Politics Politics in the age of the internetPoliticsin the ageof the internet in the ageEdited by Ranier FsadniPolitics in the Age of the Internet calls for a broader of the internetdiscussion of the political implications of electroniccommunication than is usually conducted. It takes Edited by Ranier Fsadnia broad conception of politics as that domain thataddresses the inter-relationship between states,power and social institutions, by crafting the policiesneeded to enable greater social participation andemancipation. While there has been much discussionof the implications of electronic communication forparty political mobilisation and voting, the discussionof how electronic communication is transforming Edited by Ranier Fsadniareas like as diverse as diplomacy, crime, familylife, childhood and identity politics has tended to becarried out separately by specialists, in discussionslargely insulated from each other. This volume, inbringing together such discussions, will be usefulto politicians, policymakers and others interestedin obtaining an overview of the implications ofelectronic communication for our entire form of life,from the interpersonal to the international.Ranier Fsadni is Chairman of the Academy for the Developmentof a Democratic Environment (AZAD, Malta).ISBN: 9999-999-999-9999
Politicsin the ageof the internetEdited by Ranier FsadniEdited by Ranier Fsadni
Some pages have been omitted for this preview document
CONTENTSAcknowledgmentsIllustrationsIntroduction – Ranier FsadniI Diplomacy and Information SocietiesThe Future of Diplomacy – Jovan KurbalijaInternet Governance and International Law – Jovan KurbalijaThe Internet and the Politics of its Institutional Management – Jovan KurbalijaDiplomacy, Governance and the Age of the Internet – Jovan KurbalijaII Domestication of the InternetPolicy Approaches to Cybercrime - François ThillThe Internet and Family Life – Peter Serracino-InglottOnline Childhood and Play – Sharon AttardInternet and Domestic Politics – Paul Caruana Galizia Andrew Caruana GaliziaIII Cultural Politics in the Digital AgeIdentity in Wired Societies – Ranier FsadniReligion in the Digital Age: The Case of Islam – Jana TsonevaConclusion – Ranier FsadniList of Contributors
Some pages have been omitted for this preview document
Chapter Three Diplomacy, Globavernance and the Internet Age: World Summit on Information Society and Development of Internet Diplomacy Jovan Kurbalija The World Summit on Information Society (WSIS), ending in 005, wasthe most recent in the series of global United Nations summits that startedwith the 99 Rio Earth Summit. The main objective of the WSIS was todiscuss the effects of information and communication technologies (ICT)on modern society. The unique feature of the WSIS was its two-phaseorganisation, including two main summit events: one at Geneva in 003 andthe other in Tunis in 005. The Geneva summit aimed at identifying mainissues, principles, and lines of action. The Tunis summit, often described asa “Summit of Solutions”, focused on implementing the broad frameworkagreed upon at the Geneva summit.3 The Tunis summit also finalised theWSIS negotiations on Internet governance and financial mechanisms, twoissues that had remained unresolved after the Geneva phase. The overallWSIS process lasted between May 00 (the first African Regional WSISConference) and November 005 (the Tunis summit). Internet governance emerged as the chief issue at the WSIS agenda.Given its specificity, Internet governance required the introduction ofa new policy structure in the WSIS process. Participants in the GenevaWSIS Summit in 003 decided to establish the Working Group on InternetGovernance (WGIG) as a specific diplomatic mechanism, based on the equalparticipation of governments, civil society, and the business sector. Afterproducing the Report on Internet Governance, the WGIG ceased to existin June 005. The WGIG was an innovation in the existing, mainly inter-governmental, diplomatic system.Edited by Ranier Fsadni 5
Table 1: Major WSIS and WGIG Official Events Date Event Geneva Phase May 00 African Regional WSIS Ministerial Conference in Bamako June 00 Prepcomm in Geneva January 003 Asian Regional WSIS Ministerial Conference in Tokyo January 003 Latin American and Caribbean WSIS Ministerial Conference in Bavaro Febuary 003 Western Asia Regional WSIS Ministerial Conference in Beirut Febuary 003 th Meeting of the UNICTTF in Geneva Febuary 003 Prepcomm in Geneva July 003 WSIS Intersessional in Paris September 003 Prepcomm 3 in Geneva November 003 Prepcomm3bis in Geneva December 003 Prepcomm3bis+ in Geneva December 003 Geneva WSIS Summit Tunis Phase June 00 Prepcomm in Hammamet November 00 Establishment of the WGIG November 00 st WGIG meeting in Geneva November 00 West Asia Regional WSIS meeting in Damascus January 005 African Regional WSIS conference in Accra Febuary 005 nd WGIG meeting in Geneva Febuary 005 Prepcomm in Geneva April 005 3rd WGIG meeting in Geneva Politics in the age of the internet
Date Event May 005 Arab Regional WSIS conference in Cairo May 005 Asian Regional WSIS conference in Tokyo June 005 Asian Pacific Regional WSIS conference in Teheran June 005 Latin American Regional WSIS meeting in Rio de Janeiro June 005 th WGIG meeting in Geneva July 005 Final Report of the WGIG September 005 Prepcomm 3 in Geneva November 005 Tunis WSIS summit The purpose of this paper is to identify new developments andinnovations in diplomatic practice resultant from the WSIS and WGIG. First,I describe the overall WSIS framework and specific aspects of the WGIG.Second, I identify the new developments and innovation in diplomaticpractice that I think are likely of lasting importance. I will do so throughcomparing WSIS diplomatic practice to the practices developed duringother major UN summits held since the Rio Earth Summit in 99. Finally, Idiscuss if a new type of diplomacy dealing with ICT/Internet issues, usuallydescribed as Internet Diplomacy, has emerged from the WSIS and WGIGprocesses.Context and Evoluton of the Wsis/wgig Process The WSIS originated in the 990s, a period of optimism initiated by theend of the Cold War. The 990s was also a time of rapid development ofthe ICT and the Internet. In 998, in their Resolution 3, participants of theMinnesota Conference of the International Telecommunications Union (ITU)decided to start preparations for the WSIS. Only two years later, however, theglobal scene for the organisation of the WSIS had changed substantially, dueto two major developments.Edited by Ranier Fsadni
The first important development was the burst of the so-called dot-combubble in 000. The dot-com bubble developed in the period 995-000 withthe rapid growth of the value of stock in the ICT/internet field. However, thesudden deflation of the value of much of this stock in 000 led many internetcompanies into bankruptcy. By 00, the rhetoric of unlimited possibilities inthe development of the Internet that had dominated the 990s was replacedwith techno-scepticism and the level of investment in the ICT/internet areasharply decreased. The second significant development influencing the organisation of theWSIS was the terrorist attacks of September 00, which affected the WSISprocess just as it did many other aspects of global policy. The post-ColdWar era of the 990s, characterised by an attempt to introduce new forms ofdiplomatic cooperation, was replaced by the post-9/ period. The centralityof security concerns re-established the position of states in internationalrelations and substantially reduced enthusiasm for novelty in managingglobal affairs. Only a few months after the 9/ attacks, through its Resolution 5/83 of December 00, the UN General Assembly made an official decision to holdthe WSIS. Although the optimism of the late 990s shaped the language of theUN resolution, the policy reality—influenced by the dot-com crash and theevents of September—had changed dramatically. Both the agenda settingprocess and the participation in the WSIS reflected the new policy reality.The Agenda The setting of a diplomatic agenda is a highly important part of anymultilateral diplomatic process that can substantially influence the outcomeof negotiations. By setting the agenda, negotiators decide on the scope ofnegotiations and priority of issues. In the WSIS process, four main challengescharacterised the agenda setting process: the agenda delimitation, the multi-disciplinary nature of WSIS issues, uncertainty, and prioritisation.The Agenda Delimitation With the pervasive use of ICT and the Internet in modern society, it isdifficult to find any aspect of human existence outside its influence. Suchpervasiveness led toward the risk that almost any issue might be includedin the WSIS agenda.5 To accommodate this possibility, the WSIS chose avery broad approach by including a long list of issues in the Geneva summitdocuments, the Documentation of Principles and the Action Plan. One of the8 Politics in the age of the internet
main purposes of the Geneva phase was to map the field, so most issues weremerely mentioned and described. The Tunis phase streamlined the agenda inmain action lines dealing with Internet governance, e-government; e-business;e-learning; e-health; e-employment; e-environment; e-agriculture; e-science;public governance; and ICT for development, information and communicationinfrastructure; access to information and knowledge; capacity building; theenabling environment; building confidence and security in the use of ICT;cultural diversity and identity; linguistic diversity and local content; media;and ethical dimensions of the information society.The Multi-Disciplinary Nature of WSIS Issues The multidisciplinary nature of the WSIS-related issues added to thecomplexity of agenda setting. Most issues had a variety of technical, socio-economic, developmental, legal, and political aspects. One of the underlyingdilemmas in setting the agenda was whether the WSIS concerned technologyitself or the effects of technology on society. This confusion of technical andsocial approaches was noticeable in all aspects of the WSIS process, not only insetting the agenda, but also playing a determining role in the composition ofdelegations and the focus of discussions.Uncertainty The WSIS operated in the context of much uncertainty regarding thefuture development of the Internet, and this uncertainty affected the agendaof the WSIS. For example, in 00 when the WSIS process started, Googlewas just one of many search engines. At the end of the process in November005, Google was established as the primary internet company shaping theuse of the Internet. In 00, the use of blogs was in its infancy. Presently,bloggers sway governments, push the limits of freedom of expression,and have considerable influence on social and economic life. The list couldcontinue with mentions of Skype, YouTube and iPod. Due to a lack of consensus and understanding of some technicaldevelopments, the WSIS followed the least common denominator approach,resulting in vague provisions. The real problem will emerge in the futurewhen some important issues will require policy choices and operativedecisions (e.g., spam and internet security). One possible approach,increasingly used in the European Union, is that of technology-neutralregulations, which contain provisions applicable to various technologies. ForEdited by Ranier Fsadni 9
