What is internet governance?
There’s a narrow definition and a broad definition. The narrow definition solely sees the Internet as a technical thing that needs to be programmed and managed: who gets to set domain names, et cetera. The broader definition looks at all aspects of human life related to the Internet: privacy, security, cybercrime and changing interaction with technical systems enabled by the Internet. The following debate will focus on the broader definition.
How is the internet currently governed?
From the purely technical perspective, the internet is a decentralised network of networks. Some tasks however, need to be performed centrally, like the registration of ‘top level domain names’ such as ‘.org’ and ‘.com’. These tasks are performed by the Internet Corporation for Assigned Names and Numbers (ICANN), which is a non-profit private body, residing under United States law.
On the socio-political side, there is no central authority over the internet. There are, however, a few international forums where socio-political stakeholders come together to discuss issues of internet governance. One such forum was the World Summit on the Information Society (WSIS), a series of UN-sponsored conferences in 2003 (Geneva) and 2005 (Tunisia). One outcome of this was the establishment of the Internet Governance Forum in 2006, where stakeholders, both public and private, continue to discuss issues of internet governance.
Because there is no global governing authority over the internet, governments can decide on their own how they ‘regulate the internet’. Examples of these initiatives are:
the Anti-Counterfeiting Trade Agreement (ACTA), signed by, amongst others, the United States and the (Member States of) European Union
the Budapest Convention on Cybercrime, signed by many European countries and the United States.
These are attempts to set up rules for internet governance internationally, via treaties. Domestically, governments attempt to ‘regulate the internet’, too, for example by:
Setting up laws and rules, for example by legislating whether an email constitutes legal agreement to a business transaction or applying the ‘secrecy of correspondence’-guarantee to email traffic.
Setting up monitoring and policing agencies, for example by setting up cybercrime-units in their police forces, by setting up government-backed ‘Computer Emergency Response Teams’ (CERTs) that aid important stakeholders like infrastructure- and utility companies in ensuring cyber security.
Many of these examples will be further discussed in the arguments.
Governments around the world are tracking their citizens’ activities online. They can use all sorts of techniques, like automated data-mining (i.e. via trawling your Facebook and Twitter accounts) and deep packet inspection of each electronic message sent (i.e. intercepting and reading your email). All these methods are violations of important principles.
The automated data-mining violates the principle that people shouldn’t be investigated by their governments unless there is warrant for it (so there is reasonable suspicion that they have been involved in a crime). Also, data mining creates many false positives, leading to citizens being thoroughly investigated without probable cause. Deep packet inspection violates people’s fundamental right to secrecy of correspondence, which is a violation of privacy.
The problem with these government policies is that they’re hard to control – even in democracies: much of the spying is done by intelligence agencies, which are often able to evade democratic control on account of the need for secrecy rather than transparency.
‘Spying on the internet’ is nothing different from a normal police investigation
Obviously, governments also use the internet and social media to investigate suspects. But when they’re doing this, they’re only using information that’s publicly available online. The technical term for this is ‘OSINT’, which stands for ‘Open Source Intelligence’, which means that it’s the kind of information that anyone with access to Google and a lot of spare time could have found.
When police investigations turn up more severe suspicions, then more extreme methods can be used to obtain evidence if needed, sometimes even actively asking hackers for help.
But methods like these are not necessarily bad: their disadvantages in use have to be weighed against their significant benefits. And governments are doing this, as is for example shown in Canada’s ‘Technical Assistance for Law Enforcement in the 21st Century Act’: governments try to extend the principles of due process and probable cause to the internet, but at the same time they need to be able to defend their citizens from harm.
Governments are trying to control what citizens can and can’t say online and what they can and can’t access. This can vary from France and Germany requiring Google to suppress Nazism in search results to the Great Firewall of China, where the Chinese government almost fully controls what’s said and seen on the internet and has an army of censors.
This type of internet censorship is bad because citizens should have freedom of speech and uninhibited access to information, a right so fundamental that we have enshrined it in the Universal Declaration of Human Rights and reaffirmed by the participants of the World Summit on the Information Society in 2003.
As in the offline world, free speech isn’t unlimited
Even in free societies, free speech isn’t always free. Free speech can be demeaning and hurtful to certain people or can even incite hatred and violence. The first reason is why, under internet libel law, Internet Service Providers (ISPs) are asked to remove defamatory material and blogs take to moderating their comments more, and the second is why Germany and France have outlawed Holocaust denial and Nazism.
