The future design of the United Nations Internet Governance Forum (IGF), the role of the UN International Telecommunication Union (ITU) in internet governance and the ability of the Internet Corporation for Assigned Names and Numbers to resolve issues from new generic top-level domains to further internationalisation – these are the top policy issues in internet governance in 2010 and they are all linked to the question of how many governments and how much “multi-stakeholderism“ effective internet governance needs.

The self-regulatory approach adhered to by the internet technical community might have been too optimistic in some regards, for example net neutrality or cybercrime issues, said internet governance expert Jeanette Hofmann from the Wissenschaftszentrum Berlin and member of the Internet Governance Project. But will this lead to a backlash against the more multi-stakeholder institutions like the IGF or ICANN?

For network neutrality, regulatory steps seem necessary, Hofmann said to Intellectual Property Watch about the big issues ahead. The same is true with regard to cybercrime, she said. “All this private blacklisting was pretty awful,” she said. Yet while she expects that competition between more private style governance approaches versus more public oversight approaches will continue for years, she sees the governance framework developing toward some relatively well accepted criteria. “Transparency, participation, accountability and legitimacy seems to be what will substitute for national regulatory approaches,” said Hofmann.

Future of the IGF

The future design of the IGF to be developed before the forum’s next meeting in Vilnius, Lithuania (14-17 September) that will end the first five-year mandate of the experimental UN body might give a hint about the current state of the play, said Hofmann. “Is the IGF allowed to stay as it is, heavily driven by private stakeholders, or will it be made a much more governmental institution?”

A lot of strings are being pulled behind the scenes with regard to possible changes for the IGF 2.0, say experts and observers including Hofmann. Even how and by which UN bodies (the Economic and Social Council (ECOSOC), Committee on Science and Technology Development (CSTD) or the plenary) the reform should be developed is under intensive debate. Hofmann warns that a more bureaucratic structure might result in freezing further development of the body as a whole and “everybody labels standstill as failure,” she said.

Proposals for organisational changes to the IGF model range from mere cosmetic to not-budget-neutral ones, according to IGF Secretary Markus Kummer, who said that some countries would prefer to align IGF procedures much more with regular UN procedures. “One idea is to structure the IGF alongside the G77 model used for the World Summit on the Information Society (WSIS), setting up bureaus for governments, business and civil society respectively,” he said. The current Membership Advisory Committee (MAG) integrates all stakeholders groups in a more informal way.

China has recommended a more official “bureau” to organise the IGF, while the European Union and the United States want to keep the more lightweight secretariat, managed by Swiss diplomat Kummer and one additional employee.

One of the non-budget-neutral proposals came from the normally rather quiet one-man German IGF delegation who recommended setting up a database collecting internet governance best practices. Such a database might serve as a reference output, while at the same time avoiding the much more authoritative “messages from the IGF” that some governments like Brazil would like to see.

ITU – Bigger Role in Governance Wished by Some

A year ago, the ITU secretary general was highly critical of the IGF, pointing to deficiencies with resolving the dispute about core internet resources – domain names, IP addresses and the system of central root servers on the domain name system (DNS). This year, the organisation did not call into question the extension of the IGF mandate, but instead in a paper to the UN secretary general for his report on what is called “enhanced cooperation” to ECOSOC recommended itself once more for a bigger role in the internet governance arena.

As the organisation is preparing for the 2010 ITU Plenipotentiary Meeting in [note: meeting location moved] Guadalajara, Mexico (4-22 October) the ambitions while not new deserve a closer look. The plenipotentiary is the main decision-making conference of the ITU, taking place once every four years. The 2006 plenipotentiary in Antalya, Turkey, paved the way for more involvement in internet governance, so the 2010 plenipotentiary might see another round of discussions between member states that want the ITU to do more and those who want it to keep to its original task that is more focused on the classical telecommunications industry.

That the ITU has an appetite for additional tasks has been made clear in the summary contained in the ECOSOC report and has already led to discussions between the secretariat and member states, said one ITU expert. “An improved governance framework could be formed within which all countries would have an equal say in internet-related public policy issues and in the management of critical internet resources,” read the summary of ITU comments in the UN secretary general’s report. “An intergovernmental organisation such as the [ITU] … could play a leading role in the creation of such a governance structure.”

The ITU ECOSOC report summary lists the management of the cryptographically signed root zone of the domain name system – currently underway under the aegis of ICANN and US company VeriSign – the management of generic top-level domains (gTLDs like .com), and the management of internationalised country-code TLDs (IDN ccTLDs) as issues to be dealt with by an “intergovernmental body.” ITU representatives and consultants in addition have at a recent ITU Council meeting been pushing for the set-up of an alternative registry for next generation internet (IPv6) addresses at the ITU.

The plenipotentiary also might talk about a proposal on a “Global Protocol on Cybersecurity and Cybercrime” presented by the chair of the ITU High Level Experts Group (HLEG) on Cybercrime, Norwegian Chief Judge Stein Schjolberg, during the IGF. A convention or a protocol at the UN level on this issue should be a “global proposal for the 2010s,” Schjolberg wrote in the preface to the document. He recommends a “combined initiative” by “organisations such as United Nations Office of Drugs and Crime (UNODC) and the ITU.”

