This document summarizes trends in internet governance over the past 20 years. It explores how internet governance has become (1) more democratic through increased global connectivity and participation, though some governments still seek to assert cyber-sovereignty; (2) decisions are increasingly made through multistakeholder processes but this model has not been universally adopted; and (3) security concerns have grown but government responses risk conflict and unintended consequences like BGP hijacking. The document argues these trends both present opportunities and challenges for the future governance of the internet.
2. In the last 20 years there have been many changes in the
Internet Governance landscape.
Many principles, norms and decision-making procedures
have been developed and applied, effectively shaping the
evolution and use of the Internet.
For many years, Internet Governance focused mostly on Internet
numbers and domain names, but today it is far more extensive.
3. This presentation explores 4 trends in Internet
Governance during the last 20 years
1. How democratic has Internet Governance been?
2. How national interests have been protected?
3. How multistakeholder decisions have been made?
4. How security has been considered?
5. Internet development ➜ Connectivity
• More than half of the world’s
population connected
• Active netizens
• More participation of developing
economies on Internet decisions
• International groups and dynamics
IANA transition
• No single-government has an exceptional role in Internet governance
6. Amb. David Gross
U.S. State Department
• Speaking before the UN-
WSIS Summit in Tunis,
2005
• Talking about the U.S.
government position
leading towards a
negotiated outcome
7. Vint Cerf
One of the ‘fathers’ of the Internet
• Speaking in 2011 about
how Internet and its
governance started
• “This is a continuous
relegation or delegation of
responsibility away from the
[US] government”
10. Global infrastructure ➜ Local fears
• National laws and regulation
• National cyber-strategies
• Critical infrastructure
• Data localization
• Cross-border jurisdiction issues
• International concerns
Perception of cyber-instability
• Many economies want to exercise “cyber-sovereignty”
11. Angela Merkel
Chancellor of Germany
• Speaking at the IGF in Berlin,
November 2019
• “Governments trying to shut
off their national networks”
• “We need to act multilaterally.
This will be the only way in
which we will arrive to a
common understanding”
12. Emmanuel Macron
President of France
• Speaking at the IGF in Paris,
November 2018.
• There are two kinds of
Internet emerging: Californian
cyberspace and Chinese
cyberspace.
• The self-regulating model
which is not democratic.
• Or state as an hegemon.
15. More actors ➜ Better decisions
• Advantages of transparent,
bottom-up, community-driven
policy development processes
• The MSH model of Internet names
and numbers has not been
exported to other areas of Internet
governance
15
IANA transition
• Trust by governments on multistakeholder processes. Will it endure?
16. Ira Magaziner
Senior Advisor, Policy Development, Clinton Administration
• He supported Bill Clinton
and Al Gore to develop
Internet institutions, i.e.
ICANN
• “We felt the Internet would
be better driven as a
multi-stakeholder model”
19. • National responses to security
incidents are escalating the
chances of conflict
• In a securitised view, governments
portray themselves as better
positioned to successfully
determine what is the threat and
how to respond
More security concerns ➜ Less trust
Unintended Consequences
• Attempts by governments to implement policies such as content
take down, have led to accidental BGP hijacking
20. António Guterres
Secretary General of the UN
• Video remarks to the IGF in
Berlin, November 2019
• “There is a tendency to create
virtual walls to separate
people”
• “States to adopt offensive
postures for the hostile use of
cyber-space”
It’s a real honour to be here with you today.
As Paul Wilson, my boss, said this morning at the welcoming ceremony, this Engagement Forum is an important event that shows the commitment, not only from TWNIC, but also from the Taiwanese Internet community, to the wider Internet ecosystem.
I will be talking today about Internet governance, trends and opportunities.
I wrote this as an introduction…
…
Covering cybersecurity, content moderation, for example, in social media platforms, privacy, environmental data, and a long etcetera.
I will talk in this presentation about 4 key trends. Each with its own colour.
How democratic?
How national?
Multistakeholder?
Security?
--
Now… it is important to say that my suggested answers to these questions are not necessarily true. The answers present a point of view, you can say, opinions, about how we in APNIC interpret Internet governance story of the last 20 years.
So these points of view are subject for discussion and I encourage you to challenge my perspectives, so I hope to leave time for questions at the end.
Also, it is important to say, that the history of Internet governance is still fresh and young, and many of these issues are not ”settled”. So we in APNIC are interested to discuss with you, whether this interpretation makes sense or not. Based on the interpretation about these trends, we of course, take decisions of what actions to take, how to engage with the community, and try to make Internet governance to adjust best to our values and to fulfill our mission of an open, stable and secure Internet.
So let’s start with color blue, how democratic Internet governance has been?
In each of the 4 sections of my presentation I will basically talk about what I mean by ”democratic” or “national interest” or “security” or “multistakeholder”. And then I will show some videos of key people whose perspectives have shaped each of these trends. And then I will talk about what we think in APNIC the trends have been in the last 20 years.
So what do we mean by democratic?
Well, it is clear that Internet has grown enormously in the last 20 years, connecting more than half of the world’s population.
This has resulted in increased participation of many new players in Internet governance processes and decisions.
20 years ago, there were only a handful of countries that were active in the Internet governance scene. Today, it is clear that both, the developed and the developing world, see the Internet and connectivity as most important and strategic.
I see these increased participation as the reason why Internet governance has become more democratic over the years.
--
As I said at the beginning, initially IG was mostly about Internet numbers and domain names. That is also why I see the IANA transition, completed in 2016, as a democratic milestone for Internet governance. As you know, the IANA functions are critical to the Internet and were controlled for many years by the government of the United States, the department of Commerce. And in 2016, the exceptional role of one single government was transferred, or democratized, to a wider Internet community of diverse stakeholders, who basically are now in charge of overseeing the IANA functions.