As in the previous arguments, accountable governments are attempting to strike a balance between free speech and where this can harm others. A carefully struck balance between rights in the offline world shouldn’t have to be abolished, just because we’re now in the online world.
Large companies have an active interest in shaping the structure of the internet. One example of this is the Stop Online Piracy-Act (SOPA), wherein U.S.-based music and movie companies proposed that they themselves would be able to police copyright infringements against websites that are hosted outside of the United States.
The phenomenon whereby companies succeed in shaping government policies according to their own wishes is called ‘regulatory capture’. Another example from the telecommunications industry is the lobby effort by several large corporations, who have succeeded in eroding consumer protection in their favour. If the government wouldn’t have been involved in regulating the internet in the first place, big companies wouldn’t have had any incentive to attempt regulatory capture.
With the government as final decision-maker, at least the citizens and consumers have some say
Regulatory capture does sometimes happen and when it does, it’s bad. But the risk of regulatory capture isn’t a sufficient argument to keep the government away from regulating the internet, because governments can also protect citizens and consumers from big companies.
An example is the net neutrality debate. Content providers could have started paying Internet Service Providers (ISPs) to have their websites load faster than any other website (paid prioritization). Entertainment companies that also provide internet are currently being investigated for not allowing their competitors in the entertainment segment access to their network as internet provider. This threatens the freedom of choice of the consumer, which is why governments have stepped in to ensure that companies aren’t allowed favour some websites. If the government wouldn’t have been involved in regulating the internet, it couldn’t have stood up for consumers’ and citizens’ rights like this.
Citizens, corporations, and public organizations face several security threats when online: critical infrastructure systems can be hacked, like the energy transport system, citizens can fall victim to identity theft, and phishing, whereby hackers gain access to bank accounts or other sensitive information. Specifically, it seems that the public sector is attacked the most.
In response to cyber-threats like these, many governments have set up Computer Emergency Response Teams (CERTs), Incident Response and Security Teams (IRTs), or Computer Security and Incident Response Teams (CSIRT; the fact that we haven’t settled on a fitting acronym yet shows how much it is still a novel phenomenon): agencies that warn citizens and organizations alike when a new threat emerges and provides a platform for (the exchange of) expertise in methods of preventing cyber-threats and exchanging information on possible perpetrators of such threats. Oftentimes, these (inter)governmental agencies provide a place where private CSIRTs can also cooperate and exchange information.
These agencies provide a similar function online as the regular police provides offline: by sharing information and warnings against threats, they create a safer world.
Internet regulation isn’t an effective and legitimate means to create a safe internet
Setting up CERTs aren’t an effective means to create a safer internet, because most of the threats are a result of ‘social engineering’, which means that hackers use social cues to con people into believing frauds. People usually fall for this because of their own gullibility and naïveté, like in Nigerian email scams. The most effective means of combating these threats is to educate citizens directly, the FBI already does this with Nigerian email scams. People and corporations are primarily responsible for their own actions, which includes taking care of their own internet security by obtaining anti-virus software, and which also includes corporations making sure their websites are safe to use or else face liability charges if they turn out not to be.
Moreover, CERTs are illegitimate. They are illegitimate because they facilitate the sharing of information on specific persons across private and public organizations and because they are hard to control democratically. For example: the US-CERT is an agency residing under the department of Homeland Security. Through the sharing of information with private parties, these private parties, unwittingly, run the risk of becoming one of the government’s watch dogs. Moreover, this sharing of information is hard to control democratically: much of the information could be classified as secret, which means that citizens have no way of verifying whether public and private organizations are complying with data sharing regulations.
The internet is a means of communication – therefore also a means of communication between criminals. And because it is global it creates global crime problems that need coordinated responses. One type of crime that has particularly become a problem on the internet is child sexual abuse material: the internet allows for an easy and anonymous distribution method which can even be secured by modern encryption methods.
Governments can help fight this by requiring ISPs and mobile companies to track people’s internet histories, hand over data when requested, and allow police to get information from them without a search warrant, something which has been proposed by the Canadian government. In Australia, the government even proposed mandatory filtering of all internet traffic by ISPs to automatically filter out all child sexual abuse material.
Admittedly, these measures seem drastic – but in cases like these, or similar cases like terrorism, the harm prevented is more important.
Battling hideous crimes shouldn’t lead us to draconian and ineffective policies
Everyone is against child sexual abuse material. But in their drive to battle it, governments might go too far. For example, granting the police the right to search without (full) warrant is a harm to citizens’ basic right to privacy and freedom from unwarranted government surveillance.
