# A policy framework for an open and trusted Internet ## An approach for reinforcing trustin an open environment https://www.internetsociety.org/sites/default/files/bp-Trust-20170314-en.pdf 本想直接編成PDF格式，但不太會完整控制inkscape....文字區塊會出問題 所以先把翻好的全文丢上來。 ------- ## A policy framework for an open and trusted Internet ## 促進開放與信任網際網路的政策架構 internetsociety.org @ internetsociety ## Exective Summary 總摘要 Diminishing trust is a challenge for the Internet. To protect the opportunities of the Internet, we have to counter diminishing trust. 遞減的信任是網際網路的一大挑戰。要保護互聯網的各種可能性，我們就必須克服這個課題 。 Large scale data breaches, uncertainties about how our data is being used, cybercrime, surveillance and other online threats are impacting Internet users’ trust, how they use the Internet, and hindering Internet adoption. 大規模的資料外洩被盜，不確定自己的個人資料是如何被使用，網路犯罪、監控與其它線上威脅正影響著網際網路使用者的信任，他們使用網路的行為以及阻礙了網際網路的應用。 Policymakers are facing an important challenge today: How to fully embrace the digital revolution while, at the same time, ensuring the safety and security of their citizens. 政策制定者今日正面臨了重要的挑戰：如何完整地擁抱數位化革命，而於此同時，確保其公民的安然與安全。 The Internet Society believes the Internet needs a solid foundation in trust to achieve its full potential. Trust is a cornerstone for all successful connectivity strategies, in developing and developed countries alike. This can only be achieved through collective responsibility and collaboration. 網際網路協會相信網路需要一個信任的厚實基礎，才能讓它完成發揮潛力，信任是所有連結連線策略的基石，不管在已開發還是開發中國家都一樣。唯有透過集體共同的責任和協作才能達成。 An ‘open and trusted Internet’ is a globally interoperable Internet that cultivates innovation and creates opportunities for all. Its foundation lies in user trust, technologies for trust, trusted networks and trustworthy ecosystem. 一個開放和信任的網際網路是全球性可運作的網路，其培養了創意以及為每一個人創造了機會。它的基礎在於使用者的信賴，對技術的信任、對網路的信任以及一個值得信賴的生態體系。 This policy framework outlines an approach for addressing the complexities of building trust in an open environment such as the Internet. It describes four interrelated dimensions of trust to be considered when developing policies for the Internet, and provides principles to help build a trusted Internet. 這個政策架構勾勒了一套方式來描述在如網際網路這麼一個開放環境下，要建立信任的複雜和困難。透過四個要考慮且其互相關聯的信任面向 ，來討論發展網際網路政策時必須要考量的東西，並提供一些原則來建置一個可信賴的網際網路。 ## Introduction 介紹 The open Internet offers economic and social opportunity for all. However, the Internet’s full potential will only be realized if it has a solid foundation in trust. 開放的網際網路為每個人提供了經濟社會機會。然而，網際網路的潛力只有在其堅實的信任基石上才可能完整實珼。 A recent survey in the US found that 45% of users had changed their online behaviour because of their fears. Articles from around the world voice similar concerns. 近來美國一份調查發珼，45％的用戶因為憺憂而改變了其線上行為。全球各地的資訊也同樣反應了類似的憂慮。 Internet users are anxious about how their data is being used by governments and business. They feel a lack of control, and worry about profiling and discrimination. They also fear that they will become victims of data breaches, identity theft, and other forms cybercrime. For some, this scenario has already become a reality. Internet users are also very troubled about the impact pervasive surveillance has on their privacy and other rights. 網際網路使用者焦慮於自己的資料將如何被政府與企業使用，他們感到自身無法掌控，憺心資料被用來進行個人圖譜或歧視，也擔憂自己成為資料外洩被盜、身份小偷與其它各種網路犯罪的受害者，其中有些想像情節已成了事實。網際網路使用者也很煩厭被動式的監控給他們的隱私與各種權利帶來的影響變化。 Many governments are now assessing the effects of the Internet on society. Some are concerned that the Internet is enabling and amplifying threats from criminals, other states, and even their own citizens. They are responding with stronger government controls, such as restricting access to content and impeding the use of social media channels. Some have imposed data localization measures to keep Internet traffic within their own borders. Others have considered banning key trust technologies (e.g. encryption) or forcing technology providers to create weaknesses in their products because they believe those technologies hamper law enforcement’s ability to combat crime. Yet, without encryption and other trust technologies, there would be no secure banking or communications confidentiality for any Internet users. 