The Internet Governance Roadmap, which was adopted recently in Sao Paulo by the Global Multistakeholder Meeting on the Future of the Internet Governance Ecosystem (NETmundial) includes a lot of controversial issues — from net neutrality to mass surveillance — and it is unclear how this will be translated into reality. However, the Internet Governance Principles, also adopted by NETmundial, were less controversial, but will have probably a sustainable and deep effect for the future of the Internet.
Internet Self-Regulation
The discussion around Internet regulation and principles is not new. It goes back to the early days of the Internet. The Internet was never a law-free zone but developed mainly in the shadow of specific governmental regulation. In contrast to telecommunication and broadcasting — which soon after its early adoption was regulated by national telecommunication and broadcasting laws — nobody introduced a national Internet law after the TCP/IP protocol opened the door for the development of a net of networks what we call today the Internet.
The self-regulatory mechanisms which were introduced by the Internet community itself — a small group of geeks and freaks in the 1970s and 1980s — was seen as sufficient enough to manage the emerging network. The RFC procedure, introduced already in 1969, provided the rules to guarantee the needed stability and flexibility and to get emerging problems under control.
One example was the 'Netiquette', a number of ethical norms as basic guidelines for fair Internet behavior by individual users. The netiquette was developed in the 1980s when text-based e-mail, Telnet, Usenet, Gopher and FTP from educational and research bodies dominated Internet traffic.
The World Wide Web, invented in 1991, was a watershed for the Internet. Within a couple of years the number of Internet users exploded and reached 300 million in 1995. The Internet pioneers realized quickly that they have to do something with their internal rules.
Sally Hambridge from Intel published in October 1995 RFC 1855 which summarized and re-described the Guidelines for a 'Netiquette on the Internet'. "Today", wrote Hambridge, "the community of Internet users includes people who are new to the environment. These 'Newbies' are unfamiliar with the culture and don't need to know about transport and protocols. In order to bring these new users into the Internet culture quickly, this Guide offers a minimum set of behaviors which organizations and individuals may take and adapt for their own use."
RFC 1855 includes a number of good guidelines as the 'robustness principle', better known as Postel's law, from RFC 761: "Be conservative in what you send; be liberal in what you accept." But RFC 1855 also includes rules like "don't send unsolicited mail" and "respect the copyright on material that you reproduce". The problem with the Netiquette was that it did not have any implementation mechanism and it was known and accepted only among the small community of geeks and freaks. Responsible people respected the rules, but irresponsible behavior remained unpunished. When criminals, hate preachers, paedophiles, vandals and terrorists populated the net at the end of the 1990s, the 'Netiquette' reached its limits.
In so far it was understandable that some governments started already in the midst of the 1990s to think about something like a governmental supported regulatory framework for the Internet. The EU Commissioner Martin Bangemann used an ITU Conference in Geneva in September 1997 to propose a 'Declaration for the Information Society'. The idea did not get the needed support.
The new emerging business players of the growing Internet economy were afraid that such a governmental declaration will not promote but restrict the further development of the Internet by introducing heavy regulation which could eventually block the creative concept of 'innovation without permission'. And the US government feared that a UN sponsored Declaration could re-open the counter-productive political UNESCO debate around a 'New World Information and Communication Order' (NWICO) of the 1980s.
As a result the new big Internet companies proactively established the 'Global Business Dialogue on eCommerce' (GBDe) where they proposed to develop an industry led self-regulatory framework. And the US government launched the private 'Internet Corporation for Assigned Names and Numbers' (ICANN), where governments have only an advisory role.
Not everybody was happy with ICANN and the private sector leadership principle. When the UN launched the World Summit of the Information Society (WSIS) in 2002, China argued that private sector leadership was probably good when the Internet had one million users. But with one billion users, governmental leadership would be needed to get the Internet under control. Internet Governance suddenly was in the spotlight of a political power struggle. It was US vs. China, ICANN vs. ITU, private sector leadership vs. governmental leadership.
The emergence of the Multistakeholder Model
It needed three years of controversial negotiations and the intense work of a multistakeholder UN Working Group on Internet Governance (WGIG), appointed by the former UN Secretary General Kofi Annan, until a compromise was reached. WGIG rejected the idea of 'single leadership' and proposed a multi-stakeholder model, where all main stakeholders — governments, private sector and civil society — should work together "in their respective roles" by sharing "principles, norms, rules, decision-making procedures, and programs that shape the evolution and use of the Internet". The WGIG recommendation made its way into the Tunis Agenda which was adopted by the head of states of 150+ governments of the world at WSIS II in November 2005.
