In the run-up to the ITU’s World Conference on International Telecommunications (WCIT), a persistent point of contention has been whether the WCIT will be taking up the topic of “Internet governance” as Member States renegotiate the ITU’s underlying treaty.
A number of legislators, regulators, and civil society groups, including CDT, have raised concerns about the WCIT’s potential to stray into areas of Internet policy. Others have dismissed these concerns as “rumors”, echoing the ITU Secretary General’s assurances that there are no references to “Internet governance” in the preparation documents for the WCIT.
So is the WCIT about Internet governance? It depends on what you mean by the phrase.
1. The Who, Where, and How of Internet Governance
For some, “Internet governance” is synonymous with the work of the Internet Corporation for Assigned Names and Numbers (ICANN), which allocates IP addresses and manages the domain name system. While this work is clearly integral to the functioning of the Internet, CDT and others use the term to encompass a much broader set of activities. In one conception, Internet governance is the development and implementation of policies that affect the Internet’s functionality, evolution, and use at any layer of the network. This includes a range of activities, from assigning domain names and IP addresses, to developing technical protocols, to regulating infrastructure, to crafting policies for online content. Importantly, Internet governance is also about who gets to participate in decision-making about Internet policy and technology, and how.
The Internet itself is a uniquely decentralized, participatory, and user-controlled technology. In its current form, it allows users, once connected, to communicate, access information, and develop innovative tools and applications with potentially global reach, with no technically justified need to ask for permission. The existing system of Internet governance is similarly decentralized: Governance activity happens at a variety of venues, including technical standards development organizations (e.g., the Internet Engineering Task Force and the World Wide Web Consortium), Internet resource allocators (ICANN), technical advisory groups (e.g., the Broadband Internet Technical Advisory Group), international policy fora (e.g., the Internet Governance Forum, APEC, OAS), and industry self-regulatory initiatives, as well as through national regulation.
Most importantly, the current system values transparency and openness to participation from a full range of stakeholders. This multistakeholder model strives to ensure that policy is not developed by government alone – far from it. Instead, the multistakeholder model seeks to enable civil society representatives, technologists, engineers, and industry to all have the opportunity to participate with an equal voice alongside government in the development and implementation of policy that affects the Internet. Many governments have explicitly recognized the value of the multistakeholder model of Internet governance, signing on to documents such as the OECD’s Principles for Internet Policy Making and the Joint Action for Free Expression on the Internet.
And the outcome documents of the UN’s World Summit on Information Society bakes the multistakeholder approach into its own conception of governance: “Internet governance is the development and application by Governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.” The WSIS outcome documents also urge intergovernmental organizations to “ensure that all stakeholders, particularly from developing countries, have the opportunity to participate in policy decision-making relating to Internet governance, and to promote and facilitate such participation.”
Certainly, the current implementation of the multistakeholder model is not perfect. Many stakeholders, particularly in emerging markets and in the global south, have expressed legitimate concerns about the challenges they face participating in governance activities at various multistakeholder bodies, especially given resource and capacity constraints. The multistakeholder model derives its strength from its openness and its inclusion of a diverse array of perspectives, and more work must be done to achieve its full participatory potential.
While we should collectively continue to improve current multistakeholder structures and democratize global representation in Internet governance, it remains clear that the ITU lacks the transparency and inclusiveness that is necessary to make policy for a medium that has many diverse stakeholders and that operates on such a decentralized and participatory basis as the Internet.
2. What the WCIT Is About
As for the subject matter of the WCIT, it depends on who you ask. The ITU’s public message is consistent: “There is no single reference to Internet governance in the preparation document.” While it’s technically true that the phrase “Internet governance” does not feature in the proposals to amend the ITRs, as Secretary General Dr. Hamadoun Toure has noted, “it is the membership that determines the [ITU's] position on issues – not the Secretariat. . . . The process is driven by our membership.” Which raises the question: What direction are member states driving the ITU?
It is time to put rhetoric aside and examine some of the actual proposals that have been put forward – now possible only because key documents restricted by the ITU and its Members have been leaked. Paging through TD 62, the document that collects every Member State, regional group, and sector member proposal made so far, we’ve identified a number of proposals that are squarely aimed at policy and the technical functioning of the Internet:
- Cybersecurity – Several states and regional groups, including Algeria, China, Côte d’Ivoire, Egypt, Russian Federation, the Study Group 3 Regional Group for Asia-Oceania, the regional group for Africa, and the regional group for Arab States, have proposed new articles on “cybersecurity and cybercrime” or “network security”.
