Internet Governance & ICANN

In her UN General Assembly speech denouncing NSA surveillance, Brazil’s President Dilma Rousseff said:

Information and communications technologies cannot be the new battlefield between States. Time is ripe to create the conditions to prevent cyberspace from being used as a weapon of war, through espionage, sabotage, and attacks against systems and infrastructure of other countries. … For this reason, Brazil will present proposals for the establishment of a civilian multilateral framework for the governance and use of the Internet and to ensure the protection of data that travels through the web.

We share her outrage at mass surveillance. We share her opposition to the militarization of the Internet. We share her concern for privacy.

But when President Rousseff proposes to solve these problems by means of a “multilateral framework for the governance and use of the Internet,” she reveals a fundamental flaw in her thinking. It is a flaw shared by many in civil society.

You cannot control militaries, espionage and arms races by “governing the Internet.” Cyberspace is one of many aspects of military competition. Unless one eliminates or dramatically diminishes political and military competition among sovereign states, states will continue to spy, break into things, and engage in conflict when it suits their interests. Cyber conflict is no exception.

Rousseff is mixing apples and oranges. If you want to control militaries and espionage, then regulate arms, militaries and espionage – not “the Internet.”

This confusion is potentially dangerous. If the NSA outrages feed into a call for global Internet governance, and this governance focuses on critical Internet resources and the production and use of Internet-enabled services by civil society and the private sector, as it inevitably will, we are certain to get lots of governance of the Internet, and very little governance of espionage, militaries, and cyber arms.

In other words, Dilma’s “civilian multilateral framework for the governance and use of the Internet” is only going to regulate us – the civilian users and private sector producers of Internet products and services. It will not control the NSA, the Chinese Peoples Liberation Army, the Russian FSB or the British GCHQ.

Realism in international relations theory is based on the view that the international system is anarchic. This does not mean that it is chaotic, but simply that the system is composed of independent states and there is no central authority capable of coercing all of them into following rules. The other key tenet of realism is that the primary goal of states in the international system is their own survival.

It follows that the only way one state can compel another state to do anything is through some form of coercion, such as war, a credible threat of war, or economic sanctions. And the only time states agree to cooperate to set and enforce rules, is when it is in their self-interest to do so. Thus, when sovereign states come together to agree to regulate things internationally, their priorities will always be to:

  • Preserve or enlarge their own power relative to other states; and
  • Ensure that the regulations are designed to bring under control those aspects of civil society and business that might undermine or threaten their power.

Any other benefits, such as privacy for users or freedom of expression, will be secondary concerns. That’s just the way it is in international relations. Asking states to prevent cyberspace from being used as a weapon of war is like asking foxes to guard henhouses.

That’s one reason why it is so essential that these conferences be fully open to non-state actors, and that they not be organized around national representation.

Let’s think twice about linking the NSA reaction too strongly to Internet governance. There is some linkage, of course. The NSA revelations should remind us to be realist in our approach to Internet governance. This means recognizing that all states will approach Internet regulation with their own survival and power uppermost in their agenda; it also means that any single state cannot be trusted as a neutral steward of the global Internet but will inevitably use its position to benefit itself. These implications of the Snowden revelations need to be recognized. But let us not confuse NSA regulation with Internet regulation.

The forum has largely been overtaken by discussion of ICANN’s move to organize a new Internet governance coalition. ICANN representatives have had both open- and closed-door meetings to push the proposal, but there are still many questions that have not been adequately answered.

One important question is about the private discussions that have led to this. The I-stars came out at least nominally aligned on this issue, though there is speculation that they are not all totally unified. Over drinks, I mentioned to an ICANN board member that it rubs a lot of people in civil society the wrong way that the I-stars seem to have coordinated on this in private. He replied that I was probably assuming too much about the level of coordination. If that’s the case, then I wonder if we will hear more from the other I-stars about their level of support for ICANN’s machinations.

More basically, we still don’t know much about the Rio non-summit. It will be in Rio, it will be in May, there will be some sort of output document. But we don’t know the agenda, or the agenda-setting process, or even the process for setting an agenda-setting process.

And strategically, we don’t know how the Brazil meeting is going to affect all of the other parts of the take-over-the-Internet industry in the coming year. The CWG-Internet happens next month, and they will take up Brazil’s proposal from the WTPF. But since Brazil is positioning itself as a leader in this new process (and aligned with ICANN now), what will they try to get at the CWG? WTDC is in March-April. And of course the Plenipot will be in the fall next year. If the Brazil summit is perceived to have failed in any sense, will that make the battle at Plenipot even more intense?

Also, whose idea was it to have a gala without alcohol?

