In the wake of last year's defeat of the controversial ACTA treaty in Europe and of the SOPA and PIPA bills in the United States, both of which called on intermediaries to police consumers' use of the Internet, digital rights activists in the West have naturally gained a heightened sensitivity to their governments intruding on Internet freedoms.
One indication of this was how aggressively they opposed all Internet-related proposals at the World Conference on International Telecommunications (WCIT) of the International Telecommunications Union (ITU) last December. The fear was that although many of those proposals seemed modest, they were the vanguard of a movement from governments to more broadly address Internet governance issues such as online freedom of expression, security and privacy through purely intergovernmental processes, rather than through existing, more open and inclusive, multi-stakeholder mechanisms.
There are three assumptions that seem to underlie this fear:
However, all three assumptions are wrong. To fail to comprehend this is to misunderstand the forces that drive many governments towards the use of intergovernmental mechanisms to set policies for the Internet, and to overlook the opportunity that we have right now to channel these forces in a way that is more responsive to the concerns of ordinary Internet users. In fact, if all three assumptions are disproved, it follows that finding a more acceptable way for governments to participate in global Internet governance is imperative. So let's examine those assumptions in turn.
The first assumption, that governments don't have a legitimate role in governance of the Internet, seems so far-fetched that I might be accused of raising a straw-man argument – yet it is a serious school of thought called cyber-libertarianism, and flows almost as an axiom from the framing of advocacy for online rights and freedoms (particularly by activists from the United States) as the "Internet freedom" movement. Moreover this cyber-libertarian framing is not reserved to those who are otherwise politically libertarian. Even politically progressive activists are inclined to be more distrustful of governmental intervention online than offline, in an expression of Internet exceptionalism, which holds that the Internet is different, and deserving of a more hands-off regulatory approach.
To accept the cyber-libertarian proposition is to deny any role for government intervention at the national level, in areas that many of us actively support, such as:
In 1993 or even 2003 we might have given the market the benefit of the doubt and held off from regulating in these areas. But in 2013, it seems increasingly implausible that the legitimate interests of all consumers in having affordable access to the open Internet, whilst maintaining their own privacy, can be secured without targetted government intervention of some sort or other.
This is not to deny that government intervention also very often has deleterious effects on Internet users; for example through punitive intellectual property enforcement measures that limit fair use and innovation, through secretive surveillance of our online communications, through the production of malware for use in cyber-war, or through banning the use of particular Internet services such as Internet telephony or VoIP.
But excluding governments from regulating the Internet is the wrong answer, not least because industry also often acts against the rights and freedoms of Internet users. Websites collect and sell our most private details to advertisers without our knowledge or consent, copyright owners and ISPs enter into closed-door pacts to throttle the Internet access of users suspected of sharing files, and financial intermediaries collude to choke off funds from Wikileaks. We are entitled to look to our governments to protect us against misbehaving corporations through domestic consumer law, competition law or privacy and data protection law, or through less intrusive measures such as tax incentives, development grants or co-regulatory codes.
In some of these cases though (such as the Wikileaks example), governments and corporations are complicit in the infringement of our rights and freedoms. So what recourse do we have if neither our own governments nor the market can protect us against infringements of our rights online? In such cases we either have to look to another mechanism of governance – such as norms, or technology (more on these shortly) – or we have to look to the global level.
This brings us to the next assumption, which is that if governments do sometimes need to involve themselves in Internet governance, it should only ever be at the national level. That can't be true, because the decisions that governments make at the national level (for which most of us would accept the need in certain cases) have an invariable tendency to spill outside the country's borders.
This occurs because the Internet itself is borderless, and so policies made in one country, whether by governments or by private actors, can affect users anywhere in the world, over whom the policy-maker has no legitimate claim of authority. For example, in 2011 United States authorities seized the domain names rojedirecta.com and rojedirecta.org claiming authority to do so under US law, although the domains were owned by a Spanish company and had been ruled legal under Spanish law (the domains were later returned). Similarly, when content is taken down under authority of the US Digital Millennium Copyright Act (DMCA), it affects users throughout the world. Why shouldn't those users have any say in that?
If they should, then we turn to the question of how they should have this say. As alluded to above, the cyber-libertarian is inclined to limit it to the use of technology or norms. As an example of the former, technologically knowledgeable users can use strong encryption software, such as PGP and Tor, to craft online spaces and communications channels that are largely unregulatable. But many of the same features of Internet technologies that make them open and free, also limit their effectiveness as shields against government or corporate abuses. Technology is even less effective in promoting positive rights, such as providing cross-border remedies for online fraud.