- Charging and Interconnection – The European Telecommunications Network Operators Association (ETNO), a Sector Member at the ITU, has proposed a series of radical changes to the system of peering and interconnection between IP network providers. Our analysis of this proposal concludes that while the proposal might benefit large, incumbent telecommunications operators, it will not likely expand Internet access in countries that need it most. Indeed, the ETNO proposals might even harm Internet users, impacting most heavily those in less developed countries by limiting their right to access information, ideas, and knowledge and raising costs of offering their own content and services in the global online marketplace. For a fuller analysis, go here.
- Regulation of traffic routing – Egypt and the Arab States regional group have proposed that “A Member State shall have the right to know through where its traffic has been routed, and should have the right to impose any routing regulations in this regard, for purposes of security and countering fraud.” A similar proposal has been made by the Regional Commonwealth in the field of Communications (RCC) and is also supported by Russia.
- Mandatory application of technical standards – A slew of proposals concern making the ITU-T’s technical standards mandatory to apply, which runs directly counter to the current voluntary and consensus-based standards development processes for the Internet. These proposals come from a broad range of Members: Egypt, Côte d’Ivoire, United Arab Emirates, Iran, Russian Federation, the Pacific Islands group, the Arab States regional group, Study Group 3 Regional Group for Africa, and the RCC.
- Naming, numbering, and addressing misuse – A few proposals have been put forward by Egypt, the Arab States, the African States regional groups, UAE, Cuba, and Iran to address misuse of certain resources. Depending on how these terms are defined, these proposals could have implications for Internet resources.
- IPv6 address allocation – Russia and Côte d’Ivoire support a proposal for the ITU to have some role in allocating some portion of IPv6 addresses.
- Allowable limitations on public access and use of telecommunications – Russia and the RCC have put forward a proposal that requires Member States to ensure access to telecom infrastructure except when it is used “for the purpose of interfering in the internal affairs or undermining the sovereignty, national security, territorial integrity and public safety of other States, or to divulge information of a sensitive nature.” This proposal could be used to legitimize restrictions on a range of human rights, including freedom of expression, association, and assembly.
- Data protection – Several states, including the Russian Federation, Algeria, and the Africa regional group, have raised the possibility of addressing data protection issues in the ITRs.
- Spam – Specifically raising the specter of Internet content regulation, proposals to include regulations on spam are being considered by Portugal, Egypt, Russian Federation, Rwanda, Côte d’Ivoire, Algeria, the Arab States group, the SG3 regional group for Asia-Oceania, the RCC, and the European regional group (CEPT).
- Child protection – No specific language yet, but Russia has noted the need to include a provision on child protection.
CDT will be publishing in-depth analyses of some of these and other proposals of concern in the coming weeks.
Looking at these proposals, it’s clear that a significant contingent of ITU members states are seeking to raise core issues of Internet governance and policy in the WCIT process – including but going far beyond mere technical matters. Issues of cybersecurity, limitations on access to infrastructure, spam, child protection, and data protection squarely raise concerns about their impact on the right to freedom of expression and access to information, among other human rights. Still other proposals to address cybercrime, traffic routing regulations, network security, and misuse of resources also present questions about their impact on user privacy. And finally, several of the proposals speak directly to the technical functioning of the Internet – from mandatory application of standards and traffic routing to the allocation of Internet resources – bringing the WCIT’s scope within even the narrowest conception of Internet governance.
3. The ITU Is Not the Right Venue for Internet Governance
To fully air these questions and concerns, we urge ITU Member States to make WCIT-related documents officially available to the public, including future versions of TD 62 and individual proposals under consideration. We also call on national governments to host open consultations with civil society, industry, academics, and other stakeholders to properly consider these important questions of Internet governance.
How far any of these proposals will get is an open question: The answer depends on the next seven months of closed-door negotiation among Member States.
In the end, however, given the ITU’s government-centric, top-down regulatory model, we remain unconvinced that sound policy and technical outcomes will emerge from a treaty negotiation process that that shares few of the characteristics of the open, inclusive, lightweight, and decentralized model of Internet governance that has helped foster the development of the Internet over the past three decades. If many of the issues we have identified above are adopted in treaty law, it will represent a substantial shift in the Internet governance landscape.