NETmundial: Is the world any closer to global oversight of the Internet?

Commentary | July 01, 2014

Dr. Kamlesh Bajaj is CEO of the Data Security Council of India—a NASSCOM initiative. He was the founding director of CERT-In, Government of India. He has been a strong supporter of EWI’s Worldwide Cybersecurity Initiative and participated in several of EWI’s summits. He recently attended NETmundial and has written this opinion piece about this international cyber event. 

The world is working frantically to preserve the Internet in its present form of a single net, with a governance framework that is accountable to all stakeholders. Or so it seems! While the process under the United Nations when the World Summit on Information Society (WSIS) was held in Geneva in 2003, followed by one in 2005 at Tunis, it picked up momentum only recently after Snowden revelations of global cyber surveillance by the U.S. National Security Agency (NSA). The fact that the NSA was monitoring the phone calls of the Brazilian president Dilma Rousseff, and of the German Chancellor Angela Merkel led to global condemnation of global surveillance compromising privacy of netizens of all countries. Brazil threatened to localize servers for storing data of its citizens, which, if followed by other nations too, would lead to Internet balkanization. A Privacy Resolution was passed by the UN General Assembly in December, 2013 asking nations to protect the privacy of global netizens. 

WSIS led to the creation of the Internet Governance Forum (IGF) under the aegis of the UN in 2005, which has been meeting every year in different countries to discuss Internet governance (IG) issues. But it’s a discussion forum only. Several hundred people—from industry, academia, civil society, governments, Internet pioneer institutions—meet. These discussions have led nowhere, since IGF was supposed to be a talk shop only, with no mandate to make any policy recommendations. Ten years have gone by. The Internet Corporation for Assigned Names and Numbers (ICANN)—the nonprofit company established in 1997, that is accountable only to the U.S. Government (USG)—continues to govern the Internet. It manages not only the Internet Assigned Numbers Authority (IANA) functions such, but also makes public policies that are sovereign domains of nations. Its rules are applicable to all of cyberspace. These relate to copyrights, IPRs, privacy, content regulation, human rights, legal cooperation in cybercrimes, domain names and spam. So, for the past 17 years, the status quo continues with USG supremacy over the Internet, and the UN and IGF have not been able to make a difference.

Then the Snowden affair occurred in June 2013 through Greenwald’s reports in The Guardian and the New York Times. In addition to privacy violations of global citizens in the name of counterterrorism, cases of economic espionage—e.g. Petrobras of Brazil—were revealed by the NSA, even though the U.S. official stance is that it does not engage in economic espionage. USG was on the backfoot for a while. But it soon recovered. Suddenly, the media reported on October 7, 2013 that ICANN along with other Internet governance organizations like the Internet Architecture Board (IAB), Internet Society (ISOC), and Internet Engineering Task Force (IETF), and W3C unilaterally called for removal of USG oversight, and to globalize ICANN for democratic participation of other countries—to avoid fragmentation of the Internet. In the next few days, the CEO of ICANN met the Brazilian President to convene a joint conference on the Future of Internet Governance in Sao Paulo on April 23-24, 2014, named NETmundial, to discuss ways to end the unilateral oversight and control of ICANN by USG, and to make it accountable to a select group of governments. It would also find ways to limit surveillance, and avoid fragmentation of the Internet. Internet Governance principles and a roadmap for the future evolution of the Internet Governance Ecosystem were to be discussed. 

It is against this background that the outcome of NETmundial should be to be evaluated. The outcome document is a reiteration of the well-known principles that the USG and ICANN have been promoting, namely human rights with freedom of expression, privacy, and freedom of access to information. These dominated much of the conference, with known divergence of views from different groups since all of these have certain bearing on the political establishment of countries. Other principles to promote innovation and commerce for the growth of economies, such as protection of intermediaries, security and stability of the Internet, and its continued unified nature through standards, were also repeated. The document reaffirmed the multi-stakeholder model of governance, attempting to define it as “open, participative, consensus driven governance: The development of international Internet-related public policies and Internet governance arrangements should enable the full and balanced participation of all stakeholders from around the globe, and made by consensus, to the extent possible.” Presently it is ICANN, which makes these policies. How will change happen? 

The document also provides guidance that “stakeholder representatives appointed to multi-stakeholder Internet governance processes should be selected through open, democratic and transparent processes. Different stakeholder groups should self-manage their processes based on inclusive, publicly known, well defined and accountable mechanisms.” But then in the run up to this conference, ICANN itself did not follow this principle. It picked and chose leaders from academia, civil society, industry, etc., as was the case on civil society member from India, even though it does acknowledge that national, multi-stakeholder bodies should pick their representatives.

To make institutional improvements in IG, the document underlines transparency, accountability and inclusiveness. It seeks to retain IGF in its present form, but with assured funds. It commends the USG declaration to transition stewardship of IANA functions to the global Internet community, with “focus on maintaining the security and stability of the Internet, empowering the principle of equal participation among all stakeholder groups and striving towards a completed transition by September 2015.” 

