Q4/2021 - Executive Summary
Developments around Internet governance confirmed one trend in particular in the fourth quarter of 2021: With Internet-relevant issues such as cyber security or the development of the digital economy becoming ever more fundamental political issues and digitisation increasingly affecting all areas of social life, Internet governance is gaining importance to the same extent in geo-strategic political disputes between major political powers – all of which are now also "cyber superpowers". A once technical problem with political implications has become a political problem with a technical component.
Another, more negative development has also become more firmly established in Q4/2021: Whereas 20 years ago, the Internet was seen as a promise of freedom, democracy and prosperity, today, with cyber crime, disinformation campaigns and digital mass surveillance exploding, it has become a risk factor for both individuals and society as a whole.
These contradictory trends are evident in all four major areas of the global Internet governance ecosystem: cyber security, digital economy, human rights, new technologies. In each of the four areas, independent sub-areas have developed. Especially governments try to find selective solutions through intergovernmental negotiations to the problems that have accumulated in these areas due to digitisation and expanded Internet use.
Most of the political, economic or cultural Internet problems arise at the application level. The underlying infrastructure level (TCP/IP, DNS, http, etc.) is only indirectly affected. The pandemic has shown that the viability of the public (technical) core of the Internet and its infrastructure –the smooth provisioning of resources such as domain names and IP addresses, the practicality of Internet protocols, the resilience of the root and name server system, routing, satellite and cable communications, etc. – has successfully passed the stress test imposed by the enormous increase in Internet usage through zoom conferencing, online shopping and distance learning.
This dichotomy gives rise to a new set of questions related to Internet governance. It queries in particular how the infrastructure layer and the application layer are linked and how they interact. The Tunis Agenda of the UN World Summit on the Information Society (WSIS) adopted a broad definition of Internet governance that included both levels, i.e. both the technical management (the so-called ICANN Issues) and the political, economic, and cultural aspects (the so-called "Internet-related Public Policy Issues"). The WSIS definition in the Tunis Agenda uses the terms "development" and "use" of the Internet for the differentiation, but does not further specify them or explain how the two levels interact. Later, this approach was interpreted as a "two-layer system" (governance OF the Internet and governance ON the Internet).
The problem is that at the infrastructure level the Internet is global, borderless and unfragmented (One World, One Internet), while at the application level 193 very different national jurisdictions coexist, cooperate or conflict (One World, 193 Jurisdictions). ICANN's CEO Göran Marby attempted in 2020 to disentangle the DNS from the "Political Internet Governance" (PIG) controversies by introducing the term "Technical Internet Governance" (TIG). However, the discussion of this matter is not only not settled, but it has just begun, in particular with a view to the Chinese proposals to replace (or complement) the TCP/IP protocol with a new Internet protocol (New IP) and Russian initiatives to create options for a "national Internet segment", independent of the global DNS.
However, the intention to avoid the management of technical (neutral) Internet resources to become involved in the geo-political conflicts of the 2020s is reaching its limits, and so is the attempt to harmonise the legal systems of the 193 national jurisdictions. Technical realities determine political possibilities to some degree, as Larry Lessig noted in the late 1990s with his "Code is Law" thesis. There will always be attempts to solve political problems by technical means. The distance between "code makers" and "law makers" has not diminished in the last 20 years. There is little mutual understanding. "Code makers" have difficulties recognizing the political implications of their developments, "law makers" often have an inadequate understanding of how the technical infrastructure works.
In his speech to the 14th Internet Governance Forum (IGF) in Berlin in November 2019, UN Secretary-General António Guterres pointed out the problem: "There’s an absence of technical expertise among policymakers even in the most developed countries, invention is outpacing policy setting, and measured difference in culture and mindset are creating further challenges. ... while industry has been forging ahead and at times breaking things, policymakers have been watching from the sidelines". One thing we can conclude from this is that if we want to solve the Internet governance problems of the 2020s in the interest of the global Internet community, we need to think about developing new forms of interaction and promoting mutual understanding between code makers and law makers. This community has already grown to almost five billion people and the next billion Internet users are around the corner.