I said I was going to show some short videos of key people which I think support the arguments for each trend. I will start by showing a video of Amb. David Gross, who was the head of the United States delegation at an important event of the United Nations, called the World Summit on the Information Society. This summit was at the brink of failing with no agreement, because the US government at the time, did not want to relinquish their unique role in controlling IANA. So here is Ambassador Gross before he was heading to Tunis for a difficult negotiation…
--
As you can see, the US position was very strong and you can say that they opposed at the time, to democratize the IANA functions, which were the key focus of Internet governance back in those days.
But as years passed, the Internet governance landscape became more inclusive and democratic, particularly as the IANA functions moved away from the oversight of one single government. Here is Vint Cerf talking about these changes.
So here is the democratic trend of Internet governance. As I said, I think there has been a democratizing force, let’s say from the UN summit in Tunis in 2005 until the IANA transition in 2016.
However, this trend where increase in connectivity result in participation of new players in Internet governance decisions, is contracting fast.
in the last few years, only powerful players, being governments or big tech companies, they are the ones making decisions, mostly in closed rooms with little participation from stakeholders and relevant communities. So in a less democratic ways.
Let’s talk about how national interests have been protected in the context of Internet governance.
This trend is about how this global infrastructure, which is the Internet, has challenged key principles of International law, namely that each state has sovereignty over its own territory and domestic affairs, to the exclusion of all external powers.
The Internet clearly challenges this model, known as the Westphalian model, and the more laws and regulations at the local level, the more difficulty it is to standardize them internationally.
So it is difficult to protect national interests on the Internet… as its complex system impose cross-border jurisdictional issues, for example with data localization.
This has triggered a perception of cyber-instability, because of the difficulty to control the Internet within national boundaries, and many countries wanting to exercise “cyber-sovereignty” usually at very high costs, compromising global end to end connectivity.
Here is Chancellor Angela Merkel talking during the IGF meeting in Berlin about this trend towards more protection of national interests.
//
Interestingly, I think this trend towards protecting national interests is also reflected at the international level and how the defense of national interests at the international setting, has created more and more tensions between countries on Internet governance matters.
Here is the President of France, reflecting on these contrasts or tensions, coming mostly from the difference on how national interests are protected over Internet governance matters.
//
And his view that there needs to be stronger enforcement of regulations at the national and international level.
So there is no question that the trend towards increased protection of national interests has increased over the last 20 years.
There was some moment in the 90’s where some, like John Perry Barlow, promoted the notion of cyberspace as separate from government or national control.
Clearly States have been very active in controlling and regulating this global infrastructure and imposing virtual walls to protect their national interests.
Another example of this trend is how local regulations, for example the European General Data Protection Regulation, have an effect in how national interests are protected and enforced internationally.
Of course, the more nationalistic Internet governance becomes, the more tensions and conflict we can expect around Internet matters as well.
General Data Protection Regulation, by the European Union Privacy law came into effect in 2018
Let’s talk about how multistakeholder decisions around Internet governance have been made.
One feature of the multistakeholder model is that, the more actors are involved, then, the better decisions are made, particularly if it is possible to find paths towards agreements. And this only works well when everyone has a collaborative spirit.
The multistakeholder model has worked very well in the governance of Internet names and numbers, clearly showing how bottom-up and community driven processes can result in good policies and community driven decisions. But it is also true that this multistakeholder model of the governance of the Internet addressing space, has been difficult to export or replicate in other areas of the Internet.
I refer again to the IANA transition, because it was a milestone, where trust was placed into the multistakeholder model, instead of a government centred model. Whether this model can endure and expand is something yet to be seen and much work needs to be done to demonstrate the capabilities of stakeholders to work together on robust Internet governance policy outcomes.
Here is a video of one of the designers of the multistakeholder institutional model, that gave birth to organisations such as ICANN and its unique decision making model.
In this trend I reflect an increasing trend in multistakeholderism, from the World Summit on Information Society, the creation of the Internet Governance Forum… which by the way, has an instance in Taiwan with much activity.
Up to the IANA transition, that confirmed the multistakeholder model for the governance of Internet names and numbers.
However, it seems that in the last years, multistakeholderism is not expanding, actually I suggest it is contracting. Many discussions at the UN, for example those related to cybersecurity, have closed doors to multistakeholder participation, and have restricted decisionmaking only to governments.
Let’s look at a trend that I guess is not too controversial, wich is about an increasing concern
Fact is that the more we are concerned about security, the less trust we have on the system. And many of the national responses to incidents, being state driven or not, increase tensions and conflict.
The 2007 cyberattacks on Estonia began on 27 April 2007 and targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters. These were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before.
Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including gas centrifuges for separating nuclear material. Exploiting four zero-day flaws,[5] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.
Report of the UN GGE 2015 (later adopted by the UN General Assembly Resolution A/RES/70/237), which includes:
Principles of State sovereignty, the settlement of disputes by peaceful means, and non-intervention in the internal affairs of other States, applies to cyberspace.
Recognition that states must comply with their obligations under international law to respect and protect human rights and fundamental freedoms.
Agreement that UN should play a leading role in developing common understandings on the application of international law and norms, rules and principles for responsible State behaviour
Other norms, rules, and principles on the responsible behaviour of States
Confidence-building measures
Invitation for international cooperation and assistance in ICT security and capacity-building
Peace and security, State centric. Substance issues. From point of view.
Covering cybersecurity, content moderation in social media platforms, privacy, environmental data,