Q3/2021 - Executive Summary
The discussions and happenings related to the evolution of Internet governance in the third quarter of 2021 reinforced the recent trends of a transforming global Internet governance ecosystem. The developments can be summarised in seven points.
- The call for state regulation of the Internet is getting louder, also in Western democracies. Despite the global character of the Internet, “national interests” are increasingly gaining priority, which leads to separate approaches of some countries in terms of regulation. It is true that with the global Internet governance discussion becoming more political, numerous new intergovernmental negotiating bodies were established in Internet-relevant areas, such as internal and external cyber security, cross-border data trade and human rights, but at the same time the willingness of governments to compromise for the good of consensual international solutions has declined, as these often require concessions that have an impact on national policies. The WSIS Tunis Agenda of 2005 remains the last comprehensive reference document for Internet governance that is based on a global consensus.
- The multistakeholder principle for Internet governance is now recognised worldwide, but as soon as severe political or economic problems arise, it quickly turns into lip service. Governments then emphasise their special role and refer to the principle of state sovereignty. The participation of non-state actors on an equal footing in the development and implementation of Internet policies (sharing of decision making) as agreed in the WSIS Tunis Agenda of 2005 is not really lived. Governments frequently understand a “multistakeholder approach” to mean “consultations” with non-state actors in the form of “hearings” in parliament or the formation of informal working groups for government consultancy. The responsibility to select experts from the private sector, academia, civil society and the technical community for the respective working groups usually rests with the governments and parliaments themselves.
- The industrial society of the 20th century was divided into a “capitalist” and a “socialist” world. In the 21st century, the “Internet revolution” has pushed a transition from an industrial to an information society. Initially, at the end of the 1990s, a “convergence” took place which was expected to lead to a uniform global information society. However, as that society continued to take shape, it became clear that there were going to be two different models again: a democratic and an autocratic model. The two models are based on different values and fundamentally hostile to each other. However, unlike during the Cold War when the blocs were strictly separated by an “iron curtain”, the borders between the two models of information society are open and the two parties are economically highly dependent on each other. The UN High Level Panel on Digital Cooperation (HLP) has called this phenomenon “The Age of Cyberinterdependence” in its 2019 report. Thus, the global Internet governance ecosystem with its interdependencies comprises both areas of conflict due to different value systems and areas of cooperation due to same or similar interests. This situation will have implications for the fragmentation or “bifurcation” of the Internet, which has been discussed for many years. Regardless of their political objectives, both social models use the same global infrastructure (Internet protocols, DNS) and the same global resources (IP addresses, domain names, data) on the so-called “transport layer”. A fragmentation of this infrastructure, e.g. into “national Internet segments”, would dramatically reduce the network effects of the Internet with its currently more than four billion users (Metcalfe's Law ), and in particular have negative economic consequences for all sides. Therefore, it is not surprising that the controversial disputes about the management of critical Internet resources and control over the root server system (Governance OF the Internet) – issues that dominated the discussions years ago – have become less intense. On the other hand, the disputes on the “application layer”, where opposing political and economic goals are being pursued with corresponding services and applications (Governance ON the Internet), will escalate.
- As a result of the digitisation of all areas of life, political, economic, cultural, social and legal issues have entered the global Internet governance discussion that had little or nothing to do with the Internet 20 years ago when the WSIS process began. This even applies to issues such as war and peace, international security, world trade and respect for human rights. Comprehensive digitisation has not only led to more than four billion people being able to communicate with each other, it has also resulted in billions of objects being networked. The networking of computers, people and objects goes along with a networking of problems. Political decisions to strengthen national cyber security have economic implications and can have an impact on the protection and exercise of human rights such as privacy or freedom of expression, just as, on the other hand, data protection regulations to strengthen individual personal rights have consequences for the business models of Internet companies and the work of law enforcement agencies. This situation calls for a holistic approach to developing Internet policies. But this need is usually faced with a poorly networked landscape in politics. In that sphere, individual topics are often dealt with isolated from each other in the “silos” of individual ministries, which frequently leads to unintended and counterproductive side effects.
