Top boffins detail how to save the open internet from breaking itself
Commission publishes final report after two years of work
Analysis The internet could go one of three paths in the next decade, according to an elite group of policymakers: open and global; unequal and uneven; or dangerous and broken.
And the path to righteousness? It's contained in the recommendations of the 140-page report that the grandly named Global Commission on Internet Governance (GCIG) has spent two years working on and released Tuesday.
"If we want a future where the Internet continues to provide opportunities for economic growth, free expression, political equality and social justice, then governments, civil society and the private sector must actively choose that future and then take the necessary steps to achieve it," said GCIG chair and former Swedish prime minister Carl Bildt on launching the report at an Organisation for Economic Co-operation and Development (OECD) meeting on the digital economy in Cancun, Mexico.
Those expecting to find something original or novel will be disappointed, but the report itself does an excellent job of bringing together all the disparate threads of internet governance into a coherent whole.
The report aims to provide "high-level strategic advice and recommendations" to those in a position to influence internet policy decisions, and as such is a gatherer of best thoughts from the broad internet governance world.
There should be no mandated backdoors to software, the report argues, pointing to the conclusion reached in the United States over the course of the past year. Privacy and security should be put into new products and services by design, reflecting what many regulators and companies have been saying for a number of years. Companies should report security breaches as soon as possible – again reflecting the position of the US government.
The commission also pushes into the riskier areas of mass surveillance, arguing that what is needed is a clear set of rules. Surveillance will happen, but how and what should be specifically named in advance – reflecting ongoing discussions in Europe over the Privacy Shield for data sharing with the US.
And it argues that the United Nations should draw up an agreement to cover cyberattacks in which it identifies the things that will never be targeted through electronic means. A cyber-update to the old war doctrines if you will – again, reflecting recent discussions held around the world.
On the technical front, the report pushes for IPv6 adoption, and for baked-in security for the internet-of-things. Again, reiterating broadly held views.
Where the report does start to carve out some original thought is in the area of internet governance discussions. Having spent two years following the many and varied conferences and discussion forums covering internet governance, the report's authors allow themselves to reflect on what they have experienced. And it isn't pretty.
"We have found that, by and large, considerations of geopolitics/realpolitik are missing from the debate on Internet governance. This should not be about the technological aspects of the Internet, but about what the future is going to look like – about who controls what, who gets what, how and when. It will be about the distribution of power in the political realm," reads the report.
Which is a long way of saying the internet governance world is currently little more than a travelling circus, saying a lot but achieving very little.
It also has some harsh words for the so-called multi-stakeholder organizations that claim to be protecting the open internet. They note that it is "challenging" to participate in such organizations and that "internet governance institutions can sometimes appear to be an exclusive club, not welcoming to newcomers."
There are "significant barriers" to real engagement that "discourage" people. And the report suggests that "seasoned participants from the technical community may need to adjust their usual blunt approach" in order to bring in others.
It even goes so far as to suggest that the current approach taken by such groups as the Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C), Internet Corporation for Assigned Names and Numbers (ICANN), Internet Society (ISOC) and so on "may not always be sustainable, particularly as the pioneers who established and remain key supporters of these bodies disappear from the scene."
Which is a polite way of saying that the old boys network in many of the internet organizations is slowly killing them.
The GCIG, despite its big-name contributors and high-level backing, has had limited resources and that shows in the fact that the report does not dig into issues that are not already well covered elsewhere.
Over its two years, the commission has gotten better at producing original and insightful reports, and with luck resources will be put into creating more of them in future. Not enough of that original thought is reflected in the overall final report.
While claiming to offer "practical advice" on internet governance issues, the truth is that the report is preaching to the converted and largely ignores opposing forces to the Western, liberal perspective. There is, for example, no insight into why China and Russia, among others, are pushing an alternative vision of internet governance.
Without that understanding, it is highly improbable that policymakers will go down the internet's best future path, and will instead have to settle for the "unequal and uneven" internet. It doesn't help matters that the Russian perspective is effectively written off as "dangerous and broken."
While reflections on going down path number one – achieved, it is claimed, by the multi-stakeholder approach – stretches to three pages, the inclusion of governments and the UN merits just one, and discussion of a strong governmental role in internet governance gets just one paragraph. It's not known if the GCIG will shut down shop with the release of this report, as was originally intended, or whether it will seek to continue. Overall, the report does serve as a useful summary of the past two years of Western-nation internet governance discussions at a high level.
In that respect it is similar to the NetMundial conference in 2014, which produced a document that reflected what people had broadly agreed to in the two prior years but without making any real progress itself. (It also, notably, did not change any minds.)
Is there use in a new NetMundial conference or a renewed GCIG to sum up what happens in the next two years? We will have to wait and see. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust