Year Ahead In Internet Governance: Where The Internet Stewards Will Go In 2016

Transitioning of the Internet Assigned Numbers Authority (IANA) out of the United States government – or not – is the top issue of a narrower internet governance community in 2016. Yet looming behind the many high-level government events are some more controversial topics that are attracting a wider set of stakeholders: the unresolved issues of privacy, free flow of data, surveillance and encryption, as well as the security or rather insecurity of a space of networked machines, including military machines.

Hopefully more than an empty bus stop in Straßbourg, France – the seat of the European Council of Human Rights

With the 10-year review of the UN-led World Summit on the Information Society (WSIS+10) and a ten-year extension for the Internet Governance Forum in the books, you might think 2016 would be a quiet year in internet governance. Go ask German lawyer Thomas Rickert (Eco Association), his Mexican colleague Leon Sanchez, and French Afnic Registry boss Matthieu Weill. They will very much disagree, and so will others.

Rickert and Weill chair the Cross-Constituency Working Group on Enhancing Accountability (CCWG) of the Internet Corporation for Assigned Names and Numbers (ICANN).

[Update:] The group just finalised the last piece in a set of proposals to allow for the transition of the Internet Assigned Numbers Authority (IANA) into the hands of ICANN. IANA manages the central databases for domain names, IP (internet protocol) addresses and protocol numbers and has despite its relatively narrow functions been the symbol of a prolonged privileged oversight role over the network.

Still Underway: the IANA transition

The main question for 2016 is: will the ICANN community and the US administration and Congress get the IANA transition done? The issue will be on the agenda of many if not all IG-related events throughout the year.

The current status quo still does not allow a prognosis of whether this chapter in internet governance history will be closed for good. Every time the CCWG has announced its last draft report, someone has come along with additional requests, with the latest intervention mainly due to concerns from the ICANN Board of Directors about powers for the community to fire the Board and about the inclusion of a general commitment to “human rights” in the ICANN Bylaws.

The upcoming Marrakesh meeting (5-10 March), the first of the three regular meetings for 2016 (Panama City, 27-30 June, San Juan, Puerto Rico, 27 October – 4 November), could indicate if the ICANN community will make it. Further delay could shift the US government decision too deep into the US presidential election campaign year.

Once the Board has sent on the final accountability proposal together with the earlier finished basic proposal by the IANA Stewardship Transition Coordination Group, the National Telecommunications and Information Association (NTIA), the White House and Congress have to finally sign off the deal to make it happen.

If the transition fails for now, there could be another window of opportunity later, according to Rickert. Yet others warn that failure would restart challenges to the multi-stakeholder concept in general, and to ICANN in particular. Finally, there are those who think the importance of the transition might be overblown or that ICANN should focus more on working on the next round of new generic top-level domains (gTLDs, like .com).

Privacy Shields, Data Flows and Trade Negotiations

Internet governance – a work in progress just like the street in
front of the headquarters of the Council of Europe in Strasbourg, during
a conference on freedom of expression

From an operational or business point of view, internet service providers as well as other cross-border active companies might look more towards a solution to the “safe harbour” problem (allowing for easy transfers of personal data from the EU to the US). To a large part, a result of the Snowden revelations about mass surveillance by the NSA (US National Security Agency) and other spy agencies, the Safe Harbour Agreement annulment by the European Court of Justice put an end to the longstanding easy track for transatlantic data transfers.

Now the European Commission and the Article 29 Working Group of European Data Protection officers have to come up with a follow-up solution. The discussions about the so-called Privacy Shield, presented recently by the European Commission, are expected for much of 2016, starting with an extraordinary meeting of the Article 29 WG on 1 April.

The potential safe harbour follow-up will be on the agenda of most if not all privacy-related conferences, like the Annual International Conference of Data Protection & Privacy Officers (who also list some of the more important privacy related conferences throughout the year, here: https://icdppc.org/news-events/events-calendar/).

