Exploring Multi-Stakeholder Internet Governance John E

Exploring Multi-Stakeholder Internet Governance John E. Savage, Brown University Bruce W. McConnell, EastWest Institute

January 2015 Exploring Multi-Stakeholder Internet Governance

Abstract tered to receive Internet community input through multi-stakeholder consultative pro- Internet governance is now an active topic of cesses. With these changes IG can be made international discussion. Interest has been more comprehensive and manageable while fueled by media attention to cyber crime, protecting its most valuable characteristics. global surveillance, commercial espionage, cyber attacks and threats to critical national Introduction infrastructures. Many nations have decided that they need more control over Internet- Interest in Internet governance (IG) has based technologies and the policies that sup- grown steadily since the creation of the In- port them. Others, emphasizing the positive ternet Corporation for Assigned Names and aspects of these technologies, argue that Numbers (ICANN) in 1998 and is now dis- traditional systems of Internet governance, cussed at many international forums. The which they label “multi-stakeholder” and World Summit on the Information Society which they associate with the success of the (WSIS), held in 2003 and 2005, was a land- Internet, must continue to prevail. mark event. Paragraph 24 of the WSIS out- come document, the 2005 Tunis Agenda In this paper we explain multi-stakeholder In- (WSIS, 2005), contains the following working ternet governance, examine its strengths and definition of IG. weaknesses, and propose steps to improve it. We also provide background on multi-stake- A working definition of Internet gov- holder governance as it has been practiced in ernance is the development and ap- other fields for decades. plication by governments, the private sector and civil society, in their re- Three recommendations are made. First, spective roles, of shared principles, echoing others, we propose simplifying In- norms, rules, decision-making proce- ternet governance (IG) by partitioning it into dures, and programmes that shape issues that can be addressed by existing in- the evolution and use of the Internet. ternational agencies and those that cannot. The latter include naming, routing, security The Secretary General of the UN created the and standards. These are primarily technical Internet Governance Forum (IGF) as an off-

EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE MULTI-STAKEHOLDER EXPLORING issues but have a policy dimension. Second, shoot of WSIS and has met annually since for bodies handling technical or technically 2006. It provides an important venue for related issues, such as the Internet Corpo- 2 thousands of participants to share ideas on ration for Assigned Names and Numbers Internet governance but has no authority to (ICANN), we recommend adding a multi- make recommendations. stakeholder oversight layer that can accept or reject opinions from these bodies but not In 2013 the leading Internet organizations alter them. Third, existing international agen- met in Montevideo (Akplogan et al., 2013) to cies handling the other issues should be al- EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE 3 ------The original DARPA departments research science computer popular; very project was and research organizations clamored to be connected to the new network. Research on packet-based networking flourished as are sult. By the early the 1980s, transition began from a research network to an one. operational At that point, allowed DARPA the Inter plification of governance by proposing alloca proposing by governance of plification tions of individual issues to authorities. For the technical IG issues, we recommend that if a political layer be attached to an existing such as body, that ICANN, it techni protects politi the by modification from judgments cal non-technical IG we For rec issues, cal layer. ommend the addition of a multi-stakeholder component to international bodies that take an IG issue. for responsibility Brief History of Internet Governance The Internet evolved from a communications project research funded by packet-based the (Defense) Advanced Research Projects Agency (DARPA) of the U.S. Department of Defense. DARPA-funded research projects in pro laboratories and universities research protocols communication of set a new duced the Once networks. of interconnection the for ap new of variety a large emerged, protocols plications emerged, thereby stimulating the industry. a new of growth Multi-stakeholder Multi-stakeholder initiatives (MSIs) are at tractive because they can provide an alter native between the extremes of laissez-faire policies and government regulation by abling en cooperation between NGOs and cor self-regulation. of in a form porations Unfortunately, there is no cepted definitionof multi-stakeholdergover universally ac The nance. concept came into use as a vehi cle for cooperation in the solution of societal problems, such as sustainability of natural resources and protection of workers in the world. developing We now provide a brief multi-stake of studies on history report governance; of Internet holder initiatives outside of the Internet; and examine the current problematic state of In to it how approaches (IG), ternet governance might be simplified, and the possibilityof its we give a detailed Finally, by the capture ITU. sim the illustrate and issues IG of breakdown ------this form of governance of a global resource hav first without Internet the as important as issues. these of understanding ing a solid explore explore its strengths and weaknesses, and understand how best to implement it. imprudent the for to world community It adopt is Given the prominence that multi-stakeholder that multi-stakeholder the prominence Given impor is it assumed, has governance Internet tant to understand what the concept means, framework framework for global Internet governance” (“Supporting Multi-stakeholderism in Inter 2013). net Governance,” tentiary tentiary Resolutions, the ITU governance multi-stakeholder the recognizes membership model based on the WSIS principles as the says says in a backgrounder document published for the 2013 Policy Forum (WTPF), “Through its Plenipo World Telecommunications as did both houses of the U.S. Congress late in 2012. ICANN describes itself as stakeholder multi- (ICANNWiki, 2014) while the In Union ternational (ITU) Telecommunications touted touted as the Internet governance model of choice. The White House endorsed it in 2011 its International Strategy for Cyberspace, the academic community and users.” community the academic The multi-stakeholder model is now widely and accountable participation of all holders, stake including governments, the private community, technical the society, civil sector, cess cess principle states “Internet should governance be built on democratic multi-stake holder processes, ensuring the meaningful ernment centric approach to Internet gover 2014). (Corwin, nance” One NETmundial Internet governance pro for the evolution of the Internet that were en the of Internet that were the evolution for dorsed by most participants, but not China, India, or Russia. They prefer a “UN-led, gov stakeholder Meeting on the Future of Internet Internet of Future the on Meeting stakeholder Brazil. in held 2014) (ICANNWiki, Governance roadmap a and principles of set a produced It One One result of the Montevideo meeting The Global Multi- NETmundial: April was the 2014 dress dress Internet Governance challenges, and agreed to catalyze community-wide efforts towards the evolution of global multi-stake cooperation.” holder Internet to recent (Snowden) revelations of pervasive to (Snowden) revelations recent “iden also They surveillance.” and monitoring tified the needfor (an) ongoing effort to ad warn warn against “the undermining of the trust due globally users Internet of confidence and net community to develop network technolo- stitutes the communication protocols as well gies on its own via a new non-governmental as the hardware, software, applications, the entity known today as the Internet Engineer- local networks, the security of the compo- ing Task Force (IETF). nents and the system, the supply chain, and the legal, policy and political dimensions of The creation of Internet technologies has the above. been done largely in a multi-stakeholder fashion. Both the IETF and the World-Wide It follows from this description that the Inter- Web Consortium (W3C), which produces net governance domain is very complex and web protocols and standards, are of this kind. has many players. What is remarkable is that, They operate in an open and transparent despite its size and complexity, it is reliably manner. All interested parties are invited to serving a population estimated at more than participate. However, to be a credible partici- three billion users. In light of this, attempts pant requires in-depth knowledge of the tech- to replace important parts of the current nologies in question. governance system must be done with great care. Another conclusion is that the Internet The IETF has created an informal but well- domain is likely too complex to be managed articulated system to guide its work (2014). by one organization. It functions well because Its recommendations are recorded in thou- of the expertise that is distributed among the sands of documents called Request for Com- many players. ments (RFCs) in honor of the first report by Steve Crocker (Crocker, 1969). One of these documents, RFC 7154, explains the IETF code What is Multi-Stakeholder of conduct, namely, that participants are ex- Internet Governance? pected to show respect and courtesy to one another, have impersonal discussions, come The term multi-stakeholder governance prepared to contribute, and work together to (MSG) came into use in the Internet arena devise solutions for the global Internet. Be- around 2004. Markus Kummer, who served cause IETF welcomes everyone, it does not as executive coordinator for the IGF Secre- maintain a membership list. tariat, describes MSG as a vehicle “for policy dialogue where all stakeholders took part on The majority of IETF’s RFCs contain recom- an equal footing” via a process that is open, mendations for Internet technologies. They inclusive and transparent (Kummer, 2013). become de facto standards only if widely ad- He also said that “While multistakeholder opted by multiple vendors of products who participation in the World Group on Inter- write software and/or design hardware that net Governance (WGIG1) and IGF meant and conforms to the recommendations. means that all stakeholders participate on an equal footing, it is also clear that in most The members of W3C are enterprises and organizations, whether intergovernmental research organizations. Several hundred or not, some structures are in place to facili- other standards development organizations tate decision-making processes” (Kummer, (SDOs), including the ITU and the Interna- 2013). tional Standards Organization (ISO), produce standards for Internet technologies via a vari- Lawrence E Strickling, Administrator of the ety of processes, many of which are consen- National Telecommunications & Information sus-based. Administration (NTIA) in the U.S. Depart- ment of Commerce, adds in an April 2013 The open, inclusive, transparent and permis- blog post, “consensus-based decision mak- sion-less philosophy that has characterized ing” to the MSG definition (Strickling, 2013): the creation of Internet technologies has EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE MULTI-STAKEHOLDER EXPLORING encouraged the participation of engineers “The Internet has flourished because in their development and that of users in the of the approach taken from its in- 4 creation of web content. fancy to resolve technical and policy questions. Known as the multi-stake- A narrow definition of the Internet is the set holder process, it involves the full of protocols that facilitate communication 1 WGIG met between the Geneva and Tunis between networks. A broader definition and sessions of WSIS and provided guidance to the one that is widely used today is that it con- second session. EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE 5 ------whether and how there whether will and into be there how an linkage official decision-makingprocess. More spe cifically she notesthat a widerange of deci sions needed are including: a) identifying the issues to be addressed; b) attendance whether c) invite; to deciding stakeholders which open to all or to a limited invitation only, is by group; each stakeholder from representation d) setting timetables for action; e) preparing ing, ing, decision-making, and implementation of practical solutions. … Hence, MSPs come in shapes.” many She also cautions that “MSPs are not a uni versal tool or panacea for all kinds of issues, problems and situations. They are akin to a decision-finding of system the in species new and governance structures and processes. They are suitable for those situations where dialogue is possible and where rec listening, onciling interests and integrating views into joint solution strategies seems appropriate and within Citing reach.” Kader Asmal con cerning a debate over dams, she warns becomes us, process the not] [than often, “More a messy, loose-knit, exasperating, sprawling it is the democracy, Like pluralist cacophony. absolute worst form of consensus-building all the others.” for except Hemmati (Hemmati, 2002) observes creating that an MSP cerning requires the the secretariat, physical support decisions con for the organization, funding, reporting and documentation, contact with the public, and tant social and cultural dimensions. In these contexts, governments are typically slow to act. Through stakeholder engagement, MSG can quickly access the talent needed to ad problems. challenging new dress After studying multi-stakeholder 20 different processes, Hemmati (Hemmati, 2002) de which aim “processes finesto as MSPs bring form new a in stakeholders major all together of communication, possibly decision-finding decision-making) (and on issue. They a are also based on particular recognition of the importance of achieving equity and ac countability in based They are and their stakeholders views. communications between on democratic principles and of participation and transparency aim to develop nerships and part strengthened networks among stakeholders.” She also says “MSPs a cover wide spectrum of structures and levels of engagement. They can comprise dialogues consensus-build include to grow or policy on . . ------has ensured the Internet is a robust, open platform for innovation, invest ment, economic growth and the cre the world, throughout ation of wealth countries.” including in developing consensus-based decision-making decision-making consensus-based and operating in an open, trans parent and accountable manner [Emphasis added.] The multi-stake holder model freedom has promoted of expression, both online and off. It involvement involvement of all stakeholders, new, fast new, changing and complex with impor issues. issues. It has been effective inmany social, political, economic and technical contexts, especially when the problems that arise are cision makers on issues, generate support for for support generate issues, on makers cision identify decisions, solutions to problems and of ownership take to stakeholders encourage lems in a variety of areas including biotech nology, corporate conduct, energy, gender inequality, tourism, labor, mining, paper and de inform MSPs that notes She sustainability. Minu Hemmati (Hemmati, 2002) that explains multi-stakeholder prob address to processes decades for been used have (MSPs) Studies of Generic Multi- Stakeholder Governance in areas other than Internet governance. other than Internet in areas as to whether multi-stakeholder governance governance. for Internet will suffice initiatives multi-stakeholder examine now We of vital resources and protection of workers or workers of protection and resources vital of is war governments whether for a role direct question the raises This 2013). (Locke, ranted Internet, the political science community has community the science political Internet, begun to question whether self-regulation is sufficient to ensure theproper management After After several decades of multi-stakeholder initiatives experience outside with of the multi-stakeholder multi-stakeholder processes provide a suf ficient basis on which construct to global a system. governance Internet cept cept to say that on “stakeholders an equal footing” or that participate decisions are to These be omissions “consensus-based.” call into question whether these descriptions of nizations nizations except to say that they should be open, transparent and inclusive. They don’t specify how business is to be conducted ex These These descriptions do not specify principles for the creation of multi-stakeholder orga for meetings; f) communications between ments of civil regulation (or self-regulation stakeholders, e.g. via the web or local, region- from the perspective of business).” “Govern- al, or broader meetings; g) addressing power ment agencies may play an endorsing, con- gaps between stakeholders as a result of ex- vening, facilitating or financing role in MSIs, pertise or access to funds; h) whether and/or but often they will not be comfortable nego- how to make recommendations and/or de- tiating standards with CSOs or businesses.” cisions (is consensus required?); and, i) the She also notes, “In the longer term, MSIs may conditions under which to terminate an MSP. serve as experimental mechanisms that start as voluntary initiatives but slowly get tran- Vallejo et al. (Vallejo & Hauselmann, 2004) scribed into governmental policies and regu- observe that many NGOs and business initia- lation along the way.” tives have emerged that deal with voluntary, non-state “standard setting, certification One should ask how these observations, re- and labeling activities, collaborative arrange- flecting several decades of experience, can be ments for sector specific policy-making, sup- incorporated in the newly proposed vehicles ply chain management interventions, or … for multi-stakeholder Internet governance. codes of conduct. ” While their analysis of multi-stakeholder initiatives is less compre- We turn now to an analysis of Internet gover- hensive than Hemmati’s, they observe that nance. viability of such initiatives is strongly depen- dent on their legitimacy and efficiency. They cite Suchmann’s 1995 definition of legitimacy The Scope of Internet as “a generalized perception or assumption Governance that the actions of an entity are desirable, proper and appropriate within some socially Most proposals for multi-stakeholder Inter- constructed system of norms, values, beliefs net governance include too many topics. This and definitions.” is illustrated by the 2014 IGF Istanbul meeting. Discussions were held on access to the In a thoughtful and insightful 2012 study van Internet, freedom of expression, child safety, Huijstee (Huijstee, 2012) offers a strategic privacy, the economics of the open Internet, guide for civil society organizations (CSOs) IPv6 deployment, accessibility to IGF by per- who intend to participate in multi-stakehold- sons with disabilities, the “right to be forgot- er initiatives (MSIs) designed to encourage ten,” gender issues, climate change, the In- corporations to manage natural resources in ternet of things, human rights, public access a more sustainable manner. She provides ad- to libraries, the mobile Internet, and a safe, vice concerning the assessment of personali- secure and sustainable Internet. If Internet ties of CSO negotiators, priorities of the orga- governance is to be manageable, the problem nization, strategies to employ in negotiations, must be simplified. and the importance of understanding the priorities of companies participating in the MSI. In his preface (Kapur, 2005), Vint Cerf ad- dresses this issue by saying, CSOs are also advised to determine in ad- vance what resources they will need to attend “With few exceptions, most of the MSI meetings, which can be very expensive, public policy issues associated with and what knowledge and expertise will be the Internet lie outside the purview needed. CSOs must also remain in contact of ICANN and can and should be with their constituencies in order to maintain addressed in different venues. For legitimacy. She also advises CSOs to leverage example, spam, and its instant mes- their resources by working with like-minded saging and Internet telephony rela- CSOs. To be effective van Huijstee recom- tives … are pernicious practices that EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE MULTI-STAKEHOLDER EXPLORING mends that CSOs learn as much as possible may only be successfully addressed about the businesses that they are trying to through legal means, although there 6 influence and reflect on the influence they are some technical measures that can exert. can be undertaken by Internet Ser- vice Providers (ISPs) and end users Van Huijstee also says that the possible role to filter out the unwanted messages. of governments needs to be understood. She Similarly fraudulent practices such says “MSIs are, by their very nature, instru- as ‘phishing’ and ‘pharming’ may best EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE 7 ------[Emphasis who are not technology providers. not technology who are Absence Absence of rules for holder operation, multi-stake accountability, lack of perceived A of many legitimacy in the eyes Weak states, stakeholders of engagement Uneven to think of it as a of kind inclusivity, of which ethos doesn’t pro vide much other than in terms of guidance the notion. the added.] extent To that inclusivity achieve to try to ought we possible, is it. But there are a lot of specificcon to come to try to have we where texts a much better understanding about how we’re going to enable participa tion and what par the limits of broad be.” may ticipation

