Q3/2022 - Executive Summary

Volume 1, July – September 2022, No. 3

The global Internet governance debate is increasingly reduced to a discussion about cyber security. The Internet has become part of geo-strategic power games. The Ukraine conflict has accelerated this development. It has become obvious that "cyber" is no longer a policy area in its own right, but that geo-politics principally includes a cyber component. There is no longer a political issue or summit - G20, G7, BRICS, SCO, QUAD, UNGA, etc. - where cyber security is not prominent on the agenda.

  • The debate on the management of critical Internet resources, which was at the center of Internet governance disputes 20 years ago, has been pushed to the margins. It has not disappeared, but today it is discussed primarily in the context of military and security considerations. Detailed technical questions are left to "the experts" (ICANN & IETF). Unlike before the IANA transition, this discussion is no longer in the "line of fire". On the other hand it has not lost its political explosiveness, which results in a certain dilemma with regard to a "holistic approach".
  • The change in the "architecture" of the global Internet governance discussion also affects other Internet issues such as digital economy and digital commerce, blockchain, web3 and artificial intelligence. At the same time, traditional issues such as the guarantee of digital human rights, the multistakeholder Internet governance model and the UN's efforts to implement the Roadmap for Digital Cooperation are coming under attack.
  • A geopolitical "digital trifurcation" is emerging against the background of the discussions about a "fragmented Internet": On the one side are the USA, the EU and other Western-oriented states (G7), on the other are China, Russia and Iran and some developing countries (SCO). In between is a large number of so-called "swing states", first and foremost India, Brazil and South Africa, which pursue a "seesaw policy" in cyber diplomacy, which means they cooperate with both sides, but keep their distance and pay attention to national autonomy.

In Q3 2022, the following processes and events were particularly relevant:

  • The further implementation of the "Roadmap for Digital Cooperation" by UN Secretary-General António Guterres through the inauguration of the "UN Tech Envoy" (Amandeep Singh Gill) on 15 July 2022, the formation of an "IGF Leadership Panel" under the leadership of Vint Cerf on 15 August 2022 and the preparation of a "Global Digital Compact" (GDC) to be adopted within the scope of the "UN Summit on the Future" now planned for September 2024;
  • The election of the US-American Doreen Bogdan-Martin as the new ITU Secretary General on 29 September 2022 in Bucharest;
  • The Shanghai Cooperation Organisation (SCO) summit in Samarkand on 16 September 2022 with the presidents of China, Russia and India, where the call for cyber sovereignty and state control over the "national Internet segment" was reiterated;
  • The failure of the G20 Digital Ministers Conference on Bali on 2 September 2022;
  • The nomination of Nathaniel Fick as the new US Cyber Ambassador on 3 August 2022;
  • The institutionalisation of the Chinese "World Internet Conference" (WIC), which was announced on 12 July 2022. The WIC has been held annually in Wuzhen since 2014;
  • The "State of the Union" speech by EU Commission President Ursula von der Leyen on 26 September 2022 as well as numerous digital EU activities;
  • The dispute over the participation of non-state stakeholders in the UN negotiations on cyber security (OEWG) in New York from 26 - 29 July 2022.
  • The clarification of initial positions within the framework of the negotiations for the elaboration of a UN Convention on Cybercrime held from 30 August to 9 September 2022 in New York;
  • The stagnation in the negotiations on the development and deployment of Internet-based autonomous weapons systems in Geneva from 26 to 29 July 2022;
  • The adoption of a "Geneva Declaration" against trade in surveillance technologies by a group of civil society organisations in Geneva on 29 September 2022.

The implementation of the "Roadmap for Digital Cooperation" presented by the UN Secretary-General in June 2020 is slowly taking shape. Delays caused by Corona were compensated in the third quarter of 2022. This concerns in particular the expansion of the existing mechanisms for the Internet Governance Forum (IGF+) and the preparations for a Global Digital Compact (GDC).