The tensions between privacy and privacy enforcement on one side, and the seemingly inevitable free flow of data in the global economy on the other side, will also be addressed during the 2016 Ministerial Conference of the Organization of Economic Cooperation and Development.

The OECD has authored several soft law instruments on privacy and internet governance in the past. Its June ministerial in Cancun, Mexico, is dedicated to “Digital Economy: Innovation, Growth and Social Prosperity” and includes panels like “Co-operation in managing digital security and privacy risk.”

There were, OECD Policy Adviser Josie Brocca said at the Domain Pulse conference in Lausanne recently, “some legitimate reasons why some countries would close some parts of their networks.”

The trend to have the free flow of data secured – against blocking or censoring or against commercial or security-related localisation concepts – in bilateral and multilateral trade agreements has become a major trend after localisation became more fashionable in the wake of the Snowden revelations.

More and more, the bilateral and plurilateral trade agenda is attracting the attention therefore of the internet governance community as well. The idea of a negotiations on digital trade at the World Trade Organisation (WTO) was mentioned at the beginning of the year by European Trade Commissioner Cecilia Malmstroem.

The Battle over Encryption

One big battle that will be fought prominently in the general internet governance events this year including the 11th Internet Governance Forum expected to take place in Mexico in September and all its regional and national offshoots: how strong should encryption be and must the state be given the keys for criminal prosecution?

Triggered by statements of leading politicians in different countries, the request against broad possibilities for everybody to “go dark” is currently nurtured by representatives of law enforcement agencies – and the intelligence community from several countries, with the US and the United Kingdom statements illustrating best the fuzziness of the demands. Robert Hannigan, Director of the British Intelligence Agency Government Communications Headquarter (GCHQ), called complaints about a hunger of governments to destroy strong encryption “a myth.”

“We absolutely believe in it,” he called, “but the shared moral challenge is how to avoid the abuse of encryption by those who want us harm.” There is no easy answer how to do this, legislating to weaken encryption is not one, he said. Meanwhile, his US colleague James Clapper, director of national intelligence in the US, said talks with industry about a solution were underway.

US law enforcement, meanwhile, does not want to wait and has asked Apple to provide software to look at the iPhone of one of the terrorist attackers in San Bernardino, California. Apple, while probably part of the talks referred to by Clapper, rejected this request with great fanfare.

While intelligence and law enforcement looks to help from IT companies and standardisation organisations, the latter are considering adding more encryption and security to their protocols.

IETF meeting in Yokohama in November 2015, where the techies talk about how to deal with tld applications landing at their instead of icann’s doorstep – it is internet governance as done at a techie body

The meetings of the Internet Engineering Task Force (IETF, meeting three times in March, July and November around the globe) and the World Wide Web Consortium (which has its main meeting in April in Montreal, might allow for snapshots of conflicting interests, privacy, business models and also the public agencies interests.

The battle about more and better encryption and potential regulation about it will not only be a hot issue at specialised conferences, like for example the second Crypto Summit, organised by activist organisation Access, and at many of the long list of specialised cryptology conferences.

The panels proposed for the EuroDIG this year hosted by the European Commission in Brussels on 9-10 June, show that surveillance and fundamental rights will draw a lot of attention in internet governance meetings.

The fight before the European Court of Human Rights in Strasbourg, France might also be highly interesting: in 2016, there are five cases pending against intelligence legislation in the UK and France, with more possibly to be filed due to developments in the EU. (See a related Council of Europe post here.)

One major competition issue for the internet governance conferences will be “free basics” – also known as zero rating. The ban of Facebook’s free basic program by the Indian regulatory authorities certainly will fuel the discussion over what is more important: access for all or keeping the net neutral.

Cyberwar and Cyberpeace

With most of the described events being either multi-stakeholder, academic or activist-driven, what’s happening in multilateral fora tackling internet governance issues?