1. 2. 3. 4. tion and “can bring derivative actions against actions against bring “can derivative tion and the corporation, and inspect accounts and 2002). (Mueller, Similarly, although records” the Nominating Committee selects 8 of the 16 members of the ICANN board and mem bers for other ICANN organizations, it does not publish its selection procedures. are individuals how of Thus, question central the on chosen to run ICANN, the bylaws are silent. Formal Formal rules for running multi-stakeholder Internet governance. for meetings don’t exist good norms for has stated Although the IETF mechanisms are their enforcement behavior, limited to reducing participation in working group mailing lists or peer punish pressure, ments that This are rarely invoked. has been acceptable because the work of IETF is vol untary If as an are its “standards.” individual cannot get a hearing for they an idea at IETF, can move to or create other forums their where views can be heard and adopted. possibly a “standard” multi- as itself characterizes ICANN Although stakeholder, its bylaws do not provide rules for the conduct of multi-stakeholder meet ings. No provisions exist to make motions or challenge nominations that emerge from the Nominating Committee, for example. 1990s late the in discovery the to due be may This that, as a California corporation, if a he/ person election, ICANN an in vote to right the has she is a statutory member of the corpora As As discussed the below, principal weakness es in multi-stakeholder Internet governance following: the are ------I tend I said the follow 2 “We “We really don’t have a definition of process. multi-stakeholder the dispute dispute resolution methods such as mediation and arbitration.” Intellectual Intellectual property protection may, in part, be addressed Organiza Property Intellectual World through the tion (WIPO) and business disputes through the World Trade Organiza tion (WTO) or through alternative be addressed through legal means. Verveer served Verveer from 2009-2013 as the Coordi 2 nator for International Communications and Information Information and Communications International for nator State. of Department at the U.S. Policy 2013): Strategic Strategic and International Studies entitled (CSIS) The Geopolitics of Internet nance Gover on May 23, 2013 (“Supporting Multi- stakeholderism in Internet Governance,” Ambassador Ambassador Philip Verveer ing about MSG at a panel at the Center for Nonetheless, Nonetheless, we need to critically examine both the way it is and weaknesses. perceived strengths as well as its ments, it ments, has been a driver of innovation and stimulation. economic stakeholders stakeholders who bring their expertise and enthusiasm to bear either on the generation Not only content. or web technologies new of than govern is responsive more this process Internet Governance Internet Multi-stakeholder governance engages The Current State of State The Current fore fore doing that, we examine problems that others have with the state of Internet gover nance. We We explore the disaggregation of governance into separate Internet topics below. Be third cases, countries are free to act. In the re the In act. to free are countries cases, third nego in engage should nations case, maining tiations with other nations if a local decision impact. has a global a goal or not. One can group goals into cat and egories identify the points of agreement, and no In disagreement opinion. the and first is more likely if the goals whether are they classified have by a local or global and whether impact there is agreement on universal Recently (Castro & Atkinson, 2014) many ob many 2014) Atkinson, & (Castro Recently serve that progress on Internet policy goals This contributes to ICANN’s perceived lack of model must be transformed … legitimacy. What will replace these processes remain(s) unclear … there is real ICANN operates under an Affirmation of Com- risk that any transition could lead mitments with the U.S. Department of Com- to an Internet that is less free, … merce. It also is under contract with this U.S. innovative and … valuable to the agency for administration of the Internet As- nations of the world.” signed Numbers Authority (IANA) functions. Other governments have criticized these ties For the purpose of this paper we define legiti- between ICANN and the U.S. government. macy in governance institutions to have three However, since U.S. is planning to relinquish characteristics, namely, they are effective, its oversight of IANA functions, some of these accountable and aligned with their constitu- criticisms may disappear. ents’ values and expectations.