What is needed is a kind of TIG-PIG Interoperational Protocol that allows technical and political mechanisms to interlock smoothly without compromising the functioning of the Internet and damaging the "neutrality" of the "Public Internet Core". The "Internet & Jurisdiction" project launched by former ICANN director Bertrand de la Chapelle in 2012 is designed to create such a protocol. However, the results of this research have been sparse so far.
The political controversies at the application level mainly concern three "baskets" of the global Internet governance ecosystem: cyber security, digital economy and human rights.
In the field of cyber security, there are three arenas in which political negotiations take place: the behaviour of states in cyberspace in accordance with international law, the fight against cyber crime, Internet-based autonomous weapons systems.
- Under the umbrella of the 1st Committee of the UN General Assembly, a second Open Ended Working Group (OEWG 2) was created in 2020 with the mandate to define the behaviour of states in cyberspace in accordance with international law. The OEWG 2 is based on consensus reports from several previous UN working groups (GGE 1-5 & OEWG 1) that have addressed the issue since 1998. The results achieved so far by the WG include the recognition of the international law of the UN Charter as the applicable legislation also in cyberspace, and the agreement on eleven norms codifying the behaviour of states in accordance with international law. Another task of the OEWG 2 is to agree on confidence- and capacity-building measures (CBMs). All 193 UN member states are involved in the OEWG. The mandate is valid until 2025. The OEWG 2 is the first ever universal and permanent negotiating body for cyber security of the UN. The outcome of the WG’s new negotiation round, which began in December 2021, is not yet clear. Three options are being debated: An action plan, a (non-binding) code of conduct, a (binding) treaty under international law.
- The second arena is negotiations on cyber crime. Organised crime has discovered cyberspace as one of the most profitable operating fields for its purposes. Ransomware attacks can yield more money than trafficking in drugs, weapons or human beings. The newly formed UN Ad Hoc Committee (AHC) has a mandate to draft a UN convention against cyber crime by 2023. For years, Western countries campaigned to accept the Council of Europe's 2001 Budapest Cybercrime Convention as a universal treaty. The Council of Europe Convention is open to any country, but only one third of the UN member states have signed the Budapest Convention. Countries such as China, India and Brazil argued that they were not involved in the drafting of the Budapest Convention. They supported a Russian proposal to develop a new UN instrument. The Western states fear that a new treaty could weaken existing standards in the fight against cyber crime and open up new areas of conflict if some governments want to include issues of controversial content in the new treaty. The negotiations for the new UN convention will begin in 2022 and take place alternately in New York and Vienna. Six two-week negotiation rounds are planned.
- The third area is the digital arms race. Since 2014, a group of governmental experts (GGE LAWS) has been discussing the issue of lethal, Internet-based autonomous weapons systems (LAWS) within the framework of the Convention on Certain Conventional Weapons (CCW). UN Secretary-General António Guterres has been calling for a ban on such weapons for years. The NGO Stop Killer Robots has mobilised public opinion against future "drone wars", in which armed machines, programmed with facial recognition software, will search for people they have to kill. However, there is a mixed coalition of states – from China and Russia to Turkey, Israel and the US – that are not interested in a ban under international law. They all agree that decisions on life and death should not be made by an algorithm. However, there is no consensus on how to translate this basic statement into a concrete legal obligation. In 2019, the GGE LAWS was able to agree on twelve "Guiding Principles". Since then, negotiations are stagnating. Two further rounds of GGE LAWS negotiations are planned for 2022 in Geneva.
In digital economy, there are four arenas: digital tax, digital commerce, platform regulation and sustainable development.
- In the field of digital tax, a historic breakthrough was achieved in 2021. At the G20 summit in Rome on 30 October 2021, the heads of state and government agreed on a new global tax system (BEPS) that includes a global digital tax. The corresponding international treaty is planned to be ready for signature by mid-2022. The new system shall come into force at the beginning of 2023.