example, some provisions should be applicable to the Internet, broadcasting,and telephony. With the increasing convergence of digital technologies, (TVover the Internet, Internet telephony) technology-neutral regulations are theonly possible solution for preserving a coherent policy framework.Prioritisation of Agenda Issues Although it did not figure initially in the WSIS agenda, Internetgovernance emerged as the prime issue taken up by the WSIS. Itsimportance was reflected in the time spent on negotiating Internetgovernance issues, both in the main WSIS process and in the speciallydesigned WGIG. In fact, one of the main criticisms of the WSIS is that theInternet governance debate “hijacked” overall WSIS negotiations and tookthe focus away from the developmental issues that were supposed to bethe main issues on the WSIS agenda. As indicated in the main preparatorydocuments, the WSIS was designed to provide some solutions for narrowingthe digital divide that separates rich countries from poor ones by increasingthe use of the Internet and ICT in the developing world. The WSIS was alsosupposed to provide a stronger link with the Millennium DevelopmentGoals. It is widely perceived that the WSIS did not provide a majorbreakthrough on closing the digital divide.Participation It is not surprising that multistakeholder participation was one of thecatch phrases of the WSIS process. Prior to the WSIS, the United Nationshad expended considerable effort to involve business and civil society inits activities. In addition to this general policy trend of the UN Summits,multistakeholder participation was natural in discussions of the informationsociety and the Internet, since non-state actors had taken predominantroles in the development and the maintenance of the Internet. The businesscommunity had developed the technological infrastructure, includingcomputers, networks, and software. Civil society, academia, and the Internetcommunity had been vital players in the Internet field, including thedevelopment of Internet protocols, creating content and developing onlinecommunities. On the other side, governments were latecomers in the field.Many expected that the specific positions of stakeholders in the developmentof the Internet would result in the creation of new forms of globalmultistakeholder diplomacy. These expectations were partially met, especiallythrough the establishment of the WGIG and the Internet Governance Forum.0 Politics in the age of the internet
The UN General Assembly Resolution 5/83, the formal basis forconveying the WSIS, invited “intergovernmental organisations, includinginternational and regional institutions, non-governmental organisations,civil society and the private sector to contribute to, and actively participatein the intergovernmental preparatory process of the Summit and the Summititself.” Although it invited other stakeholders to participate, the resolutionclearly emphasised the inter-governmental nature of the WSIS. The expectations that non-state actors would participate equally and theformal stipulation about the inter-governmental nature of the WSIS collidedat the first WSIS preparatory meeting (Geneva, June 00), which draftedrules of procedures. The conflict was unavoidable. Governments refusedto grant non-governmental actors equal footing in the WSIS process. Civilsociety and the business sector received the status of observer that they hadheld during previous major UN conferences. After a difficult start, a multistakeholder perspective graduallydeveloped during the WSIS process. While the WSIS remained formallyan inter-governmental process, governments informally opened manychannels for the participation of non-state actors. The most successfulmultistakeholder participation occurred in the WGIG process with equaland full participation of all stakeholders. The multistakeholder work of the WGIG was expected, given thespecifics of the Internet governance field. In Internet governance, a regimealready functioned around the Internet Corporation for Assigned Namesand Numbers (ICANN), the Internet Engineering Task Force (IETF), andother organisations. With the exception of the US government, participationof governments in this regime had been low. The major difference betweennegotiations regarding Internet governance and other global negotiations—such as environmental negotiations—is that, while in other negotiations,inter-governmental regimes gradually opened to non-governmental players,in Internet governance negotiations, governments had to enter an alreadyexisting non-governmental, ICANN-based regime.Governments With the exception of a few developed countries, most countrieswere newcomers to the field of Internet policy and governance. Even foradvanced ICT/Internet countries, the WSIS posed numerous challenges. Themain challenge was to deal with the multidisciplinary nature of WSIS issuesthat involved technological, social, economic, and legal aspects.Edited by Ranier Fsadni
National Coordination Governments had to organise national participation in the WSIS. Theyhad to make decisions regarding the ministry in charge and how to engagethe technical community, the business sector, civil society, and the manyother actors who were often more involved in Internet policy than thegovernments themselves. Most countries started planning their participationin the WSIS through “technical” ministries, usually those that had beenresponsible for relations with the ITU. Gradually, by realising that theinformation society is “more than wires and cables,” governments involvedofficials from other, mainly non-technical ministries, such as those of culture,media, and defence. The principal challenge was to harness support fromnon-state actors such as local universities, private companies, and NGOsthat had the necessary expertise to deal with the issues on the WSIS agenda.Canada and Switzerland, for example, involved non-state actors in nationaldelegations for the WSIS summit. The whole process of setting national WSIS structures and deciding onnational positions on various WSIS issues was a learning experience formost governments. A clear evolution of levels of expertise and quality ofcontributions occurred during the WSIS process. A feedback process alsotook place in which many governments shaped their national policy on theInternet under the influence of the global WSIS negotiations.“Diplomatisation” of Internet Policy Issues Also relevant to the positions of governments at the WSIS was that theWSIS put the Internet on the global diplomatic agenda. Prior to the WSIS,the Internet had been discussed primarily in non-governmental circles orat the national level. “Diplomatisation” of Internet policy issues stimulateddifferent reactions. As Kenneth Neil Cukier, technology correspondent forThe Economist, stressed: by elevating the issue to a formal United Nations summit, this by natureescalates the importance of the topic inside governments. As a result, issuesabout the Information Society, that were treated by less political and lessvisible parts of the government—as science and technology and policy or asa media and cultural matter—were shifted to foreign ministries and long-standing diplomats, who are more accustomed to power politics and lessknowledgeable of technology issues and the Internet’s inherent requirementfor cooperation and interdependence. (Cukier, 005: ) Politics in the age of the internet
The diplomatisation process had certain positive effects on thediscussions at the WSIS. For example, diplomats provided non-partisancontributions to long-standing debates on ICANN-related issues (domainnames, internet numbers, and root servers). They had the advantage of beinglatecomers in an arena of already deeply entrenched positions in the Internetgovernance debate (e.g., the ICANN vs. ITU debate discussed below).The contributions of diplomats were particularly noticeable in the WGIGdebate. The diplomatic leadership of the WGIG (Chairperson Nitin Desaiand Executive Director Markus Kummer) created an inclusive atmospherewhere differences among representatives, including those of the technicalcommunity, did not block the process. The WGIG resulted in the WGIGFinal Report8 that voiced differences, but also provided process-relatedsolutions to the future discussion by establishing the Internet GovernanceForum.Importance of Geneva-Based Permanent Missions For many governments, their permanent missions in Geneva wereimportant—if not vital—players in the WSIS process. Most WSIS activitiesoccurred in Geneva, the base of the ITU, which played the main role inthe WSIS process. The first WSIS summit in 003 took place in Genevaand all but one of the preparatory meetings were held in Geneva, makingpermanent missions based in Geneva directly involved in the WSIS process. For large and developed countries, the permanent missions werepart of the broad network of institutions and individuals that dealt withthe WSIS. For small and developing countries, permanent missions wereprimary and, in some cases, the only players in the WSIS process. TheWSIS portfolio added to the agenda of usually small and over-stretchedmissions of developing countries. In many cases, the same diplomat had toundertake the tasks associated with the WSIS along with other issues suchas human rights, health, trade, and labour. Additional pressure on smallmissions arose because the WSIS process usually involved parallel meetingsand workshops. The complexity of the WSIS issues and the dynamics ofactivities made it almost impossible for many small and, in particular,small developing countries, to follow developments, let alone have anysubstantive effect. As a result, some small states supported a “one stop”structure for Internet governance issues.9 The sheer size of the WSIS agendaand the limited policy capacity of developing countries in both capitalsand diplomatic missions remained one of the main obstacles for their fullEdited by Ranier Fsadni 3