Various governments have expressed op- • By effective, we mean good at deliv- position to the creation of Generic Top Level ering desired results, while minimiz- Domains (gTLDs) in the past– most recently, ing undesired consequences. This the French government concerning the re- characteristic assumes both agility cent awards of the .vin and .wine domains to and efficiency. Donuts Inc., a new registry. This concern ap- • By accountable, we mean the insti- pears to relate primarily to second-level do- tution exhibits two traits, transpar- main names, a matter not yet settled. ency and consequence.4 Transpar- ency means that its constituents, Robin Gross of the Executive Committee members, citizens, or their repre- of ICANN’s Non-Commercial Stakeholders sentatives, can see what is being Group also challenges ICANN’s accountabil- done in their name. Consequence ity (Gross, 2014) means there are predictable and consistent sanctions against bad be- “ICANN is undertaking public gov- havior by those who exercise power ernance duties, but lacks important in the name of the institution. responsibilities that are typically at- • Alignment with constituent val- tached to governance, like protection ues means embodying values and for basic human rights such as pri- expectations that are increasingly vacy, free expression, or due process. commonly held, including inclusive- … Without additional safeguards, ness, participation, and reciprocity. ICANN’s corporate structure is ill-suited to meet the needs of a Only when governance institutions demon- global governance organization.” strate these characteristics will people put [Emphasis added.] their trust in them and legitimize them. And, in the global village, legitimacy is becoming Jim Lewis3 comments on the legitimacy of essential to government’s successful fulfill- Internet governance in general in a recent pa- ment of its purpose. per (Lewis, 2013). Whether democratic or autocratic, national “The current approach to Internet governments want a voice in Internet gover- governance is politically unten- nance. Some nations are concerned about able because it lacks legitimacy information security, that is, content that in the eyes of many new Internet threatens state stability. Others are con- users.” cerned about human rights, worrying that surveillance by states has gotten out of hand EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE MULTI-STAKEHOLDER EXPLORING “The source of legitimacy in the exist- and that new restrictions are needed on in- ing governance model was technical formation aggregators and search providers. 8 expertise. This is now being displaced Still others insist that freedom of expression by political processes. While the cur- is fundamental to realizing the full benefit of rent, informal multi-stakeholder the Internet. For these reasons, the debate on Internet governance is engaged.