- The business model based on the specifics of the global Internet governance ecosystem with largely unimpeded access to the net for more than four billion Internet users and unlimited availability of cheap, reusable resources, not linked to any territory (IP addresses, domain names, data) has led to a monopolisation (the winner takes it all) in many new business sectors (search engines, social networks, e-commerce) and to the emergence of global economic giants whose political influence is constantly growing while only insufficient transparency and supervisory mechanisms being available so far. Moreover, there is a growing fear that this monopolisation will result in unfair competition and developments that contradict the interests of the general public.
- The technical Internet community is well aware that technical regulations have political implications but tries to stay largely out of the politicisation and polarisation of global Internet governance discussions. The concept of “technical Internet governance” (IST) propagated by ICANN's CEO Göran Marby is based on the fact that the institutions that feel part of the I* network (ICANN, RIRs, ISOC, IETF, IEEE, W3C, etc.) see themselves primarily as neutral service providers that make technical resources available but are not responsible for how and by whom these resources are used.
- New technological developments (The Forth Industrial Revolution) such as the Internet of Things, blockchain technology, quantum computing and above all artificial intelligence act as accelerators for the above trends.
Analysing the discussions and trends in the third quarter of 2021 against this background, two contradicting conflicts are pressing to the fore: On the one hand the more procedure-related conflict between a “national” and an “international” approach to Internet issues, and on the other hand the more content-related conflict between the “democratic” and the “authoritarian” version of the information society.
- The number of Internet-related global negotiations within the United Nations is continuously increasing while at the same time more and more countries are prioritising a “national cyber and digitisation strategy”.
- The conflicts between democratic and autocratic states in the spheres of cyber security and digital economy are getting more severe. At the same time, however, the cyber superpowers are seeking fields of joint interests and are striving to achieve international agreements based on international law.
This contradiction became visible in particular in the political keynote speeches of the 76th UN General Assembly, which began on 21 September 2021. In his first speech to the United Nations, US President Joe Biden spoke at length about the risks and opportunities of digitisation and emphasised that the US was not seeking a new bloc formation in cyber space: “We’re not seeking — I’ll say it again — we are not seeking a new Cold War or a world divided into rigid blocs”.  However, if one compares the speeches given by the leaders of the major cyber powers – Russia and China on the one hand and the US and the European Union on the other – in the third quarter of 2021, it is precisely such a bloc formation that seems to be emerging. Nonetheless, both sides assert that they do not want a confrontation. This kind of mirror-image dual strategy involves supporting Internet-relevant global negotiations on the one hand, and seeking and entering into regional partnerships with “like-minded governments” on the other (G7, BRICS, Quad, Shanghai Cooperation Organisation), which then pursue concepts opposed to the global idea.
Against this background of a new “bloc formation”, the UN and its specialised agencies take on a new significance as an established system of multilateralism. A general commitment to the validity of the UN Charter for cyber space is one of the few things where there is consensus between democratic and autocratic states. At the same time, there are considerable differences in the understanding of how the norms of international law should be applied in concrete cases of conflict, e.g. in the attribution and assessment of cyber attacks.
Notwithstanding these contradictions, discussions on Internet-related issues continue to assume increasingly more space in the United Nations. UN Secretary-General António Guterres proposed a new Global Digital Compact in his report “Our Common Agenda”  on 10 September 2021. This pact is to be adopted at the UN World Summit of the Future of our Planet planned for 2023. The Roadmap for Digital Cooperation published by Guterres in June 2020 is in the implementation phase.  The Open Ended Working Group (OEWG) operating under the First Committee of the UN General Assembly, which is elaborating norms for responsible behaviour of states in cyber space, has a mandate until 2025. By 2023, the UN wants to have a new international convention on cybercrime ready for signature. In 2025, a kind of third UN World Summit on the Information Society is planned. The UN must then review the results of the Tunis Agenda of 2005 (WSIS+20). UNESCO wants to adopt a legal instrument to strengthen ethics in the development and application of artificial intelligence. The World Trade Organisation (WTO) is negotiating a framework agreement on global trade with digital data. The International Telecommunication Union (ITU) is discussing global standards on the Internet of Things. WIPO on the global protection of intellectual property in the digital age. The International Labour Organization (ILO) is investigating the consequences of digitisation for the future of work.