participation in the WSIS process. The need for capacity building in the fieldof Internet governance and policy was recognised as one of the priorities ofthe WSIS Tunis Agenda for the Information Society.0Business Sector The business sector had a low profile in the WSIS process. As oneof the representatives of the sector indicated, business was involved in“damage control.” At the WSIS, the main concern of the business sectorwas the possibility of opening discussions on intellectual property rightson the Internet. After the WSIS decided to leave the Internet intellectualproperty issues for the World Intellectual Property Organisation (WIPO)and the World Trade Organization (WTO), the business sector’s interest inparticipating in the WSIS process further diminished. The biggest ICT/Internet companies such as Microsoft, Adobe, Oracle,Google and Yahoo did not follow actively the WSIS process. No powerfulsoftware lobbying associations attended; even the Business SoftwareAssociation (representing software companies in dealing with internationalpolicy issues) had no active representation. Instead, the InternationalChamber of Commerce (ICC), well known as the main associationrepresenting small- and medium-sized enterprises, represented the businesssector. The ICC rarely represents the software industry in dealing withdelicate policy issues in the context of the WIPO or the WTO. Although theICC made active, professional input to the WSIS and WGIG, many thoughtthat the representation of the global business sector by the ICC was a signalof the lack of interest on the part of the business sector in the WSIS.Civil Society Civil society was the most vocal and active promoter of amultistakeholder perspective at the WSIS. The usual criticism of civilsociety participation in other multilateral fora had been a lack of propercoordination and the presence of too many, often dissonant voices. In theWSIS, however, civil society representation managed to harness the inherentcomplexity and diversity through a few organisational forms, including aCivil Society Bureau, the Civil Society Plenary and the Content and ThemesGroup. Faced with limited possibilities to influence the WSIS throughthe formal process, civil society groups developed a two-track approach.They continued their presence in the formal process by using availableopportunities to intervene and to lobby governments. In parallel, they Politics in the age of the internet
prepared a Civil Society Declaration as an alternative vision to the mainWSIS declaration adopted at the Geneva summit. At the WGIG, due to its multistakeholder nature, civil society attaineda high level of involvement. Civil society groups proposed eight candidatesfor the WGIG meetings, all of whom were subsequently appointed by theUN Secretary General. In the Tunis phase, the main policy thrust of civilsociety organisations shifted to the WGIG, where they influenced manyconclusions as well as the decision to establish the Internet GovernanceForum as a multistakeholder space for discussing Internet governanceissues.International Organisations The ITU was the central international organisation in the WSIS process.The ITU hosted the WSIS Secretariat and provided policy input on the mainissues. For the ITU, the WSIS was important for a number of reasons. TheITU was not the main protagonist of Internet policy developments, and itwas losing its traditional policy domain due to the WTO-led liberalisation ofthe global telecommunications market. The latest trend of moving telephonetraffic from traditional telecommunications to the Internet (through Voiceover IP) added to the erosion of the traditional telecommunication policydomain regulated by the ITU. Many observers viewed the leading role ofthe ITU in the WSIS as an attempt to re-establish itself as the most importantplayer in global telecommunication policy, now increasingly influencedby the Internet. The possibility that the ITU might emerge from the WSISprocess as the most important global Internet organisation caused concernin the United States and other developed countries—while creating supportin many developing countries. Throughout the WSIS process, this possibilitycreated underlying policy tensions. It was particularly clear in the field ofInternet governance, where tension between ICANN and ITU had existed—even before the WSIS—since the establishment of ICANN in 998. Another issue concerned the problem of how to anchor themultidisciplinary WSIS agenda within the family of UN specialisedagencies. It was felt that a predominant role of the ITU was risky, as itcould lead towards a techno-centred approach to the WSIS agenda. Non-technical aspects of the ICT/Internet, such as social, economic, and culturalfeatures, are part of the mandate of other UN organisations. The mostprominent player in this context is UNESCO, which addresses issues suchas multilingualism, cultural diversity, knowledge societies, and informationEdited by Ranier Fsadni 5
sharing. The balance between the ITU and other UN organisations wascarefully managed. This balance is also reflected in the WSIS follow-upprocess, with the main players including ITU, UNESCO, and the UnitedNations Development Programme .Other Participants Beside the formal stakeholders recognised by the WSIS, other playerswho were not officially recognised as stakeholders, such as Internetcommunities, had considerable influence on both the way the Internet runsand how it was developed. They participated in the WSIS process throughthe presence of the four main stakeholders, primarily through civil societyand the business sector.Internet Communities Internet communities consisted of institutions and individuals whohad developed and promoted the Internet since its inception. Many werebased in US universities where they primarily functioned to set up technicalstandards and to establish the basic functionality of the Internet. Internetcommunities also created the initial spirit of the Internet, based on theprinciples of sharing resources, open access, and opposition to governmentinvolvement in Iinternet regulation. From the beginning, they protected theinitial concept of the Internet from intensive commercialisation and extensivegovernment influence. The early management of the Internet by onlinecommunities was challenged in the mid 990s after the Internet became partof global social and economic life. Internet growth introduced a group of newstakeholders, such as the business sector, that came with different professionalcultures and understandings of the Internet and its governance, which ledto increasing tension. For example, in the 990s, Internet communities andNetwork Solution were involved in a so-called DNS war, a conflict over thecontrol of the root server and domain name system. Today, the main organisational forms that accommodate Internetcommunities are the Internet Society and IETF. In times of increasingcommercialisation of the Internet, it is difficult to preserve the early spirit ofInternet communities and the consideration of these communities as a specialpolicy group has been criticised. For example, in the WSIS/WGIG process,criticism was expressed that the Internet communities could no longer havea leading role in Internet governance. According to this view, with more thanone billion users the Internet has grown out of its initial policy framework. Politics in the age of the internet
Any Internet governance regime must reflect this growing Internet populationand the Internet’s influence on social and economic life. In this line ofargument, as the boundary between citizens and Internet users blurs, moreinvolvement of parliaments and other structures representing citizens isrequired, rather than those representing Internet users, such as Internetcommunities. In the WSIS, this criticism came particularly from those whoargued for more involvement of government in Internet governance.Internet Corporation for Assigned Names and Numbers The Internet Corporation for Assigned Names and Numbers is the 998compromise solution for the DNS war. Formally speaking, ICANN is a privateentity established under California law. It received functional authority tomanage Internet names and numbers from the US Department of Commercevia a special contract. In the WSIS process, ICANN was frequently criticisedfor its position in the existing Internet governance regime, and for havingspecial ties with the US government. Through an almost continuous process ofreform, ICANN had become increasingly international. It had an internationalboard of directors, meetings held in different regions, and an internationalstaff. However, the “umbilical cord” linking ICANN with the US governmentremained the main source of concern. In the WGIG debate, various optionsregarding the reorganisation of ICANN were discussed, including that ofdeveloping ICANN as a sui generis international organisation that shouldboth accommodate a multistakeholder approach and become anchored inthe international legal framework. Formally speaking, the WGIG Report onlypresented the various options without opting for any in particular.Organisational Structure The WSIS followed the typical organisational structure for UN summitswith an “organisation trinity” including a presiding officer or chairperson,a Bureau, and a Secretariat. In UN summits, the presiding officer is usuallya prominent political figure, while the Bureau is frequently formed ofambassadors resident in the host city of the conference. The Secretariatprovides structural support and is the only full-time segment of a summitorganisation structure. The Secretariat very often involves people whosecareers relate to the subject discussed at the conference. United Nationssummits also include other organisational forms such as the Group ofFriends of the Chair, subcommittees and subgroups, The High Level SummitOrganisation Committee, and host country secretariats.Edited by Ranier Fsadni
The Presiding Officer (Chairperson) The function of the chairperson is essential for the success of anynegotiation. Although the formal authority is limited, the chair usually hasenough room to have an effect, depending on his or her political positionand individual skills. One of the main requirements for successful chairing isimpartiality. Beside the main task of steering negotiations towards a successfuloutcome, the chair also has an important role in building and maintainingthe structure of the negotiation process. Through election as chairperson,diplomats take ownership of the process. The success of the negotiation is amatter of personal reputation and that of the country the chair represents.Regional distribution of the chair builds links with various regions as well asincreases transparency and legitimacy of the negotiation process. The chairing structure of the WSIS process included the chairperson ofthe overall WSIS process and other chairpersons leading numerous sub-committees, groups, and working groups. At the very beginning of the WSISthere was dilemma if the chairperson will be elected for each PreparatoryMeeting. It was decided to have one chairperson for the whole processleading towards the WSIS-Geneva. The WSIS exemplified the positive effectthat the selection of chairperson may have on the negotiation process. TheWSIS involved various styles and types of chairing. The former Minister ofEducation of Mali, Adama Samassékou, chaired the Geneva phase, whosemain aim was to map the overall arena. His election as the chair contributedin three ways. First, his professional and academic background in culture andlanguages helped in counter-balancing the potential techno-centric tendencyof the WSIS. Second, his African origin helped in bringing developmentissues to the agenda. Third, his position as a senior African statesman broughtwisdom and authority to a frequently “hype-driven” ICT/Internet discussion. In the Tunis phase, the main emphasis was on the implementation of theprinciples agreed on in Geneva. The appointment of Latvian Ambassador,Janis Karklins, as the Chairperson of the WSIS reflected this change.His engineering background was an asset in managing the negotiationprocess and a grasp of the diplomatic process and the UN modus operandiacquired during his posting as the Latvian ambassador to the UN in Genevacomplemented his management. A businesslike approach helped in drivingan extremely complex and diverse agenda towards a successful conclusion. The most delicate negotiation was required of the chair in sub-bodiesdealing with open issues such as Internet governance. Nitin Desai, the chairof the WGIG, faced the challenge of managing highly complex issues and a8 Politics in the age of the internet