IGF Day 2: The Coalition

by on October 23, 2013 · 0 comments

As expected, today at 1pm there was a packed, off-the-books meeting facilitated by the “I-star” organizations (ICANN, ISOC, IETF, and a bunch of groups that don’t begin with I). The purpose of the meeting was to build support for a new Internet governance “coalition.” The argument is that because of the NSA’s global surveillance programs, the US is losing support for its perceived leadership on Internet governance. In order to avoid greater governmental or intergovernmental intrusion into the Internet, the technical community, as signaled in the Montevideo statement, must go on the offensive and create an alternative to such intrusion.

This argument is controversial, to say the least. To what extent does the “offensive” entail creating a top-down institution to deal with Internet policy issues? Neither the technical community nor civil society wants government to be in charge of the Internet, but the technical community (especially ICANN) seems much more comfortable with top-down non-governmental control. I worry that ICANN is going to become increasingly government-like. In any case, we are witnessing a small but historic rift between civil society and the technical community, which have always been on the same side in the war to keep governments off the Internet.

Even if ICANN’s argument makes a kind of sense, it may be reckless to pursue it in the proposed way. It’s now looking like there will be a don’t-call-it-a-summit in Rio in early May, hosted by the Brazilian government, to discuss these issues. Even if ICANN has good reason to believe that Brazil is negotiating in good faith, there is always the possibility that Brazil gets what it wants in the end. They are not likely to just roll over.

I’m open to the idea that we need an affirmative answer to the question of Internet policy institutions. But I’d feel a lot more comfortable if such institutions evolved bottom-up rather than emerging from a grand push, organized secretly by some members of the technical community, to create an alternative. Hopefully with the creation of the new coalition mailing list, everything can be done out in the open from here on out.

Day 1 of the Internet Governance Forum is in the books, and everyone is talking about what will happen on Day 2. Brazil recently announced that it will host a meeting on Internet governance in April. Tomorrow, ICANN is hosting a meeting at 1pm to explain how the April meeting will work.

Everyone that I’ve talked to in the hallways has brought up the meeting in April. No one is quite sure what to expect.

On one hand, Brazil has been part of the coalition that is pushing to do more Internet governance at the ITU. On the other hand, ICANN seems to be a willing participant in Brazil’s scheme. The recent “Montevideo Statement,” issued by various Internet organizations, called for globalizing the IANA function, which means at a minimum removing the US’s special role of maintaining the domain name system’s root zone file.

ICANN wants independence from the US government, and Brazil wants ICANN to be independent from the US government (and possibly dependent on the ITU), so this makes them allies for now.

Bizarrely, NSA surveillance continues to be cited as a reason for Brazil’s actions, although of course the IANA function has nothing to do with surveillance. The IANA issue is mostly about status. Other governments seem to feel slighted by the US’s control of the root zone file.

In any case, tomorrow we may know slightly more about ICANN and Brazil’s schemes.

Last month, I wrote at The Guardian that NSA surveillance is harming our Internet freedom efforts. Now we have tangible evidence of that. Speaking at the UN Human Rights Council on behalf of Cuba, Venezuela, Zimbabwe, Uganda, Ecuador, Russia, Indonesia, Bolivia, Iran, and China, Pakistan delivered the following statement (video, starts around 52:25). Pay special attention to the last two paragraphs: Continue reading →

Over on Forbes today, I have a very long post inspired by Monday’s oral arguments in Verizon’s challenge of the FCC’s Open Internet rules, passed in 2010

I say “inspired” because the post has nothing to say about the oral arguments which, in any case, I did not attend.  Mainstream journalists can’t resist the temptation to try to read into the questions asked or the mood of the judges some indication of how the decision will come out

But as anyone who has ever worked in a court or followed appellate practice  well knows, the tone of oral arguments signals nothing about a judge’s point-of-view.  Often, the harshest questioning is reserved for the side a judge is leaning towards supporting, perhaps because the briefs filed were inadequate.  Bad briefs create more work for the judge and her clerks.

I use the occasion of the hearing to take a fresh look at the net neutrality “debate,” which has been on-going since at least 2005, when I first started paying attention to it.  In particular, I try to disentangle the political term “net neutrality” (undefined and, indeed, not even used in the 2010 Open Internet order) from the engineering principles of packet routing. Continue reading →

Electronic Silk Road book coverAs I’ve noted before, I didn’t start my professional life in the early 1990s as a tech policy wonk. My real passion 20 years ago was free trade policy. Unfortunately for me, as my boss rudely informed me at the time, the world was already brimming with aspiring trade analysts and probably didn’t need another. This was the time of NAFTA and WTO negotiations and seemingly everybody was lining up to get into the world of trade policy during that period.