The Tunis Agenda did not introduce any specific Internet regulation. But it included, in rather vague language, a number of general principles which could be interpreted as the starting point for a regulatory framework for Internet governance, based on the multi-stakeholder model.
The Internet Governance Forum (IGF), another outcome of WSIS, became the place for a continuation of the debate. During the 2nd IGF in Rio de Janeiro (2007) a so called Dynamic Coalition on Internet Rights and Principles was formed. And indeed, the IGF triggered a re-thinking of the usefulness of principles. But while a rough consensus emerged soon, that "something on paper" is probably not such a bad idea, the gap was between groups who wanted to see a legally binding convention and other groups who were in favor of a more soft solution, a non-binding political declaration of general principles and guidelines which would help to identify what is good and what is bad behavior on the Internet.
The 2011 Internet Principles Hype
In 2011 there was something like an Internet-Principle-Hype. "The world must collectively recognize the challenges posed by malevolent actors' entry into cyberspace and update and strengthen our national and international policy accordingly," argued US President Obama in his 'International Strategy for Cyberspace' in May 2011. "Activities undertaken in cyberspace have consequences for our lives in physical space, and we must work towards building the rule of law, to prevent the risks of logging on from outweighing its benefits." And he added: "The future of an open, interoperable, secure and reliable cyberspace depends on nations recognizing and safeguarding that which should endure, while confronting those who would destabilize or undermine our increasingly networked world."
In June 2011, the G8 Summit in Deauville/France adopted a declaration where the heads of states of the USA, the United Kingdom, Germany, Italy, Canada, France, Japan and Russia agreed on a number of Internet Governance principles, including the principle on multistakeholderism. In the same year a Ministerial meeting of the Council of Europe adopted a "Declaration on Internet Governance Principles" and the OECD agreed on Principles for Internet Policy Making. The Shanghai Group with China and Russia listed a number of Internet Governance principles in their proposal for a Cybersecurity Convention for the UN General Assembly. And a similar list of principles included the proposal for the establishment of a "UN Council for Internet Related Policies/CIRP" the IBSA Countries (India, South Africa and Brazil) tabled at the 66th UN General Assembly in fall 2011.
Next to those governmental initiatives a growing number of non-governmental stakeholders drafted documents with Internet Governance principles as the private sector based Global Network Initiative (GNI), the Association for Progressive Communication (APC), a global civil society organization and the technical oriented I*-organizations. Also the IGF Dynamic Coalition of Right and Principles proposed a comprehensive document with numerous Internet principles. And in Brazil, die national multistakeholder Internet Group cgi.br proposed a "Marco Civil" which made its way into the Brazilian parliamentary process.
Towards a Soft Law Approach
As a result, until 2013 more than 25 different documents were flying around which defined Internet Governance principles. This contributed to confusion and invited to "principle shopping" where actors just picked the principles they liked to justify their behavior in cyberspace. The weakness of all those principles and documents was that they were supported either by only one stakeholder group or were limited in scope by geography and substance. None of the 25+ documents was universal and multistakeholder.
On the other hand a comparison of all those documents showed that around 70 percent of the principles were identical, 20 percent very similar and only 10 per cent controversial.
All parties support the Multi-stakeholder model (MSM) as a basic governance principles;
All parties support the historically grown architectural principles of an open Internet (e2e);
All parties identify three main areas for Internet Governance policies: Human Rights, Security and Economy;
But the various parties had different priorities with regard to public policy issues
What this Internet Principle Hype documented was an important policy shift from a controversial "no law vs. binding law" constellation to a more flexible soft law approach for a new 'netiquette' which is aimed not only at the geeks and freaks of the technical Internet community but also at governments, business and civil society around the whole globe. More and more parties agreed that such a soft law approach could indeed deliver both the needed flexibility and a higher degree of security, stability and resilience to get the trust of the next billion Internet users, the next wave of Internet entrepreneurs and the next generation of Internet policy makers.
The IGF became the place for a broader discussion around Internet Governance principles. At the 6th IGF in Nairobi (2011) the Council of Europe organized a workshop under the title: "A Constitutional Moment in the History of the Internet". The debate continued at the 7th IGF in Baku (2012) when the proposal was made to bring the various projects into a process of "enhanced communication".