3 Lewis is Senior Fellow and Director, Strate- 4 Andreas Schedler refers to these traits as “an- gic Technologies Program at CSIS. swerability” and “enforcement.” [Schedler, 1999] EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE 9 ------

5 Network Architecture Architecture Network Control Content Human Rights Cyber Crime Attacks Cyber

A A regime complex is a set of each regimes with

1. 2. 3. 4. 5. 5 identify the following five policy topics: policy five identify the following norms. of set own its trol trol the Internet, the United Nations or some other organization’ makes no sense soever. what The appropriate question determining what involves is the most effectiveform of governance in each specific (De context” Joe that p226). Nye observes a 2014, Nardis, address to exists complex regime cyber large many issues that constitute Internet gover 2014). Nye, (Joseph nance Nye lists seven cyber related issues, namely DNS/standards, crime, war/sabotage, content es control and privacy, pionage, human & (Castro Atkinson and Castro Robert rights. identify 2014) Atkinson, eight namely issues, data, property, intellectual regulation, content operations, network cyber crime, commerce, access. and equity and performance, network DeNardis (DeNardis & Raymond, 2013) lists six namely issues, control of critical resourc es, setting Internet standards, access interconnection and coordination, cybersecurity governance, information intermediation and enforcement. rights IP architecture-based For discussion purposes, we have chosen to technical committees propose,” technical unlike committees other propose,” technical organizations such as the Interna tional Civil Aviation Authority (Sofaer (ICAO) et al., 2010). the Finally, ITU is a treaty orga nization. If nations ratify treaties, they com mit to implementing them. If the to ITU control were the Internet, it could decide If standards. its apply that to had nations ratifying applied other States standards, non-ratifying Internet in core unpredictability considerable result. could operations Issues Internet What Need Governing? As mentioned earlier, calls have been made by Cerf (Kapur, 2005) and Castro kinson (Castro and & Atkinson, 2014) to simplify At Internet governance by allocating responsi bility for individual policy issues to relevant organizations. On this issue Laura DeNardis says, “a question such as ‘who should con ------trol trol over the content of the standards the change. Second, it Second, has change. been criticized on the grounds that “its current internal structure provides no guaranty of professional con ally private except to fee-paying sector mem sector fee-paying to except private ally bers or associates. In this regard, they not are multi-stakeholder, although this could allocation, allocation, traditional telephony standards, has it development, telecommunications and many shortcomings. First, its meetings are generally closed and its reports are gener While ITU has been effective in handling of ra of handling in effective been has ITU While orbit satellite geostationary and spectrum dio for for allocating gTLDs that have the potential to violate geographical indications and for a accountability. lack of general the DNS to about three billion users without a major international incident, as mentioned above, its operations have been criticized rity” in its 2008 Global Cybersecurity Agenda Agenda Cybersecurity Global 2008 its in rity” 2010). & Diffie, Clark, (Sofaer, While ICANN has managed the expansion of than ICANN. The ITU clearly signaled its in tention “to play the leading if in role coordinating all aspects of cybersecu not the sole and it has more than 700 sector members and associates, it can more democratically manage the Domain Name System (DNS) Advocates Advocates for the ITU can argue that since 193 UN nations have voting rights in the ITU agreement agreement on what constitutes multi-stake this opens holder a governance, door to cap the ITU. by governance Internet of ture As As mentioned earlier, both ICANN and ITU refer to themselves as multi-stakeholder or international no is there Because ganizations. Is Internet Governance at Governance at Is Internet Risk of Capture? ments ments to take more governance. Internet concerning considered positions velopments velopments on Internet, they would analyze their impact on their business plans and that this would lead them to pressure govern governance governance model, and they need to be en He believes that if gaged now.” such sectors, as banking and finance,transportation sys tems and energy, were aware of current de tional critical infrastructure protection sec tors in all countries need to be protecting engaged in the multi-stakeholder Internet Concerning Concerning the last weakness, Les (Bloom, 2014) argues that “Major Bloom non-tradi Network architecture refers to those issues nical in nature and that carefully considered that are central to the proper operation of the technical recommendations should either be Internet; they include naming and routing, implemented as proposed or not implement- traffic management, network security, tech- ed at all. For example, Sofaer et al (Sofaer nical standards and trademarks. Content et al., 2010) examine ICAO as one of several control includes privacy, filtering of data in models for Internet governance and consider transit (to prevent child pornography, spam it a model that should be considered for IG. or competing services, such as VOIP), secu- ICAO regulates civil but not military aviation. rity of data at rest and in motion, and data Most importantly, in ICAO professionals re- localization. Human rights include freedom tain control over standards, not the policy of expression and belief, economic, social and makers. cultural rights, the right to self-determination and development, privacy, and surveillance. Other models for Internet governance on Cyber crime consists of any crime commit- technical matters may be the International ted via the Internet including theft of intel- Labor Organization (ILO), which is being ex- lectual property. Cyber attacks are actions amined by the EastWest Institute, and the via networks that cause serious damage to a Red Crescent/Red Cross, which is being ex- nation, national interests, or critical national amined by the Bildt Commission. infrastructures. The latter are resources accessible via the Internet essential to the Multi-stakeholder governance has been most functioning of modern societies, such as gas, effective in the development of the Internet. electricity, water, food, government and fi- Thus, as Internet governance issues are dis- nancial services, manufacturing, and medical aggregated and allocated to new or existing facilities. organizations, a multi-stakeholder consultative function should be grafted onto them. We now briefly examine each of the five policy Opportunities must be provided for the In- topics mentioned above. Most of the interna- ternet community, broadly interpreted, to tional issues can be addressed in the Human participate. This includes governments, civil Rights Council (HRC), the World Intellectual society, business and academia. Property Organization (WIPO), the World Trade Organization (WTO), the ITU, or the UN General Assembly. In a few cases, notably Network Architecture that of network architecture, ICANN, suitably This topic concerns management of the DNS, augmented, will suffice. Other venues include which consists of allocation and de-allocation the regimes identified by Joe Nye (Joseph of gTLDs, management of the IANA func- Nye, 2014), such as the G7, G20, and OECD, tions, deciding whether some Internet traffic government groupings, and regional organi- can be prioritized, routing operations, traffic zations, such as the Council of Europe and management, network security, development the Shanghai Cooperation organization. of technical standards, honoring trademarks, and ICANN oversight. Certainly there are Internet governance issues that are not addressed by any interna- Domain Name Management tional body, such as security of the supply chain. For these, nations should try to either While issues have arisen concerning Internet extend the mandate of existing organizations, naming functions since ICANN’s inception such as the World Trade Organization, or cre- and some important ones remain, ICANN has ate mutual legal assistance treaties (MLATs) been responsive, within its existing frame- for this purpose. work, to most of these issues. We explore ICANN oversight in the last subsection. We recognize that many of these internation- EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE MULTI-STAKEHOLDER EXPLORING al organizations are not adequately prepared IANA Functions to deal with Internet-based issues. We also 10 note there are organizations, such as the Dip- An ICANN department manages the IANA loFoundation, that help educate diplomats by functions. They include maintaining the list of offering courses in this area. parameters associated with protocols. This is not controversial and can be handled by It is important to recognize that some Inter- ICANN, as it is done today. IANA also imple- net governance matters are primarily tech- EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE 11 ------Trademarks ICANN of Oversight speech versus state security. When disagree When security. state versus speech ments arise, the Human Rights Council is a to air them. place first good ISPs can play a useful role in reducing spam. Often they can detect and help eliminate customers malware. If the volume of spam is high, it is in the ISP’s interest Sharing to of ISP best practices on reduce such issues it. and de-allocation of gTLDs and DNS and BGP BGP and DNS and gTLDs of de-allocation and standards proposed for deployment. A simi lar approach could be devised for managing the used keys in bol securing DNS and BGP, stering confidence inInternet security and encouraging ISPs to speed the deployment security. DNS and BGP of Control Content Ensuring privacy of communications is pri marily a domestic It issue. becomes interna com to right the asserts nation a when tional avail mand to make one of ISPs its domestic able private information held on computers within the territory of a foreign state. Such matters could be handled either in the General Assembly UN (UNGA) or via the World (WTO). Organization Trade Nations are the first lineof concern defense ing the control of undesirable content, such as spam or child pornography. Cooperation in control of content is difficult when nation al values are in conflict, such as freedomof some some credible appeals body of senior cyber be useful. could states issues that arise Trademark in domain name allocation can continue to be addressed referred be can or manner hoc ad current the in to the World Intellectual Property Organiza is identified. issue if a generic tion (WIPO) Calls for strengthening ICANN the can legitimacy be addressed of in First, several a ways. replacement could the be ICANN Independent created Review Panel (IRP) for process. This replacement the should qualities of transparency in its operating exhibit methods and independence in its panel the which member over issues of range The ship. circumscribed, be could oversight have would but could include for the example, allocation ------Standards Development Standards Network Security Network Traffic Management Traffic tivities, tivities, conflicts do arise for which having supervise supervise it unless it is abused, say through While the deliberate corruption of standards. many standards bodies coordinate their ac nizations nizations worldwide, dominated by the IETF determine adoption. forces Market W3C. and It isn’t necessary to change this system or Internet Internet standards today are formulated in a manner satisfactory by more than 200 orga be asked to take on this task or a new interna new a or task this on take to asked be this purpose. for created tional organization Because Because no organization currently has sponsibility for re norms, either ICANN should Similarly, Similarly, ISPs should agree to keep ISPs informed other of disruptions and/or impor discover. they threats tant malware nounces a path to one of its customers or to a to or customers its of one to path a nounces pack deliver either should it ISP, neighboring ets sent via this path or to the explain sender why the packet stream cannot be delivered. Norms can help to ensure that conform to operations expectations (Hathaway & Sav age, 2012). For example, when an ISP an If norms don’t adequately regulate behavior, behavior. control needed to be may treaties the responsibility of registries and ISPs. How ISPs. and registries of responsibility the the behavior of ever, domain name registries and should ISPs be guided by explicit norms. Security Security of DNS name and resolution Border are announcements (BGP) Protocol Gateway be forced be on forced companies by nations, it is also issue. a domestic against against distributed denial of service attacks. address. to states for issue domestic a is This can forgotten” be to “right the while Similarly, plied zealously, it plied would zealously, prohibit giving prior ity to communications during emergencies and prevent certain techniques to protect Treating Treating all traffic uniformly, hailed has as “net an neutrality,” appealing ring to it. If ap multi-stakeholder multi-stakeholder organization, we offer no issue. particular on this comments in the Root Zone with the approval of NTIA. Since NTIA intends to turn responsibility for overseeing the IANA functions to an outside ments ICANN policy on the issuance of gTLDs gTLDs of issuance the on policy ICANN ments to registries. This includes making an entry can be done via various organizations includ- tional. Although the Council of Europe Con- ing, possibly, the Internet Society or FIRST, vention on Cybercrime is in effect in more the incident response organization. than 40 countries, important countries, such as China or Russia, have not adopted it. None- Securing data at rest, that is, in databases theless, these countries do share some cyber and clouds, is largely a private matter. Na- crime information. Regional and international tions have a role to play when the data in organizations, NGOs, SCO and UNGA com- question concerns a large fraction of its citi- mittees are venues to further expand coop- zenry. Some insist on data localization. Se- eration in this area. curing data in motion is both a domestic and an international issue. It is domestic when the data transits only domestic networks. It can Cyber Attacks become an international issue when it cross- Cyber attacks are actions via networks that es territorial boundaries, for example, when cause serious damage to a nation, national data is encrypted. In this case, the WTO may interests, or critical national infrastructures. be the best venue. The latter are resources accessible via the In- ternet that are essential to the functioning of Nations have an interest in protecting inter- modern societies, such as gas, electricity, wa- national communication resources on which ter, food, and military, medical and emergen- they rely, such as the undersea cable sys- cy facilities. Given that a national economy tems, which carry more than 95% of the in- can be severely damaged by a cyber attack, ternational Internet traffic. The ITU is an ap- nations must take steps to reduce the risk of propriate venue for this issue. this occurring (Bloom & Savage, 2011).