- An agreement on digital trade has been negotiated for years at the World Trade Organisation (WTO). Currently, a temporary moratorium dating back to 1998 is in force, which prohibits tariffs on electronic data transmission. The moratorium had been extended several times and was due to expire at the 12th WTO Ministerial Conference, originally scheduled for June 2020 in Kazakhstan. The WTO Ministerial Conference was postponed several times because of the Covid-19 pandemic and is now scheduled to take place in 2022. In a WTO negotiating group led by Japan, Australia and Singapore, consensus has been reached in recent months on nine articles of the new agreement. Negotiators are optimistic that the remaining issues can be resolved by the WTO Ministerial Conference, provided there is the political will to reach an agreement. However, the whole project is overshadowed by sanctions and counter-sanctions imposed by China and the US in the digital arena.
- The third arena is the regulation of Internet platforms. There is growing consensus worldwide that monopolisation in the digital economy is a bad thing. The "Winner Takes It All" mechanisms of the digital economy have created oligopolies – mainly based in China and the US – that dominate the world and that have a negative impact on economies, micro, small and medium-sized enterprises (MSMEs) and on innovation. More and more governments consider antitrust law a useful tool to steer the future development of the digital economy into a different direction. The European Union (EU) in particular is pushing to write a new "digital rulebook". But US and Chinese authorities are also discussing how to deal with the GAFAs (Google, Apple, Facebook, Amazon) and BAHTs (Baidu, Alibaba, Huawei and Tencent). In 2021, the European Commission presented drafts for a Digital Market Act (DMA) and a Digital Services Act (DSA). It is expected that both legal instruments will be adopted in 2022.
- The fourth arena is sustainable development. Despite all the progress made in recent years and despite the fact that almost five billion people are now online, the digital divide still persists. Many regions of the world are underserved and lack basic information infrastructure. If the world is to achieve the United Nations Sustainable Development Goals (SDGs) by 2030, more efforts are needed to close the gaps, especially from the private sector. Under the umbrella of ITU and UNESCO (Broadband Commission), various UN organisations (UNDP, UNCTAD), the World Economic Forum Davos (The Edison Alliance), the Alliance for Affordable Internet and others, various networks have formed to ensure that "the next billion users" are connected to the Internet by 2025.
There are two issues in the field of digital human rights: The validity of basic individual human rights (freedom of expression, protection of privacy), as laid down in the UN Declaration of Human Rights, for the digital age, and the respect for human dignity by new technologies, especially in the field of artificial intelligence.
- The pandemic has demonstrated that Internet access constitutes a fundamental human right in today's world. Moreover, the Corona crisis has confirmed the importance of the 2012 resolution of the UN Human Rights Council (HRC), which states that "the same rights that people have offline must be protected online". The related issues are negotiated primarily in the HRC in Geneva and in the 3rd Committee of the UN General Assembly in New York. In recent years, the HRC Special Rapporteurs for Freedom of Expression, on the Right to Privacy and of Association have produced numerous reports outlining the new challenges and threats the digital world poses to individual human rights. The reports covered a wide range of topics, from mass surveillance to online censorship. However, up to now, no new regulatory proposals have been developed from the reports describing how to respect, protect and promote existing human rights in the digital age. These include political and civil rights as well as social, economic and cultural rights, and here especially the right to education and the right to work, which have assumed a new meaning in the digital world. The proposal by the former UN Rapporteur on Privacy in the Digital Age, Joe Cannataci, for a UN convention to ban electronic mass surveillance based on digital facial recognition has not yet been taken up by competent UN bodies.
