Saturday, August 10, 2013

Policy Matters: THE NEED FOR A HIGH-LEVEL STRATEGIC VISION FOR INTERNET GOVERNANCE, 2015–2020 (Part 1)


THE NEED FOR A HIGH-LEVEL STRATEGIC VISION FOR INTERNET GOVERNANCE, 2015–2020 (Part 1)
The Internet has never been an ungoverned space. Even in its earliest days, it had “rules of the road.” In fact, if not for such rules, the Internet would not — could not — exist. Peering agreements, the naming and numbering system, and packet handling protocols are only some of the critical rules that make the Internet possible and regulate its operation. Equally important, however, is the observation that current standards are not the only possible set of such arrangements. As Laura DeNardis (2009) explained in Protocol Politics, technical protocols are inextricably political.
The novel nature of the technology, combined with an initial lack of obvious mass social purposes, provided the researchers, engineers and other technologists that comprised the bulk of the original Internet community with a great deal of autonomy in creating and operating its first governance structure.1 Early Internet governance arrangements were thus primarily the product of a decentralized social network in which authority emerged on the basis of specialized expertise, and problems were typically understood as exclusively technical in nature.2
As a result of the social endowments provided by these “parental” influences, current Internet governance arrangements reflect a particular set of values: resilience, openness and interoperability, high potential for anonymity, content neutrality and disregard for national borders in the routing of information between users. These values are at odds, at least in some significant respects, not only with domestic expectations in some states about freedom of expression and the handling of information, but also with central rules and norms of the international system, including classical understandings of state sovereignty.3

