If it can be said that most international conferences occur in their own little world, the World Conference of International Telecommunications (WCIT-12) happened in another dimension. For outside observers the WCIT-12 goings-on (as well as out-comings) sometimes seemed to border on the bizarre – with midnight “none-votes”, and contentious last-minute maneuvers. In the end, it may not matter what actually is in the legally binding document itself, but rather what the entire process says about the increasingly visible struggle between the supporters of the multistakeholder approach and those advocating state control over the Internet (“cybersovereignty”).
For those worried about the multistakeholder model of Internet governance, there was no lack of hyped statements going into WCIT-12, held in the first weeks of December 2012 in Dubai, UAE. In a high-profile campaign led by Google and taken up by others, the run-up to the conference was marked by woolly statements intended to imply an “Internet takeover by the UN”. The lack of clear substance to some of the concerns voiced made it easy to deny anything remotely of the kind, with a New York Times article even equating these concerns with “web-snatching fantasies of black helicopters”. As it turned out, the new International Telecommunication Regulations (ITRs) that were the subject of WCIT-12 were not accepted by all nations, largely based on Internet-related concerns. In the aftermath, what – to the surprise of many – turned out to be a highly-controversial conference, some voices gloated that “No one mourns the WCIT”, and saw a victory in the apparent rubble of a “failed” conference.
In fact, WCIT-12s “failure” may represent a significant strategic setback for the US and like-minded “multistakeholder” nations. There are two reasons for this. Firstly, the vast majority of governments probably do not actually have major objections to the ITRs, and may eventually sign – in the worst case leading to a situation that would amount to the “West against the rest”. The second reason is that it could be a disaster if these countries sign up to the ITRs. While the ITRs themselves really are mostly harmless, their wider implications of the language used in the document are not. The document – which includes the highly controversial Internet resolution in the preamble – may effectively thus operate as a “semantic beachhead” with which to further attack the issue of multistakeholderism in Internet governance.
The great majority of the world’s governments very likely do not see the new ITRs as being especially problematic. The most controversial statements are in the preamble, and thus have no direct bearing on the legal part of the ITRs themselves. In any case, most countries would agree with at least some of the “cybersovereignty” argument: namely, that similar to traditional telecommunications or broadcast media, national sovereignty does at least somewhat apply to cyberspace.
Despite what was said at Dubai, most governments are for increased state involvement in the Internet – indeed, even most liberal democracies quite comprehensively manage “their” Internet space already. While most of the regulation is discretely kept in reserve for emergencies – or safely hidden within the remit of the intelligence services – most liberal democracies also constantly manage their Internet space for “bad” Internet content – i.e. cybercrime – as well. The key issue is not what is done in one’s “national Internet segment” (an unpopular term pushed by Russia which, nonetheless, has some technical justification) for one’s own national security, but rather what international obligations there are to manage Internet resources globally and to protect other countries’ national security. The concern is that some governments may exploit the ambiguous nature of virtually all actions in cyberspace and will pursue an authoritarian (or even internationally aggressive) state agenda under the pretext of fighting international cybercrime. Liberal democracies have thus managed to somewhat talk themselves into a corner of their own contradictions: while, in fact, most of these governments do have government regulations in place for national security purposes, they loudly disclaim that such regulations or international agreements are necessary at an international level. This has not gone unnoticed by other nations, in particular in the developing world.
The developing world also has some justification in wondering if the “multistakeholder” nations are not deaf as well as blind. One of the clear indicators before WCIT-12 was that the Africa-block of ITU nations was going to play an important role at the conference. Still, there seems to have been no real attempt to engage this critical block before or during WCIT-12. While some of their demands may seem unreasonable (Internet content companies – mostly American – paying infrastructure companies – most of the rest of the world – for the traffic that they generate) there was room for some sort of discussion. This discussion has not even really started, despite the fact that there has long been a “development angle” that could have been leveraged. This angle, called “ICT for Development” (or “ICT4D”) has been waiting in the diplomatic wings for years. Instead of actively pursuing this solution to help address these developing nation concerns and make friends with the critical voting block, the West largely ignored them. Meanwhile, Huawei is building the African telecom back-bone.
Given this, it is hardly surprising that there was large agreement to support amendments to Article 5 that seemed to at least partially address the African concerns (regarding unwanted SMS spam rather than Internet spam). Also, despite what was said in some fora, Article 5 is not necessarily the most dangerous part of the ITRs, even though it has possible implications for Internet content. Instead, the real peril may lurk in the (Russian-inspired) Internet resolution. While legally non-binding and therefore irrelevant for the ITRs themselves, the resolution is still part of the ITR package and has a certain standard-setting function. The danger is that the language used in the resolution may actually imply a fundamental reinterpretation of what Internet governance is internationally understood to be – with dire consequences for the freedom of the Internet. This was clear when Russia first pushed the resolution (to the ire of even the Indians), and it became no different in its later, last-minute Iranian incarnation.
