Revisiting Global Internet Governance in the Light of NSA
Prabir Purkayastha, NewsClick, 11th October, 2013
The internet governance is back in the news with Snowden's NSA revelations and the US government's blatant violations of its “stewardship” of the internet. Bruce Schneier, one of the leading cyber security experts and a key contributor to many of its standards says, “I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better.” The Brazilian president has recently stated that internet governance needs to change. This only adds to the 2011 IBSA (India, Brazil, South Africa) proposal – to have a multilateral body under the UN govern the internet instead of the internet being governed by the US. As it exists, the internet is run by institutions that are all US entities and operate under a contract with the US government.
The US position has been a very simple one – we invented the internet and therefore we own it. And this is the history of how internet came into being, initially under defence department's control, now under control of the US department of commerce. The ICANN the non-profit body that runs the internet, does so under a contract of the US department of commerce. In 2003, the US department of commerce issued the contact to ICANN for three years, later , extending it by an additional five years, subject to annual renewals. The department of commerce has a veto on any decision of ICANN and can also legally stipulate whatever it wants from ICANN at any time, particularly during the annual extension process. By virtue of this legal position, it does not even have to dictate what it wants to ICANN; even an unofficial sharing of its views is enough for ICANN to fall in line, not withstanding the statements of its various defenders regarding its independence.
Image Courtesy: commons.wikimedia.org
How can a vital infrastructure needed by every country operate under a contract from one particular government? Granted, as a pioneer the US deserves credit; but that cannot be an argument of control over a vital piece of global infrastructure in perpetuity. If that happens, we face the possibility of fracturing of the internet, as any country threatened by this US control will try and have its independent internet, connecting to the global net at only one or two points. This is what the Brazilian government is saying. This is its response on finding that its telecommunications infrastructure had been penetrated by the NSA, including even its secure servers. As we now know, this was not because Brazil posed any security threat to the US, but for getting access to vital commercial data – oil and gas fields, other mining data, the communications of the president and key officials with each other. Clearly, this information would help the US companies.
This is not the first time that US intelligence agencies including NSA have been charged with spying on behalf of its companies. This was the same charge levelled by the EU against the Echelon network, again a joint operation of the five countries – the Five-Eyes network – the US, UK, Canada, Australia and New Zealand.
The argument that the US and various other groups have used against multilateral control is that the internet governance should be different from any other governance. As the internet is a completely new kind of communications network, it should be governed bottom-up and without governmental control. The US has always lent its full support to this campaign as its various votaries have been far more comfortable with US stewardship of the internet rather than multilateral control or any UN body.
Milton Muller, in his book, Networks and States, identifies four areas in internet governance: intellectual property, cyber-security, content regulation, and the control of critical internet resources (domain names and IP addresses). In each of these areas, different countries act differently. For example, on intellectual property rights on the internet, the kind of control and blocking methods sought by the US is very similar to what countries such as Saudi Arabia or China use for blocking content.
We are not entering here into the debate of censorship and freedom of content on the internet. There are complex issues involved here. India, along with most other countries in the world ban hate speech; the US does not. In fact, the US is the outlier here. Nevertheless, how to filter content such that it conforms to each country's laws is not an easy issue. Neither will I take the libertarian stand that all censorship is bad and all government evil. Therefore, the arguments that internet should be completely free of governmental control does not address questions regarding hate speech, propagating paedophilia, etc. Governmental censorship in the guise of 66A obviously needs to be fought, but this should not obviate needing some form of control to protect citizens.
Law Based Framework
The question today is not how various governments are violating freedoms on the internet, but one government that has legal control over the internet is violating rights of non-US citizens and sovereignty of other countries. The issue here is how the control over the resources of the internet by virtue of its control over ICANN and other bodies allows the US to violate the cyber security of people and other nations.
And this is the key problem of the bottom-up solution of internet governance – it has no place for any legal mechanism to enforce rights of either people, corporations or sovereignty of countries. The Internet Governance Project – one of the prominent propagators of bottom-up governance – states, “Instead of international legislation or treaties negotiated and enforced by governments, ICANN governs by means of private contracts with registries and registrars … Contractual governance was supposed to insulate DNS governance from political interference by the world’s nation-states. It was also supposed to put the power to make the policies behind these contracts directly in the hands of the internet community.”
The problem here is that a private contract cannot protect anybody's rights. For a rights approach, the rights stem from either a country's laws or international treaties. Again, an international treaty is actualised through changes in law of countries. For example, when India signed the TRIPS agreement, it had to change its patent laws. When such a right is violated, our protection comes from internal laws or international law.
The law based framework is the foundation of today's world. To argue that a bottom-up, contract based system of governance can replace such a framework is to argue that every party to the contract will voluntarily obey the contract. If any entity violates such a contract – “I shall not spy on another country using the internet” – there is no mechanism to enforce the contract. In any case, none of the contracts that ICANN reaches has anything to do with rights.
This brings up one of the problems with the massive spying by NSA and GCHQ. If there are disputes between countries, a country can go to various organs of the UN or to the Security Council. If treaty violations take place, there are dispute resolution mechanisms laid out in the treaties. If such dispute settlement fails, again the UN is the body where such disputes can be taken or the International Court of Justice. This is how multilateral bodies work – again a law based framework wherein right of countries can be enforced.
What happens if the citizens rights in one country are violated by another country? In this case, Indian citizens privacy rights have been violated by the intelligence agencies of the US (and of course, the UK). The Indian government as the custodian of the rights of Indian people should have taken this up with the US or taken it further to the UN. That it has not done so, and instead has justified NSA spying on Indians including the Indian Embassy in Washington is shameful. But legally, Indians have little recourse against the US; it is only governments that do.
One of the problems with the internet governance model is that there is no international body where any of the issues of violating cyber-security of the internet can be taken. The only issues that we can take, are issues such as violating the privacy rights that are now accepted as a part of human rights. All issues pertaining to the internet have no legal body within which it can be taken up.
Revisit the ITU
The World Summit on the Information Society, 2005 had identified the need for enhancing other governments' role in internet governance. The Articles 68 and 69 in the Tunis Agenda made this very clear. Instead, the Internet Governance Forum that was set up, became a talking shop where nice things were discussed, multi-stakeholderism was warmly applauded and nothing binding was done. Not even a declaration that countries would not militarise the internet. It was a safety valve provided to deflect the demand of country's like India that global governance of the internet demands a multilateral institution.
We need to look at the entire issue of global internet governance anew. It is clear that those who believe in a bottom-up, contract driven, multi-stakeholder model of internet governance have not thought things through. Who will we go to, if our rights are violated? What are the binding provisions that will hold country government's and large global corporations in check? Without such firewalls, we are at the mercy of goodwill of powerful countries and corporations. And we now know that this does not work.
If there is no agreement on such a multi-lateral global governance forum, we need to revisit the International Telecommunications Union (ITU). The ITU is a multilateral body and has all telecommunications including data communications within its mandate. It is now clear the anger directed against the ITU for poaching into internet issues was fuelled by those parties who were the major violators of peoples and country's rights on the internet. If the US and others will not agree to any new multilateral body, we need then to push through the ITU's original mandate that obviously includes the internet. And India needs to now endorse the latest International Telecommunications Regulations that the US and EU opposed but countries like South Africa and Brazil have signed.
Disclaimer: The views expressed here are the author's personal views, and do not necessarily represent the views of Newsclick