許多政府正在評估網際網路對於社會的效應。有些擔憂網際網路可以強化犯罪者、其它國家甚致是自家國民的威脅行動。因此他們的回應是施以更強大的政府控制，例如限制內容的近用讀取和妨礙社交平台管道的使用。有些則實施了資料在地化管制，以將網際網路的交流控制在本國境內。其它政府則有考慮禁止重要關鍵的技術（例如加密）或是強迫科技供應商對自家產品留下後門漏洞，因為擔心這些科技可能會阻礙執法者打擊犯罪的能力。但是，沒有了加密保護以及可以信任的技術產品，互聯網的用戶就不能享有安全的金融或祕密通訊服務。 These policies result in the opposite of what is actually needed: they further damage user trust, remove opportunities and stifle innovation. 這些政策反造成了真正需求的反向效果：它們進一步地傷害了用戶的信任，減少了機會也扼止了創意。 ## The Internet needs a solid foundation in trust for its full potential to be realized 網際網路需要一個堅實的信任基礎，好讓它發揮全部的潛能 Today, policymakers have a choice to make about which path to take in developing Internet policies. One path leads to an open and trusted Internet with all the social and economic benefits it brings. The other path leads to an untrusted and increasingly closed off network that fails to drive growth. One path leads to opportunity, the other to stagnation. The key is trust, and how to sustain the Internet as a fundamentally vibrant and trusted space. 今天，政策制定者可以選擇走哪一條路徑來發展其網路政策。有道路可以帶領往一個開放可信任的網際網路，實現社會與經濟能帶來的好處。另一條路徑則是通往一個越來越失去信任與封閉的網路，也無法驅動成長。一條路引領到機會各種可能性而另一條則是停滯不前。其中重要的關鍵乃在於信任，如何維持網際網路為一個充滿活力與可信賴的空間。 ### The Internet: trust in an open environment 網際網路：開放環境下的信任 An ‘open and trusted Internet’ is a globally, distributed, interoperable network of networks that cultivates innovation and creates opportunities for all. Its foundation lies in user trust, technologies for trust, trusted networks and a trustworthy ecosystem. It offers inclusive governance, is built on sound policy principles and strives to put the interests of Internet users at the heart of decisions. 一個開放、可信任的網際網路是一個散佈全球、分散式、互相操作的網路連結，它培育了創意也為每個人開創了各種可能性。這些仍根基於使用者的信任、對科技的信賴、對網絡的信任，以及一個值得信任的生態體系。它提供了包容的治理，建置於完善的政策原則和努力打造以網際網路用戶利益為決策的核心。 A ‘trusted Internet’ is not an island utopia, shut off from the threats of the world. There will always be risks and downsides to an open network system. Malicious actors will find ways to exploit vulnerabilities. Technologies and capabilities we develop to improve one part of life may negatively impact another. But, threats can be mitigated, risks distributed, weaknesses shared and repaired. The Internet’s openness is also the means to protect it. 一個可信任的網際網路並不是烏托邦孤島，關起來門不顧真實世界的威脅危險。一個開放的網絡系統原本就一定都有風險和缺點。惡意的行為者會找到可利用的弱點；我們開發的技術能力可以改善生活裏的一部份問題但也可能對其它地方造成了負面的影響。但是威脅是可以減輕的，風險也可以分散掉、缺點可以共同分擔並修復。網際網路的開放性本來就是保護它的手段。 All stakeholders have a positive role to play in nurturing a trusted and open Internet. We need to work to secure core aspects of Internet infrastructure, to protect the confidentiality and integrity of the data that flows over it, and to ensure the right policies are in place to support the technologies, networks and actors that make the Internet work. We do this through collective responsibility and collaboration. 要滋養一個受信任的開放網際網路，所有的利害關係者都可扮演積極角色。我們需要合作來確保互聯網的核心基礎設施，保護資料流的機密性與一致性，確保正確的政策可以適當地支持科技、網絡以及各行為人好讓互聯網順利運運行。這些都要透過共同的責任和協調合作。 A useful foundation can be found in the principles of Collaborative Security: fostering confidence and protecting opportunities; collective responsibility; fundamental properties and values; evolution and consensus; think globally, act locally. 一個有用的基礎可以參考“協作安全”（ Collaborative Security）原則：促進信心和保護機會；共同的責任；基本的性質和價值；進化和共識；全球思考；在地行動。 The Internet Society’s policy framework for an open and trusted Internet outlines an approach for addressing the complexities of building trust in an open environment such as the Internet. It is described through four interrelated dimensions of trust that need to be considered when developing policies for the Internet, and provides principles to build a trusted Internet. 網際網路協會對於開放與可信任網際網路的政策框架，勾勒出一個方式來描述在如網際網路這麼一個開放環境下，要建立信任的複雜困難。