  • On 15 July 2022, the Indian diplomat Amandeep Singh Gill took up his post as UN Tech Envoy[1] The Tech Envoy holds the rank of Deputy UN Secretary-General and is the de facto "right hand in Internet matters" of UN Secretary-General António Guterres. A similar position was held in the 2000s by Nitin Desai under then UN Secretary-General Kofi Annan. Desai was the Commissioner for the UN World Summit on the Information Society (WSIS), Chair of the UN Working Group on Internet Governance (WGIG) and Chair of the Multistakeholder Advisory Group (MAG) of the IGF. Under Kofi Annan's successor, Ban Kin Moon, the position was not filled.
  • On 15 August 2022, UN Secretary-General Guterres appointed ten individuals to the IGF Leadership Panel (LP)[2] The LP is to ensure that the results of the discussions of the IGF, which was founded in 2005, are more incorporated to a greater extent into intergovernmental negotiations on Internet-related issues. The chair of the new LP is the father of the Internet, Vint Cerf. His deputy is Nobel Peace Prize laureate Maria Ressa from the Philippines. The board includes two representatives each from the private sector, civil society, the technical community, governments and the so-called "At Large" community. In addition, there are the ex officio UN Tech Envoy, the Chair of the IGF MAG (the former Microsoft Manager Paul Mitchell), as well as the IGF's previous, current and future host countries (Poland, Ethiopia, Japan). Stakeholder representatives include former President of Estonia Tomas Hendrik Ilves, the new President of the Paris-based International Chamber of Commerce (ICC) Maria Fernandez Garza from Mexico, ETNO Director General Lisa Fuhr, and Chinese Professor Lan Xue, Rector of Schwarzman College of Tsinghua University in Beijing.
  • One of the first challenges for both the UN Tech Envoy and the IGF Leadership Panel is the preparation of a Global Digital Compact (GDC) to be adopted as part of UN Secretary-General Guterres' Common Agenda at the planned UN Summit on the Future[3] On 22 September 2022, the UN General Assembly decided to postpone the summit, originally planned for September 2023, to September 2024. In September 2023, however, a ministerial conference in New York is to discuss drafts for possible final documents, including the GDC. The UN Tech Envoy has already started a series of multistakeholder consultations, e.g. at the ITU Plenipotentiary Conference in Bucharest on 30 September 2022. The IGF in Addis Ababa at the end of November 2023 will deal with the GDC in detail. All stakeholders are invited to submit written proposals by 31 December 2022. The procedure is still unclear, especially with regard to the inclusion of non-state stakeholders in the negotiations. It can therefore be assumed that the political disputes surrounding the GDC will be fierce.

The 77th UN General Assembly began on 22 September 2022. The war in Ukraine dominated the general debate. It was repeatedly pointed out that this war has a cyber component never seen in any military conflict before. This includes cyber attacks on critical infrastructures, the use of "social media" for global disinformation campaigns and the use of semi-autonomous weapon systems such as drones. The formation of "private IT armies", which is not unproblematic under international law, was also mentioned in the discussion. Internet issues are on the agenda of three UN General Assembly committees.