Human Rights To illustrate the importance of a cyber attack, we note that more than $10 trillion in financial The Universal Declaration of Human Rights transactions occur daily via undersea tele- identifies the right of personal freedom of communications cables and close to $5 tril- expression while noting that a person’s free- lion in the U.S. federal banking system daily. doms may be subject to limitations to protect Compare this to the gross domestic product national security, public order or the rights of the U.S., which was about $17 trillion in and freedoms of others. This tension between 2013. If either system were to be disrupted expression and security arises in the Internet for a day, very serious damage would be done governance context particularly concerning to the U.S. and world economies. content control. The UNGA First Committee is an appropriate Human rights issues can generally be de- venue to address these threats. Others in- cided either domestically or via the Human clude some of the regimes identified by (Jo- Rights Council (HRC). Some issues, such as seph Nye, 2014), such as government group- surveillance, are both domestic and interna- ings and regional organizations. tional. At the international level, UNGA may be the venue to address the latter.

Cyber Crime

Cyber crime consists of any crime committed via the Internet. It includes hate crimes, cyber bullying, child pornography, fraud, theft of cash and intellectual property, identity theft, EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE MULTI-STAKEHOLDER EXPLORING unauthorized trespass, damage to hardware and software, data corruption, damage to 12 physical systems controlled via the Internet, disruption of network traffic, and other simi- lar activities.

Given the global reach of the Internet, each of these issues is both domestic and interna- EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE 13 - - - - - provides one model of this kind of body. body. of kind this of model one provides 6 Press. Internet Governance Trifecta, Circle ID. (May 3, 2014). Retrieved from their website: their website: from Retrieved 2014). 3, (May ID. Circle Trifecta, Governance Internet http://www.circleid.com/posts/20140504_netmundial_multistakeholder_state ment_concludes_act_one_of_2014/ http://tools.ietf.org/html/rfc1 site: site: http://www.atlanticcouncil.org/publications/issue-briefs/on-cyber-peace. site: Foundation. & Innovation Technology The Information Policy, Internet Cross-Border http://www2.itif.org/2014-crossborder-internet-policy. their website: from Retrieved pdf Montevideo Statement on the Future of Internet Cooperation. Cooperation. Internet of on the Future Statement Montevideo (www.CGI.br) Committee Steering Internet Brazilian The 6 DeNardis, L. (2014). The Global War for Internet Governance. New Haven: Yale University University Yale Haven: New Governance. Internet for War The Global (2014). L. DeNardis, Crocker, S. (1969). Request for Comment: 1, Host Software, IETF. Retrieved from their web from Retrieved IETF. Software, Host 1, Comment: for Request (1969). S. Crocker, Corwin, P. (2014). NETmundial Multistakeholder Statement Concludes Act One of 2014 2014 of One Act Concludes Statement Multistakeholder NETmundial (2014). P. Corwin, Castro, D., & Atkinson, R. (2014). Beyond Internet Universalism: A Framework for Addressing Addressing for Framework A Universalism: Internet Beyond (2014). R. Atkinson, & D., Castro, Bloom, L., & Savage, J. E. (2011). On Cyber Peace, Atlantic Council. Retrieved from their web from Retrieved Council. Atlantic Cyber Peace, On (2011). E. J. & Savage, L., Bloom, Retrieved from ICANN website: https://www.icann.org/news/announcement-2013-10-07-en website: ICANN from Retrieved 13-15. (2), NetNod News at Busan?, What is at stake (2014). L. Bloom, Akplogan, A., Curran, J., Wilson, P., Housley, R., Chehade, F., Arkko, J., . . . Jaffe, J. (2013). The (2013). J. Jaffe, . . . J., Arkko, F., Chehade, R., Housley, P., Wilson, J., Curran, A., Akplogan, Bibliography nonprofit andtechnical A representatives. key question will be whetherstates constitute a or a plurality. majority The creation of this independent review layer could be undertaken by a small, multi-stake holder body with representation from key state cyber powers supplemented by corporate, operating methods and independence in its membership. It would have the power to approve approve to the power have It would membership. in its methods and independence operating technical the of decisions technically-related or technical the modify, to not but disapprove, or organization. validate the technical or technically related decisions. decisions. related or technically the technical validate As suggested earlier, this additional layer would exhibit the qualities of transparency in its When existing are organizations handling Internet we matters, governance recommend that they invoke multi-stakeholder consultative units to seek the opinions of we dimension, Internet policy a stakehold have issues related technically and technical many since However, ers. recommend the addition of a small crafted carefully layer with oversight limited authority to groupings groupings and regional bodies. If these organizations lack expert knowledge of the Internet, organizations. technical handled by be largely can issues Technical be remedied. this can Internet governance Internet is governance a topic in handled need of be Followingsimplification thecan andleadrefinement. that of topics into it disaggregating by simplified be it that recommend we others, government as well as CoE, ITU, WTO, WIPO, HRC, the as such bodies, international existing by Conclusions Recommendations and DeNardis, L., & Raymond, M. (2013). Thinking Clearly about Multistakeholder Internet Gover- nance. Retrieved from the Social Science Research Network, SSRN 2354377: http:// ssrn.com/abstract=2354377

Gross, R. (2014). Comments on Enhancing ICANN Accountability, ICANN. Retrieved from the ICANN website: http://forum.icann.org/lists/comments-enhancing-accountability- 06may14/msg00036.html

Hathaway, M., & Savage, J. E. (2012). Stewardship of Cyberspace: Duties for Internet Service Providers. CYBERDIALOGUE 2012, the Munk School of Global Affairs at the Univer- sity of Toronton. Retrieved from their website: http://www.cyberdialogue.citizenlab. org/wp-content/uploads/2012/2012papers/CyberDialogue2012_hathaway-savage. pdf

Hemmati, M. (2002). Multi-stakeholder Processes for Governance and Sustainability: Earth- scan Publishing.