- The development of new technologies such as the Internet of Things (IOT) and Artificial Intelligence (AI) is also giving rise to new questions, addressing once again the very fundamental issue of the inviolability of "human dignity". With the agreement on recommendation on the topic of "Ethics and Artificial Intelligence", a milestone was reached at the 41st UNESCO General Conference in Paris in November 2021. The UNESCO recommendation explicitly prohibits the use of AI systems for social scoring and mass surveillance. These invasive technologies have the potential to violate human rights and fundamental freedoms. The UNESCO recommendation is not a legally binding instrument and was adopted by acclamation, even supported by China and Russia. The USA is no longer a member of UNESCO, but has not objected to the recommendation. In 2022, both the European Union and the Council of Europe will work on drafting legally binding instruments. In September 2021, China published its own AI framework, partly inspired by the EU proposal. And the Global Partnership on Artificial Intelligence (GPAI), a multi-stakeholder initiative hosted by the OECD, aims to bridge the gap between theory and practice on AI.
In Q4/2021, a variety of conferences and negotiations were held to address the many political, economic, cultural, technical and legal issues involved in the further development of the global Internet governance ecosystem.
At the inter-governmental level, the following activities and events in the fourth quarter of 2021 are particular worth mentioning:
- In December 2021, the 76th UN General Assembly adopted a total of six resolutions in dealing with Internet governance issues, including cyber security, freedom of expression and WSIS follow-up;
- The first formal meeting of the Open Ended Working Group (OEWG) on cyber security in December 2021 focused on the status of non-state actors in future cyber security negotiations;
- In November 2021, the position of UN Technology Envoy, who is appointed by UN Secretary-General António Guterres, was newly advertised;
- In December 2021, another round of negotiations on autonomous weapons systems (GGE LAWS) took place in Geneva, which again did not produce any outcome;
- In October and December 2021, meetings of the economic and foreign affairs ministers were held in London and Liverpool under the British G7 Presidency, at which the G7 strategy for cyber security and digital cooperation was defined in greater detail;
- At the G20 Summit chaired by Italy in Rome in October 2021, the breakthrough in the negotiations on a global digital tax was sealed;
- Under the Indian BRICS Presidency, there was a meeting of the BRICS communication ministers in October 2021 to discuss a coordinated BRICS strategy on artificial intelligence;
- At a Prime Ministerial Meeting of the Shanghai Cooperation Organisation (SCO) in November 2021, closer cooperation was agreed to promote cross-border e-commerce;
- At a meeting of the Asia-Pacific Economic Cooperation (APEC) in November 2021, China applied for membership in the Digital Economy Partnership Agreement (DEPA);
- In December 2021, the US government hosted a Democracy Summit in Washington. It was attended by over 100 governments, who also discussed a new "Alliance on the Future of the Internet";
- The European Commission continued its work on various legislative initiatives (Digital Services Act, Digital Market Act, Digital Governance Act, European Chips Act, Cyber Resilience Act, NIS 2, AI Regulatory Package) in the fourth quarter of 2021.
- The Council of Europe Working Group on Artificial Intelligence (CAHAI) adopted a proposal for a new legal instrument on AI to the Committee of Ministers of the Council of Europe in December 2021; the 2nd Additional Protocol to the Budapest Convention on Cybercrime was finalised in November 2021 and will be open for signature from March 2022;
- The 41st General Conference of UNESCO adopted a recommendation on "Ethics and Artificial Intelligence" by acclamation in November 2021;
- The OSCE Representative on Freedom of the Media noted an increase in restrictions on freedom of expression online in its semi-annual report in November 2021;
- In December 2021, the World Trade Organisation (WTO) reported progress in negotiations on an agreement on digital trade and e-commerce;
- The 6th World Telecommunication Policy Forum (WTPF) of ITU ended in December 2021 with the adoption of five so-called "opinions" on the further development of the global information infrastructure and on cyber security;
- NATO established a €1 trillion "Innovation Fund" in November 2021 to foster closer cooperation with industry to develop innovative, Internet-based weapons systems;
- In November, the OECD presented its annual Development Report in November, which documents substantial progress in the global digital transformation;
- In October 2021, Interpol published its first ever report on the growth of cyber crime in Africa (African Cybersecurity Assessment Report 2021);
- At the 13th Europe-Asia Summit (ASEM) in November 2021, the two continents agreed to develop closer digital cooperation.