The automatic internet filtering and data retention are possibly an even worse infringement on basic civil liberties: it designates all internet traffic and therefore all internet using citizens as suspect, even before a crime has been committed. This overturns the important principle that people are presumed innocent until proven guilty.
Moreover, instead of the police and prosecution changing their behavior, internet filters hardwire these new assumptions into the architecture of the internet itself. This means it is more all-pervasive and less noticeable, thus constituting an even worse violation.
These draconian measures might even seem worth it, until you realise they don’t work: blocking and filtering technology makes mistakes and can be circumvented easily.
As seen above, the internet has enabled many types of criminal behavior. But it has also enabled normal citizens to share files. Music, movie and game producers have difficulty operating in a market where their products get pirated immediately after release and spread for free instantaneously on a massive scale. The internet enables violation of their right of ownership, gained through providing the hard work of creating a work of art, on a massive scale. Since it’s impractical to sue and fine each and every downloader, a more effective and less invasive policy would be government requiring Internet Service Providers to implement a graduated response policy, which has ISPs automatically monitor all internet traffic and fine their users when they engage in copyright violation. Something along these lines has already been tried in France, called HADOPI, which has succeeded in decreasing the downloading of unauthorized content.
Apart from this, governments also need to think about how to translate everyday offline activities onto the internet. For example, when you file your tax report offline, you would sign it with your handwritten signature. The online variant would be a digital signature. Developing and deploying a digital signature would enable citizens and corporations to do business, file their tax reports and pay their taxes online.
Government shouldn’t interfere with the internet economy
It almost never ends well when governments interfere with the internet economy. The graduated response policy against the unauthorized downloading of copyrighted content is one example: it violates the same principles as a filter against child sex abuse material, but it also doesn’t succeed in its’ goal of helping content businesses innovate their business models, which is why France is considering discontinuing it. Also, other businesses are slowly replacing the old fashioned music-industry, showing that companies on the internet are fully able to survive and thrive by offering copyrighted content online.
When governments do become active in the internet economy, they’re likely to run very high risks. IT projects are very likely to fail, run over budget and time, especially when it concerns governments. This means that governments shouldn’t be ‘going digital’ anytime soon, as the data governments handle is too sensitive. The case of digital signatures is a good example: when the provider of digital signatures for tax and business purposes, DigiNotar, was hacked, it not only comprised the security of Dutch-Iranian citizens, but also hampered government communications.
112th Congress, ‘H.R.3261 – Stop Online Piracy Act (Introduced in House – IH)’, 26 October 2011, http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3261:/ Last consulted: August 17, 2012
Alibhai-Brown, Yasmin, ‘Freedom of speech can’t be unlimited’, The Independent, July 6, 2009. URL: http://www.independent.co.uk/opinion/commentators/yasmin-alibhai-brown/yasmin-alibhaibrown-freedom-of-speech-cant-be-unlimited-1732847.html Last consulted: August 17, 2012
Arstechnica, ‘French anti-p2p agency Hadopi likely to get shut down’. August 3, 2012. URL: http://arstechnica.com/tech-policy/2012/08/french-anti-p2p-agency-hadopi-likely-to-get-shut-down/ Last consulted: August 16, 2012
BBC News, ‘Fake DigiNotar web certificate risk to Iranians’, September 5, 2011. URL: http://www.bbc.co.uk/news/technology-14789763 Last consulted: August 16, 2012