These tensions were emerging by the time of the initial World Summit on the Information Society (WSIS), which met in Geneva in 2003 for its first phase, with the second phase held in Tunis in 2005. In the intervening years, a number of trends have combined to exacerbate these issues. First, Internet technology penetration rates have increased significantly in all but the most authoritarian and impoverished states.4 This trend is almost certain to continue; however, even today the changing cultural composition of global Internet users means that new voices (and in some cases different values) are being heard in Internet governance debates and processes. This can be expected to result in a differently governed Internet — although the nature and extent of the change has not yet been determined. Second, the last seven to 10 years have seen considerable maturation of Internet services aimed at mass publics — e-commerce, social networking and cloud computing are obvious examples. Third, multiple critical infrastructure systems are now dependent on the Internet in significant, albeit varying, ways: financial markets and banks, oil and gas production and distribution networks, as well as power grids are vulnerable, as are major transportation and logistics systems. Fourth, there has been significant expansion of what might be termed the Internet’s “dark side.”This label includes an array of activities performed by a variety of actors for a number of purposes; the common thread is that they are socially undesirable. Cybercrime — including fraud, identity theft, and the creation and operation of illegal botnets — is becoming increasingly widespread and more sophisticated (Glenny, 2011). Multiple reports have shed light on cyber-espionage practices conducted either by states or state agents. There are recent indications that these activities have moved beyond information gathering to include probing for vulnerabilities in both government and private sector networks (Information Warfare Monitor, 2009; Mandiant, 2013). Further, although the evidence is fragmentary, there is reason to suspect that several states have conducted or authorized actual cyber
attacks.5 More governments are working to establish and enhance their capabilities to conduct such operations.
As a result of these pressures and tensions, as well as the desire to monetize the Internet to their advantage (or at least the advantage of their corporations), states have increasingly become determined to exert influence and authority over Internet governance. The contractual arrangement between the National Telecommunications and Information Administration (part of the United States Department of Commerce) and the Internet Corporation for Assigned Names and Numbers (ICANN), the California-based non-profit that oversees naming and numbering, has also served to complicate the legitimacy of the current system for Internet governance and to generate demand for a more global alternative.
The desire to extend state control over Internet governance is widely shared, even by advanced industrial economies. The Internet is now simply too important to leave entirely to the technologists.There are, however, significant differences among states with respect to their preferences over the substantive content of such change. The December 2012 World Conference on International Telecommunications (WCIT) held in Dubai, confirmed the existence of complex fault lines in the international community.
A broad coalition led by Russia and China engineered the adoption of updated International Telecommunications Regulations (ITRs) as well as International Telecommunications Union (ITU) resolutions affirming an expanded state role in Internet governance, and empowering the ITU to further debate and discuss Internet issues. This coalition attracted broad participation from the developing world, including key support from Arab states; however, it also included key emerging economies such as South Korea, Indonesia, Turkey, Brazil, Argentina and Mexico. A smaller group of states (including key advanced industrial democracies such as the United States, United Kingdom, Canada, Sweden and New Zealand, joined by a number of other states including India and Kenya) refused to accept either the new ITRs or the accompanying non-binding resolutions (Pfanner, 2012).
There are, undoubtedly, power politics at play in producing these coalitions. Russia and China seek to relocate Internet governance to an institution in which American influence is attenuated, at least in comparison to its current legal and normative dominance of ICANN and its normative influence over the Internet Engineering Task Force (IETF). The United States clearly understands and opposes this attempt by the Russians and the Chinese. In another indication that the two coalitions are not separated purely by principle, the advanced industrial democracies have greatly expanded their technical and legal ability to monitor both the online activity of their own citizens and of foreigners, often over the objections of domestic civil society groups. Attempts to enforce intellectual property laws have also drawn determined opposition (Wortham, 2012). The existence and success of that opposition, however, is a clear indicator that value-based differences among states on Internet governance issues remain highly consequential. It is not purely a cynical matter of national advantage-seeking.
The contemporary politics of Internet governance are also not as simple as the impression that emerged of mutually exclusive camps from the WCIT, for a number of reasons. Eighty-nine states signed the 2012 ITRs, while 55 states announced publicly that they would not. This leaves roughly 50 (admittedly minor) states officially undecided on the matter. Further, even the signatories need to complete the process of ratifying the treaty. Some may yet be persuaded to reconsider. Most important, while the WCIT matters, it is hardly the final word on Internet governance. Indeed, 2013 has already seen modest success at the World Technology Policy Forum in Geneva, as well as positive developments from the United Nations Group of Governmental Experts. The 2013 Internet Governance Forum, 2014 ITU Plenipotentiary and the ongoing decennial review of the WSIS (culminating in 2015) will also provide opportunities for further progress.
Finally, Internet governance is not only a function of state positions. Elements of the global community of Internet users have shown they are prepared to engage in disruptive behaviour in response
to unwelcome efforts to change the status quo.6 Broader civil society groups are also becoming increasingly engaged. A range of corporate interests are pursuing their own agendas, some of which are in direct conflict. Network operators, Internet service companies, equipment manufacturers, intellectual property holders, insurers and others all have significant stakes in Internet governance outcomes. The divisions among corporate actors are geographic as well as sectoral. Legacy telecommunication firms (many of them state-owned and many of these in the developing world) face daunting competition from the migration of voice communication to Internet networks; network operators in some areas of the developing world (such as the Middle East) also act as key intermediaries for the routing of information between advanced industrial economies, and are eager to monetize this transshipment role. This heterogeneous array of interested actors simultaneously complicates the process of reaching agreement and creates opportunities for the assembly of unorthodox coalitions.
Capitalizing on these various opportunities to update and refine global governance of the Internet will require skillful, coordinated diplomacy in a protracted and contentious process of rule-making that has clear implications for human rights, the future course of the global economy and for international security. This paper aims to contribute to this process. It begins with a brief description of the incumbent Internet governance institutions, and then provides an analysis of prospects for rule-making in Internet governance. It concludes by articulating the need for a high-level strategic vision of Internet governance consistent with democratic values and human rights.