However, these global negotiations are clearly overshadowed by the American-Chinese cyber conflict. While the American President Joe Biden emphasises the different values and contrasts and seeks solidarity with “like-minded people”, the Chinese President Xi Jinping publicly plays down the obvious differences in values and presents himself as a pioneer of multilateralism. In his speeches he points out again and again that the world is big enough to accommodate various different social systems.
In front of US-American intelligence services in contrast, US President Joe Biden warned on 26 July 2021 that a cyber attack might lead to a real war between the super powers. “We’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world. I can’t guarantee this, but I think it’s more likely we’re going to end up — well, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence. And it’s increasing exponentially — the capabilities.” Thus, the US had to enhance its relations with its allies and press for international norms to strengthen the democratic and not the autocratic model. “It’s especially important that we work closely with our partners and allies to maintain our technological edge; shore up supply chains; ensure that the rules that govern technologies support democracies, not autocracies.”  In Q3/2021, this strategy was reflected in particular in the establishment of a new security alliance between the US, UK and Australia (AUKUS) on 15 September 2021  , the Quadrilateral Security Dialogue (QUAD) summit in Washington on 25 September 2021  , the first meeting of the new EU-US Trade and Technology Council (TTC) in Pittsburgh on 29 September 2021  and relevant NATO activities on cyber security.
On the other hand, the Chinese President Xi Jinping has specified the concept of cyber sovereignty he announced in 2012 and also confirmed in his congratulatory letter to the annual World Internet Conference in Wuzhen of 26 September 2021 that China was willing “to work with other countries in the world to make the digital civilization benefit people of all countries, and promote the building of a community with a shared future for humankind.” Such cooperation would include building a strong “digital security shield”.  Vice Premier Liu He added that China was undertaking “global efforts to ensure the safety and reliability of infrastructure, crack down on illegal activities in the internet sector, ensure fair competition and promote innovation”.  The meaning of these statements by Xi and Liu is explained by Maiyue Cheng, Director of Wuzhen Institute, an important think tank in Beijing. At the Wuzhen conference in September 2022, Cheng said that China had “always taken a cooperative yet uncompromising stance on cybersecurity”. He added that China reserved the right to all available options for reacting to cyber attacks of other governments.  For implementing its goals, China primarily relies on the partnerships within the framework of the Shanghai Cooperation Organisation (SCO), which held its annual summit in Dushanbe on 8 September 2021. In the Dushanbe Declaration, the SCO member states agreed to press for equal rights of all countries in governing the Internet and emphasised the sovereign right of the SCO states to manage their national Internet segment. 
Just as the declarations of the G7, Quad and the EU-US Trade and Technology Council cannot hide a latent anti-Chinese attitude, the Dushanbe Declaration does not make a secret of its anti-American stance. However, it should not be overlooked that this new bloc formation has not yet led to official digital alliances. One of the reasons for this is that, regardless of common or similar value concepts, both sides, the US and the EU as well as China and Russia, still also have diverging interests when it comes to Internet issues.