At the multistakeholder and non-state-level, the following major activities and events in the fourth quarter of 2021 are particularly worth mentioning:
- The 16th United Nations Internet Governance Forum (IGF) in Katowice, Poland, in December 2021 recorded more than 10,000 registered participants. The Katowice IGF Messages contain 56 recommendations to all stakeholder groups;
- The Freedom Online Coalition (FOC) held a virtual meeting in Helsinki in December 2021 and adopted a "Helsinki Declaration towards a Rules-based, Democratic and Digitally Inclusive World" to mark its 10th anniversary;
- The annual Lisbon Web Summit brought together over 60,000 participants in November 2021;
- Freedom House presented its annual report "Freedom on The Net 2021" in October 2021. The report documents a further decline in global Internet freedom and an increase in Internet shutdowns;
- The Danish government launched a new multistakeholder initiative called "Tech for Democracy" in Copenhagen in November 2021;
- The Global Commission on the Stability in Cyberspace (GCSC) terminated its work on 31 December 2021 with the publication of a paper titled "New Conditions and Constellations in Cyber";
- The Global Forum on Cyber Expertise (GFCE) published its research priorities for the period 2022-2024 in December 2021;
- The Charter of Trust used the Infrastructure Security Month in November 2021 to promote new partnerships for security in digital supply chains;
- The Global Internet Forum to Counter Terrorism (GIFTC) further expanded its hash-sharing database in December 2021;
- In November 2021, the Munich Security Conference (MSC) advocated in a study a new process to strengthen cyber security in the EU (Digital Security Proofing) and called for the creation of a "European Chief Security Officer";
- The DNS Abuse Institute announced the development of a new Centralized Abuse Reporting Tool (CART) in November 2021;
- Chatham House in London organised a discussion on "Who controls the Internet" in October 2021, emphasising the close link between Internet governance and global geopolitics;
- The CyperPeace Institute (CPI) in Geneva addressed world leaders in December 2021 with four demands to secure peace in cyberspace;
- The Tech Accord published a “White Paper on Cyber Diplomacy2 in October 2021 and made new proposals for involving non-state actors in global cyber security negotiations in November 2021;
- The Facebook Oversight Board (FOB) submitted its report on 18 cases it had dealt with in the second and third quarter of 2021 in November 2021;
- In November 2021, RightsCon issued a "Call for Proposals" for its 2021 conference;
- Cyber security, digital economy and artificial intelligence were items on the agenda of the 4th Paris Peace Forum in November 2021, which recorded 16,000 participants;
- The US joined the Paris Call for Trust and Security in Cyberspace in November 2021;
- The Global Partnership on Artificial Intelligence (GPAI) presented its first annual report in November 2021;
- In October 2021, the Davos World Economic Forum published a white paper on a legal regulation of digital facial recognition;
- The Alliance for Affordable Internet (A4AI) published its annual Affordability Report in December 2021, calling for the establishment of a universal fund to promote Internet access in underdeveloped regions.
UN Secretary-General António Guterres, 76th Session of the UN General Assembly, New York
One of the greatest perils we face is the growing reach of digital platforms and the use and abuse of data. A vast library of information is being assembled about each of us. Yet we don’t even have the keys to that library. We don’t know how this information has been collected, by whom or for what purposes. But we do know our data is being used commercially — to boost corporate profits. Our behavior patterns are being commodified and sold like futures contracts. Our data is also being used to influence our perceptions and opinions. Governments and others can exploit it to control or manipulate people’s behaviour, violating human rights of individuals or groups, and undermining democracy. This is not science fiction. This is today’s reality. And it requires a serious discussion. So, too, do other dangers in the digital frontier. I am certain, for example, that any future major confrontation — and heaven forbid it should ever happen — will start with a massive cyberattack. Where are the legal frameworks to address this? Autonomous weapons can today choose targets and kill people without human interference. They should be banned. But there is no consensus on how to regulate those technologies. To restore trust and inspire hope, we need to place human rights at the centre of our efforts to ensure a safe, equitable and open digital future for all.