  • The 1st Committee is dealing with a report of the Open Ended Working Group on Cybersecurity[4] The OEWG Chair, Ambassador Gafoor, had published it after the conclusion of the 3rd formal OEWG meeting (New York, 26 - 29 July 2022) in August 2022. It includes an informal summary of the discussion on the application of international law in cyberspace, norms for responsible state behaviour in cyberspace, confidence- and capacity-building measures, and the institutionalisation of cyber security negotiations within the UN framework. The report does not contain any substantial progress compared to previous reports or new recommendations for action. However, given the international tension, the very fact that there is a Chair's report at all was considered a success. A controversial issue in the context of the July meeting of the OEWG was the participation of non-state stakeholders. Ukraine had vetoed five Russian NGOs, Russia 28 internationally active NGOs. The next OEWG session is scheduled for March 2023. In between, "inter-sessional" activities such as informal consultations with non-state stakeholders will take place. Not clear is in what way the topic of Guterres' desired moratorium on autonomous weapons systems will be dealt with on the agenda of the 1st Committee. [5] NGOs like "Stop Killer Robots" are unhappy with the fact that the relevant GGE LAWS negotiations are taking place under the umbrella of the Convention on Conventional Weapons (CCW), i.e. outside the UN. Since after eight years of unsuccessful negotiations progress no advancement is to be expected in the near future, the call for dealing with this issue within the UN is growing louder. The last meeting of the GGE LAWS in August 2022 did not yield any results either. Two more rounds of negotiations are planned for 2023 in Geneva.
  • The 2nd Committee is dealing with the annual progress report of the UNCSTD on the implementation of the WSIS decisions of 2003 and 2005, and here in particular the Tunis Agenda. [6] An intergovernmental review conference is due in 2025 (WSIS+20). The mandate of the IGF is currently limited to 2025. WSIS+20 will therefore have to address the question of whether the IGF should continue beyond 2025 (possibly with an expanded mandate as IGF+). The 77th Session of the UN General Assembly is expected to set the course for the preparation of WSIS+20. A particular topic will be the procedure for involving non-governmental stakeholders in the negotiation process.
  • The 3rd Committee is dealing with human rights issues. Concrete projects such as the universal legal instrument against electronic surveillance proposed by former UN Special Rapporteur Joseph Cannataci are not on the agenda. However, a report of the Ad Hoc Committee (AHC) on the negotiations on the drafting of a new UN Convention on Cybercrime, which began in 2021, will be discussed. [7] At the 3rd round of AHC negotiations at the end of August 2022 in New York, the participants already reached consensus about the structure for the envisaged treaty. In the meantime, several groups of states have submitted draft texts, which, however, reveal the existing major, primarily political discrepancies. The main issue is the definition of crime in cyberspace. Western countries prefer a narrow definition based on the 2001 Budapest Convention. China and Russia prefer a broad definition that also includes crimes related to expression of opinion and dissemination of information. Three rounds of negotiations are planned for 2023 in Vienna and New York. The UN Convention is intended to be ready for signature by 2024.

On 26 September 2022, the ITU Plenipotentiary Conference, which takes place every four years, began in Bucharest. The conference decides on the ITU's work plan for 2023 to 2027. There has been a dispute between the ITU and ICANN since the late 1990s. Some ITU member countries (Russia, China, Saudi Arabia, Iran, etc.) have repeatedly demanded to transfer the management of domain names and IP addresses, which has been under the supervision of ICANN since 1998, to the ITU. ICANN is a multistakeholder organisation in which governments have only an advisory role. The ITU is an intergovernmental organisation where private companies have no voting rights.

  • The candidates for the new post of ITU Secretary General were the US-American Doreen Bogdan Martin, until now Director of the Development Sector of the ITU (ITU-D), and Rashid Ismailow, former Deputy Minister of the Russian Digital Ministry. The election had been apostrophised by media such as the "New York Times" or "Wired" [8] as a direction election between democracy and autocracy that would decide the future of the Internet. In the election on 28 September 2022, Bogdan-Martin received 132 votes, Rashid Ismailow 25 votes. [9] Commentators like Anthony Rutkowski consider the result an option for a renaissance of the ITU. [10]
  • To what extent this situation opens up possibilities for a new relationship between ITU and ICANN remains to be seen. ICANN has been a sector member of the ITU for ITU-D (Development) for four years, but has no voting rights in the adoption of ITU resolutions. In Bucharest, five Internet resolutions directly related to the DNS and IP addresses will be negotiated. In addition, further draft resolutions on Internet governance topics such as the Internet of things, artificial intelligence, cyber security, etc. have been submitted. It so remains to be seen to what extent controversial topics raised by China in the ITU standardisation bodies (ITU-T), such as a new Internet transport protocol (New IP) or an extended Internet address protocol (IPv6+) will be discussed. The ITU Plenipotentiary Conference ends on 14 October 2022.
  • On 29 September 2022, the remaining new ITU management members were elected. Tomas Lamanauskas (Lithuania) was elected as new ITU Deputy Secretary General. The new Director for Standardization/ITU-T is Seizo Onoe (Japan), for Radiofrequency Spectrum/ITU-R Mario Maniewicz (Uruguay) and for Infrastructure Development/ITU-D Cosmas Zavazava (Zimbabwe). Germany had applied for the position of ITU-T Director with Thomas Zielke from Federal Ministry for Economics and Climate Action (BMWK), but he only received 12 votes. Nevertheless, Germany was elected as a full member of the 51-member ITU Council, which conducts business between the ITU Plenipotentiary Conferences.

