As steps go towards forging global agreement on proper behavior on the Internet, the report from an international conference in Ottawa issued earlier this month was a modest one: A list of questions to be answered at a conference next year.
However, a Canadian government official and a member of the Electronic Frontier Foundation (EFF) who were at the conference of the Internet and Jurisdiction Policy Network believe the creation of the so-called Ottawa roadmap was a success and could lead to an international consensus at that conference in Berlin.
“I think we achieved a lot,” said Allan Kessel, deputy minister of legal affairs at Global Affairs Canada, of the meeting by over 200 people from governments, major Internet companies, civil society, academia and international organizations from more than 40 countries in the national capital at the end of February.
“But it’s one chapter in a book that hasn’t been completely written.”
Corynne McSherry, legal director of the Electronic Frontier Foundation (EFF) was also satisfied with the conference. “This is not the kind of issue you’re going to resolve overnight. So I think the most important thing is to come up with a work plan and then over the next year make sure that we find ways to get as much input as possible and incorporate that from as many sources as possible.”
It said participants “are united in their commitment to reconcile the three objectives of fighting abuses, protecting and promoting human rights, and enabling the development of the digital economy.”
The roadmap’s three objectives are
— developing policy standards defining the conditions under which authorized law enforcement authorities can request from access from companies to stored user data necessary for lawful investigations. These standards would have to respect privacy and robust human rights protections;
–creating clear common guidelines and due process mechanisms to identify hate speech, harassment, security threats, incitement to violence or discrimination in content, yet still protect freedom of expression;
– and creating strict conditions under which a malicious domain name could be taken down.
The goal of the Berlin conference is to take these and create policy standards and operational solutions.
The cost of past inaction has been dire, said the concluding report, but so would be uncoordinated efforts going forward.
In his opening remarks Network executive director Bertrand de La Chapelle said “there is mistrust between governments, there is mistrust between the governments and the other actors, and there is mistrust and competition between the other actors. No solution will be found without overcoming this mistrust. And this is precisely what this Policy Network is intended to do: building the relationship; allowing all of the actors to overcome this fundamental mistrust and work towards a common purpose.”
The Ottawa conference was the second of three scheduled by the Internet and Jurisdiction Policy Network, a non-profit formed in 2012 to resolve the online tension between countries over issues such as sovereignty, espionage, crime and privacy. It was organized in part by the government of Canada, UNESCO the Council of Europe and the Internet Corporation for Assigned Names and Numbers (ICANN). Present this year were government officials from the U.S., Germany, France, the Netherlands, Argentina, Italy, Mexico, the United Nations and the Council of Europe. Among non-government organizations was the Canadian Internet Registry Authority (CIRA), and the Electronic Frontier Foundation. Among big name tech companies were Shopify, Microsoft, Facebook, Akamai, Amazon, and the Walt Disney Company.
Among the missing, however, were Russia, China, India and North Korea.
The report summarized participants’ worries that “patching actions, taken in a reactive mode under the pressure of urgency, produce a legal arms race with potentially detrimental impacts on the cloud economy, cybersecurity and human rights. This risks increasing the degree of legal uncertainty, instead of reducing it. ”
The global tension was perhaps best illustrated by the failure last summer for the first time of the UN Group of Experts advisory group to reach a consensus on cyber norms of behavior and release a final report. The sticking point was what rights states have to reply to online incidents.
The importance of eventually reaching some sort of international agreement – whether through the UN or another body – can be seen in the never-ending news stories about cyber crime and allegations of online attacks and interference in elections.
There are some who think a low-level international cyber war has already broken out around the planet, with the latest proof the accusation last week by the United States that Russia has been involved in a lengthy campaign of infiltrating American government departments as well as critical infrastructure organizations.
Some governments are passing legislation which will be seen as logical or offensive. For example
— last month four U.S. Senators introduced the Clarifying Lawful Overseas Use of Data (CLOUD) Act to give legal backing to American law enforcement bodies to get at communications data held by American-based service providers regardless of where the data is stored. This is in response to the controversy over whether Microsoft has to obey a court order to hand over email held by a subscriber in Ireland.
To address complaints about the extraterritorial reach of judicial warrants, the bill would also allow providers to challenge warrants and require a court to conduct an analysis to evaluate whether the warrant infringes upon a foreign country’s jurisdiction. The bill would allow foreign governments to request data from U.S.-based service providers if they have entered executive agreements with Washington.
The EFF calls it a backdoor to attacking Americans’ rights.