And so, while I was finishing a master’s degree with trade theory applications and patiently hoping for opportunities to open up, I decided to take what I thought was going to be a brief detour into the strange new world of the Internet and information technology policy. Of course, I never looked backed. I was hooked on Net policy from Day 1.  But I never stopped caring about trade theory and I have always remained passionate about the essential role that free trade plays in expanding commerce, improving human welfare, and facilitating more peaceful interactions among the diverse cultures and countries of this planet.

I only tell you this part of my own backstory so that you understand why I was so excited to receive a copy of Anupam Chander’s new book, The Electronic Silk Road: How the Web Binds the World Together in Commerce. Chander’s book weaves together trade theory and modern information technology policy issues. His over-arching goal is to sketch out and defend “a middle ground between isolation and unregulated trade, embracing free trade and also its regulation.” (p. 209) Continue reading →

On Sunday, the New York Times ran a story by Natasha Singer on the ongoing generic top-level domain (gTLD) expansion. Singer correctly notes that there is a great deal of skepticism that the new gTLDs will add social value. After all, what is the social value of .book when there is already .book.com?

Singer also raises cultural, expression, and competition concerns:

There’s a larger issue at stake, however. Advocates of Internet freedom contend that such an expanded address system effectively places online control over powerful commercial and cultural interests in the hands of individual companies, challenging the very idea of an open Internet. Existing generic domains, like .net and .com, overseen by Verisign Inc., a domain registry, have an open-use policy; that means consumers can buy domain names ending in .com directly from retail registrars like GoDaddy. With a new crop of applicants, however, Icann initially accepted proposals for closed or restricted generic domains, a practice that could limit competing views and businesses.

It’s true that there is concern over “closed generics,” but I think there is a deeper problem than anti-competitiveness that could emerge from TLD expansion. Continue reading →

ICANN is meeting in Durban, South Africa this week, and this morning, its Governmental Advisory Committee, which goes by the delightfully onomatopoetic acronym GAC, announced its official objection to the .amazon top-level domain name, which was set to go to Amazon, the online purveyor of books and everything else. Domain Incite reports:

The objection came at the behest of Brazil and other Latin American countries that claim rights to Amazon as a geographic term, and follows failed attempts by Amazon to reach agreement.

Brazil was able to achieve consensus in the GAC because the United States, which refused to agree to the objection three months ago in Beijing, had decided to keep mum this time around.

The objection will be forwarded to the ICANN board in the GAC’s Durban communique later in the week, after which the board will have a presumption that the .amazon application should be rejected.

The board could overrule the GAC, but it seems unlikely.

This is a loss for anything resembling rule of law on the Internet. There are rules for applying for new generic TLDs, and the rules specifically say which geographic terms are protected. Basically, anything on this list, known as ISO 3166-1 is verboten. But “Amazon” is not on that list, nor is “Patagonia;” .patagonia was recently withdrawn. Amazon and Patagonia followed the rules and won their respective gTLDs fair and square.

The US’s decision to appease other countries by remaining silent is a mistake. The idea of diplomacy is to get countries to like you so that you can get what you want on policy, not to give up what is right on policy so that other countries will like you. I agree with Milton Mueller, whose bottom line is:

What is at stake here is far more important than the interests of Amazon, Inc. and Patagonia, Inc. What’s really at stake is whether the Internet is free of pointless constraints and petty political objections; whether governments can abuse the ICANN process to create rights and powers for themselves without any international legislative process subject to democratic and judicial checks and balances; whether the alternative governance model that ICANN was supposed to represent is real; whether domain name policy is made through an open, bottom-up consensus or top-down by states; whether the use of words or names on the Internet is subject to arbitrary objections from politicians globalizing their local prejudices.

Black Code coverRonald J. Deibert is the director of The Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the author of an important new book, Black Code: Inside the Battle for Cyberspace, an in-depth look at the growing insecurity of the Internet. Specifically, Deibert’s book is a meticulous examination of the “malicious threats that are growing from the inside out” and which “threaten to destroy the fragile ecosystem we have come to take for granted.” (p. 14) It is also a remarkably timely book in light of the recent revelations about NSA surveillance and how it is being facilitated with the assistance of various tech and telecom giants.

The clear and colloquial tone that Deibert employs in the text helps make arcane Internet security issues interesting and accessible. Indeed, some chapters of the book almost feel like they were pulled from the pages of techno-thriller, complete with villainous characters, unexpected plot twists, and shocking conclusions. “Cyber crime has become one of the world’s largest growth businesses,” Deibert notes (p. 144) and his chapters focus on many prominent recent examples, including cyber-crime syndicates like Koobface, government cyber-spying schemes like GhostNet, state-sanctioned sabotage like Stuxnet, and the vexing issue of zero-day exploit sales.

Deibert is uniquely qualified to narrate this tale not just because he is a gifted story-teller but also because he has had a front row seat in the unfolding play that we might refer to as “How Cyberspace Grew Less Secure.” Continue reading →