Bent Flyvbjerg and Alexander Budzier, ‘Why your IT project may be riskier than you think’. Harvard Business Review, September 2011. URL: http://hbr.org/2011/09/why-your-it-project-may-be-riskier-than-you-think/ar Last consulted: August 16, 2012
Crikey, ‘Why government internet filtering won’t work’. February 11, 2008. URL: http://www.crikey.com.au/2008/01/11/why-government-internet-filtering-wont-work/ Last consulted: August 16, 2012
ComputerWorld, ‘Dutch government unprepared for SSL hack, report says’, June 28, 2012. URL: http://www.computerworld.com/s/article/9228606/Dutch_government_unprepared_for_SSL_hack_report_says?taxonomyId=13&pageNumber=1 Last consulted: August 16, 2012
ComputerWorld, ‘Phishing websites reach all-time high’. July 19th, 2012. URL: http://www.computerworld.com/s/article/9229398/Phishing_websites_reach_all_time_high Last consulted: August 15, 2012
ComputerWorld, ‘NSA chief seeks help from hackers’. August 13, 2012. URL: http://www.computerworld.com/s/article/9230169/NSA_chief_seeks_help_from_hackers?taxonomyId=82 Last consulted: August 16, 2012
Council of Europe, ‘Convention on Cybercrime’, CETS No. 185, 23 November 2001, http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
Council of the European Union, ‘Anti-Counterfeiting Trade Agreement between the European Union and its Member States, Australia, Canada, Japan, the Republic of Korea, the United Mexican States, the Kingdom of Morocco, New Zealand, the Republic of Singapore, the Swiss Confederation and the United States of America’, 12196/11, 23 August 2011, http://register.consilium.europa.eu/pdf/en/11/st12/st12196.en11.pdf Last consulted: August 17, 2012
Crumley, ‘Why France’s Socialists Won’t Kill Sarkozy’s Internet Piracy Law’, Time, August 2, 2012, URL: http://world.time.com/2012/08/02/why-frances-socialists-wont-fully-kill-off-sarkozys-internet-piracy-law/ Last consulted: August 17, 2012
Dark Government, ‘At Risk: Hacking Critical Infrastructure’. May 4th, 2012. URL: http://www.darkgovernment.com/news/at-risk-hacking-critical-infrastructure/ Last consulted: August 15, 2012
Electronic Frontier Foundation, ‘NSA Spying’. Year unknown. URL: https://www.eff.org/issues/nsa-spying/ Last consulted: August 16, 2012
FBI, ‘Nigerian letter or “419” fraud’. URL: http://www.fbi.gov/scams-safety/fraud/fraud#419 Last consulted: August 15, 2012
FutureGov, ‘Public sector most targeted by cyber attacks’. August 15th, 2012. URL: http://www.futuregov.asia/articles/2012/aug/15/report-shows-public-sector-targeted-cyber-attack/ Last consulted: August 15, 2012.
HADOPI, March 27, 2012, HADOPI, 11/2 Year After the Launch. URL: http://www.hadopi.fr/sites/default/files/page/pdf/note17EN.pdf Last consulted: August 16, 2012
Huffington Post, ‘Child Pornography on the Rise, Justice Department Reports’. August 2, 2010. URL:http://www.huffingtonpost.com/2010/08/02/child-pornography-rising-justice-department_n_667707.html Last consulted: August 16, 2012
Huffington post, ‘ALEC, Tech and the Telecom Wars: Killing America's Telecom Utilities’. January 7, 2011. URL: http://www.huffingtonpost.com/bruce-kushnick/alec-tech-and-the-telecom_b_1696830.html Last consulted: August 17, 2012
Kingsley, Patrick. ‘Britain won’t be the only country snooping on people’s internet use’. The Guardian, April 2, 2012. URL: http://www.guardian.co.uk/world/shortcuts/2012/apr/02/countries-snooping-on-internet-use Last consulted: August 16, 2012
Knopper, Steve, ‘The New Economics of the Music Industry’. Rolling Stone, October 25, 2011. URL: http://www.rollingstone.com/music/news/the-new-economics-of-the-music-industry-20111025 Last consulted: August 16, 2012
Kurbalija, Jovan. 2010. An introduction to internet governance. Fourth Edition. Malta: Diplo. Available for free download here: http://www.guarder.net/euro-ssig/2011/An%20Introduction%20to%20Internet%20Governance_%20Kurbalija.pdf, last consulted: August 15, 2012
Kushnick, Bruce, ‘ALEC, Tech and the Telecom Wars: Killing America's Telecom Utilities’. Huffington post, January 7, 2011. URL: http://www.huffingtonpost.com/bruce-kushnick/alec-tech-and-the-telecom_b_1696830.html Last consulted: August 17, 2012
Ieee spectrum, ‘Government IT Projects: How often is succes even an option?’. September 30, 2011. URL: http://spectrum.ieee.org/riskfactor/computing/it/government-it-projects-is-success-even-an-option Last consulted: August 16, 2012