It looks like a rather quiet year from that angle, no stormy World Conference on International Telecommunication (WCIT) is on the agenda and the big decisions in the WSIS review have been cast. Yes, the UN International Telecommunication Union (ITU), together with the UN Educational, Scientific, and Cultural Organisation (UNESCO), UN Conference on Trade and Development (UNCTAD) and UN Development Programme (UNDP) are inviting participation in the annual WSIS Forum on 2 May in Geneva, and ITU has even allowed for contributions to the program, very much like the IGF does.

Yet a little under the radar still, there are two working groups at the UN tackling issues of internet governance, cybersecurity, as well as cyberwar and cyberpeace.

Based on the General Assembly decision (A/RES/70/125) last December the year 2016 will see a revival of the Working Group on Enhanced Cooperation, the unloved sister of the IGF, one could say.

Hungarian diplomat Peter Major, chairman of the UN Commission on Science and Technology for Development, started open consultations on the stakeholder model for the group.

While originally considered as a venue to allow governments to let off steam over the US unilateral oversight role of the IANA, that issue could fade away before the group gets the necessary final “go” from the UN Economic and Social Council (ECOSOC).

Cybersecurity issues – for example, potential talks about norms of behaviour of states with regard to cyberattacks – have made it onto governments’ agendas.

Potential agreements not to attack critical infrastructures could be discussed internationally, confirmed Christopher Painter, coordinator for cyber issues, US Department of State, at a Town Hall meeting on Trolls, Hackers and Extremists in Munich. Painter underlined that the cyberdipomatic initiatives for now are restricted to norms for “peace time.”

Alongside the WG on Enhanced Corporation (WGEC), another UN working group is on its way to talk about cyberstability or even cyberpeace.

Arvind Gupta, deputy national security advisor of the Indian government, at the opening of the “Asian Security Conference on ‘Securing Cyberspace: Asian and International Perspectives‘” in New Delhi (just a day before Painter spoke in Munich) reported on the UN Group of Governmental Experts (UNGGE). It had emphasised that classical principles of international law are also applicable in information and communications technology.

Now, a “debate has broken out whether intervention through cyber means in other countries’ networks, under certain circumstance, is justified or not,” said Gupta. The debate is sharp but so far inconclusive, said Gupta. The challenge before states now is “how to defend their critical, military and civilian infrastructure from destabilizing cyberattacks,” he said.

Ideas like cyber-deterrence and non-proliferation could be put on the agenda during an informal, five-day meeting (11-15 April) of the experts on lethal autonomous weapon systems (LAWS). Chaired by Germany, the meeting can submit a report to the fifth review conference of the “Convention on Certain Conventional Weapons.”

Fragmenting the Space

Internet governance by now is much more than ICANN and IANA and naturally the space attracting such a lot of interest gets more and more fragmented. Some of the less prominent offshoots of the internet governance circus, such as the Global Commission on Internet Governance did not announce anything for the year. The much-criticised NetMundial, a joint venture of the World Economic Forum (WEF) and departing ICANN President Fadi Chehadé who now will join the WEF, has to decide about its future, its members say. Meanwhile, the Global Conference on Cyberspace, once started in London, seems to have given up.

But another big regional player has filled in: China has started its version of a global internet governance event, opening invitations to its World Internet Conference. The first was held in 2014, the second in 2015 just as the UN High Level WSIS Review meeting in New York was underway, too. During its conference, Chinese President Xi Jinping presented China’s concept of “cybersovereignty”, and the country in its Shanghai Cooperation Council is pushing for a treaty on cybersecurity.

Given the multi-faceted nature of the space, Wolfgang Kleinwächter, well-known internet governance expert, said: “The internet just has no one phone number you can call, and there no one-stop shop for internet governance.”

Yet in a visionary call for caution, security guru Bruce Schneier called on the fractured communities to step up their act to start some planning for the future. It is not about net neutrality or access, but about how to deal with what he called a world-sized robot taking shape through the internet of things and integration of sensors, algorithms and networks. The world-sized robot that is taking shape ever faster needs the combined brains of all the human networks to be tackled.

Finally, a good general timeline on IG events for the year is available here.

Image Credits: Monika Ermert