Similarly norms can be useful, but they are not self-enforcing. We can to some extent rely on the power of the crowd to enforce Internet norms; this is what was so effective in defeating ACTA, SOPA and PIPA last year. This is important where democratic processes at the national level are weak or corrupt, but is even more vital at the global level, where the democratic deficits of traditional intergovernmental institutions (such as the ITU) and trade negotiations (such as ACTA and the Trans-Pacific Partnership or TPP) are relied upon by governments to facilitate the "policy laundering" of domestically unpopular proposals.
But that crowd can also become a mob, in which the nuances of policy debates are swept away in a heady fervour of cyber-libertarian banner waving. For example the hacktivist group Anonymous has done much good work in upholding online rights and freedoms in the face of threats from governments, cults and corporations alike. But it was also criticised by civil society participants at WCIT for attacking the ITU's website and thereby jeopardising the only official channel for remote users to participate in that meeting. Therefore, whilst direct action through grassroots groups such as Anonymous is valuable as a last resort, it should never become our primary means to shape Internet policy. As security specialist and author Bruce Schneier recently wrote:
The masses can occasionally organize around a specific issue – SOPA/PIPA, the Arab Spring, and so on – and can block some actions by the powerful. But it doesn't last. The unorganized go back to being unorganized, and powerful interests take back the reins.
To be organised at the global level, in a way that is effective to curb the rights abuses of governments and corporations, implies sitting at the table with them to manage the cross-border implications of Internet-related public policies. Currently, this means sitting on the sidelines of the secret negotiations at the TPP, or in the back row of the auditorium at WIPO (the World Intellectual Property Organisation). And that's if we're lucky. On other issues, it means we have no say at all because there is no global forum dealing with these issues.
So we should at least consider whether a more formally institutionalised means of engagement of online activists in Internet policy discussions at the global might bridge the gap that exists after self-regulatory, technology-based and grassroots-led initiatives have failed. For some issue areas, this may be seldom; for example, we already have strong global mechanisms for the participation of all stakeholders in Internet standards development, and in the allocation of IP addresses and domain names, through institutions such as the IETF, the W3C and ICANN.
But in other areas, such as security and cybercrime, intellectual property enforcement, consumer protection, data protection and privacy, and online freedom of expression, we do need to look at the evolution of current institutional arrangements. This moves us to the third assumption highlighted above, to the effect that there is no need for any reform to Internet governance arrangements, since "the current organizations, systems and processes are successfully meeting the needs of its stakeholders via its industry-led, bottom-up, consensus-based processes" (the quote is from Cisco, but civil society makes similar claims). If only that were true.
There are global discussions of these issues, of course – but they are either too weak to have a tangible impact on actual policy outcomes (this is the case of the Internet Governance Forum or IGF), or they do not offer the opportunity for meaningful participation from all affected stakeholders (a much longer list, including the ITU itself, as well as the OECD, APEC, WIPO, the CSTD and the TPP).
Often it is civil society that is excluded from these existing arrangements – as was the case with ACTA, and now the TPP – but in other cases it is the governments from developing countries, who see developed-country groupings such as the G8 and OECD taking the lead, whilst their own interests are sidelined. The OECD, for example, has been quite explicit about its intentions in this regard, stating in a recent paper:
Given the global nature of the Internet and the cross-border services that Internet intermediaries often provide, an international convergence of approaches for the development of policies involving Internet intermediaries was viewed as essential, to provide effective guidance to the business sector. The OECD was identified as being able to help the emergence of such principles and to support their diffusion.
Similarly, the United States government is currently seeking to broaden support for another Internet principles document of the OECD, the 2011 Communiqué on Internet Policy-making. There is much to welcome in this Communiqué, though in the end the OECD's Civil Society Information Society Advisory Committee declined to support it partly due to a perceived over-emphasis on the role of intermediaries in intellectual property enforcement. But even aside from this, such an instrument cannot be globally legitimate unless it is developed in a global forum. Therefore it is hypocritical for US policy-makers to label developing countries sidelined by US-driven initiatives such as these, and turning to the more inclusive (of governments) ITU, as Internet freedom's foes.
Thus outside of narrow technical areas, what we find is that far from being an inclusive multi-stakeholder regime, powerful governments and companies are making their own rules for the Internet and then seeking to impose them on the rest of the world. We saw it with ACTA, SOPA and PIPA, we see it in progress at the TPP, and we see the potential for similar exclusionary rule-making at the ITU and even, despite all good intentions, at the OECD. This is the true face of the status quo of Internet governance, and it is unsustainable.