The parties to the democratic bloc, i.e. the US and the EU, have consensus about many issues. They agree in particular on more general themes like democracy, human rights or a free and social market economy. When it comes to more concrete Internet-related themes, like platform regulation, data privacy or artificial intelligence, however, great differences emerge. This is more or less the same between China and Russia. There are many similarities as far as autocratic values and the leading role of the government and the party regarding Internet governance is concerned. On the other hand, China has never fully supported Russia’s project of an independent plurilateral BRICS agreement on cyber security the country has been pursuing for years in BRICS. Neither does China render much support for the concept of acknowledging a “national Internet segment” as proposed by Russia, in particular in the sphere of ITU. On the Russian side, China’s increasing activities of its Internet corporations in Russia are viewed with growing mistrust. Huawei is establishing the Russian 5G network. Alibaba has acquired the Russian Internet giant mail.ru and created a platform with Ali Express that is very interesting for Russian small and medium enterprises in particular. 
But these internal conflicts in the newly developing blocs do not have much impact on the basic conflict between China and the US. The two superpowers are extending their feelers also towards those countries they consider “junior partners” of the other cyber superpower. China tries to establish a special relationship with the European Union. So it supports, for instance, the EU General Data Protection Regulation; a considerable part of it has been used as a basis of the Chinese Data Protection Law adopted in September 2021. A similar behaviour can be observed in the discussion on the Rules on Artificial Intelligence proposed by the EU. The US, on the other hand, has been intensifying its communication with Russia, especially after the Biden-Putin summit in Geneva in June 2021. Since then, there have not been any larger hack attacks on US appliances. Moreover, for the first time in years, the US and Russia introduced a joined draft resolution on cyber security in the First Committee of the UN General Assembly.
These power games between the cyber superpowers and their “allies” are observed with growing suspicion, especially by developing countries. Voices are becoming louder that propose to transfer to cyber space the idea of “non-alignment” dating back to the 1950s, when it applied to the two blocs of the US and the Soviet Union. Especially India – one of the co-founders of the “Non-Aligned Movement” in 1955 – is developing potential concepts of a “digital non-alignment”. In the new publication series of the Global Commission on the Stability in Cyberspace (GCSC), Latha Reddy, former National Deputy Security Advisor to the Indian government, has raised the question: “Is There Space for a Digital Non-Aligned Movement? ” 
Here are the most important events and processes of the third quarter of 2021 in the four core areas of the global Internet governance ecosystem (cyber security, digital economy, human rights, technologies):
With the 76th UN General Assembly, a new phase of global negotiations on cyber security in the UN system has begun. The new structures are becoming more visible and are beginning to take root: For general cyber security issues, especially concerning relations between states, the Open Ended Working Group (OEWG), whose mandate has been extended until 2025, will establish itself as an “umbrella” organisation. The Ad Hoc Committee (AHC) will be responsible for the fight against cyber crime, especially “organised crime” and attacks with extortion software. The AHC is to draft a new UN convention by 2023. This convention shall include essential elements of the Budapest Cybercrime Convention of the Council of Europe from 2001. Arms control and disarmament talks will be handled by the Group of Governmental Experts on Lethal Autonomous Weapons Systems (GGE-LAWS), which was established under the Convention on Certain Conventional Weapons (CCW) in 2014. Progress in this Groups has been limited so far. UN Secretary-General António Guterres has been calling for a ban on autonomous weapons systems that follows the model of the ban on biological and chemical weapons for years.
At regional level, particularly worth to be mentioned regarding the third quarter of 2021 were the announcements of the European Union on cyber security. President of the European Commission Ursula von der Leyen announced a EU Cyber Resilience Act designed to improve cyber protection of the EU. She further informed that the EU and NATO were going to increase cooperation in the field of cyber security. A related joint statement was going to be published in December 2021.
The most outstanding event in the third quarter of 2021 in the field of digital economy was the final basic agreement on the introduction of a global digital tax reached by the G20 Finance Ministers at their meeting in Venice on 6 July 2021. The last details of this “reform of the century”, as the agreement is called, are expected to be settled at the G20 summit at the end of October 2021 in Rome. The new contract shall become effective in January 2023. Progress is also being made with the negotiations on an agreement about trade with digital data that have been going on at WTO since 2019. A final wording was agreed for seven articles at sessions of the WTO working groups in July and September 2021. It is expected that a total of eleven to twelve articles can be completed by the next WTO Ministerial Conference, which will take place in Geneva at the end of November 2021. The new office of the UN Tech Envoy is increasingly pushing activities to achieve the UN Sustainable Development Goals (SDGs), so that the necessary funding can be raised for establishing a digital infrastructure that would make it possible for more than 90 percent of the world population to be online by 2030.