The final document of the Shanghai Cooperation Organisation (SCO) Summit in Samarkand on 16 September 2022 contains several sections on Internet governance. [11] The heads of state and government of SCO, including the presidents of China, Xi Jinping, Russia, Vladimir Putin and India, Narendra Modi, call for a "secure, fair and inclusive information space based on the principles of state sovereignty and non-interference in the internal affairs of other countries". They underline the need "to regulate the Internet and the sovereign right of states to manage it within their national segment". They reject the militarisation of cyberspace. They support the UN negotiations on cyber security (OEWG) and cyber crime (AHC). SCO governments are urged to deepen their digital cooperation, especially in e-commerce and research and development, and to accelerate the digital transformation of society. In 2023, India will take over the SCO presidency. India will also chair BRICS in 2023.

On 2 September 2022, the annual G20 Digital Ministers' Conference ended without a final declaration being adopted. The G20 Digital Ministers' Conference was founded under the Chinese G20 Presidency in 2016 and further expanded by the German G20 Presidency in 2017 to include a multistakeholder component. The then established G20 Digital Economy Task Force was transformed into a G20 Digital Economy Working Group (G20 DEWG) under the Italian G20 Presidency in 2022 to give it greater political weight. Between February and August 2022, the G20 DEWG held four meetings and developed a so-called "Bali Package" with concrete recommendations for three key areas: Developing post-Covid digital infrastructure, investing in digital education and promoting cross-border data flow (Free Data Flow with Trust/FDFT). The adoption of the "Bali Package" failed because the ministers could not reach agreement about condemning the attack on Ukraine in the preamble of the document. For the first time since 2016, the conference ended without results. The G20 leaders will now decide on the future of the Bali Package at their summit on 15 and 16 November 2022.

Nathaniel Fick is the new US Cyber Ambassador. His appointment became effective after a hearing in the US Senate on 3 August 2022. Fick is thus the highest-ranking US diplomat with responsibilities for the Internet. The recommendation for this new post dates back to the times of the Trump administration, when it was suggested by the "Cyberspace Solarium Commission" (CSC)[12], a high-ranking group with members from both Chambers of the US Congress. The new "Bureau for Cyberspace and Digital Policy" [13] is now the central coordinator of US Internet policy for cyber security, cyber crime, digital infrastructure security, new technology developments, cross-border data flows, digital development assistance and human rights. Nathaniel Fick was CEO of the cybersecurity company "Endgame" and previously served in the US Navy. He became known for his bestseller "One Bullet Away: The Making of a Marine Officer". At his hearing, Fick argued that it is on the "technology front" that the crucial political, diplomatic and economic struggles of the 21st century are taking place. He outlined his mission in terms of a triad: 1. Working more closely with Western allies, 2. Taking a clear edge against autocrats, and 3. Strengthening the own technological and institutional basis.

The European Commission is gradually making progress in implementing its goals formulated in the "Digital Decade".