透過四個要考慮且其互相關聯的信任面向，以討論發展網際網路政策時必須要考量的東西，並提供一些原則來建置一個可信賴的互聯網。 This framework for a trusted Internet embraces the important and valuable differences that give our world its rich diversity. There is no ‘one size fits all’ solution to decision-making about the Internet. Pro-Internet policies can take many different shapes, matching each country’s unique needs. But one thing unites them all; their starting point is ‘how do we build trust in an open environment such as the Internet. 一個可信任的網際網路架構擁抱了重要與可觀的差異，讓這個世界的多樣化更為豐富。對於網際網路而言，並沒有所謂的一體適用的決策方案。支持網際網路的政策可以有不同的形狀，配合每一個國家特殊的需求。但有個東西會把它們聯結起來：這個起始點就是：在一個開放的環境中，以網際網路為例，如何能夠建立信任？ User trust:How and why Internet users –including government, private sector and citizens -trust the Internet, and how to build that trust. Technologies for trust: The technical building blocks for establishing and maintaining trusted networks, applications and services. 用戶信任：網際網路的使用者，包括政府、私人部門、以及一般公民，如何以及為何要信任網際網路？以及如何來建立信任關係？ 技術信任：技術建造的區塊來建立和維持可信賴的網路、應用程式和服務。 Trusted networks: The Internet’s strength is that it is an ever evolving collection of interconnected networks with distributed ownership and control. Trust is the glue that keeps networks connected and exchanging data. 可信賴的網路：網際網路的強處是它集合了各自連結的網路，其有分散的所有權和控制關係。信任則是聚合這些連結與資料交換網路的凝結力。 Trustworthy ecosystem: How the Internet is governed and how it deals with Internet issues. 值得信任的生態體系： 網際網路如何地治理與以如何處理各項相關議題 This division finds its origin in the layered and modular nature of the Internet. A network of trusted networks provide global reach, while a set of technologies for trust allow applications that use the Internet to provide confidentiality, integrity and the ability to authenticate. With those technical legs in place, a trustworthy ecosystem allows for systemic trust, while user trust is the engine for all the creativity and innovation that we see on the Internet. 這樣的分工可在原初網際網路層級化與模組化的本質中找到。可信賴網路的網路提供了全球的通達，而所信任技術的組合則讓應用程式可以利用網際網路來提供機密、一致與認證的能力。藉著這些技術的支橕，一個值得信賴的生態體系建立了系統的信任感，而用戶的信任就是我們見證了網際網路創意與創造的發動機。 ## Trust is not just a nice idea. It is a set of choices, tools and capabilities already hard-wired into the open Internet. 信任不只是一個良好的想法，它是一系列的選擇，工具和能力，其已嚴實地綑綁入一個開放的網際網路之內。 ### User trust Everyone who uses the Internet is an ‘Internet user’, whether they are a government official, an advertiser, a school teacher, a travel agent, a student, an artist. Everyday we decide how much we trust (or distrust) the Internet for our social, professional, financial and other interactions. User trust is important to the future success of the Internet because if users do not trust the Internet, they will restrict their use, and may even cease using it for certain activities. This could have a serious impact on the evolution of the Internet, its use and growth. 用戶信任 每一個使用網際網路的人就是我們所稱的使用者，不管他是政府官員、顧問、學校老師、旅行社業者、學生或藝術家。每天我們決定要如何相信（或不相信）透過網際網路來進行各種社交的、專業上的、財務的等等互動交流交易。使用者信任是網際網路未來成功的重要關鍵，因為如果用戶不信任互聯網，他們將會限縮使用，或甚致在某些活動上停止使用它。這可能會嚴重地影響了網際網路的進化、利用和成長。 As far back as 1996, the Internet Architecture Board, the organization overseeing development of the Internet’s technical protocols, recognized that the growth of the Internet depended on users having confidence that the network would protect their information and communications (RFC 1984). 如同回到1996年， Internet Architecture Board，這個組織監管著網際網路旳技術協議發展、認可網際網路的成長端賴使用者的信心，相信這個網路可以保護他們的資訊和通訊。 (RFC 1984) However, building user trust does not mean simply reassuring people and hoping for a positive outcome. Building user trust means putting in place the right infrastructure (trusted networks), empowering users to protect their activities (technologies for trust), setting the right policies, and providing a responsive environment that properly addresses users’ well-founded concerns (trustworthy ecosystem). 然而，建立用戶的信任並不只是簡單地安慰大家希望有一個好結果。建位使用者的信任意謂著在適當處提供正確的基礎設備（可信任的網路），培力使用者能夠保護自己的活動（可信任的技術），設位正確的政策以及提供回應式的環境可以適當地講出使用者深思過的擔憂。