Institutional Competition Will Go On for Years

The big appetite of the ITU is eyed with some suspicion by other international organisations and intergovernmental organisations. At the Council of Europe, Alexander Seger, who also is a member of the ITU HLEG said to Intellectual Property Watch that the UN Crime Congress in April might look into the issue, yet the European Union in its new Stockholm Programme on Freedom and Security had just committed itself once more to the Council of Europe Convention on Cybercrime as a global standard.

“In my opinion, it makes sense to first look into implementing existing legal instruments, instead of developing a new one of which you do not now how it might look in the end,” said Seger. New negotiations might delay implementation of legal measures in many countries and also divert resources for implementation, not the least in developing countries, he said.

The Council of Europe, too, wants to step up its work on internet governance not only by putting resources into taking over a permanent secretariat role for the EuroDig, the European regional IGF movement, that will have its meeting in Madrid (29-30 April). According to Lee Hibbard from the Council’s Media and Information Society Division, the experts in Strasbourg are preparing a more coordinated approach to internet governance issues inside the Council, but also in the IGF regional and global forum discussions. In an interview, he described a more “holistic approach,” for example with regard to cybercrime, data protection and freedom of expression.

The Council also would work on critical internet resources, namely from the human rights perspective. “Cross-border aspects of freedom of expression,” said Hibbard, are on the Council’s agenda, and even a protocol like IPv6 that could hamper access for a country without IPv6 connection is seen as more than a technical issue. Privacy in sensor networks, cloud computing or social networks also are among issues that rank high on the wider internet governance agenda, he said. The Council of Europe, according to Hibbard, hopes to finish a Council Recommendation on Profiling during the year; a fifth draft version is already under discussion.

Meanwhile, the Organisation for Economic Co-operation and Development (OECD) this year celebrates the 30th year anniversary of its “Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.” There will be several meetings to look back on the last decade and changes in privacy protection, said Sacha Wunsch-Vincent at the OECD in Paris.

At the OECD, top issues include: the “smart recovery” from the economic crisis, green IT, sensor-based networks and ongoing analytical work on intermediaries, and the contribution of the internet and related ICTs as a driver of innovation as commissioned by the 2008 Seoul Declaration on the Future of the Internet were top issues, Wunsch-Vincent said. The Seoul Declaration will be revisited in 2011, he said. The OECD has been quickest with regard to adapting to the multi-stakeholder model by opening up a new Civil Society Information Society Council for the Seoul Declaration.

Alas ICANN!

Much of the IGF and multi-stakeholder development originates in the narrower battle around the Internet Corporation for Assigned Names and Numbers which again has a bumpy road ahead of it for 2010 with meetings in Nairobi in March, Brussels in July and Latin America at the end of the year.

ICANN, the global, private, but US-overseen domain-name system manager, made a little step forward answering to longstanding complaints about the privileged US oversight of its work. It got rid of the Joint Project Agreement in 2009 after more than ten years of extended contracts to the US government, and replaced it with an “Affirmation of Commitments” (AoC).

Public consultation about how four review teams will be composed and selected by the ICANN Board chair/CEO and the ICANN Government Advisory Committee (GAC) chair started immediately before the New Year. The first review has to be finalised by the end of 2010 and checks on ICANN’s status in “ensuring accountability, transparency and the interests of global internet users.” This is the one review team where the US administration kept a special seat under the AoC. The reviews on security, stability and resiliency, on promoting competition, consumer trust and consumer choice, and on the much-debated and privacy-related Whois policy will follow with review teams bringing together six to eight people from the various ICANN constituencies.

Yet governments on other continents well mentioned at the late 2009 IGF in Sharm El Sheikh, Egypt, that while they welcomed the AoC they saw room for further internationalisation. The US administration’s role in controlling the function currently undertaken by ICANN through the Internet Assigned Numbers Authority (IANA) secures US control over the root system, the core infrastructure of the DNS. IGF Secretary Kummer said that the IANA question might become a “hot topic” in 2010 as signalled, for example, by a statement by the Egyptian Communication Minister during the IGF. On the other hand, experts expect that there is not a lot of leeway to let go of the root on the side of the US Department of Commerce despite the change of government.

ICANN has ample opportunity, too, to get in more trouble this year. After years of discussion, it seemed so close to finalising the procedure for introducing new generic domains last year. But currently aspirants calculate it might be 2012 before they even can apply for these. While ICANN is hardly to blame for the push by the US government and the technical community to first introduce the new more secure DNS security extensions signatures to the root zone – the start of serving the longer, signed zone from the first root server has just been postponed for two more weeks – the just published proposal about a pre-application process called “expression of interest” looks somewhat unfriendly to less developed countries or smaller TLD applicants.

Kieren McCarthy, who has left ICANN as a communications manager, commented on ICANN’s public participation site: “The logic of making it compulsory for people to sign up to a process before that process’s own rules have been finalised is also questionable. Expressions of interest should not be compulsory for the first round of new gTLDs.” McCarthy also criticised the application fee for the expressions of interest of US$55,000 dollars, which is the non-refundable part of the later application fee of US$185,000, calling it “a self-selection exercise within the existing ICANN community.” ICANN has a “duty to look beyond the few thousand individuals, companies and organisations it frequently interacts with and serve the broader internet,” he said.

Trademark owners, many of whom complained during the last year about a too broad opening of the domain name space, might push to get the bar even higher. For ICANN, it will be difficult to please them all: the only question is from whom they have most to fear.