— Apple has begun storing Chinese iCloud accounts and encryption keys in China to comply with that country’s Cybersecurity Law’s data localization requirement. Until now those encryption keys were kept in the U.S.
–last year the Supreme Court of Canada ordered Google to remove search results on any of its sites around the world to a company which a Canadian firm says is passing off as its own.
Against this 56 countries have ratified the Budapest Convention on Cybercrime, which deals with infringements of copyright, computer-related fraud, child pornography and violations of network security. The missing include Russia, Brazil, India, North Korea and China.
Other international efforts at bringing order to the Internet include the UN’s Internet Governance Forum, the UN Commission for Crime Prevention and Criminal Justice (CCPCJ, whose May conference will deal with cyber crime) the Canadian-based Centre for International Governance Innovation, the World Economic Forum (which in January created a global centre for cyber security), the Global Commission on Internet Governance (launched in 2014 by two think tanks) and the European Council’s Dialogue on Internet governance (EuroDIG), the Freedom Online Coalition and the Internet and Jurisdiction Policy Network (IJPN) – and that’s a short list. Alan Kessel said it took a half-hour at the Ottawa meeting to list all the action going on around the world.
One thing these efforts have in common is an attempt at a multistakeholder process, a response to criticism from some countries that Internet governance appears to be led by Western nations.
The IJPN started in 2012 as a network of international experts to review international legal, legislative and administrative decisions around the world. But last year in Paris it began a three-year process to create consensus around a set of governance recommendations that could be accepted by as many nations as possible.
The Paris meeting, Alan Kessel said, was about getting as many ideas from as many groups as possible on the table. The Ottawa conference saw this winnowed down into the creation of working groups on three central topics: Cross-border access to user data, cross-border content restriction and cross-border domain suspension. Each group created a somewhat focused list of about a dozen issues that consensus somehow has to be hammered out on.
[Click here to see videos from the conference]
Next year’s meeting in Berlin could come up with a set of recommendations, if there is unanimity. Or it could lead to another conference.
That may depend on the number of participating governments. Missing in Ottawa were representatives from Russia, China, India and North Korea. Participation, of course, doesn’t mean that governments will be bound by the outcome. “At some point it will be up to states to sit down and put some of these things together,” admits Kessel.
Canada is part of the IJPN because “we have a keen interest all things that are going on on the Internet,’ he said, particularly the application of the rule of law online. “Getting in early and often is part of our plan.”
He noted the theme of the Ottawa conference was “towards policy coherence and joint action,” which is “very much the theme we (Canada) are looking for, because we’re very much aware of the dangers that are lurking out there in cyber space and we want to work early with key allies to ensure that environment is protected for business and for exchange of ideas.”
Corynne McSherry said the Electronic Frontier Foundation’s interest in the Network is to support bringing together governments, civil society and the private sector. But she also said getting more participation from what she called “the global south” – meaning nations south of the equator – should be “priority one.”
And despite the creation of a roadmap in Ottawa she didn’t minimize the uphill climb. “This is not the kind of issue you’re going to resolve overnight. So I think the most important thing is to come up with a work plan and then over the next year make sure that we find ways to get as much input as possible and incorporate that from as many sources as possible.”
She hopes in Berlin there will be enough consensus for action. “I think there’s a lot of work to do between now and then to get a set of recommendations that people actually do agree with. I don’t think we’re all the way home yet.”
When Kessel was reminded of the failure of the UN Group of Experts to find consensus on a critical issue, he replied that “when you’re on a journey it’s difficult to talk about wins and losses. I’ve been done negotiation for 34 years and it’s an iterative process. Politics, interests, wins and losses are all part of getting to where you’re going. I wouldn’t use one period of time as indicative of where we’re going. Are we in a difficult time? Absolutely. Do we have differences of views at the international level? Absolutely. But that’s even more reason to create these stakeholder approaches, which I think is essential for Canada in the future. We’re a major beneficiary and user of these institutions, and we’re not going to not use the UN. We’ll keep working there, we’ll work in Vienna and we’ll work in Geneva to get where we need to go. It will take some time, and there will be give and take.”
Bringing more governments into the Network is important, he agreed. “China particularly, Russia increasingly. We’re living in a fraught environment where bringing in some of those players is more difficult that it would have been a few years ago. But it’s not impossible.”
Canada wants to see a free and open Internet, he said, so in Berlin it will be looking for coherence and practical solutions. But, he added, “sometimes we won’t be Boy Scouts because we have interests at stake.”
“Eventually we will have to make some strong decisions as to where we want to land.”