Huijstee, M. v. (2012). Multi-Stakeholder Initiatives: A Strategic Guide for Civil Society Orga- nizations, The Social Science Research Network, SSRN 2117933 Retrieved from their website: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2117933

ICANNWiki. (2014). Multistakeholder Model. Retrieved from the ICANN website: http://icannwiki.com/index.php/Multistakeholder_Model

IETF. (2014). The IETF Process: an Informal Guide, IETF. Retrieved from their website: http:// www.ietf.org/about/process-docs.html

Joseph Nye, J. (2014). The Regime Complex for Managing Cyber Activities, The Global Com- mission on Internet Governance Retrieved from their website: https://www.ourinter- net.org/

Kapur, A. (2005). Internet Governance: A Primer: Reed Elsevier, India.

Kummer, M. (2013). Multistakeholder Cooperation: Reflections on the emergence of a new phraseology in international cooperation, Internet Society. Retrieved from their website: http://www.internetsociety.org/blog/2013/05/multistakeholder-cooperation- reflections-emergence-new-phraseology-international

Lewis, J. A. (2013). Internet Governance: Inevitable Transitions (Vol. 4), The Centre for Inter- national Governance Innovation. Retrieved from their website: https://www.cigion- line.org/publications/2013/10/internet-governance-inevitable-transitions

Locke, R. M. (2013). The Promise and Limits of Private Power: Promoting Labor Standards in a Global Economy, Cambridge University Press.

Mueller, M. L. (2002). Ruling the Root: Internet Governance and the Taming of Cyberspace: MIT Press.

Schedler, A. “Conceptualizing Accountability” The Self-Restraining State: Power and Ac- countability in New Democracies. Ed. Andreas Schedler, Larry Diamond, and Marc F. Plattner. Boulder and London: Lynne Rienner Publishers, 1999. 13-28.

EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE MULTI-STAKEHOLDER EXPLORING Sofaer, A. D., Clark, D., & Diffie, W. (2010). Cyber Security and International Agreements, Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and De- 14 veloping Options for U.S. Policy, 179 - 206, National Academies Press. Retrieved from their website: http://www.nap.edu/openbook.php?record_id=12997&page=179

Strickling, L. (2013). Moving Together Beyond Dubai, blogpost, The National Telecommunica- tions and Information Adminstriation. Retrieved from their website: http://www.ntia. doc.gov/blog/2013/moving-together-beyond-dubai EXPLORING MULTI-STAKEHOLDER INTERNET GOVERNANCE 15 Union. Retrieved from their website: http://www.itu.int/wsis/docs2/tunis/off/6rev1. their website: from Retrieved Union. html Series. Retrieved from the ITU website: http://www.itu.int/en/wtpf-13/Documents/ ITU website: the from Retrieved Series. backgrounder-wtpf-13-internet-governance-en.pdf their website: from Retrieved Development. Sustainable for Institute International http://www.iisd.org/pdf/2004/sci_governance.pdf problems that threaten regional and global stability. Founded in 1980, EWI is an international, non-partisan non-partisan is an international, EWI in 1980, Founded stability. and global regional that threaten problems global go-to place for building trust, influencing policies and delivering solutions. and delivering influencing policies building trust, for place go-to global its Board of Directors or staff. or staff. Directors of Board its [email protected] [email protected] organization with offices in New York, Brussels, Moscow and Washington. EWI’s track record has made it a record track EWI’s Washington. and Moscow Brussels, York, New in with offices organization Copyright © 2015 EastWest Institute EastWest © 2015 Copyright Illustrations: Dragan Stojanovski Dragan Illustrations: New York, NY 10010 U.S.A. U.S.A. 10010 NY York, New www.ewi.info www.ewi.info WSIS. (2005). Tunis Agenda for the Information Society, International Telecommunications Telecommunications International Society, the Information for Agenda Tunis (2005). WSIS. Vallejo, N., & Hauselmann, P. (2004). Governance and Multi-Stakeholder Processes, The Processes, Multi-Stakeholder and Governance (2004). P. Hauselmann, & N., Vallejo, Supporting Multi-stakeholderism in Internet Governance. (2013). WTPF Backgrounder Backgrounder WTPF (2013). Governance. in Internet Multi-stakeholderism Supporting 11 East 26th Street, 20th Floor 20th 26th Street, 11 East The EastWest Institute Institute The EastWest The EastWest Institute seeks to make the world a safer place by addressing the seemingly intractable intractable the seemingly addressing by place a safer the world make to seeks Institute The EastWest The views expressed in this publication do not necessarily reflect the position of the EastWest Institute, Institute, EastWest of the the position reflect not necessarily do this publication in expressed The views +1-212-824-4100 +1-212-824-4100 _ _ _ Building Trust Delivering Solutions

The EastWest Institute seeks to make the world a safer place by addressing the seemingly intractable problems that threaten regional and global stability. Founded in 1980, EWI is an international, non-partisan organization with offices in New York, Brussels, Moscow and Washington. EWI’s track record has made it a global go-to place for building trust, influencing policies and delivering solutions.

Learn more at www.ewi.info

EWInstitute EastWestInstitute