Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Governance


Published on

Seminar given 26/2/09 at the James Martin 21st Century School as part of their global governance challenges series

Published in: Lifestyle, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Governance

    1. 1. THE REALITY OF INTERNET GOVERNANCE Ian Brown, Oxford Internet Institute
    2. 2. Outline <ul><li>Legitimacy in global governance </li></ul><ul><li>Three sites of global Internet governance </li></ul><ul><ul><li>NSA: Pretty Good Privacy and encryption controls </li></ul></ul><ul><ul><li>WIPO: “The answer to the machine is in the machine” – copyright and Technological Protection Mechanisms </li></ul></ul><ul><ul><li>ICANN: the travelling governance circus </li></ul></ul><ul><li>Technocracy vs democracy; realpolitik vs rhetoric </li></ul><ul><li>Regulating technology; technologising regulation </li></ul>
    3. 3. Legitimacy and Internet governance <ul><li>Source, process or results-oriented? Mandates, accountability, consensus and technocracy </li></ul><ul><li>Constitutional review – whose constitution? US, ECHR, UDHR, IETF? Code as constitutional law </li></ul><ul><li>Rhetorical framing – ‘ When I use a word,' Humpty Dumpty said, in rather a scornful tone, `it means just what I choose it to mean – neither more nor less.' </li></ul>
    4. 4. National Security Agency <ul><li>Lead US Signals Intelligence and Cryptology agency </li></ul><ul><li>Multibillion $ budget </li></ul><ul><li>Highly secretive (No Such Agency 1952-1964): SCIF policy </li></ul><ul><li>Key driver of US and international policy on encryption </li></ul>
    5. 5. Encryption control timeline 1976: New Directions in Cryptography , Diffie & Hellman 1978: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems , Rivest/Shamir/Adleman: c = m e mod n ; m = c d mod n 1990: PGP software released via Usenet. Author Phil Zimmerman pursued through courts for 3 years 1977-: NSA attempts to ban publication of cryptographic publications; to control funding of cryptography research; and to ban export of cryptographic software 1993: Al Gore leads US attempts to mandate key escrow 1992: AT&T announce DES phone Matt Blaze
    6. 6. Encryption rhetoric <ul><li>“ They have computers, and they may have other weapons of mass destruction.” –AG Janet Reno (1998) </li></ul><ul><li>&quot;Terrorists, drug traffickers and criminals have been able to exploit this huge vulnerability in our public safety matrix.” –FBI Director Louis Freeh (2002) </li></ul><ul><li>“ Many people also choose to use readily available encryption programmes to encrypt their email, files, folders, documents and pictures. These same technologies are also used by terrorists, criminals and paedophiles to conceal their activities.” –Home Office (2009) </li></ul>
    7. 7. Encryption realpolitik <ul><li>“ Law enforcement is a protective shield for all the other governmental activities. You should use the right word – we’re talking about foreign intelligence… The Law enforcement is a smoke screen” –David Herson, SOGIS (1996) </li></ul><ul><li>“ We steal [economic] secrets with espionage, with communications, with reconnaissance satellites” –James Woolsey, CIA (2002) </li></ul><ul><li>&quot;Encryption is no more prevalent amongst terrorists than the general population. Al-Qaeda has used encryption, but less than commercial enterprises.” –Juliette Bird, NATO (2006) </li></ul>
    8. 8. Encryption control unravels 1995: Netscape adds encrypted links, enabling e-commerce boom 1997: OECD rejects attempts to mandate key escrow in its Guidelines for Cryptography Policy 1996: IETF declares: “Cryptography is the most powerful single tool that users can use to secure the Internet. Knowingly making that tool weaker threatens their ability to do so, and has no proven benefit.” 1997: European Commission declares key escrow should be limited to that which is “absolutely necessary” 2001: US essentially abandons export controls
    9. 9. NSA summary <ul><li>Encryption policy was driven by a small number of executive agency stakeholders (largely excluding legislators) with very little transparency, and widespread contention from Internet community – lack of source, process and results legitimacy </li></ul><ul><li>Differing stakeholder positions meant multilateral fora rejected US demands & bilateral negotiation failed </li></ul><ul><li>Effective regulation extremely difficult given global availability of cryptographic knowledge, programmers, distribution channel, open PC platform and user demand </li></ul>
    10. 10. WIPO <ul><li>Part of UN system responsible for “ developing a balanced and accessible international IP system, which rewards creativity, stimulates innovation and contributes to economic development while safeguarding the public interest” </li></ul><ul><li>Spent much of 1980s and 1990s “updating” global © treaties </li></ul>
    11. 11. © rhetoric <ul><li>“ the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” –Jack Valenti (1982) </li></ul><ul><li>“ The answer to the machine is in the machine” –Charles Clark (1996) </li></ul><ul><li>“ If we can find some way to [stop filesharing] without destroying their machines, we'd be interested in hearing about that. If that's the only way, then I'm all for destroying their machines.” –Senator Orrin Hatch (2003) </li></ul>
    12. 12. Technological Protection Measures <ul><li>WIPO Copyright Treaty §11 </li></ul><ul><li>“ Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.” </li></ul>
    13. 13. Implementations <ul><li>DMCA §1201: “No person shall circumvent a technological measure that effectively controls access to a work protected under this title” </li></ul><ul><li>EUCD §5: “Member States shall provide adequate legal protection against the circumvention of any effective technological measures” </li></ul><ul><li>Similar provisions in various US FTAs ever since </li></ul><ul><li>All mirror detailed US proposals to WIPO that were overruled during development of WCT and WPPT </li></ul>
