Internet governance is reaching a crisis point. Internet-related public policies are being shaped by governments behind closed doors, sparking global street and online protests over agreements such as the Trans-Pacific Partnership Agreement (TPPA) and Anti-Counterfeiting Trade Agreement (ACTA). Other governments, excluded from these fora, are taking recourse to the International Telecommunications Union (ITU), or threatening to create their own Internet ghettos governed in a more closed, government-led process. States are using malware to wage cyber warfare, at the same time as the use of such malware by criminals is taken as justification for new incursions on personal freedoms. They are also putting forward new laws and regulations, such as SOPA and PIPA in the US and the Indian Internet Intermediary Guidelines, that seem to contradict their own public statements on Internet freedom, and could seriously impede global information flows.
Corporations, too, have been taking policy decisions without public oversight or accountability – such as the financial blockade against Wikileaks, and the three (or five) strikes agreements reached between ISPs and representatives of content owners. This is not to say that good decisions aren't also being made – for example, there has recently been a profusion of relatively good statements of Internet principles by various stakeholders, and companies such as Google and Twitter have adopted some good internal policies to hold governments and industry to account for their attacks on user privacy and freedom of expression. But these individual statements and policies hang unsupported by any common public policy framework that could help provide coherence across industry sectors and regions, as well as offering a standard for assessment and accountability.
The transnational (border-crossing) nature of the Internet demands that we have the ability to develop consistent global policies on issues that impact upon online rights and freedoms, and democracy demands that this be done in a manner that is inclusive of the individuals and transnational interest groups who are affected by those policies. Since neither the application of those policies nor the interest groups affected by them are neatly situated within national borders, governments alone cannot be the arbiters of these policies. But equally, by avoiding the imposition of a top-down intergovernmental solution (even if one existed, which it doesn't), we should not fall into the trap of accepting the status quo whereby governments and corporations alike develop their own public policies in an isolated and uncoordinated fashion, without reference to common standards of transparency, participation, or online norms grounded in human rights.
Whilst the problem of regulatory incoherence as described above is widely acknowledged, there is much lack of clarity about the solution. In fact there is little more than a two-word catchphrase, “enhanced cooperation”, coined at the World Summit on the Information Society (WSIS) in 2005 to describe what should be done to fill what its Working Group on Internet Governance (WGIG) described as “a vacuum within the context of existing structures, since there is no global multi-stakeholder forum to address Internet-related public policy issues. ” As a May 2012 consultation meeting on the topic made evident, this catchphrase means different things to different people, ranging from simply stronger efforts at cooperation between existing fora and stakeholders, through to the establishment of a new UN-based Committee on Internet Related Policies.
The latter option has sparked understandable (and probably insurmountable) fears, especially by the private sector, technical community, and OECD governments, but also by many ordinary Internet users. They fear firstly a governmental takeover of existing Internet governance functions of bodies such as ICANN and the IETF, that currently take place through private-sector and community-led processes, and with the light touch oversight of the US government. They also fear that outside of these technical areas, heavy-handed governmental regulation of Internet policy issues (particularly by repressive governments) would stifle or challenge the network's lightweight, adaptive and innovative nature.
But whilst these fears are not without basis, there is a growing acceptance that the former option – the status quo – will be no better over the long term. Joining academics, NGOs and development activists who have been saying the same thing for years, industry stakeholders too are now beginning to acknowledge that there needs to be some kind of new multi-stakeholder Internet public policy body as a counterpart to and complement for the technical bodies such as ICANN and the IETF. Analyst Paul Budde, for example, wrote last month on CircleID that such an “internet community organisation” could, if “properly funded and stocked with the right international people to manage what is needed to watch over internet governance,” be “an excellent partner in the broader community of international organisations”.