  • The EU continues to work at taking the position of a global leader in Internet regulation. The so-called "Brussels effect", which has become visible with the General Data Protection Regulation (GDPR), shall be further enhanced and turn the EU into a "norm maker" rather than a "norm taker" in the digital world. The EU wants to write a "Digital Rulebook" that can serve as a global model. The number of EU regulations already adopted and under discussion has grown enormously under the presidency of Ursula von der Leyen. They include the "Chips Act", "Digital Market Act", "Digital Service Act", "Cybersecurity Act" (NIS2), and the "AI Regulatory Package". In Q3 2022, the draft for the "Cyber Resilience Act[14] and the "European Media Freedom Act" [15] were presented. New regulations were adopted for the simplification of digital cross-border administrative processes by means of a "Once Only Technical System" (OOTS) as part of the Single Digital Gateway Regulation of 20 July 2022 and a modernised "AI Liability Directive" of 28 September 2022 [16].
  • On 28 July 2022, the EU Commission published its annual "Digital Economy and Society Index". The Commission notes considerable progress in the digital transformation within the EU, but laments backlogs in digital education, the digitisation of small and medium-sized enterprises and the expansion of 5G networks. Only 54 percent of Europeans aged 16-75 have "basic digital skills". Finland, Denmark, the Netherlands and Sweden are most advanced in this field. Germany holds rank 13. Greece, Romania and Bulgaria bring up the rear. [17]
  • On 14 September 2022, EU Commissioner Thierry Breton articulated the EU's claim to play a leading role in the development and shaping of the metaverse. It must be prevented that a "Wild West" practice with private-sector monopolies develops again in the new virtual spaces that is emerging with Web3. People must feel as safe in these new virtual spaces as they do in the real world. Breton called on European companies to be at the forefront of research and market development and informed about the foundation of a "Virtual and Augmented Reality Industrial Coalition" (VARIC) in which 40 European organisations are already participating. [18]

On 12 July 2022, it was announced that the so-called "World Internet Conference" (WIC), organised by the Chinese Communist Party and held in Wuzhen since 2013, was going to be transformed into a formal non-governmental organisation. In a letter to the conference organisers, China's President Xi Jinping welcomed this step. [19] Details of how the institutionalisation will take place – founding document, membership, governing and oversight bodies, funding, etc. – are not known. The new organisation is to be based in Beijing. An international advisory board shall be established, which is supposed to include recognised Internet personalities such as members of the "Internet Hall of Fame". Names were not mentioned. The 2022 Wuzhen Conference, originally planned for September, has been postponed to 9 to 11 November 2022, i.e. after the Chinese Communist Party Congress. Commentators suspect that the institutionalisation of the WIC is China’s reaction to the "Declaration on the Future of the Internet" (DFI) initiated by the USA. In April 2022, 60 governments had signed the DFI in Washington and committed to an "open, free, global, interoperable, trustworthy and secure Internet".

At the 75th ICANN Meeting in September 2022 in Kuala Lumpur, the relationship between blockchain and the Domain Name System (DNS) was one of the topics discussed. The discussion was triggered by the increase in the registration of names in the so-called "Ethereum Name Service" (ENS). The ENS is an open, distributed and extensible naming system that interacts directly with the Ethereum blockchain. Similar to DNS, the ENS helps map machine-readable addresses like "0xd0eAf74B8c5bF457C7a81c3fe277aDb6Ed32DCF4" into a human-readable address like "name.eth". The domains are managed by so-called "decentralised autonomous organisations" (DAOs). They can store crypto wallets, websites, content hashes and metadata. Some providers dream of ENS becoming the namespace for the metaverse. At ICANN, there was consensus that on the one hand blockchain is outside ICANN's mandate. On the other hand, however, further proliferation of ".eth names" (there are over one million .eth addresses registered to date) may lead to confusion among end users. ".eth" is not a Top Level Domain registered in the ICANN root. Therefore, ICANN should closely monitor the further development here

On 17 August 2022, Australia announced that it would join the Global Cross-Border Privacy Rules Forum (Global CBPR Forum). So far, the forum is an initiative of six Asian countries. It aims to promote cross-border data flows and plans to introduce a certification system to confirm that relevant services comply with international data protection standards. The forum is strongly oriented towards the GDPR rules of the EU. [20]

In a speech to the Helsinki Security Forum on 30 September 2022, NATO Deputy Secretary General Mircea Geoană specified NATO's cyber strategy. Russia's war against Ukraine had made visible the importance of offensive and defensive cyber capabilities. Geoană pointed to the one billion US dollars available for the NATO Innovation Fund and the Defence Innovation Accelerator for the North Atlantic (DIANA). "Modern conflict is about far more than guns and tanks. We must be every bit as concerned with the protection of our critical infrastructure, including energy security, supply chains, healthcare systems, and resilient societies which are in fact, our first line of defence."