THE LEGACY SYSTEM OF INTERNET GOVERNANCE
Discussion of Internet governance tends to focus disproportionately on ICANN, which plays a central, but limited, role in administering the global system of naming and addressing. There is a range of other key actors that also play indispensable governance roles. Among them are a number of other non-state actors. The IETF develops, approves and promulgates vital technical standards that govern packet handling and exchange, among other issues. The World Wide Web Consortium (known as W3C) plays a similar standard-setting role specifically for the Web. Without uniform standards, the Internet would not be globally interoperable. If standards were not of high quality, the Internet would have diminished functionality.
In addition, private network operators (including commercial Internet service providers [ISPs] and companies that provide“over-the-top”[OTT] online services , such as Google or Instagram) also perform governance roles. For example, interconnection between network operators is privately governed, often on the basis of informal, unwritten agreements that provide for the exchange of traffic on the basis of reciprocity rather than payment. This practice is referred to as“settlement-free peering.”To facilitate stable, low-cost exchange of traffic, industry has also played a key role (alongside the Internet Society,known as ISOC, and the ITU) in encouraging the creation and maintenance of Internet exchange points. OTT service providers perform content filtering by virtue of their roles as information intermediaries. Terms of service adopted by large market players shape what a user will see online, whether in search results (for example, Google, Yahoo or Bing), in streaming video (YouTube) or shared photos (Facebook,
Instagram or Flickr, among others). Both ISPs and OTT providers are, increasingly, called on to engage with law enforcement and security services to provide information about the activities of their users. Finally, governments play an often indirect role in governing the Internet, largely through law enforcement activity, competition policy and judicial review of individual lawsuits.
The critical point is that Internet governance is complex and highly decentralized, as illustrated by the examples above. Efforts to cut through this complexity typically begin and end with the assertion that the Internet is governed in a“multi-stakeholder” (rather than a multilateral) fashion. A great deal of care should be taken when using this terminology, for three reasons.
First, it is certainly true that non-state actors, both for-profit and not-for-profit, play critical roles in Internet governance; however, this is not unique to this issue area. Private actors play major governance roles with respect to the global financial system, the International Committee of the Red Cross plays an important role in managing the legal regime governing conduct in armed conflict, and NGOs help individual states and international organizations provide crucial goods and services to large populations in the developing world. Each of these issues (finance, laws of war and development) could thus be described, to varying degrees, as examples of multi-stakeholder governance.
Second, these examples illustrate that the involvement of multiple kinds of stakeholders is not sufficient to ensure good governance. The aftermath of the 2008 financial crisis demonstrated the perils of industry self-regulation or regulatory capture; similarly, the highly uneven record of international development efforts shows that a combination of state and non-state actors is not necessarily able to deliver goods and services efficiently or effectively. 

Notes

1 For an overview of this history, see Barry M. Leiner et al. (2012),“A Brief History of the Internet,”available at: www.internetsociety. org/internet/what-internet/history-internet/brief-history-internet.
2 Such networks or “epistemic communities” have been previously studied by international relations scholars in other issue areas. See, for example, Peter M. Haas (1992),“Introduction: Epistemic Communities and International Policy Coordination,” International Organization 46, no. 1: 1–35.