Those nations that may sign may well be agreeing to a “Trojan horse” that indeed greatly furthers the ambitions of the cybersovereignty block. According to Internet governance scholar Wolfgang Kleinwächter, the language in the new ITRs (and in particular the Internet resolution) could actually imply the creation of a “new” multistakeholder system for Internet governance, one that ultimately replaces the existing system with something working under the aegis and ultimate control of the ITU. This would mean that the equal balance of state, private sector and civil society that – at least in theory – was the hallmark of multistakeholderism may instead be replaced by a model in which the state is paramount. Civil society and the private sector – the true heavyweight actors in the Internet – would instead be relegated to an “advisory” status, literally surrendering their right to build protocols and hardware as they saw fit.
If there is really such an agenda, it may become clear at the World Telecommunications Policy Forum (WTPF), an ITU-affiliated meeting, to be held in Geneva in May 2013. At the moment it certainly looks like those concerns might be justified – WTPF preparation documents in circulation at the end of February 2013 indicate that multistakeholderism has been put firmly on the agenda.
If the WTPF does indicate that there is a movement aimed at redefining essential elements of Internet governance, then the next great battle will be the ITU-Plenipotentiary Conference in Busan, South Korea, in 2014. The Plenipotentiary Conference itself represents the most senior meeting of the ITU as a whole, and it is here that the Internet-related future of the organization could well be decided once and for all. One delegate to Dubai darkly predicted that, due to shadowy scheming within the ITU, not a single European ITU director would be left in office by the time of the Busan conference, and internal resistance to any ITU power-grab would be effectively neutralized. According to this line of thinking, the ultimate aim of the cybersovereignty advocates would be the UN summit meeting on the Internet, the World Summit of the Information Society (WSIS) in 2015. At previous meetings in 2003 (Geneva) and 2005 (Tunis), WSIS had been instrumental in providing the presently-accepted definition of the multistakeholder approach. The place to therefore “lock-in” any new definition of what “multistakeholder” actually means would therefore be at WSIS 2015.
The stakes are dizzyingly high: if the cybersovereignty advocates produce enough momentum to change the specific definitions of both “multistakeholder” and “Internet governance”, and lock in these changes at WSIS 2015, then the UN itself will have delegitimized the existing form of multistakeholderism. Liberal democratic governments will then face a stark choice: they can “surrender” ICANN and hand over chunks of the global Internet functionality to an international organization (the ITU, most likely), or they can ignore the UN and support the existing system of Internet governance, and severely delegitimize the entire international system of peace and security in the process. Finally, it could come to what a Russian delegate at Dubai warned Reuters of, namely: “maybe in the future we could come to a fragmented Internet”. Indeed, at a cyber-conference held at MIT in September 2012, some observers claimed that a fragmentation of the Internet into a number of nationally-controlled internets was “inevitable”, and already in process. For most liberally-minded, all three of these futures are pretty bleak.
The only hope for liberal democracies may well be to go on the offensive: rather than allow multistakeholderism to be increasingly squeezed in the field of Internet governance alone, the principle should be extended to other fields, and not only limited to cyberspace. The field of human rights offers some interesting possibilities here: for instance, the UK government has pushed for the applicability of the UN International Covenant on Civil and Political Rights (ICCPR) to the Internet as a whole. This in turn would instantly upgrade the importance of the Human Rights Committee, a presently largely ignored body of 18 non-state experts (elected by the UN General Assembly) which constantly review the UN members’ compliance with the ICCPR. If the Human Rights Committee, as a body of non-state experts, is thus politically supported it would also give additional credence to the multistakeholder approach. Even if it means a re-appraisal of what exactly the multistakeholder approach means, this may well prove the smallest of all possible sacrifices.
The alternatives are indeed dreadful: on the one hand, a world in which the global Internet has been put under strong governmental control. Or on the other hand, a world in which not only has the Internet been fragmented by digital “iron curtains”, but, with the West’s refusal to accept the primate of the UN, the entire international system of security has been discredited with it. The longer we ignore this frightening prospect, and fail to grasp the comprehensive nature of the challenge we face, the more likely this digital wasteland becomes.
Parts of this post were first published under the title “The Internet Yalta”, available at http://www.cnas.org/theinternetyalta.
About Alexander Klimburg
Alexander Klimburg is a Fellow and Senior Advisor at the Austrian Institute for International Affairs. Since joining the Institute in October 2006, Mr. Klimburg has acted as an advisor to a number of governments and international organizations on a number of issues within cybersecurity, Critical Infrastructure Protection (CIP), and EU Common and Foreign Security Policy (CFSP). Mr. Klimburg has partaken in international and intergovernmental discussions, has acted as an advisor to the Austrian delegation at the OSCE, and has been a member of various national and EU-level policy and working groups. He is the principle author of a 2011 European Parliament study entitled /Cyberpower and Cybersecurity/ and regularly advises on cybersecurity legislation. Within cybersecurity, Mr. Klimburg’s work has primarily been in the area of Information Security, Critical (Information) Infrastructure Protection, and researching the synthesis of different types of cybersecurity issues in exercising “cyberpower”. Mr. Klimburg is particularly interested in the roles that non-state actors have within cybersecurity, and how these roles can contribute to a whole-of-nation “Integrated National Capability” within cyberpower. Mr. Klimburg is the author of a number of advisory papers and is regularly consulted by national and international media. Previous to joining the institute, Mr. Klimburg worked on ICT strategy issues in corporate finance and IT/strategy consulting in Europe and Asia, and holds degrees from the School of Oriental and African Studies and the London School of Economics and Political Science.