So, this is the key. A new organisation is needed, but none of them that are on the table right now. It shouldn't be based in the UN, shouldn't detract from the roles of ICANN and the IETF, and shouldn't stifle the net's open, organic and user-driven fundamentals. Following the WSIS process criteria, its operation should be transparent, participatory and inclusive. It should be able to develop (but not to enforce, since that is not the Internet way) statements of norms and principles to guide policy-makers along lines congruent with the rough consensus of all participating stakeholders, in areas where such consensus is possible. It should also be able to assess (again, in a non-binding way) the compliance of other policy processes with those norms and principles – for example, offering a standard against which the ACTA or TPPA negotiations could be judged.
Beyond developing and assessing compliance with these general high-level norms, it could also form working groups to address specific issues, such as the Internet-related parts of ACTA and the TPPA, as an alternative to the ad hoc intergovernmental-only negotiations on these issues as occurs at present. Another case example could be the development of online privacy principles to guide standards bodies such as the IETF and W3C in developing technical specifications. At the moment, these bodies, (and ICANN too, in respect of naming and numbering issues), are attempting to conduct their own public policy discussions, but by reason of the narrow participation that they draw from non-technical users, their success has been decidedly mixed. As well as issue-based working groups, the new organisation could form regional working groups, to address at a regional level issues that it is not practical or relevant to address more broadly.
What would the new organisation not do? Naturally, it would not take over the naming and numbering functions of ICANN. It would not even exercise oversight over those functions, since being a voluntary organisation, it could have no possible mandate to do so. It might recommend processes by which political oversight of ICANN's functions could be internationalised at some future time (and maybe possibly even suggest a role for itself in that transition), because that is certainly a public policy issue of considerable political importance to many stakeholders, that can't usefully be conducted within ICANN itself. But it would not have the power to actually make any changes to ICANN's functions, or indeed to do anything. Its recommendations would be purely advisory, like the Requests for Comment (RFCs) of the IETF.
Now the obvious question is, shouldn't the Internet Governance Forum (IGF) be doing all this? Yes, of course it should. The Tunis Agenda agreed at WSIS clearly specifies that the IGF's role should include making recommendations on emerging issues, and to promoting and assessing, on an ongoing basis, the embodiment of WSIS principles in Internet governance processes. These are almost exactly the two roles of norm-setting and evaluation that I set out for the new organisation above. (Of course, the IGF also does other things, and a few of of them well, but as to these two elements of its mandate, it has been a complete wash-out.)
But whilst the IGF should take up these roles, we can't expect it to do so. Why not? Because the IGF is a UN body, and therefore despite how innovative it was originally mandated to be in its format and functions, in practice it has quickly become shackled with the limitation of only acting by UN-style (essentially full) consensus. If any of the stakeholders object to the IGF making policy recommendations – which certain of them reliably do – then it simply won't do so. In order for enhanced cooperation to work, it can only be a voluntary mechanism to which stakeholders who want to collaborate on the development of policy can opt-in, and which those who don't wish to can ignore. The IGF as it has evolved is not such a beast.
This is not that it could never have worked; it could, if it had been designed appropriately to make decisions on the basis of a rough consensus, developed through a deliberative democratic process utilising facilitated online discussions and small group interactions. But that was never tried, and the IGF has since become ossified along the more traditional lines upon which its executive staff Nitin Desai and Markus Kummer, and those with influence over them in those early days, designed it. That significant reform is no longer possible is illustrated by fact that even the token improvements most recently recommended for the IGF weren't raised by its own Multi-stakeholder Advisory Group (MAG), but by a working group of the Commission on Science and Technology and Development (CSTD). Being fully intergovernmental and operating on a full consensus basis, the CSTD couldn't even recommend the formation of working groups for the IGF; still less the reforms it would need to carry out enhanced cooperation.
Having said all that, the new organisation will need to work closely with the IGF. The global, regional and national IGFs will have an important (indeed probably the most important) agenda-setting and capacity building role for the community that will develop policy recommendations through the new organisation. The IGF, in that role, with its completely open structure and lack of formality, could in fact become more important than ever before. But by virtue of those very aspects, the IGF in its present form will not make be able to make policy recommendations or to assess the compliance of other Internet governance bodies with agreed procedural norms.
But just because the IGF is not qualified to do so, that doesn't necessarily mean we need a brand new organisation – surely there might be some other existing body that could develop and promulgate global Internet policy norms? But if so, where is it? Not ICANN; public policy issues outside of technical naming and numbering functions lie outside its mandate. The Civil Society Internet Governance Caucus (IGC) is not up to the task; it is not multi-stakeholder and lacks a sufficiently formal structure. The Internet Society (ISOC) and the ITU are not multi-stakeholder entities, and are in denial about the need for any enhanced cooperation process, as they insist that they are already doing it. The Global Network Initiative excludes governments, and in any case has its own separate and narrower role (which would continue, informed by the new organisation). The OECD has a reasonable consultative structure, but is a club of rich countries that the developing states won't accept. Similarly the Council of Europe (though its Cybercrime Convention was opened to non-member states).
So we need to start again. In doing so, there are four essential characteristics around which the new organisation should be designed.
First, it must be voluntary; both in its participation, and in the force that its recommendations carry. This should be a familiar structure for those versed in Internet governance, as the IETF operates in that way. Indeed, the IETF was the model which I originally had in mind when I approached the doctoral research that became my book. Similar proposals for a policy body based on the IETF (such as ISOC's old Internet Societal Task Force (ISTF)), go back even further, and others continue to be made today. However, the structure I eventually proposed for a multi-stakeholder Internet governance network differs from the IETF in several important respects, the most critical of which are reflected in the remaining criteria below.
Second, if the new organisation is not UN-linked (which apart from being unacceptable to many Internet users, is also now political unlikely, since the CSTD declined to convene a multi-stakeholder working group to consider enhanced cooperation mechanisms), there is no reason why this organisation should not be established by the community. In short, Internet users have to take the initiative of proposing this positive agenda for Internet governance, just as they did in defeating SOPA, PIPA and ACTA. Indeed, at this point, if civil society does not take the lead (perhaps supported by a handful of progressive companies or governments), it probably won't happen at all.
Third, there needs to be a defined role for governments within the new organisation. Is it possible for governments to participate within a private governance organisation? Of course; think of ICANN itself, in which governments participate through the Government Advisory Council (GAC). Indeed, the idea of a private organisation carrying out a global public good, with the participation and support of governments through the international system, goes back centuries, at least to the 1863 formation of the International Committee of the Red Cross. Whilst the participation of governments may still alarm some Internet activists, this is why the second principle, that the organisation be established by the community, is so critical.
Fourth, in line with the Tunis Agenda of WSIS which highlights the distinct contributions that stakeholders have to offer in their respective roles, the structure of the organisation should reflect this, through an executive body with formal representation of governmental, private sector and technical community, and civil society members. Though the IGF's structure does not do so, that of other multi-stakeholder networks do – good examples include the Forest Stewardship Council and the Fair Labor Association. In practical terms, this should mean that decisions of the body, such as the adoption of principles, should be made by rough consensus within each class of membership, as well as overall.
A further corollary is that each stakeholder group will retain a measure of independence within its own sphere of competence. Thus for example, governmental members might reserve the capacity to take principles adopted by the organisation, and convert them into an intergovernmental agreement. This is much like the Council of Europe did in 2011, with the adoption of a Declaration by the Committee of Ministers on Internet governance principles, that had been developed through a multi-stakeholder process. (On the other hand, there are good reasons to limit the development of norms by the new organisation to high-level, soft law instruments, in order to avoid distractive wrangling over treaty language.)
Such an organisation, possessing a structure that recognises the role of governments but does not privilege them over other stakeholders, and a constitution that provides for the accountability and transparency that the Internet community expects, would distinguish the new organisation both from the ineffective IGF, and from the unrepresentative ACTA and TPPA negotiations. It would fill the vacuum in Internet governance that WGIG observed in 2005, and bring to an end the ongoing wrangling over enhanced cooperation that continues to this day. Best of all, if this new organisation is established by the community, then we don't need to wait for anyone's approval to to it: we can start right now.
Watch this space.