3 On sovereignty, see Jens Bartelson (1995), A Genealogy of Sovereignty, Cambridge: Cambridge University Press; Hedley Bull (1977), The Anarchical Society, New York: Columbia University Press; Andreas Osiander (2001), “Sovereignty, International Relations, and the Westphalian Myth,” International Organization 55, no. 2: 251–287; Daniel Philpott (2001), Revolutions in Sovereignty: How Ideas Shaped Modern International Relations, Princeton: Princeton University Press; and Hendrik Spruyt (1996), The Sovereign State and its Competitors: An Analysis of Systems Change, Princeton: Princeton University Press.
4 For one estimate, see World Bank, “World Development Indicators,” Internet Users (per 100 people), available at http://data. worldbank.org.
5 On Stuxnet, see David Sanger (2012), “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, available at: www.nytimes.com/2012/06/01/world/middleeast/obama- ordered-wave-of-cyberattacks-against-iran.html?_r=2&pagewanted =2&seid=auto&smid=tw-nytimespolitics&pagewanted=all. On the Mahdi malware, see Nicole Perlroth (2012),“Cyber Attacks from Iran and Gaza on Israel More Threatening than Anonymous’s Efforts,” Bits Blog, November 20, http://bits.blogs.nytimes.com/2012/11/20/cyber-attacks- from-iran-and-gaza-on-israel-more-threatening-than-anonymouss- efforts/. On the Flame malware, see Nicole Perlroth (2012),“Researchers Find Clues in Malware,” New York Times, May 30, available at: www. nytimes.com/2012/05/31/technology/researchers-link-flame-virus-to- stuxnet-and-duqu.html. For information on the Aramco attacks, see Nicole Perlroth (2012), “In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back,” New York Times, October 23, available at: www.nytimes. com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm- disquiets-us.html?pagewanted=all. Russia is thought to have employed offensive cyber operations against both Estonia and Georgia. See, respectively,“A Cyber-riot”(2007), The Economist, May 10, available at: www.economist.com/node/9163598, and John Markoff (2008), “Before the Gunfire, Cyberattacks,” New York Times, August 12, available at: www.nytimes.com/2008/08/13/technology/13cyber.html.
6 For example, the WCIT spawned Distributed Denial of Service (DDoS) attacks against the ITU website. See Associated Press (2012), “Hackers Said to Hit United Nations Telecoms Talks in Dubai,” Huffington Post, December 12, available at: www.huffingtonpost. com/2012/12/06/hackers-united-nations-_n_2250364.html.



ABOUT THE AUTHORS
Mark Raymond
Mark Raymond joined CIGI as a research fellow in August 2012. He has a B.A. in political science and international relations from the University of Western Ontario and an M.A. and Ph.D. in political science from the University of Toronto, and he has taught international relations at the University of Toronto and the University of Waterloo. His research interests include international law and organization, international security and international history, including the history of global governance.
At CIGI, Mark contributes to the Global Security Program. Specifically, he is developing CIGI’s work in the area of Internet security and governance.
Gordon Smith
A political science graduate of McGill University (B.A.) and the Massachusetts Institute of Technology (Ph.D.), Gordon Smith became interested in international security and global interdependence while attending university in the United States during the Cuban Missile Crisis in 1962. After graduation, Gordon returned to Canada to work on these issues, and began a long and distinguished career as a public servant with the federal government.
Initially, Gordon worked on Canada’s relationship with NATO and the North American Aerospace Defense Command (NORAD) within the Ministry of Defence and Department of External Affairs, but he quickly advanced to more demanding positions in the Privy Council Office. In 1979, Gordon became the deputy under-secretary of state at External Affairs, and in 1985, deputy minister. Shortly thereafter, he was dispatched to Brussels as the permanent representative and ambassador to the Canadian delegation to NATO, and subsequently, was named Canada’s ambassador to the European Union.
Returning to Canada in 1994, Gordon was appointed deputy minister of Foreign Affairs, where he fondly remembers establishing a global issues bureau in the ministry to better understand emerging transnational trends affecting Canada. During this time, Gordon began
his personal involvement with the G7/G8, as the Sherpa (personal representative) for the prime minister at the G7/ G8 summits in Halifax, Lyon and Denver. After retiring from the Government of Canada that same year, Gordon joined the University of Victoria as executive director of the Centre for Global Studies (CFGS), and was appointed chair of the board of governors at the International Development Research Centre. During this period, he also lectured as a visiting professor at the Diplomatic Academy of the University of Westminster in London and Paris.
After collaborating with the think tank for many years on various projects, Gordon joined CIGI in 2010 as a distinguished fellow, and has since been a key contributor to its G20 research activities, events and publications. He looks forward to continuing this work at CIGI, and pursuing another long-time interest: the convergence of technology and global affairs (you can follow Gordon on Twitter @GordonSmithG20). 

Source: http://www.cigionline.org/sites/default/files/no1_4.pdf


page7image30392

No comments:

Post a Comment