（值得信任的生態系） The policy principles for enhancing user trust enable individuals and organizations to make informed and rational decisions about how they use the Internet. 強化使用者信任的政策原則是可讓個人與組織可以對自身如何使用網際網路，做出知情與理性的決定。 ### All of us - government, private sector, civil society and citizens - are Internet users.If we start by asking ‘what can we do to make the Internet better for us as users?’ we will already be half way to building atrusted Internet. ### 我們大家－政府、私人部門、公民社會和公民們，都是網際網路使用者。如果我們開始問“身為一名使用者，我們可以做點什麼讓網際網路更好？” 那我們已算是在通往一個建溝一個可信任網際網路的道路上。 ### Policy principles to support user trust (column) 支持使用者信任的政策原則（右側欄位內容） Human Rights: Human rights considerations should be integrated in Internet policies as they are developed, not added as an after thought. Individuals’ rights must be protected on the Internet. 人權: 人權考量應被整合入網際網路政策的發展,而不是事後想到才放入. 個人在網際網路的權利必須受到保護. Communications confidentiality: Internet policies should support the principle that Internet users should have the ability to communicate confidentially online. They should also encourage innovation and the use of tools to facilitate confidential communications (e.g. encryption). 祕密通訊 網際網路政策應該支持其用戶能夠在網際網路保祕密通訊的權利,鼓勵可以促進祕密通訊的工具(如加密技術) Privacy: Individuals’ privacy rights and expectations should be protected on the Internet, irrespective of nationality or residence. There should be no pervasive surveillance of Internet communications. Individuals should have the ability to communicate anonymously or pseudonymously. 隱私 個人對於使用網際網路的隱私權與期待用應受保護,不論用戶的國籍與居住地.不應對網際網路通訊施以無所不在的監控,個人應能享匿名與使用代號通訊的自由. Consumer Protection: Consumers rights should be respected across the Internet. Governments should support consumer trust by enacting and enforcing consumer protection laws for business conducted in their territory or under their control. They should also engage in international cooperation across borders to ensure consumers’ rights are protected no matter where they reside. 消費者保護: 網際網路消費者權應予尊重,在其管轄領土上的商業活動,政府應其強化與施行消費者保護法令以支持消費信心. 他們也應參與國際上的跨界合作來確保不管居住於何地的消費者權利都受到保障. Control over data: Internet users should be empowered to exercise control over their data. They should have the ability to take their data from one service to another. 資料的控制 網際網路用戶應被賦予力量來實踐對自身資料的掌控.他們應有能力可以要求將自己的資料從某個服務商移換到另一個服務。 Transparency in policymaking: Governments should be open and transparent about their decisions, policies, laws and practices. They should actively involve stakeholders in Internet policy development. 政策制定的透明 政府應對其決策' 政策'法令和落實保維持開放透明. 政府該主動地讓各利害關係人能參與網際網路政策的發展. Legal certainty: Governments should ensure that laws are clear, easy to understand and accessible to all. They should refrain from exercising lawmaking and enforcement powers capriciously or arbitrarily. 法令的明確性 政府應確保所定的法律明白易懂,人人皆可近用. 他們該避免立法與執法權力的反覆不定與任意性. Enforcement and remedies: Governments should ensure regulatory authorities have the necessary resources and independence to provide effective law enforcement and remedies for Internet users who have suffered loss, damage or other forms of harm. 執行與救濟 政府應確保規範機關有必要的資源與獨立性,能為遭受損失或傷害的網際網路使用者執行法令與提供救濟 Non-discrimination: Governments should ensure their laws and policies prevent the use of the Internet as a means to discriminate against an individual, based on the group, class or category to which that person or thing is perceived to belong to; or based on data profiling. 不歧視: 政府應確保其法令政策能防止網際網路成為歧視他人或其所屬社群或階級成員(或依資料進行社會標籤)的工具. Watchdogs and Whistle-blowers: All stakeholders should recognize and support the value that watchdog organizations and individuals provide to society. 監管和吹哨揭密 所有的利害關係人應體認與支持監察機構或個別監監者對社會所提供的價值. ## Technologies for trust ## 受信任的技術 Technologies for trust are the technical building blocks for establishing and maintaining trusted networks, applications and services. They are the technical foundation for a trusted Internet. 