WTO negotiations on a digital trade agreement continue to tread water. After the Geneva Ministerial Conference in November 2021 failed to agree on a text, the three co-chairs from Japan, Singapore and Australia announced after two meetings of the WTO eCommerce Group in Geneva on 12 to 14 July 2022 and 13 to 15 September 2022 that they were going to present a consolidated draft text by the end of 2022 that could enable the WTO to adopt the envisaged new global eCommerce treaty in 2023. The main outstanding issues are "cyber security, privacy, telecommunications services, electronic invoicing and electronic transaction frameworks." The moratorium not to impose customs duties on cross-border data transmission, agreed in 1998 and repeatedly extended since then, remains in force.

On 21 and 22 September 2022, the 2nd plenary session of the new "Committee on Artificial Intelligence (CAI)" of the Council of Europe took place in Strasbourg. A first draft text for a future "Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law", drafted by the Council of Europe Secretariat and referred to as "zero draft", was presented. [21] CAI Chair, Swiss Ambassador Thomas Schneider, asked all delegations and observers to submit comments by the next session (11 to 13 January 2023 in Strasbourg).

In a position paper dated 25 August 2022, the Cybersecurity Tech Accord advocates a "narrow definition of criminal offences in cyberspace" and warns against criminalising "controversial information content". It rejects obligations to be imposed on the industry for "backdoors" or a softening of encryption. Governments should strive to harmonise their national laws to a large extent to enable effective international law enforcement and to give companies more clarity and legal certainty. Governments should not formulate regulations for companies. Close cooperation between governments, companies and other stakeholders on issues such as attribution and cyber capacity building, however, is supported.

A group of 30 civil society organisations led by Access Now and the Geneva Digital Peace Institute signed a "Geneva Declaration on Targeted Surveillance and Human Rights" on 29 September 2022. The declaration calls on states to suspend the export, sale, transfer and use of targeted digital surveillance technology until rigorous internationally recognised rules compatible with UN human rights conventions have been adopted. The unrestrained use of mobile device hacking, network surveillance and facial recognition leads to fundamental human rights violations and threatens democracy, the declaration says.

On 25 September 2022, Germany’s Federal Cabinet adopted the "Digital Strategy for Germany" presented by the Federal Minister for Digital and Transport, Volker Wissing. [22] The 52-page paper focuses on economic and domestic policy measures, but also includes a section on international issues. Literally, it says: "We are significantly increasing our engagement in existing Internet governance processes as well as in multilateral and multistakeholder forums (e.g. IGF, ICANN, ITU, WSIS, UN, OEWG, G7, G20, OECD, OSCE, WTO, GPAI, Human Rights Council, Freedom Online Coalition)." The key issue here is coordination within the EU and transatlantic cooperation (TTC). The commitment to building an independent digital infrastructure to strengthen digital sovereignty in the global South must be increased, including via the "EU Global Gateway Initiative". The private sector, academia, the technical community and civil society" are to be closely involved in these digital dialogues. An "active digital foreign policy" and the development of a "strategy for international digital policy" are announced.

At a cyber security conference organised by the Federal Foreign Office in Potsdam on 27 September 2022, Foreign Minister Annalena Baerbock presented a "four-pronged approach" for German cyber diplomacy: 1. Strengthening critical infrastructures against cyber attacks. 2. Implementing norms of international law in cyberspace. 3. Combating cyber crime at the political level. 4. Building "virtual rapid response teams" with NATO and the EU. [23] Baerbock called for stronger national laws against cyber threats and did not rule out the necessity of amending the German Constitution to centralise responsibilities at the federal level. She announced the creation of a German "data embassy", i.e. a data center outside German territory where critical information would be stored to protect it from attacks. "Putin's war of aggression confronts us with a new reality", Baerbock said. "It highlights the need for increased international dialogue on security and cyber policy."

Mehr zum Thema