Lawrence Lessig, ‘Code is Law’. Harvard Magazine, January/February 2000. URL: http://harvardmagazine.com/2000/01/code-is-law-html Last consulted: august 16, 2012
Mcmenamin, Bernadette, ‘Filters needed to battle child porn’. The Australian, January 8, 2008. URL: http://www.theaustralian.com.au/filters-needed-to-battle-child-porn/story-fna7dq6e-1111115270345 Last consulted: August 16, 2012
The National Post, ‘Online surveillance bill critics are siding with ‘child pornographers’: Vic Toews’. February 14, 2012. URL: http://news.nationalpost.com/2012/02/14/online-surveillance-bill-critics-are-siding-with-child-pornographers-vic-toews/
The National Post, ‘Current laws not focused enough to combat child porn online’. February 21, 2012. URL: http://news.nationalpost.com/2012/02/21/current-laws-not-focused-enough-to-combat-child-porn-online-rcmp/ Last Consulted: August 16, 2012
The Next Web, ‘Minister: The UK “emphatically” supports free speech online but there are limits’. February 15, 2012. URL: http://thenextweb.com/uk/2012/02/15/minister-the-uk-emphatically-supports-free-speech-online-but-there-are-limits/ Last consulted: August 17, 2012
NCSC, ‘About the NCSC’. URL:https://www.ncsc.nl/english/organisation/about-the-ncsc.html Last consulted: August 15, 2012
New York Times, ‘Internet Censorship in China’, March 22, 2010. URL: http://topics.nytimes.com/topics/news/international/countriesandterritories/china/internet_censorship/index.html Last consulted: August 16, 2012
PC World, ‘Identity theft on the rise’. January 20th, 2010. URL: http://www.pcworld.com/article/187257/identity_theft_on_the_rise.html Last consulted: August 15, 2012
Plumer, Brad, ‘Why Nigerian email scams are so crude and obvious’. Washington Post, June 22nd, 2012. URL: http://www.washingtonpost.com/blogs/ezra-klein/wp/2012/06/22/why-nigerian-e-mail-scams-are-so-crude-and-obvious/ Last consulted: August 15, 2012
Post, David G., ‘SOPA and the Future of Internet Governance’, Justia.com, 13 February 2012 URL: http://verdict.justia.com/2012/02/13/sopa-and-the-future-of-internet-governance Last consulted: August 17, 2012
Public Safety Canada, ‘Technical Assistance for Law Enforcement in the 21st Century Act’. May 8, 2012. URL: http://www.publicsafety.gc.ca/media/nr/2009/nr20090618-1-eng.aspx Last consulted: August 16, 2012
Reporters without Borders, 2012. Enemies of the internet, Report 2012. Downloaded from URL: http://en.rsf.org/beset-by-online-surveillance-and-12-03-2012,42061.html Last consulted: August 16, 2012
Schellekens, Maurice, “What holds off-line, also holds on-line?”, in Bert-Jaap Koops, Miriam Lips, Corien Prins and Maurice Schellekens, editors. 2006. Starting points for ICT Regulation. Deconstructing prevalent policy one-liners. The Hague: T.M.C. Asser Press
Techdirt, ‘DOJ Realizes That Comcast & Time Warner Are Trying To Prop Up Cable By Holding Back Hulu & Netflix’, June 14th, 2012. URL: http://www.techdirt.com/articles/20120614/01292519313/doj-realizes-that-comcast-time-warner-are-trying-to-prop-up-cable-holding-back-hulu-netflix.shtml Last consulted: August 17, 2012
US-CERT, ‘About Us’. URL:http://www.us-cert.gov/about-us/ Last consulted: August 15, 2012
US Researchers Decide Spying On Citizens Is Bad, WebProNews, 9 October 2008, URL:http://www.webpronews.com/us-researchers-decide-spying-on-citizens-is-bad-2008-10 Last consulted: August 17, 2012
Voskamp, ‘GOP Attempt to Overturn FCC’s Net Neutrality Rules Fails in Senate’, Reuters, November 10, 2011 URL:http://www.reuters.com/article/2011/11/10/idUS211494328220111110 Last consulted: August 17, 2012
Waldron, Jeremy, ‘The harm of hate speech’, Free Speech Debate, 20 March 2012, URL:http://freespeechdebate.com/en/discuss/the-harm-of-hate-speech/ Last consulted: August 17, 2012
Wikipedia, ‘Digital Signatures’, 2012. URL: http://en.wikipedia.org/wiki/Digital_signatures Last consulted: August 16, 2012
Wikipedia, ‘Open source intelligence’, 2012. URL: http://en.wikipedia.org/wiki/Open-source_intelligence Last consulted: August 16, 2012
World Summit on the Information Society, ‘Declaration of Principles’. December 12, 2003. URL: http://www.itu.int/wsis/docs/geneva/official/dop.html Last Consulted: August 17, 2012
Zittrain, Jonathan, and Edelman, Benjamin, ‘Localized Google search result data exclusions’, Berkman Center for Internet & Society, 2005 URL:http://cyber.law.harvard.edu/filtering/google/ Last consulted: August 17, 2012