At the 8th IGF in Bali (2013) for the first time the main sponsors of the various declarations — OECD, Council of Europe, the governments of Russia, China and India, cgi.br, APC, I* and GNI — were sitting on one table. And they concluded that it would make sense to move from enhanced communication to enhanced cooperation and try to "globalize" and "multistakeholderize" the process of the making of Internet Governance principles. One idea was to form a "Drafting Team" in collaboration with the IGF Dynamic Coalition on Rights and Principles and to present at the 9th IGF in Istanbul (September 2014) a draft which could be further improved for adoption at the 10th IGF in 2015.
NETmundial
This plan was soon over-rolled by the dynamic events which followed the revelations of Edward Snowden in summer 2013. The Brazilian president Dilma Roussef gave a speech at the 68th UN General Assembly in September 2013 and called for a new approach to Internet Governance which resulted in the convening of NETmundial in April 2014. In the NETmundial preparatory meeting in Barcelona (January 2014) the High Level Committee decided that the Internet Governance principles could be an issue for agreement at NETmundial. And indeed, nearly half of the 186 proposals which were made for the final document, proposed the adoption of a set of principles. The draft which was distributed at the eve of NETmundial was only little changed in the meeting itself and finally adopted by rough consensus by all stakeholder groups, with the exception of the governments of Cuba, Russia, Saudi Arabia and India.
This is remarkable. Suddenly there is a document which defines eight principles with 17 subparagraphs how the Internet should be governed. And this document is supported by the majority of governments, by the most recognized and respected leaders from the private sector, the gurus of the technical community and a broad range of civil society organizations. With other words, the Principles of INternet Governance, adopted in Sao Paulo, summarized the previous 25+ documents, "globalized" and "multistakeholderized" them and constituted a unique base to measure good or bad behavior in cyberspace by governments, corporations and individual Internet users: PINGO!
Naming and Shaming
The Preamble of the Sao Paulo Document states that the principles are legally not binding. But never before in the history of Internet Governance there was a document with Internet Governance principles which had such a broad political support from key players from all stakeholder groups. Insofar, regardless of its legal nature, this document could soon become a main reference point for the evaluation of the use of Internet. There is no mechanism to bring a wrongdoer to an Internet court, but the NETmundial document allows "naming and shaming" if a government or a corporation does behave badly in cyberspace.
If a government restricts access to Twitter or Facebook, it can be "named and shamed" by violating Principle 1.1 (freedom of expression). If governments negotiate treaties to regulate Internet issues behind closed doors they can be "named and shamed" because they violate the principle 7.3, transparency. If a corporation ignores data protection laws it can be "named and shamed" because it violates the right to privacy (principle 1.3). If somebody wants to change the open Internet architecture, it can be "named and shamed" to violate principle 4 (unified and unfragmented space) and principle 6 (open and distributed architecture) which states that the Internet should "upholds the end-to-end nature of the open Internet."
This is a unique step forward and can be indeed compared with the Universal Declaration of Human Rights from 1948. There are a lot of similarities. Both documents are legally non-binding, define very general principles on a very high level and are of universal nature. Over the years the legally non-binding Human Rights Declaration became a highly respected political instrument. If a government tortured prisoners, censored media or restricted freedom to travel, human rights groups around the globe referred to the relevant articles of the declaration. It is also interesting to remember that there was no full consensus, when the 3rd UN General Assembly adopted the Human Rights Declaration in December 1948. 48 UN member states voted with yes, but eight governments expressed their reservations and abstained, among them the Soviet Union, Ukraine, Yugoslavia, the racist South Africa and Saudi Arabia.
There will be numerous opportunities in the months and years ahead of us to refer to the NETmundial principles and to test their power: We will have the ITU Plenipotentiary Conference in November 2014. In 2015 we will have the 10th anniversary of the WSIS with a high level conference, probably another UN summit. There will be a debate on the future of ICANN and the IANA transition. There will be complicated discussions around Internet issues in trade negotiations, on net neutrality and mass surveillance where the NETmundial principles can give orientation and guidance for the involved stakeholders if they want to reach an agreement. And there is the 9th IGF in Istanbul in September 2014, where the internet community now can discuss how to use the historical NETmundial instrument which was achieved after such a lengthy and controversial debate and got rough consensus at the end of the day.
Written by Wolfgang Kleinwächter, Professor Emeritus at the University of Aarhus and Member of the ICANN Board
Follow CircleID on Twitter
More under: Internet Governance, Law, Policy & Regulation