Internet Governance: What Could Go Wrong?
In mid-December, the United Nations General Assembly will meet in New York for two days to discuss the future of Internet governance. A group of countries led by China and Russia is arguing that oversight of the Internet should move from the current “multi-stakeholder” model to a more centralized, government-centric approach managed by the International Telecommunication Union (ITU).
Should you be worried? Yes, but not in the way you might think. The risk here lies not so much in the threat of a dramatic UN-takeover of the Internet, but rather in the fact that UN-style bureaucratic paralysis is already forestalling effective action to limit commercial hacking, preserve Internet freedom and identify and prevent potential terrorist threats to critical infrastructure. The main threat is not in what is happening with Internet governance, but rather what is not.
How did we get here? In 1998, the Clinton Administration began the process of privatizing the Internet, which until then had been run as a project of the U.S. government. The question was who, if not Uncle Sam, would be in charge? Many governments thought the job ought to go to the ITU, an arm of the United Nations that regulates international telephone services. Others, including the Clinton Administration, worried that the ITU—which was dominated by government-owned telephone companies and public utility regulators—would be overly regulatory, strangling the fledgling World Wide Web in the crib.
The answer turned out to be the creation of a unique institution, the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN functions as loosely organized set of committees, governed by consensus and overseen by a board of directors. Membership in ICANN is open to anyone, and everyone gets one vote, governments included. Meetings can take days and decisions—which must be based on consensus—are often elusive. Efficient? No. A success? Yes, based on the remarkable growth of the Internet.
Despite ICANN’s apparent success—or perhaps because of it—many of the world’s governments have never stopped believing that Internet governance ought to be undertaken by a multi-national body like the ITU, in which they (governments) have the final say. Not surprisingly, the governments that feel most strongly about this are the most autocratic ones. Their cause is strengthened by the fact that the U.S., through a never-invoked contract with ICANN, continues to claim the final say over the assignment of names and numbers to Internet addresses, raising political hackles in many European capitals, especially in the post-Snowden Era.
The battle to control the Internet has simmered for nearly 20 years.
An Internet Governance Battle Simmers for 20 Years
The battle to control the Internet has simmered for nearly 20 years. In 2001, the U.S. agreed to a two-part “World Summit on the Information Society” (WSIS), which was held in 2003 and 2005. At the 2005 meeting, the U.S. agreed to another summit—“WSIS+10”—in 2015. Now, after years of preparatory work and preliminary drafts, the day of reckoning may finally have arrived.
The ground rules for the WSIS+10 process were established in July 2014 in UN Resolution 68/302, which outlined “an intergovernmental negotiation process that will include preparatory meetings, resulting in an intergovernmentally agreed-upon outcome document for adoption at the high-level meeting of the General Assembly.”
As the date approaches, lobbying over what will be contained in that agreement has been intense. The autocratic states appear to have two main goals. First, they want the UN to endorse their use of censorship to repress online speech. For example, China, joined by the G-77 group of developing countries, has proposed without qualification or apology that the UN “reject the use of [the Internet] for subversive [or] political… purposes.”
Second, and more broadly, the pro-government faction seeks to replace the U.S.-sponsored ICANN model with a multinational organization modeled after the UN itself. As the Russian Federation puts it, the UN should declare that governments should “have an equal role and responsibility for international Internet governance… based on international agreements between the States under the auspices of the United Nations.” China declares: “The roles and responsibilities of national governments in regard to regulation and security of the network should be upheld,” and calls for the “internationalization” of ICANN.
It is tempting to see all this as nothing more than diplomatic posturing, and to be sure, the current draft of the proposed agreement stops far short of embracing the autocrats’ proposals. But even if the UN stops short of “internationalizing” Internet governance, the process is upping the pressure on the U.S. to give up what little control it continues to exercise through its contract with ICANN.
Indeed, in March 2014, the U.S. Department of Commerce announced that it was prepared to transition its role in overseeing ICANN’s naming and numbering functions to the multi-stakeholder community, and—conditional on ICANN agreeing to put in place acceptable principles and policies for self-governance—said that it would complete the transition by September 2015. But after months of consultations and committee meetings, ICANN failed to come forward with an acceptable plan, leaving U.S. oversight still in place, but only on the most tenuous terms.
It is extremely unlikely that the Chinese and Russians are going to take over Internet governance anytime soon, or even that they will win what would be an essentially symbolic victory at the UN. Rather, the threat arises from paralysis and inaction in the face of the tremendous challenges facing the Internet today. The need for effective action to limit commercial hacking and to identify and prevent potential terrorist threats to critical infrastructure is real. It is also urgent that we achieve some basic international agreements among the major powers on the boundaries between espionage and theft, on the one hand, and armed conflict, on the other.
Rather than leading on these issues, the U.S. and its allies appear to be bogged down in a diplomatic rear-guard action focused on arcane institutional issues—fiddling while cyberspace burns. Until that changes, the risks associated with cybersecurity will continue to grow.