The expectation is that “The process of globalization of ICANN speeds up leading to a truly international and global organization serving the public interest with clearly implementable and verifiable accountability and transparency mechanisms that satisfy requirements from both internal stakeholders and the global community.” But how can ICANN become both international and global? Why are “internal stakeholders and global community’ separate when it is ‘1Net’”—the term ICANN uses to host Internet governance discussions? Is it because the former includes USG?

Finally, the most contentious issue of surveillance that led to USG announcement and Brazil agreeing with ICANN to host NETmundial is left to the international fora: “Mass and arbitrary surveillance undermines trust in the Internet and trust in the Internet governance ecosystem. Collection and processing of personal data by state and non-state actors should be conducted in accordance with international human rights law. More dialogue is needed on this topic at the international level using forums like the Human Rights Council and IGF aiming to develop a common understanding on all the related aspects.” It must be recalled that the UN had set up a Group of Government Experts (GGE) in 2001, to review existing and potential threats in the field of international information security and telecommunications systems. GGE took 12 years to arrive at a consensus that includes the following:

  1. Existing international law applies to cyberspace: applicable to Critical Infrastructure Protection too;
  2. States’ rights and human rights go together; non-state actors not be used by states;
  3. Capacity building, for example U.S.-Russia CERTs cooperation, and transparency.

It is clearly UN GGE, not IGF, that is the rightful place for this.

Roles and responsibilities of stakeholders, jurisdiction issues and principles like net neutrality have been left to future workshops. Clearly precious little has been achieved. The “internal stakeholders” had the draft outcome ready even before NETmundial got underway. Suggestions made in over 200 submissions were not taken aboard, including the following two made by the author:

  1. Technical operations could be separated from public policy making in ICANN as proposed by Milton Mueller. Since no government above ICANN anymore, ICANN should be replaced by a new entity, say IGO (Internet Governance Organization—to rhyme with WTO). IGO has to be a neutral body under international laws (not subject to US laws as ICANN is). It may be a multistakeholder body, whose job is to adopt technical standards (recommended by IAB, IETF, W3C, etc.), approve gTLDs, coordinate with RIRs on names and address space, oversee security of DNS and root servers. Above all, it’ll make public policies on all matters concerning countries. IGO Board of Directors or Governors will have government representatives, technical experts, academia, and civil society—in true multistakeholder spirit. IGO will be the supreme IG body in the world for ensuring 1Net that is unfragmented, secure, and stable.
  2. Jurisdiction issues and how they relate to Internet governance is very critical, since if left unaddressed by IGO, it’ll continue to lead to simmering undercurrents leading to avoidable conflicts, because of different perspectives on content regulation, privacy violation, IPRs, and related issues. At the very least, mechanisms involving governments and private sector be created to study these in timebound manner.

The Indian government stuck to its position of multilateral governance of the Internet, with participation of multi-stakeholders in their respective roles as declared in the Tunis Agenda. It said that chair’s summarization of the conference, and not the outcome document, would be the best outcome of NETmundial. There were issues with content, definitions and language used in the draft, and on most issues, unanimous agreement of stakeholders was found missing. India bought more time to discuss the matter with intergovernmental and nongovernmental stakeholders back home before “endorsing” the final outcome document. 

Russian and Cuba denounced the NETmundial outcome document straightaway. The Russians said that many comments submitted by their government were not taken into consideration while designing the final document, since they were not consistent with what the drafting team had prepared. 

Representatives of China, while highlighting the current state of the Internet in China in terms of number of users, and websites, expressed its concerns about Internet governance, which according to them should be in accordance with the UN resolution, as well as international relationship principles. This governance should respect national sovereignty within the Internet community, and every country should make their own decisions based on their own situation. They also emphasized that rights people have offline must be protected online. All rights need to follow the national laws; otherwise, there would be a conflict between offline and online activities. 

Final reflections, With more people going online from developing countries, which have very different cultures and economic structures, respect for cultural diversity, especially the sovereign rights of states, should be reflected in Internet governance. Netizens’ privacy rights must be respected by every nation and be protected under national and international laws. 

Through NETmundial, Brazil set out to resolve the global surveillance of the Internet to protect the privacy rights of individuals, and to address the issues of political and economic espionage. What was the outcome? Surveillance has been referred to other forums for discussion. Jurisdiction issues, too, have been put on the backburner. Human rights issues dominated the conference, whether by accident or by design. Internationalization of ICANN, globalization of IANA functions have been left unaddressed. ICANN continues to be in the same form—a California registered company, subject to U.S. laws, with the same board, with the same accountability. In the meantime, USG announced that transition of IANA functions be completed by September 2015, to a global multi-stakeholder body. But if such a body is multilateral, USG will not cede control. ICANN in its present form is preparing the ground to claim that position, without talking about any structural change.

Has Brazil achieved anything on surveillance from this conference? Can we expect transformation of ICANN to IGO?