e.g., unintended consequences. Many regulatory reactions are related to issues in specific applications, but regulation itself (e.g., filtering) can be implemented at the network level or at least will have ripple effects in the network level. We should support multistakeholder models of collaboration. At least at the country level, which should be relatively easy. Regulation as a whole is not a topic where global coordination is easy, so shooting for that is probably attempting too much. Also, please make your presentations on this focus on the effects and successes/failures of regulation rather than the content itself, or when we reasonably have issues with content, spell those out differently from the process advice. For instance, perhaps you do not want to appear to be against the goals of GDPR, because that might be interpreted incorrectly. 8) Topic: On consolidation: Remember that this is about a very broad set of business areas, and the situation different for each different area. It would be very useful for ISOC to support research and measurements on what's happening in the different business areas, to provide visibility, transparency and data to arm ourselves or regulators with facts. To understand when we have problems and when not, and so on. I understand that you are planning to do this, which is good. I think we should support actions that are traditional regulatory tasks, businesses still operate on real-world economy and laws. They should not be exempt just because they run things on the Internet. 9) Topic: On centralization: This is in part a consequence of consolidation, as well as being the technically easy approach to building systems. Not room for government interaction as such. Is there technology that could help? Thing-to-thing systems, distributed architectures, and federation may help, but this is a difficult area; unclear if those would help enough. 10) Topic: Surveillance economy: I don't know where to start. Clearly, GDPR-type regulation didn't help. There's been a great but perhaps temporary improvement in communications becoming encrypted, which removes some parties from surveilling traffic. But things are quickly getting worse, I fear. The amout of information collected, the level of how it is concentrated, the amount of trading and sharing in the business ecosystem, and the interest of governments to take legal interception requirements to new entities are likely going to increase amount of information discovered from individuals. 11) Topic: Re-inforcement loops I worry that taking consolidation, centralization, surveillance economy and even regulation together has a re-inforcing effect, e.g., government demands for surveillance will tend to force the entities that can do surveillance.