On 16 September, the UN High Commissioner for Human Rights, Michelle Bachelet, presented to the 48th session of the UN Council on Human Rights an extensive report on the implications of the use of artificial intelligence with regard to the right to privacy. The High Commissioner demands that any development, dissemination and use of artificial intelligence must be compatible with the human rights standards as they are laid down in the relevant UN declarations and conventions. This applied both to governments and corporations, she said. The requested measures include a ban of AI-based applications that violate human dignity and a moratorium on biometric face recognition procedures. They further comprise the establishment of an independent supervisory authority for AI applications, procedures for certification and risk assessment, and setting up mechanisms for submitting and handling individual complaints related to illicit use of personal data in connection with services based on artificial intelligence.
At the end of June 2021, an intergovernmental UNESCO conference of experts agreed on the final version of a UNESCO recommendation on the ethics of artificial intelligence. The 28-page document shall be adopted at the 41st session of the UNESCO General Conference. Progress is also being made in the Council of Europe, which has been debating the drafting of a separate legal instrument for artificial intelligence since 2019. After having clarified a number of strategic questions concerning the further proceeding, the 5th session of the Ad Hoc Committee on Artificial Intelligence (CAHAI) adopted a roadmap in Strasbourg on 7 July 2021 that envisages official negotiations about a new convention on artificial intelligence by the Court of Europe to be started in spring 2022. Discussions within the context of ITU about a new Internet protocol (New IP) have currently cooled down. In September 2021 it was decided that the World Telecommunication Standardization Assembly (WTSA), which had been scheduled already for 2020 in Hyderabad, was going to be held in March 2022 in Geneva. It cannot be ruled out that individual governments will bring up the issue of New IP again at the WTSA or at the ITU Plenipotentiary Conference scheduled for autumn 2022 in Bucharest.
At the inter-governmental level, the following activities and events in the third quarter of 2021 are particular worth mentioning:
- On 10 September 2021, UN Secretary-General António Guterres proposed in “Our Common Agenda” presented by him to adopt a Global Digital Compact at the UN World Summit of the Future of our Planet planned for 2023;
- At the 76th UN General Assembly, which started on 21 September 2021 in New York, numerous heads of state and government gave their opinion on cyber security, digital economy and Internet governance;
- The office of the UN Technology Envoy has started to implement the UN Roadmap for Digital Cooperation with a series of events in the margins of the UN General Assembly. The personnel matter of the UN Tech Envoy remains unresolved;
- Under the Italian G20 Presidency several ministerial meetings were held in the third quarter of 2021. At the G20 Finance Ministers Meeting on 7 July 2021 in Venice, a historical breakthrough was achieved. The participants agreed on the final principles of a global digital tax. The Digital Ministers adopted a number of documents on intensifying digital cooperation in Trieste in August 2021;
- Under the British G7 Presidency a meeting of the G7 Interior Ministers was held on 9 September 2021 that discussed the increasing level of cyber crime and exploitation software;
- At the 13th BRICS Summit held under Indian Presidency as a virtual meeting on 9 September 2021, no new agreements worth to be mentioned were reached in the fields of cyber security or digital economy;
- The Shanghai Cooperation Organisation (SCO) met for their annual summit in the capital of Tajikistan on 16 and 17 September 2021. The Dushanbe Declaration includes a number of strategic requests with regard to Internet governance, including the acknowledgement of a “national Internet segment”;
- The proposals negotiated by the OECD for a global digital tax were accepted by the G20 and G7 Finance Ministers. The former Australian Minister for Finance, Mathias Cormann, was elected new OECD Secretary-General;
- Further progress has been made in Q3/2021 in the WTO negotiations to end the 1998 moratorium on e-commerce and conclude a new WTO agreement on digital trade;