可信任的技術是技術建造的區塊來建立和維持可信賴的網路、應用程式和服務。它們是維護可信賴的網際網路的技術基石。 One commonly used trust technology is Transport Layer Security (TLS), a cryptographic protocol used to provide communications confidentiality and integrity, e.g. between a user’s device and a website server. TLS was developed through an open process in the Internet Engineering Task Force (IETF). Today, virtually all banks and government online services use TLS. 一項常見的信任技術是傳輸層安全 Transport Layer Security (TLS)，它是一項密碼協議用於提供通訊保密與一致，諸如使用者與網頁伺服器之間的傳輸。TLS是由網際網路工程任務小組(IETF)在開放過程下所開發出來。今天，所有的金融機構與政府線上服務都仰賴 TLS 技術的利用。 Trust technologies are important for reinforcing trust on the Internet because they are the technical tools that enable Internet users to communicate privately (confidentiality), know who they are communicating with (authentication),know that the information they are sending or receiving has not been altered in transit (integrity), to restrict access to their data or communications (authorization), and know whether their device or technology has been tampered with (tamper detection and resistance). 可信任的技術能加強網際網路的信任感，因為這些技術工具能用來讓使用者私密地通訊，（認證）知道他們正在通訊的對象,理解自己所送出或收到的資訊不會在傳送過程被修改（一致性），可以限制自己的資料或通訊（授權）以及知道是否自己的設備或技術是否被竄改（竄改偵測與防止功能）。 Technologies for trust are used to secure the networks, applications and services that we use everyday. Without trust technologies such as TLS and its predecessors, we would never have seen the explosion of online commerce that drives GDP growth and spreads opportunities globally. Without communications encryption, governments, companies and individuals would not be able to keep their communications confidential and their information secure. 求取信任的技術用於確保每日所使用的網路、應用程式和服務安全。沒有可信賴的技術，如之前提過的 TLS 以及其後續者，我們就不能見證線上商務的大爆發，它驅動了國民生産毛額的成長並在全球擴散各式商機。沒有通訊加密，政府、企業和個人就無法維持其通訊機密以及其資訊的安全。 Technologies for trust evolved thanks to a key characteristic of the open Internet –innovation that does not require prior permission or special approval from an authority. 求取信任的技術因為開放網際網路的重要特質而得以進展，創意並不要求事先取得 許可或來自當局的特別淮許。 Permission-less innovation built the Internet and is essential for the future health of the Internet and the economies that depend on it. 不需取得許可的創意打造了網際網路，它是未來網際網路健康的菁粹，經濟力也有賴於此。 As threats continue to emerge and grow, we must ensure we all have the necessary tools for privacy, security, and, ultimately, economic and social opportunities. We need policies that support rather than hinder the development,availability and use of trust technologies. 當各式威脅持續浮現成長，我們必須確保在隱私、安全以及最終，經濟與社會機會的各式必要工具。政策必須用來支持而不是阻礙可信任技術的發展、可取得和使用。 ### We depend on technologies for trust every day,to secure our networks, our transactions, even our lives.They need to be as strong and as ubiquitous as we can make them. ### 我們每天仰賴技術來取得信任，以確保自身網路、交易甚致生活上的安全。這些技術需要有力與普及好讓人們可以利用它。 ### Policy principles to support the use of trust technologies ### 支援使用可信任技術的政策原則（右側欄位內容） Governments should: • empower users to adopt their own technical measures of protection for their Internet communications and data; • encourage the open development and open access to “easy-to-use” tools that enable users to communicate confidentially; • encourage online service providers to offer their customers end-to-end encryption solutions 政府該： • 培力用戶採行自己的支術方式來保護網際網路 • 鼓勵開放發展與近用“方便易用”工具以讓用戶能祕密通訊 • 鼓勵線上服務供應商提供顧客端點到端點的加密方案。 Regarding encryption: (These recommendations summarize the principles of the www.securetheinternet.org initiative, endorsed by many companies, individuals and organizations, including the Internet Society.) Internet users should have the option to use, and companies should have the freedom to provide, the strongest encryption available, including end-to-end encryption, without fear that governments will compel access to the content, metadata, or encryption keys without due process and respect for human rights. Governments should not ban or otherwise limit user access to encryption in any form, or otherwise prohibit the implementation or use of encryption by grade or type. 