    14. 14. TPM realpolitik <ul><li>“ Accurate, technological enforcement of the law of fair use is far beyond today's state of the art and may well remain so permanently” –Ed Felten (2003) </li></ul><ul><li>“ Legal backing for the right of access is essential in the interests of social inclusion and equitable treatment of people with disabilities” –European Blind Union (2006) </li></ul><ul><li>“ Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music piracy.” –Steve Jobs (2007) </li></ul>
    15. 15. WIPO summary <ul><li>Consensus reached on TPM policy in UN agency, but implementation was driven by US and EU IP/trade agencies with widespread contention from users of © works – limited process and results legitimacy </li></ul><ul><li>Effective regulation extremely difficult given global availability of TPM circumvention knowledge, programmers, distribution channel for code and unprotected works, existing insecure platforms (CDs), open PC platform and user demand </li></ul>
    16. 16. ICANN <ul><li>Internet Corporation for Assigned Names and Numbers </li></ul><ul><li>Private, public-benefit Californian corp (1998) operating under agreement with US Department of Commerce </li></ul><ul><li>Manages DNS, IP address and port allocation </li></ul>
    17. 17. ICANN governance <ul><li>Original attempts to elect board abandoned in 2002 </li></ul><ul><li>Now focused on process and result legitimacy </li></ul><ul><li>“ to ensure the stable and secure operation of the Internet's unique identifier systems” </li></ul>
    18. 18. ICANN rhetoric <ul><li>“ Burdensome, bureaucratic oversight is out of place in an Internet structure that has worked so well for many around the globe.” –Condoleeza Rice (2005) </li></ul><ul><li>&quot;No intergovernmental body should control the Internet, whether it's the UN or any other.” –David Gross (2005) </li></ul><ul><li>“ On Internet governance, three words tend to come to mind: lack of legitimacy. In our digital world, only one nation decides for all of us.” –Brazilian WSIS delegation (2005) </li></ul>
    19. 19. ICANN realpolitik <ul><li>Internet governance is “definitely a travelling roadshow, if not a flying circus”-Markus Kummer (2004) </li></ul><ul><li>“ The ITU version of [the Internet] blurs…boundaries and takes us a step backwards into a centrally controlled, centrally managed, ‘more than good enough’ network—administered, of course, by the ITU.” –Ross Rader (2004) </li></ul><ul><li>&quot;Using 'talking shop' as a negative suggests communication is a bad thing” –Emily Taylor (2007) </li></ul>
    20. 20. ICANN summary <ul><li>Source legitimacy still highly contentious – online board elections abandoned, relies on extreme consensus processes and result legitimacy – limited objectives have been achieved </li></ul><ul><li>Governance has just about held together, partly due to Internet community grudging acceptance of ICANN as least-worst solution. DNS alternatives are possible but so far unpopular </li></ul>
    21. 21. Comparison Encryption control Anti-circumvention Identifier management Policy objective Maintain intelligence and law enforcement intercept capability Maintain excludability of information goods Maintain a stable and secure addressing system Stakeholders SIGINT agencies, law enforcement (US: NSA, NSC, DoJ), software co s Copyright holders, trade and IP agencies, consumer electronics firms Registrants, registrars, trademark holders Legitimacy Source; little transparency Source, some process Multi-source, extreme process, result Framing Terrorists, paedophiles Piracy is killing music Private-sector innovation Sites COCOM/Wassenaar, OECD, G8, special envoy WIPO, US-EU-Japan coordination, FTAs, special 301 procedure The travelling circus Counter-framing Anti-Big Brother, US business interests Defective by design, anti-innovation, anti-competitive, anti-fair use Anti-democratic, US-dominated Main challenges Open source software, 1 st amendment, economic espionage, consumer preferences, campaigners Open source software, P2P networks, consumer preferences, Apple market power, campaigners Finding consensus across extreme range of stake-holders; legitimacy
    22. 22. Conclusions <ul><li>Internet policy cycle takes decades, not years; it does not provide democratic panaceas nor trivial consensus </li></ul><ul><li>Multi-stakeholder forums can take better account of technocratic expertise and civil society than bilateral and multilateral fora, building process and results legitimacy </li></ul><ul><li>Internet, cryptography and PCs have acted as a powerful constraint on public and private sector power; network effects and sunk cost make change difficult – does some code have a constitutional quality? </li></ul><ul><li>Effective, legitimate global regulation of information is hard; technological regulation is even harder </li></ul><ul><li>legem de machina non dat machina ;-) </li></ul>
    23. 23. References <ul><li>W. Diffie & S. Landau (1998) Privacy on the line , MIT Press </li></ul><ul><li>L. Lessig (1999) Code: and Other Laws of Cyberspace , Basic Books </li></ul><ul><li>P. Drahos with J. Braithwaite (2002) Information Feudalism , Earthscan </li></ul><ul><li>V. Mayer-Schönberger & M. Ziewitz (2007) Jefferson Rebuffed: The United States And The Future Of Internet Governance, Columbia Science & Technology Law Review 8, 188—228 </li></ul><ul><li>I. Brown (2007) The evolution of anti-circumvention law, International Review of Law, Computers & Technology 20(3), 239—260 </li></ul><ul><li>R. Weber & M. Grosz (2008) Legitimate governing of the Internet, In S. M. Kierkegaard (ed.), Synergies and Conflicts in Cyberlaw, 300—313 </li></ul><ul><li>A. Adams & I. Brown (2009) Keep looking: the answer to the machine is elsewhere, Computers & Law 20(1) </li></ul>