wide diversity of actors. His understanding of UN procedures and processes,acquired through leadership in previous UN summits, helped him to departfrom those rules whenever necessary. He managed to involve non-state actors,primarily from the Internet governance community, and to keep the level ofinnovation in diplomatic practice acceptable to diplomats.The Bureau The Bureau usually has the task of assisting the presiding officer. TheWSIS Bureau followed the UN practice of selecting members from UNregional groups (Asia, Latin America and the Caribbean, Africa, WesternEurope and Other States, Eastern Europe). It also included representativesof the two host countries, Tunisia and Switzerland. In the Geneva phase, theBureau had members (three per region and one from each host country).In the Tunis phase, the number of members of the Bureau grew to 3 (six perregion and two from the host countries).The Secretariat The WSIS Secretariat followed standard UN practice in regard to itsfunctions and organisation. The Secretariat was hosted by the ITU, whoseSecretary-General was also Secretary-General of the WSIS. Both the WSIS and WGIG Secretariats performed the usual tasks ofUN Secretariats including logistics, procedural management, providingexpertise, drafting texts, and facilitating informal discussion. However,beside these regular tasks, the Secretariats of both the WSIS and the WGIGhad the additional tasks of organising various forms of online interaction.For example, all WGIG meetings were transcribed online and broadcastvia the Internet. The Secretariat had also arranged for Wi-Fi connection.Apparently, one of the major problems for in situ meetings was to supplya sufficient number of power point extensions for notebook powersupplies! Sometimes – as happened during the final drafting meeting atthe Chateau de Bossy − the WGIG Secretariat had to remove Wi-Fi supportin the meeting room since Internet access could have distracted the groupmembers from the main task of finalising the Report. In traditional conferences, the Secretariat provides support to thepresiding officer who is directly involved in procedural management. In theWGIG negotiations, the Secretariat had complete leadership in the onlinephase, while the chairperson, Nitin Desai, remained in charge of traditionalmeetings. The Head of the WGIG Secretariat, Markus Kummer, followedEdited by Ranier Fsadni 9
the online discussion and provided input whenever needed. It was aparticularly challenging task since online communication does not providesufficient signals to detect the mood of the room as done in a traditionalnegotiating setting. In some cases, he intervened in emerging controversies;online controversies tend to escalate faster than face-to-face controversies.In other cases, he provided input when online exchange slowed. TheSecretariat, led by Kummer, managed to provide organisational energyin online interaction conducted between meetings. The online dynamismblended properly with the traditional WGIG meetings. One of the main functions of the Secretariat is to draft negotiationdocuments. The WSIS Secretariat had the particularly arduous task oftransforming numerous inputs into basic negotiation documents. In theTunis phase, the Secretariat was assisted by the Group of Friends of theChair, who prepared the first negotiating draft. The WSIS secretariat alsoprovided drafting support for the chairs of the WSIS sub-committees. Giventhe high level of expertise among WGIG members, the WGIG Secretariat hadslightly different task of providing the right balance between academic andpolicy input. It had a more coordinating than drafting role.The Group of Friends of the Chair In UN meetings, the typical reason for establishing the Group of Friendsof the Chair is to enhance the efficiency of the negotiation process bylimiting the number of players in negotiations. Work in smaller groups isusually simpler and more efficient. The usual challenge for the establishmentof the Group of Friends of the Chair is how to make it large enough torepresent of the primary players and small enough to be efficient. In the WSIS, the Group of Friends of the Chair was functional andefficient. In the first phase, leading to Geneva, it had a somewhat passiverole, assisting the Chairperson in drafting the introduction of the concludingdocument. In the second phase, leading to Tunis, the Group of Friends ofthe Chair received a more prominent role in drafting the first version of thenegotiating text.Sub-committees and sub-groups Sub-committees addressed substantive issues. In the preparation forthe 003 Geneva summit, sub-committees drafted the Plan of Action andDeclaration of Principles. The sub-committee on the Plan of Action includedsub-groups on media, security, capacity building, enabling the environment,0 Politics in the age of the internet
access to information, ICT applications, infrastructure, and culturaldiversity. Each sub-group was chaired by a representative of a differentcountry to broaden the number of negotiators and to introduce strongerownership in the process.Other organisational structures The High Level Summit Organisation Committee had the task ofcoordinating WSIS-related activities of the UN organisations. Two hostcountries, Switzerland and Tunisia, established host country secretariats.Those secretariats were involved in various WSIS coordination bodies.However, their main task was to deal with organisational issues.Switzerland transferred to Tunisia knowledge and organisational expertisegathered in the preparations for the Tunisia summit.Procedures and Processes of Negotiations Procedures are essential for the smooth running of negotiations.Although some perceive them as an unnecessary formality, they have anessential function in any negotiation. The rules of procedure provide ananchor for potentially chaotic developments in negotiations. They alsoensure equity and transparency in the process. To ensure equity andtransparency, many small and developing countries favour “formalisms,”which involve a strict adherence to procedural rules. Alternative forms ofparticipation very often require additional human resources, which couldlead to de facto inequality in negotiations. The WSIS followed typical UN summit rules of procedure establishedduring previous UN Summits.3 The UN summit rules of procedure are closeto the UN General Assembly rules of procedure. The WSIS also developedinformal practices in conducting negotiations, often referred to at the WSIS,as a “WSIS practice.”Informal Practice Many elements shape an informal practice, including participant readinessto interpret rules of procedure in a flexible way, the need to reduce the processtransaction cost, and specific professional cultures of communities involved innegotiations. At the very beginning of the WSIS process, in an effort to avoidestablishing a precedent that could be used in other multilateral negotiations,many countries refused to allow the full participation of non-state actors.Edited by Ranier Fsadni
However, these countries were aware of the specificities of WSIS andWGIG processes and allowed participation of other stakeholders far beyondthe formal framework. Most informal practices related to the opening up ofthe negotiation process to other stakeholders, primarily to civil society andbusiness sector groups. Informal practices were particularly noticeable inobserver participation in the meetings, making interventions, and effectingthe negotiations.Observer Participation No restrictions were placed on the participation of observers inmeetings. Observers participated in plenary and subcommittee meetings.In the phase leading towards the Tunis summit, observers also attendedmeetings of the Group of Friends of the Chair, which played a vital role indrafting the basic negotiating document. Observers intervened in the WSISby delivering statements in official meetings. During PrepComm meetingsprior to the Geneva summit, the observers had 5 minutes every dayreserved for interventions. Each main stakeholder—including, internationalorganisations, business groups, and civil society representatives—had5 minutes for interventions. The minimum 5-minute intervention timewas established as a WSIS practice. In many cases, observers were grantedadditional time for their interventions. Observers were also involved inpreparing and running round tables and panels at both Geneva and Tunis.Observer Participation in Negotiations Although observers did not have decision-making rights, WSIS informalpractices helped them to influence negotiations through various techniques.First, observers’ written contributions were included in the compilations ofthe inputs alongside those of governments. Accordingly, observer proposalsbecame visible to negotiators and, thus, more likely to be integrated in thenegotiating text. Second, observers intervened in negotiating sessions byusing a “stop-and-go” approach (Kleinwächter, 00). The chairpersonperiodically stopped official negotiations, allowing observers to make anintervention. Although it was a discretionary right of the chairperson, thestop-and-go approach gradually became part of WSIS informal practice. The WSIS leadership clearly intended to increase the inclusiveness andtransparency of the process. However, in some cases, inclusiveness andtransparency were not impeded by political decisions, but by organisationalrequirements. First, many actors in attendance had various cultural, Politics in the age of the internet
professional, and cultural commitments. An already complex group of over80 governments had to make room for additional non-state entities that,very often, had limited experience in multilateral diplomacy. Organisationalforms established by civil society and the business sector5 reduced thecomplexity, but they did not solve the problem of managing the largenumber of contributions to the negotiating process. Second, in criticaljunctures, the negotiations required deal brokerage with a limited numberof participants. It was simply impossible to negotiate deal brokerage withmore than 0 or 0 players. For example, the brokerage of the final deal onInternet governance at the Tunis summit involved primarily the EU, theUS, China, Brazil, Russia, Canada, and Australia. The WSIS leadership hadconstantly to keep a balance between transparency and efficiency. Keepingthe right balance was often more an organisational than a policy issue.The Wgig Process In understanding the way the WGIG operated, it is important toemphasise that the WGIG was not, in a formal sense, a negotiating body.The main function of the WGIG was to exchange information and toprovide expert input on internet governance to the main WSIS negotiatingprocess. This specific mandate helped in developing a full multistakeholderpractice. The WGIG did not have written and official rules of procedure;rather, business was conducted according to certain rules that were eitherarticulated explicitly or accepted tacitly by participants. The importantelement in developing this practice was the considerable experience thatChairperson Nitin Desai had gained in organising previous UN Summits.His in-depth knowledge of the UN rules of procedure helped him to distilthe best and avoid those that could have led to controversy. The maindevelopments in the WGIG process included changes in rules regardingmultistakeholder participation and representation; inclusiveness andlegitimacy; time-management; and inductive and deductive approaches.Full Multi-stakeholder Participation and Representation The WGIG included representatives from the main WSIS stakeholders:governments, the business sector, civil society, and internationalorganisations. Other experts and technologists participated, particularlythose who attended as part of the civil society contingency, but also as partof government and business sector representation. All participants had equalrights to participate and intervene in WGIG activities.Edited by Ranier Fsadni 3
Inclusiveness and Legitimacy Although the WGIG included a wide range of representation, in order toexpand it even further the WGIG leadership introduced the practice of openmeetings before the WGIG regular meetings held at the UN in Geneva. Openmeetings attracted many actors who were thus able to intervene directly.The WGIG also facilitated online participation through an Internet broadcastof real-time transcripts, audio-casts, and video-casts of meetings. In this way,the WGIG increased its legitimacy in the Internet community, which wasvery cautious about the overall WSIS-process.Time-Management The WGIG operated under considerable time constraints. In onlynine months (between October 00 and June 005), it had to provide anauthoritative report on Internet governance for the final negotiations priorto the Tunis summit. In this short time-span, the WGIG also had to developtrust among participants who came from different and sometimes oppositepositions regarding Internet governance. The WGIG leadership used a blendof various traditional and online approaches in order to complete its task inthe limited period. Online phases harnessed various views. Prior to each session, theSecretariat summarised the main developments in the online phase andproposed a list of a limited number of issues for face-to-face meetings. Forhighly controversial issues, the Secretariat proposed that a few memberswho represented different views prepare background material. The WGIGwas also ready to alter any approaches that would lead to an impasse (e.g.,premature discussion on the definition of Internet governance).Inductive and Deductive Approaches In early meetings, the issue of a definition of Internet governance tookprecedence. At the meeting in February 005, the group entertained aprolonged discussion regarding normative vs. descriptive definitions ofInternet governance. The WGIG leadership decided to change this top-down approach requiring a definition first and a subsequent discussion ofconcrete issues. The group selected an inductive approach to matters byanalysing concrete issues and gradually building a broader framework,including a definition of Internet governance. For highly controversialissues, such as control of the root server, the WGIG leadership decided to Politics in the age of the internet
Some pages have been omitted for this preview document
CHAPTER FOUR INTERNET GOVERNANCE AND INTERNATIONAL LAW Jovan KurbalijaThe WGIG’s multidisciplinary approach allowed it to address InternetGovernance issues from technical, policy, economic, institutional, and legalperspectives. Although legal considerations were not the priority of the WGIG,the WGIG process confirmed that all Internet Governance issues includeimportant legal aspects. Legal discussions within the WGIG focussed on:● legal issues per se, including cybercrime, intellectual property rights,data protection, privacy rights, and consumer rights;● legal mechanisms for addressing Internet Governance issues, includingself-regulation, international treaties, and jurisdiction.After the presentation of the WGIG Report, the WSIS negotiations have mainlydealt with potential Internet Governance mechanisms, includinginstitutionalisation options. Legal considerations are becoming crucial inexploring the various ways and means of fitting proposed institutionaldesigns for Internet Governance within existing national and internationallegal frameworks. Some of the questions under discussion, not only in theWSIS Preparatory Meetings, but also in the corridors of the Palais des Nationsand in online forums include: How to facilitate the participation of variousstakeholders within the state-centred international legal system? What would
be the most suitable international legal instrument for addressing InternetGovernance issues? What is the relationship between international publicand private law in the field of Internet Governance?The aim of this chapter is to contribute to an initial conceptual mapping of thelegal aspects of Internet Governance. It will reflect on the legal issuesdiscussed so far during the WGIG/WSIS process. However, the mainemphasis will be on the legal issues, which are likely to influence InternetGovernance discussions following the conclusion of the WSIS in Tunisia.Cyberlaw vs. Real LawThe WSIS/WGIG Internet Governance process was instigated almost twoyears after the Dot-Com Bubble burst (in 2000). A more mature and realisticdiscussion of the various effects of the Internet on society gradually replacedthe early Internet hype of the 1990s. Currently, two paradigms, generallydescribed as “techno-optimism” and “techno-realism,” create the underlyingconceptual basis for Internet Governance discussions. In the legal field,proponents of “techno-optimism” argue for the development of “cyber-law,”while the “techno-realists” argue that the solution for the Internet rests withthe use of “real law.”A “cyber-law” approach presumes that the Internet has brought about newtypes of social interaction in cyberspace. Consequently, new “cyber-laws” forcyberspace need to be developed. In the early days, the proponents of thisapproach argued that the Internet de-links our social and political interaction
from the current territorial organisation of the world, which rests on thenotion of the sovereign state. This argument is best epitomised by JohnBarlow’s famous message to the governments of the world: “You are notwelcome among us. You have no sovereignty where we gather. You have nomoral right to rule us nor do you possess any methods of enforcement wehave true reason to fear. Cyberspace does not lie within your borders.”1Presently, this particular argument is of mainly historical relevance. Thecurrent proponents of a “cyber-law” approach argue that the sheer speed andvolume of Internet cross-border communication hinders the enforcement ofexisting legal rules and requires the development of new “cyber-laws.”2A “real law” approach is based on the assumption that the Internet is notconceptually different from previous telecommunication technologies, fromsmoke signals to the telephone. Though faster and more far-reaching, theInternet still involves communication over distances between individuals.Consequently, existing legal rules can be applied to the Internet.Although both approaches contain valid elements, the real law approach isbecoming predominant in both theoretical analyses and policies. Notably, theWSIS/WGIG discussions on Internet Governance emphasised the need to useexisting national and international legal mechanisms for regulating theInternet. For some issues, however, such as trademark protection, real lawrules would need to be adapted in order to apply to the Internet. Newlydesigned rules must regulate other issues, such as spam. It is difficult toenvisage any existing rule that might be applied to spam. The closest realworld analogy to spam, junk mail, is not illegal.
Does the Internet Require Global Regulation?One frequently expressed view about Internet Governance is that the globalnature of the Internet requires global Internet regulation. Proponents of thisview support the need for global regulation with examples, such as the lack ofeffective national measures to combat spam or cybercrime. The typical line ofthinking goes like this: any country outside of global regulation could becomea “safe haven” for those intending to defy globally adopted Internet rules. Oneof the early examples supporting this argument was the initiator of the “I LoveYou” virus. The hacker, who created this virus, resident in The Philippines,could not be prosecuted for the worldwide damage caused by his virusbecause no such crime existed in Philippine legislation.While global regulation may be desirable in many respects, national andregional regulations are assuming greater relevance. The Internet increasinglybecomes anchored in geography. New technological developments, such asgeo-location software, make it simpler to locate the geographical location ofInternet users. Together with geo-location software, powerful filtering toolscan limit Internet access based on the user’s country of origin. Besidestechnological devices, increasing legislative pressure in many countriesrequires ISPs to identify their users and, if requested, to provide necessaryinformation about them to authorities. With such developments, the Internetwill become a less anonymous medium. For many governments, thecombination of technology and legislation is sufficient to ensure an acceptablelevel of enforcement of national legislation.3 The more the Internet isanchored in geography, the less unique its governance will need to be.
The Use of the Variable Geometry Approach in Internet GovernanceThe “variable geometry” approach has been widely used in international legalpractice. Among the proponents of the variable geometry approach oneshould mention Judge Tanaka of the International Court of Justice, whostated the following in the South West Africa Case: “To treat unequal mattersdifferently according to their inequality is not only permitted but required.”4Professor Abi Saab finds a conceptual framework for variable geometry indifferentiating between the international law of coexistence, based on theprinciple of sovereign equality, and the international law of co-operation,which includes the equality of participation but the differentiation of tasksand obligations.5The need to accommodate states with different capacities and interests withinthe same international framework gradually triggered various forms ofvariable geometry. One of the well-known examples is veto power of fivepermanent members of the UN Security Council. Many internationalorganisations, such as the International Monetary Fund and the World Bank,rely on variable geometry. Other examples include commodity organisations,such as the International Tropical Timber Agreement, which distinguishesbetween consumer and producer member states. Voting power is allocatedaccording to the share in the total tropical forest resources. Internationalenvironmental law has developed the principle of common but differentiatedresponsibility, which contains two main elements: a) common responsibility
of countries for the protection of the environment on local, regional, andglobal levels; b) differentiated contributions to reducing environmental harmbased on criteria such as a particular country’s historical contribution toenvironmental damage and its capacity to prevent and reduce furtherenvironmental damage.6 The principle of common but differentiatedresponsibility could apply to treatment of “Internet pollution,” such as spamand viruses.7Internet Governance requires the involvement of a variety of stakeholders whodiffer in many aspects, including international legal capacity, interest inparticular Internet Governance issues, and available expertise. Such varietycould be accommodated within a single Internet Governance framework,through the use of the variable geometry approach. This approach, whichreflects stakeholder interests, priorities, and capacities to tackle InternetGovernance issues, is implied in Article 49 of the WSIS declaration, whichspecifies the following roles for the main stakeholders:8• States – “policy authority for Internet-related public policyissues” (including international aspects);• the private sector– “development of the Internet, both in thetechnical and economic fields”;• civil society–“important role on Internet matters, especiallyat community level”; intergovernmental organisations –“the coordination of Internet-related public policy issues.”• international organisations – “development of Internetrelated
technical standards and relevant policies”Variable geometry can be implemented through mechanisms that would needto include different core responsibilities for tackling particular InternetGovernance issues and a carefully weighted decision-making process,including the necessary checks and balances.One possible criticism of the use of variable geometry in Internet Governanceis that the creation of such a system would require lengthy and detailednegotiations, especially in the grey zones, where various stakeholders mayhave competing and conflicting interests (e.g. the management of the coreInternet resources). In negotiating grey zone issues, the win-win potential ofvariable geometry could be limited by the zero-sum approach to negotiations.The Difference between International Public Law and InternationalPrivate LawThe need for the use of international law is frequently raised in InternetGovernance discussions. The context within which such references are made,very often leads to certain conceptual and terminological confusion. The terminternational law is mainly used as a synonym for international public law,established by nation states and international organisations, usually throughthe adoption of treaties and conventions.9 However, most possibleinternational legal cases regarding the Internet include a strong private lawfeature, involving such issues as contracts and torts. In dealing with suchissues, there is a need to use international private law, which creates anadditional element of terminological confusion. Namely, the term international
private law is, to a large extent, a misnomer. Conflict of laws, the term usedin the United States, is more precise. The rules of international private laware stipulated in national legislation, not in international treaties.10 The rulesof international private law specify the criteria for establishing applicablejurisdiction and law in legal cases with foreign elements (e.g., legal relationsinvolving two or more entities from different countries). The criteria foridentifying the applicable jurisdiction and law include the link between anindividual and national jurisdiction (e.g., nationality, domicile) or the linkbetween a particular transaction and national jurisdiction (e.g., where thecontract was concluded, where the exchange took place).International Private LawGiven the global nature of the Internet, legal disputes involving individualsand institutions from different national jurisdictions are very frequent.However, only rarely has international private law been used for settlingInternet-based issues, possibly because its’ procedures are usually complex,slow, and expensive. The main mechanisms of international private lawdeveloped at a time when cross-border interaction was less frequent andintensive and proportionally fewer cases involved individuals and entitiesfrom different jurisdictions.International private law requires modernisation in order to meet the needs ofthe Internet-based world, characterised by fast, simple and pragmatic modus
operandi. Possible modernisation might include simplified procedures foridentifying appropriate jurisdictions and laws, the option of onlinedeliberation, and flexible arrangements for legal counselling.The Harmonisation of National LawsIn the case of the need for global regulation, the most efficient option is theharmonisation of national laws, resulting in the establishment of one set ofequivalent rules at the global level. With identical rules in place, the questionof applicable jurisdiction should become less relevant. If the same rules areapplied, it becomes less relevant whether the court case is adjudicated, forexample, in the USA or France. The harmonisation of national laws can beachieved in areas where a high level of global consensus already exists, forexample, regarding child pornography, piracy, and slavery. Views areconverging on other issues too, such as spam and Internet security. However,in some fields, including content policy, it is not likely that a globalconsensus on the basic rules will be reached.International Public LawInternational public law regulates relations between nation states. Someinternational public law instruments already deal with areas of relevance toInternet Governance (e.g. telecommunication regulations, human rights,
international trade). It remains to be seen if international public law will beused more intensively in the field of Internet Governance. In this part, theanalysis will focus on the elements of international public law that could beused in the field of Internet Governance, including treaties and conventions ,customs, “soft law,” and ius cogens.Treaties and Conventions11Currently, the only convention that deals directly with Internet-related issuesis the Council of Europe Cybercrime Convention. However, many otherinternational legal instruments address broader aspects of InternetGovernance. For example, in the field of telecommunications, ITU regulations(Radio Regulations and International Telecommunication Regulations) governissues related to telecommunication infrastructure.12 Another set of Internetrelatedinstruments deals with human rights. Freedom of expression isprotected by Article 19 of the Covenant on Political Rights. Global andregional human rights instruments regulate other Internet-related rights,such as privacy and the right to information. In the field of dispute resolution,one of the main instruments is the New York Convention on Arbitrations(1958).One of the Internet Governance Project’s contributions to the WGIGdiscussions was its proposal for the adoption of the UN FrameworkConvention on Internet Governance.13 The “framework-protocol” approach
consists of the framework convention, which provides general principles, andsubsequent protocols that provide more specific regulation.14 The proposal ofthe Internet Governance Project rests on the analogy with the UN FrameworkConvention on Climate Change (1992). The following similarities betweenclimate change and the Internet were underlined: involvement of a broadrange of actors, including non-governmental organisations; a broadagreement on principles and norms; and a need to establish procedures fordealing with future issues. The possible differences between climate change in1992 and Internet Governance in 2005 is “ripeness” for the issue to beregulated by international convention. The WSIS/WGIG debate clearlyindicated differences among main players, including disagreement about coreInternet governance principles and norms. Although the “framework-protocol”approach would be an appropriate mechanism for regulating such a broadfield as Internet Governance, the introduction of this mechanism wouldrequire more time in order to develop wider support for the main InternetGovernance principles and norms.Customary LawDevelopment of customary rules includes two elements: general practice(consuetudo) and recognition that such practice is legally binding (opiniojuris). It usually requires a lengthy time-span for the crystallisation of generalpractice. This was possible in the past. However, technological progress afterthe Second World War required the rapid introduction of international
regulatory frameworks, given the profound economic and politicalconsequences that these changes generated in a very short time-span. TheInternet is a good illustration of this tendency.One possible solution for overcoming tension between, on one hand,increasingly fast modern life and, on the other hand, the slow process ofdevelopment of customary law was proposed by Roberto Ago who introducedthe concept of diritto spontaneo or “instant customary international law.”15This concept emphasises opinio iuris and gives lower significance to generalpractice. The view has been criticised since it underestimates the importanceof practice, which is the core element of customary law. In currentinternational law, only one possible reference exists in the InternationalCourt, that of the North Sea Continental Shelf, that opens the possibility ofdeveloping customary law in a relatively short passage of time: “anindispensable requirement would be that within the period in question, shortthough it might be, State practice, including that of States whose interestsare specially affected, should have been both extensive and uniform.”16Some elements of emerging custom appear in the way the US governmentexercises oversight over the Internet root. The US government has observed ageneral practice of non-intervention when it comes to administering theInternet root zone file, which is the first element in identifying customary law.It remains to be seen if such general practice originated with the awarenessthat it was legally binding (opinio iuris). If this is the case, there is thepossibility of identifying international customary law in managing parts of theInternet root server system that deal with the country domains of other
countries. It would be difficult to extend such reasoning to the legal status ofgTLDs (com, org, edu, net), which do not involve other countries.Customary law may also be developed for regulating security-related InternetGovernance issues (e.g., spam, protection of critical infrastructure, virusprotection).Soft Law“Soft law” has become a frequently used term in the Internet Governancedebate. Most definitions of soft law focus on what it is not: a legally bindinginstrument. Since it is not legally binding, it cannot be enforced throughinternational courts or other dispute resolution mechanisms.The linguistic criterion for identifying soft law is the frequent use of the word“should,” in contrast to the use of the word “shall;” the latter is usuallyassociated with a more legally-binding approach codified in “hard” law(treaties). Soft law instruments contain principles and norms rather thanspecific rules. It is usually found in international documents such asdeclarations, guidelines, and model laws.Why are some international documents considered to be soft law while othersare not? For example, the Rio Declaration (1992) is soft law, but hundreds ofother declarations adopted by the UN are not. The “legality” of soft lawinstruments is supported by the evidence that their norms are usually
observed by many countries. Soft law could fall under the umbrella of LouisHenkin’s statement that, “Almost all nations observe almost all of theirobligations almost all of the time.” When countries adopt a particulardocument, even if it is not legally binding, they express a certain commitmentand moral obligation to observe it. The more negotiating energy put intoreaching consensus and drafting a particular instrument, the more nationstates are ready to support and observe such an instrument. This is one ofthe main elements that leads to the categorisation of particular internationaldocuments as soft law.As we can see, the difference between hard and soft law is not binary.17Moreover, some situations are prima facie paradoxical, where hard lawconventions contain soft law rules and vice versa. 18Some soft law arrangements have had considerable political importance--such as the Helsinki Act from 1975, which established the framework forEast-West relations and marked the beginning of the end of the Cold War.Other soft law instruments, such as the Stockholm Declaration (1972) andRio Declaration (1992) have had a major impact and influence on the conductof states in the field of environmental protection. More recently, the OECDFinancial Action Task Force (FATF) adopted 40 recommendations on moneylaundering. Although the recommendations are soft law, the FATF establisheda very strict monitoring and reporting plus enforcement process that includessome very hard mechanisms, including the expulsion of a party from theFATF.
Soft law is used by states for various reasons, such as mutual confidencebuilding,stimulating development in progress, and introducing new legal andgovernmental mechanisms. Soft law has increasing importance, especially insituations where states agree on specific issues, but are not ready to bindthemselves legally. Soft law is also sometimes preferred to hard law in orderto avoid the potential complexity of the domestic ratification process. Anotherpossible situation for the use of soft law instruments is in the process of thegradual development of norms that can result in the adoption of internationallegal instruments.19The main corpus of existing instruments in the field of Internet Governance isnon-binding, and includes: the OECD Guidelines related to ICT and theInternet, the UNCITRAL Model Laws in E-Commerce, resolutions anddeclarations of the UN and other international organisations dealing withInternet Governance related issues (e.g., the UN General AssemblyResolutions on Internet Security).The main WSIS documents, including the Final Declaration, Plan of Action,and Regional Declarations have the potential to develop certain soft lawnorms. They are not legally binding, but they are usually the result ofprolonged negotiations and acceptance by all countries. The commitment thatnation states and other stakeholders put into negotiating these instrumentsand in reaching a necessary consensus creates the first element inconsidering that such documents are more than simple politicaldeclarations.20
Soft law provides certain advantages in addressing Internet Governanceissues. First, it is a less formal approach, not requiring the officialcommitment of states and, thereby, reducing potential policy risks. Second, itis flexible enough to facilitate the testing of new approaches and adjustmentto rapid developments in the field of Internet Governance, which ischaracterised by many uncertainties. Third, soft law provides greateropportunity for a multistakeholder approach than does an international legalapproach restricted to states and international organisations.Ius CogensIus cogens is described by the Vienna Convention on the Law of Treaties as a“norm, accepted and recognised by the international community of States asa whole, from which no derogation is permitted and which can be modifiedonly by a subsequent norm of general international law having the samecharacter.”21 One of the main characteristics of ius cogens rules is that theyare inalienable. Professor Brownlie lists the following examples of ius cogensrules: the prohibition of the use of force, the law of genocide, the principle ofracial non-discrimination, crimes against humanity, the rules prohibitingtrade in slaves and piracy.22 More conditionally, he also indicates theprinciple of permanent sovereignty over national resources and the principleof self-determination.23 Can ius cogens be applied to the Internet? Some of theabove-mentioned behaviours prohibited by ius cogens, such as piracy,
Some pages have been omitted for this preview document
CHAPTER SIX POLICY APPROACHES TO CYBERCRIME François ThillThe Internet connects more than one billion people via a large interconnected network madeup of several hundreds of millions of computers, servers and routers, and has become acrucial part of modern society. This network connects people, companies and administrativeorganisations by offering a multifunctional communication channel. With its rise inpopularity, we have seen the rapid development of e-business and online services with a hugeshare of the market. These activities not only attract the interest of tradesmen and serviceproviders, but also that of criminals, often referred to as cybercriminals.The turnover related to cybercrime activities in 2008 exceeds that of the drug market(Amoroso, 2009) and is growing annually. People involved in terrorism and governmentalespionage use the Internet to launch online attacks, as demonstrated by the example ofEstonia (Evron Aarelaid, 2009). According to the SANS institute, the growing popularityof Internet-based social networks, such as Facebook and Hi5, can help facilitate espionage(SANS Institute, 2008).These figures and estimates raise certain questions: What actually is cybercrime? How docybercriminals proceed? Who are the people behind cybercrime? What is their motivation?What political strategies might be employed to fight cybercrime? How do countries begin toprepare to cope with it? To answer these questions, it is essential to become familiar with therisks arising from the activity of the cybercriminals.What is Cybercrime?
The term ‘cybercrime’ refers to Information and Communication Technology (ICT) beingused as a tool to commit a criminal act as well as being the target of the criminal act.Information Technology (IT) is used as a tool for obtaining an advantage by illicit means, justlike crimes committed by traditional, conventional methods; they are simply committed usingIT. The criminal’s aim is the same, namely, to exploit the naivety of his victims. Specificallycrafted web pages can be used to extract private information together with inconspicuous e-mails, apparently from friends and colleagues, which may harbour destructive software.Among the offences associated with these types of attacks are credit-card fraud, diverseforms of abuse of trust and child grooming by deceiving the victim. The motivation is usuallygreed, paedophilia, prostitution, racism or political radicalism. (Council of Europe, 2001)The circumstances in which IT itself is the subject of criminal acts, are multiple: clandestineinstallation of espionage software, illicit access to Web pages or defacement of them, theft ofdata, propagation of malwares or usurpation of identity. The motivation behind these attacksis often cupidity, ideology, revenge, terrorism or simply a challenge, or a combination ofthese. These attacks target mainly the availability, confidentiality and integrity of ICTsystems.How do cybercriminals proceed?Step 1: Collection of information Before carrying out an attack, cybercriminals collect information available about their victim, whether a company or an individual. Users and companies often reveal large amounts of data on the Internet, unaware of the value of this information and unaware
that criminals are ready to exploit it. Search engines can enable criminals to find valuable information on users and companies in seconds.Step 2: Scanning networks Cybercriminals probe systems and networks, searching for their weak points (exploiting technical vulnerabilities). Criminals have access to numerous free tools; some even have online support from the creator of these tools.Step 3: Inventory After the collection of information and the detection of weak points, the cybercriminal tries to identify user accounts or resources used jointly which are poorly protected. If the cybercriminal manages to determine the name of a user or a resource, nothing will prevent him from trying to illicitly access the system. The time between the determination of a username and the discovery of the corresponding password is generally very short, as people often choose very bad passwords. The process is similar for the detection of a resource and the identification of its weak points. One reason for this is that many companies still lack patch management (a bug-fixing procedure).Step 4 Use of spying tools Once the collection of information about a victim is complete, for example an administrative employee or a secretary (usually a strategic member of staff with access to lots of information), the cybercriminal tries to place a spying tool (Trojan Horse) on their computer to collect as much information as possible about the company. To do this, he sends an e-mail from a credible e-mail address, recognisable to the person, that contains a Trojan horse specific to the person.
Information the cybercriminal has obtained at the preliminary stage about the person makes it much easier to write this e-mail in a way that raises the interest of the potential victim, thus ensuring that it will soon be opened. If the victim activates the malware (harmful software) by opening the e-mail or clicking on the enclosed file, the cybercriminal may obtain control of the computer. The cybercriminal is now able to spy on the company. The targeted collection of personal data is often easily accessed because many people reveal personal information on social networking tools such as Facebook, oblivious to the possible hazards, unaware that this information can be used to prepare social-engineering attacks.Step 4 Manipulation by social engineering In this case, cybercriminals do not have to stretch their technical capabilities, but use much more subtle means: for example psychological pressure or exploitation of the need for self-explanation of others. Here the victim may be directly confronted by the cybercriminal. During a ‘chance meeting’ or ‘interview’, names, passwords and other important information are passed on to the criminal, to be used for the ‘attack’. To achieve this, the criminal can, for example, pretend to be a member of the IT department of the company. He then contacts a user of this same company and tells them that their access rights must be updated in order to use a particular application, which will not be possible without their password. (CASES, 2008)Who are the people behind cybercrime?Cybercriminals can be classified in two types: crackers and script kiddies. (Humbert, 2007)
A common, well-mediatised mistake is to use the term ‘hacker’ to denote a cybercriminal.This misuse of the term can easily be corrected by the following definition: a hacker is ahighly motivated individual in the field of his choice, e.g. IT security. A hacker improves thesecurity of IT systems by finding and exploiting system errors on his own equipment and,upon successful exploitation, publishing a detailed report to the relevant vendors andsubsequently to the public at large. They are not motivated by illegal activities and highlyethical about their status in society.Hackers see themselves as beneficial workers for companies, organisations or people,because their attacks make it possible to detect vulnerabilities early on and thus improve thesecurity of the systems concerned. The hacker community gathers experienced programmers,network specialists as well as passionate information technology and communication experts.This community shares the ideology that intellectual property should belong to the generalpublic.Hackers have existed since the development of the very first computers. The hackercommunity mainly works in the background and is considered quite small. Their actions arefocused on the intrusion into highly protected and widely deployed systems.Crackers are a group of fully-fledged criminals. This community is often organised intonetworks and groups similar to the structures of organised crime. The crackers have, likehackers, excellent technical training but work for their own benefit or for the profit of a thirdparty. The goal of their attacks is financial gain: grow rich while making the victim suffer.Contrary to hackers, these individuals do not have any particular ethical direction and theirnetwork includes many members. The majority of reported cybercrimes by the media areattributed to crackers. The latter represent a real threat to citizens, organisations andcompanies.
Script kiddies represent a cybercriminal subclass. They do not have significant technicaltraining, and are generally teenagers or even children who use ready-to-use ‘scripts’ (mostlyfreely available on Internet) created by crackers. Script kiddies often don’t know theoperating process of these ready-to-use malware programs. They aren’t even fully consciousof the impacts of their illegal actions. Their acts are irresponsible, often infiltrating systems asa way of displaying their technical competence amongst their peers.This group, from the multitude of its members, causes a great deal of damage. Their victimsare mainly citizens and small companies that have inadequate protection. Well known andeasy-to-use protection measures are generally sufficient to thwart them. Thus, e-mails ofunknown origin should not be opened and their attached files should not be run. Theoperating system, anti-virus software and other programs should regularly be updated and thefirewall correctly configured. Analysis of the systems by an anti-spyware program should berun regularly.How easy is it to attack?The slogans of the IT security software suppliers often promise 100% protection using theirprograms. Whilst this is desirable, it is impossible due to the residual attack risk, andeverybody should be aware that 100% protection does not exist! Cybercriminals attacks areoften successful. Armed with excellent technical training, they are able to successfullypenetrate a protection system without even being caught. This kind of targeted attack is onthe rise worldwide, reaching a new level each year, each new protective system beingthwarted by the next attack.Attack tendencies
Attacks, performed by both adults and children, target devices such as mobile phones andsmart phones, with specific functions activated, such as Bluetooth. This technology allowsthe transfer of data over short distances without initiating a phone call and is free. Children asyoung as the age of 10 use mobile malware (freely available on the Internet) to take controlof their peers (and parents) mobile phones. This enables them to make free calls using theirnew ‘host’. The victims only notice the attack upon receipt of their telephone bill. (CASES,2008 06 13)When attacking functions such as Bluetooth, cybercriminals also have the possibility ofobtaining important confidential information on individuals, because after a successful breachthey have access to their victim’s address book. During a one hour test carried out at one ofthe main business streets in Luxembourg-City, a security specialist located more than 200devices whose Bluetooth function was activated. It would have been easy pickings for acriminal wanting to get hold of business contacts’ names and telephone numbers. If thetargeted device was a smart phone with an Internet function, even e-mails could have beenintercepted using the appropriate malware.Malware in the form of Trojan horses make it possible to take control of a computer withinadequate protection. This malware is very easy to work with – criminals make it availablefor everybody on the Internet. The ‘attacker’ installs the malware on the victim’s computerand can survey all the operations carried out, whether this is handling banking data, draftingdocuments, or any other tasks executed on the computer. (OECD, 2008) However, regularlyupdated anti-virus software is able to prevent the installation attempts of the well knownTrojan horses. Children and teenagers use these malwares to activate a classmate’s webcam,for example, or to play silly tricks on their victim’s computer or mobile phone. They oftensucceed, because many people still do not have anti-virus software installed or work with
outdated protection programs. It should be noted that, today, even children of primary schoolage use and manipulate this sort of malware.Cybercrime is increasing in severity and frequency. It is well organised, with specific targetgroups of victims or individual people belonging to organisations. Secretaries or engineersare ideal victims for social-engineering attacks as they often have access to confidentialinformation. With the increasing technical knowledge of cybercriminals, scientists and ITsecurity experts have to stay up-to-date and develop adequate countermeasures.Typical VulnerabilitiesInternet navigation programs (Internet Browsers) are in part to blame for a large number ofvulnerabilities and the target of new attacks currently launched by cybercriminals againstindividuals and companies. Publicly available information about companies found via searchengines is used to profile the victim and is integrated into social-engineering attacks. Usingspecial applications, they are able to collect and correlate data, making it easier for them toestablish profiles of people or even of whole organisations, and enabling them to fine tunetheir attacks. (Provos, McNamee, Mavrommatis, Wang, Modadugu, 2007)As long as finding vulnerable systems is this easy and people are too careless about theircyber hygiene, cybercrime will spread and rise. This is illustrated by statistics published onincidents or by analysing the number of worms (self replicating programs) trying to exploitspecific technical vulnerabilities.Although it’s not very difficult to exploit technical weaknesses, it is generally easier toexploit human vulnerabilities by applying social-engineering techniques. Understanding andrecognising the dangers of social engineering and the need for proper IT Security, the
Luxembourg Ministry of the Economy and foreign trade, in collaboration with the Universityof Luxembourg’s research unit INSIDE, initiated an empirical study to find out how willingpeople are to communicate their current password and other personal data under specificcircumstances. The results of this survey, conducted in October 2008, show that additionalmeasures need to be taken to improve users’ security awareness with new information- andcommunication-technologies and teach the most important IT security principles.The survey interviewed 1,040 people who were not aware that the study was conducted as asocial-engineering attack. Approached by an interviewer in the street or a public place,people were asked if they would participate in an anonymous security survey. The interviewwas composed of 11 psychologically crafted questions in a precise order and took 2-3minutes per interviewed person. (Steffgen Melzer, 2008)To analyse how many people would be willing to cooperate with the offer, 25% of theparticipants were given an immediate reward as an incentive (chocolate bar beforeparticipation), 25% were offered a delayed reward (chocolate bar after participation) and 50%of participants were not offered any reward, irrespective of gender. A statistical analysis ofthe results revealed that 23.4% of the people questioned were willing to communicate theirpassword to a third party, in this case a stranger, straight away. During questioning, anadditional 9.6% disclosed extensive information about themselves, making themselvesvulnerable to having their password revealed through an educated guess. With 15.8% of thepeople questioned, a small amount of Internet research would have been largely sufficient todetermine the password. Even though the survey was presented as being anonymous, nearlyfour out of five revealed additional private data such as their address, name, telephonenumber and birthday.
Attacks, whether they have an innocent, criminal or terrorist goal, always exploit human,organisational and technical vulnerabilities. The impacts of these attacks are not only limitedto financial damages, they can result in the loss of confidence in the Internet or the loss ofvital services for an organisation or country.What are the political solutions to cybercrime?The Luxembourg approachIn January 2009, 185 million Internet sites were online, in comparison to 101 million in 2006(Netcraft, 2009). The Internet has become “the” worldwide communication platform, stillevolving at high speed. The World Wide Web both influences and follows the practices andpreferences of its users.Today, information available on the Internet is mainly user generated content or comes fromcompanies that offer online services. As Internet content is regarded as the “responsibility” ofevery single contributor, organisation or provider, the safety of the information may belimited. Individual users are responsible for determining the level of protection they need ontheir own computer systems.In Luxembourg, the development of e-business and the growth of e-government, e-health ande-education services is regarded as one of the priorities of the Luxembourg government. Themain objective of Luxembourg’s action plan is to enable citizens, together with private andpublic sector organisations, to fully utilise the potential offered by the Internet, whilst havingthe reassurance that their data and computer systems are safe.Today, in 2009, 80% of Luxembourg households have access to the Internet, 75% with abroadband connection. 96% of Internet users connect at least once per week to send or