有關加密： （我們的建議原則總結在www.securetheinternet.org，這個計畫得到許多公司、個人與民間組織的背書支持，包括網際網路協會） 對於最高級可用的加密方式，含端對端之間的加密，網際網路使用者應該有選擇權利、公司有供應之自由，而不必擔心政府會在無任何正當程序不尊重人權的情況下，強迫取得其內容、元數據或加密金鑰。政府不該禁止或限制用戶取得任何形式的加密，以及使用操作加密技術工具。 Governments should not mandate the design or implementation of “backdoors” or vulnerabilities into tools, technologies, or services. 政府不該要求廠商在其工具、技術或服務上，開“後門”或利用弱點的設計。 Governments should not require that tools, technologies, or services are designed or developed to allow for third-party access to unencrypted data or encryption keys. 政府不該要求工具、技術或服務的設計或開發可讓第三方取得未加密的資料或加密金鑰。 Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies. 政府不該尋求削弱或破壞加密標準或刻意地影響加密標準的建立，除非是可以促進更高層級的資訊安全。政府不應要求有漏洞不安全的加密演算法，標準、工具或技術。 Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with these tenets. 不管是由私人或是公共協議，政府不該逼或迫施壓任何人進行不符上述信條的活動。 ## Trusted networks The Internet is an ever-evolving collection of interconnected networks with no common ownership or centralized control. Trust is the glue that keeps networks connected and exchanging data ## 受信賴的網路 網際網路是由許多相連的網路而進化集合體，它沒有一個共同的所有者或集中化的控制。信任是凝聚維持網路連結和交換資料的要素。 ## Building and sustaining a trusted Internet means different players –with different roles and responsibilities –need to take action, closest to where the issues are occurring 打造與維持一個可信任的網際網路意謂著不同的玩家－－各有不同的角色與責任－－皆需要採取行動，接近問題所在的要點。 There is no such thing as one single, global network –the Internet is a ‘network of networks’. The communications path is not decided in advance, and it does not follow national borders. Internet users do not decide how their communications are routed: they simply “trust” that network operators will deliver the data where it needs to go. It is a transport strategy that may seem chaotic, but it provides resilience and speed on a scale that humanity has never achieved before. 沒有所謂一個單獨、全球的網路--網際網路是一個網路相互連結的網絡。它的通訊路徑並不會事先決定，這個路徑也不會依照國界邊境而走。網際網路使用者不會決定他們的通訊路徑：他們只是單純地「相信」網路 營運者會傳達資料要走的路徑。這個傳輸策略，也許乍看有點混亂，但它提供了人類從未達到過的恢復和速度規模。 Trust in this context is not a hope or a feeling; it is a practical and reciprocal way of ‘doing business’. Network operators trust that their peers will carry out the operations needed to provide end-to-end communication. If an operator fails to live up to this trust, its peers will find other ways to route their traffic and simply cease to deal with it. 在這種情況下信任不只是一種抽像的感覺或空洞的希望，它是一種實際且互惠的方式來「作生意」。網路營運者相信他們的同儕會採取操作所需要的端點到端點通訊。如果有一位營運者無法活化這層信任，其它的同儕會找尋其它方式來引導網路流量，停止與這個營運者合作。 This approach is important because it provides workable options and it does not allow the system to break down. The keystone of trusted networks is collective responsibility and collaboration. This is the notion that all stakeholders must collaborate and share the responsibility for addressing Internet issues. 這個方式很關鍵，因為它提供了可行的選項也不會讓系統因而故障停擺。重要的基石是可信任的網路是一項集體的責任承擔與協力合作。這個概念是所有的利害相關人必須合作並分擔責任來討論網際網路的議題 。 The core elements for trusted Internet networks are the Internet Society’s Internet invariants and the Collaborative Security principles. Adopting these core elements as the foundation for decision-making creates an environment in which trusted networks will continue to evolve and thrive. 信任網際網路的核心要素是本協會對網際網路不變與共同協作安全原則。採用這些核心要素是決定建立一個可信任網路的基礎，好讓網路可以繼續地進化與繁茂。 ### Policy principles to support trusted networks ### 支援可信任網路的政策原則 （右側欄位內容） Security: National cybersecurity strategies and policies should advance economic and social prosperity: they should not hinder growth, innovation or development. 安全 國家安全戰略與政策應進一步推動經濟和社會繁榮：他們不該阻礙成長、創新和發展 In developing cybersecurity strategies and policies, governments should embrace the expertise of all stakeholders and work with them to collaboratively develop solutions. 在發展網路安全策略與政策上，政府該擅用各方利害關係者之專長，共同合作來找出對策。 Cybersecurity policies should integrate human rights: they should strive to provide safety and security, while maintaining individuals’ rights. 資訊網路安全政策應整合人權考量： 它們要提供安全與保護，並同時維護個人權利。 Governments should lead by example, but also recognise that some stakeholders may be the leaders in their field. Sometimes the best solutions are those that emerge organically without any government direction. Solutions should be defined and implemented where they can have the most impact. 政府應帶領，或肯認某些利害關係者在其領域的領袖地位。有時最佳的方案是這些東西可以自然有機地出現而不必任何政府指示。方案應用於最可發揮效能之處。 Cross-border collaboration will be essential for maintaining the security and resilience of the Internet. 跨境合作是維護網際網路安全與彈性的關鍵。 Connecting networks and sending traffic: Governments should not mandate data localization or prescribe Internet traffic routes. 連結網路與傳送流量 政府不該要求資料在地化或指示網際網路的流通路徑 Governments should encourage regional and international companies to participate in the local interconnection and peering environment (e.g. by reducing barriers and/or providing economic incentives). 政府應鼓勵區域和國際公司去參加本地的互動網絡與同儕環境（例如降低障礙或提供經濟激勵方案） Governments should foster investment in additional Internet infrastructure (e.g. submarine cables, IXPs and national infrastructure) for greater resiliency for the benefit of the whole Internet ecosystem. Governments should provide a legal environment that supports competitive markets in online services. 政府該促成更多網際網路基礎設施的投資（如海底䌫線、IXPs 或國內基礎設施）以受惠整個網際網路生態系更好的彈性。政府應提供合法環境以支橕線上服務的市場競爭力。 Open technical standards: Policies should support an Internet built on open technical standards. Stakeholders can show their support by endorsing and promoting the Open Stand principles 開放的技術標準： 政策該支持讓網際網路建構在開放技術標準下。利害關係人可以透由背書與提倡開放標準來展現其支持。 ## Trustworthy ecosystem When governments make policies for the Internet, they think about more than just ‘do we trust the Internet for our own use?’. They also think about the impact the Internet may have on their citizens’ safety and well-being, their economy, their sovereignty, as well as ‘who has control’. ## 值得信賴的生態體系 當政府制定網際網路政策時，他們考量的不只是“我們可以相信網際網路以供自身使用嗎？”而已。他們也必須思考網際網路給人民安全、福祉，對國家經濟、主權以及誰有掌控栚權等等面上的影響。 Balancing all these interests, is a much more complex trust equation than user trust. But, it is critical to address because this is why governments focus so intently on the trustworthiness of the Internet ecosystem and its governance. 平衡這些利益，遠比只有使用者信任是一套更為複雜的信任計算式。但是，重點在於提出為何政府會如何關切網際網路的可信任程度以及它的治理方式。 The trustworthiness of the Internet ecosystem stems from how it was developed and its multi-stakeholder governance processes, where those affected by decisions have the opportunity to be part of them. 網際網路的可信任程度源自於所發展出來的多方利害關係治理過程，會受到決定結果影響的人都有機會來參與。 The Internet became a global platform for innovation and economic growth through participatory bottom-up processes , prioritising the stability an integrity of systems, and maintaining the open nature of the underlying technologies. These principles are part of the Internet’s ‘DNA’. 網際網路成為各式創意與經濟成長的全球平台，透過由下而上的參與過程、優先化系統一致的穩定、維持基底技術的開放特質。這些原則是網際網路的原則成份。 At its core, multi-stakeholder governance embodies transparency, inclusiveness, shared responsibility, embraces accountability, and is effective at solving common Internet issues. 它的核心，多方利害關係人的治理體現了透明、包容和分擔責任，擔起責任，也有效地解決了共同的網際網路議題。 Additionally, in the technical community, we share a sense of collective stewardship towards the public core of the Internet and the open standards on which its technologies and networks are based. 此外，在技術社群，我們分享了共同的代管責任，以促成網際網路的公共核心與其技術與網路為基礎的開放標準。 These characteristics fortify stakeholder trust in the way that the Internet ecosystem is operated and governed. 這些特質鑄造了利害關係人信任網際網路的生態體系的操作與治理方式。 ### The Internet does not present a ‘command and control’ problem; it is a coordination challenge. How can we work effectively with those responsible for all its different parts, many of whom are beyond our borders? ### 網際網路不代表“下命令與控制”解決方式，它是一項協調性的挑戰。