- The European Commission has agreed a roadmap for implementing its concept of “Europe’s Digital Decade”. President of the European Commission Ursula von der Leyen submitted a proposal for a Cyber Resilience Act;
- The Ad Hoc Committee on Artificial Intelligence (CAHAI) of the Court of Europe clarified additional principal issues at its fifth plenary session on 7 July 2021 and specified the roadmap for drafting a new convention by the Court of Europe on artificial intelligence;
- At the end of June 2021, an intergovernmental UNESCO conference of experts agreed on the draft for a legal instrument concerning the ethics of artificial intelligence. The document shall be adopted at the 41st session of the UNESCO General Conference in November 2021;
- In September 2021, the regular conference series of the ITU Council Working Groups was held. The proposal re-submitted by Russia to put the issue of the administration of critical resources of the Internet back on ITU’s agenda once again did not meet with a majority support;
- The 48th session of the UN Council on Human Rights was submitted an extensive report by the UN High Commissioner for Human Rights, Michelle Bachelet, on the implications of the use of artificial intelligence on human rights and on the right to privacy in particular;
- NATO Secretary General Jens Stoltenberg and his deputy Mircea Geona have highlighted in keynote speeches the challenges the development of artificial intelligence and autonomous weapons systems pose to the security of the NATO countries;
- The Digital Cooperation Organisation (DCO) of seven Arab and African countries, founded in January 2021, stood up for overcoming the digital divide at a side event in the margins of the 76th UN General Assembly on 23 September 2021 and called on all UN members to join the DCO.
At the multistakeholder and non-state-level, the following major activities and events in the third quarter of 2021 are particularly worth mentioning:
- The Multistakeholder Advisory Group (MAG) held additional virtual meetings to prepare the 17th IGF in December in the Polish city of Katowice. The highlights of the IGF will include high-level meetings of governments and parliamentarians;
- Under the Finish Presidency, the Freedom Online Coalition (FOC) handed over a Joint Statement on Freedom of Expression Online to the United Nations Human Rights Council on 4 July 2021;
- The Munich Security Conference (MSC) published proposals on 19 September 2021 for a new foreign policy under a new German federal government that includes ideas for a new cyber diplomacy;
- The Global Forum on Cyber Expertise (GFCE) has started a new series of workshops on cyber crime;
- The Charter of Trust (CoT) initiated by Siemens organised a workshop on security issues in digital supply chains;
- The Tech Accord initiated by Microsoft has published a “Multistakeholder Manifesto on Cybercrime” on 29 September 2021 together with the Geneva CyberPeace Institute and thus provided those negotiating the new UN convention on cyber crime with seven new guiding principles;
- The RightsCon 2021 presented its final report on 29 August 2021 and announced that the 11th RightsCon was going to be held from 6 to 8 June 2022;
- The Global Internet Forum to Counter Terrorism (GIFTC) held its third summit in July 2021 and reported its successes.
UN Secretary-General António Guterres, Our Common Agenda, New York, 12 September 2021
It is time to protect the online space and strengthen its governance. I would urge the Internet Governance Forum to adapt, innovate and reform to support effective governance of the digital commons and keep pace with rapid, real-world developments. Furthermore, building on the recommendations of the road map for digital cooperation, the United Nations, Governments, the private sector and civil society could come together as a multi-stakeholder digital technology track in preparation for a Summit of the Future to agree on a Global Digital Compact. This would outline shared principles for an open, free and secure digital future for all. Complex digital issues that could be addressed may include: reaffirming the fundamental commitment to connecting the unconnected; avoiding fragmentation of the Internet; providing people with options as to how their data is used; application of human rights online; and promoting a trustworthy Internet by introducing accountability criteria for discrimination and misleading content. More broadly, the Compact could also promote regulation of artificial intelligence to ensure that this is aligned with shared global value.