我們如何有效地負起責任來對它不同的組成、其中許多甚致是超越國界的問題 ？ ### Trustworthy Ecosystem: Attributes of successful Multi-stakeholder Governance Inclusiveness and transparency: Inclusiveness is the basis of legitimacy in collaborative decision-making. Those significantly affected by a decision should have the chance to be involved in making it. Inclusiveness is not just an admirable goal, but an essential part of an effective process. The less inclusive a process is, the less likely it is to engender the trust and support of those outside of the process. ### 可信賴的生態體系：歸責於成功的多方利害關係人治理 （右側欄位內容） 包容和透明：包容是協作決策的合法基礎：若決定會顯著地影響某些人，他們就該有機會參與其過程。包容不只是一個讓人稱道的目標，也是一個有效過程的精萃。若過程越少包容，則它越可能危害信任並難以取得外部者的支持。 Transparency is an essential condition for inclusiveness, as it brings expert and affected groups into the process. Transparency of inputs,　process and decision-making is fundamental to　the Internet. 當邀請了專家和受影響的社群來到決策過程中，透明也是促成包容的重要條件。投入、過程和決定的透明是網際網路的基石。 Shared responsibility: All stakeholders share collective responsibility for the continued vitality of the Internet and the benefits it brings our societies and the global economy. In the technical community, we share a sense of collective stewardship of the Internet and the open standards its technologies are based on. 責任的分擔：所有的利害關係人都共同分擔著集體責任以持續網際網路的活動和它所帶給社會與全球經濟的受惠。在技術社群中，我們分享著一種集體的代管責任，並依賴其技術所基於的開放標準。 Effective decision-making and implementation: The most effective decisions are those based on an open and deliberative process that considers a broad range of information sources and perspectives. This holds for both the quality and implementation of the decision. 有效的決策過程與執行：最有效的決策是基於一種開放與審議程序，它能考量多廣泛的資源來源和觀點。這也將維繫著決策的品質和落實。 As the Internet is operated by a variety of public and private sector and civil society stakeholders, successful implementation of decisions needs imaginative and collaborative solutions. It is not as straightforward as passing a national law. Stakeholders who have been part of the process work harder to make its implementation a success. 網際網路由不同的公私部份、公民社會所操作，決策要能成功地施行需要有想像力與可協作的方案。這並不只是直接通過一部法令即可。 在這些過程中的利害關係人，努力地讓它的推動可以成功。 Collaboration, distributed and interoperable governance: To effectively harness the efforts of many actors, the technical community has evolved autonomous governance systems based on collaboration and mutual respect. The many organisations involved in Internet governance have complementary roles to play. We need to recognise this autonomy and keep dialogue and mutual participation in areas of overlap between organisations. 協同、去中心與可互相操作的治理： 要有效地駕御許多投入力的心血，技術社群已進展出基於協作和互相尊重的自發治理糸統。許多與網際網路治理有關的組織也扮演了互相補充的角色。我們需要肯認這個自發性並繼續對話，維持這個組織之間互相參與或重疊的領域。 This is a summary of the characteristics of successful Internet governance approaches in the Internet Society’s ‘Internet Governance: Why the Multi-stakeholder Approach Works’. 這部份是“成功的網際網路治理方式特色”的總結，它可在本協會的“網際網路：為何多方利害關係人方式有效”一文找到。 ## Conclusion To ensure the benefits of the digital economy reach everyone around the world, and that innovation thrives, we need to build an open and trusted Internet together. We believe this policy framework provides an approach for addressing the complexities of building trust in an open environment such as the Internet 結語 確保數位經濟的利益能披澤全球所有人，以及創意不斷地被激發，我們必須打造共同一個開放而信任的網際網路。我們相信這個政策架構提供了一套方式來呈現建造一個如網際 網路下開放環境的複雜難度。 We ask you to think about these different trust dimensions, and how they are all inter-related, as you consider policies related to the Internet. We also encourage any feedback. you may have about this policy framework for an open and trusted Internet. Please send your comments to trust@isoc.org 感謝你一起來思考這些有關信任的各個面向，以及它們如何地相關，當你在思考與網際網路相關政策。我們也鼓勵對於此議題的各種回饋建議。相關建議評論可以寄到：trust@isoc.org An open and trusted Internet is vital to the success of the digital economy. We need to work collaboratively to make this a reality. 開放可信任的網際網路是數位經濟成功的關鍵要素，我們需要通力協作才能讓這一切成真。