EU lawmakers should be careful what they wish for when it comes to Internet regulation
The Internet could be reasonably claimed to be the global endurance champion of 2020. Not only did it manage to stand resilient and stay operational during one of the worst pandemics in modern history, but it also allowed societies to continue functioning. In fact, one could say the Internet was ready for COVID19; governments, for the most part, were not.
The Internet’s enduring value is a fact that has been repeatedly acknowledged by European legislators, even as they set out their rationale for the Digital Services Act and the Digital Markets Act, new legislation that commissioners are comparing to “traffic rules” designed to regulate content and business online.
Internet regulation has been at the top of every government’s policy agenda, from the United States to Europe to Africa and the Asia Pacific. The Internet has been integrated so much in the political machinery that regulation is now an inevitability.
Only last week , the President of the United States, Donald Trump, tweeted that he would veto the National Defense Authorization Act, a significant piece of American legislation related to military funds, unless Section 230 of the Communications Decency Act, the law that shields internet service providers from legal liability for content posted online, is repealed.
In the meantime, France is working towards tougher rules for social media companies both domestically and at a European level in light of the terrorist attack on a schoolteacher in November. And, the UK’s Prime Minister, Boris Johnson, recently committed to fighting “disinformation” via “Online Harms” legislation, which is expected to be ready in early 2021.
The concerns are, for the most part, legitimate: disinformation has pushed democracies close to a breaking point and, in some ways, it could determine the success or failure of the COVID19 vaccine. A renewed conversation around competition is long overdue as is the question on whether some of the existing legal rules are enough to address monopolies and market concentration online. Finding a balance between security and safety needs fast resolution. Regulation promises to fix all this.
But as clear as it is that something must be done to address all these current challenges, it is equally clear that it must be done in a way that is fit for purpose for the Internet and the digital age.
A recent global survey conducted by YouGov on behalf of the Internet Society has shown that over two thirds of people (67%) are not confident that politicians have a good enough understanding of how the Internet works to create laws to regulate it.
That this legitimate concern exists does not mean that regulation should not happen. But it does indicate that regulation cannot go ahead on a basis of sensationalist arguments or unfit tools.
Too often, Internet regulation is presented as a panacea for all ills, from abusive language to online fraud.
But the Internet is an ecosystem and, just like any ecosystem, it is diverse, complex and dynamic. It is based on some fundamental design principles that have underpinned the Internet since its original inception. Regulation must uphold these principles and ensure that it does not create any unintended consequences for the way we communicate online.
For its part, the Internet Society has created the Internet Impact Assessment Toolkit that we believe will help legislators create laws without causing damage to the ecosystem.
The Digital Services Act may or may not contain elements that could harm the Internet; we will need to wait for its release to see. What we know is that the DSA promises to do for competition and intermediaries what the GDPR did for privacy: set rules that would then establish a global standard for platform regulation. It is expected to affect businesses around the world and require some drastic changes in their business models. This could also affect the Internet’s underlying architecture.
How will the new rules be enforced? And what measures companies will be required to take will be key in determining the levels of participation and compliance.
If there is one lesson to be learned from the GDPR, it is how lack of clarity and compliance costs can complicate and make implementation hard. The EU has admitted as much. Bearing this in mind is crucial as companies will start deploying tools to comply with the rules of the DSA. We should remain conscious as to how such tools may be created, who by and how effective they ultimately can be.
Consider, for instance, the use of algorithmic tools for content moderation, which was a policy objective of last year’s copyright directive and has since then been implemented for other forms of illegal content. The DSA will require some form of content moderation on behalf of platforms. Algorithmic tools pose challenges, including , but not limited to, how they can negatively affect the Internet as an open, interoperable and general purpose network. Users could potentially be denied access to content that is needed for educational or research purposes. Automated filters have been responsible for taking down perfectly legitimate content that relates to war crimes or even legitimate speech. This could affect innovation and creativity, which is one of the main objectives the DSA aims to accomplish.
The DSA has set the bar very high for itself. When it is released, it will become the first official attempt to articulate a legal environment for technology companies. But, the question of how well it manages to account for the Internet persists. It will be essential for the DSA to conduct an impact assessment analysis for the Internet as soon as the implementation phase kicks in.
The Internet has held up and helped society get through a traumatic period. We owe it respect for its extraordinary service.
Editor's note: this is a guest post contributed by Dr. Konstantinos Komaitis, Senior Director of Policy, Strategy and Development at the Internet Society.)
Europe is marching towards a dangerous and, potentially, irreversible trend that could see the world’s second largest economy alone and alienated.
The trend is: digital sovereignty.
Europe’s obsession with digital sovereignty is not new, but in the last year it has become more prominent and is the driving force behind many of the policy and technology frameworks of the bloc.
In February, 2020, then newly elected President of the European Commission, Ursual von der Leyen, wrote: “I sum up all of what I have set out with the term 'tech sovereignty'. This describes the capability that Europe must have to make its own choices, based on its own values, respecting its own rules”.
Like any other country, Europe should feel free to impose its own rules and laws in the Internet. But, a strict Hobbesian view of a single hierarchy of authority does not work for the Internet because the Internet does not or rather cannot – obey to any such authority.
The Internet is made of independent networks that connect to one another through a voluntary set of of open standards that ensure interoperability. This allows the interconnections to work efficiently without much prior arrangement. As a result of this voluntary interconnection, the Internet does not have a center of control. This lack of central authority means that each and every actor - state or non – can participate in the Internet and reap the benefits of innovation and global connectivity. Any attempt to impose any sort of authority over it would not only affect these benefits, but could also have unintend consequences for governments, and for the Internet.
In the last year alone, Europe has made headway in achieving its goal of digital sovereignty through different ways. GAIA-X, a Franco-German initiative on behalf of Europe seeks to create a “federated cloud architecture.” Similarly, in a recently released communication from the European Commission on the Union’s security strategy, the intention to “[limit] dependency on infrastructures and services located outside of Europe” was reasserted, echoing similar rationales put forth by the Russian sovereign law.
Moreover and, despite some strong criticism on the unintended consequences created by the General Data Protection Regulation (GDPR), Europe continues to act as the de facto global regulator for the Internet.
As part of its digital sovereignty strategy, Europe will release later this year its Digital Services Act (DSA) package, a mammoth piece of legislation meant to tackle the behaviour and business models of online platforms. The DSA, combined with the GDPR, are aimed at ring-fencing data from Europe in an effort to give a competitive advantage to European firms enabling them to compete on the world stage. Through the DSA, Europe has a unique opportunity to address, what are effectively, some of the biggest challenges in the Internet to date.
One of the main reasons for the Internet’s success is that its architecture was not an outcome of politics. The Internet’s original design was never the expression of a hegemon and its order to the people building the Internet. Instead, it was a democratic attempt at consensus amongst a variety of contributors, including the government, the private sector and the technical community. This consensus is reflected in the way the Internet was designed and has performed ever since.
The main question is how far is Europe willing to go and upset this consensus in order to support its vision of technological or digital sovereignty. The Chinese example has demonstrated that if this consensus is stretched far enough, it leads to a version of the Internet that departs significantly from its original incarnation as a free, open and inclusive space.
Europe has certainly a big choice to make and, so far, it appears to be disregarding how its obsession for digital sovereignty may be affecting the Internet. Because, if we want to preserve it, then its architectural values are as equally important as the European ones.
Note: this post originally appeared at https://tech.eu/features/32780/europe-digital-sovereignty/
My Internet’s better than your Internet! The danger of a slide towards state-bordered WANs
By Martin Banks
August 25, 2020
The EU’s interest in its Gaia-X infrastructure is just one example of what could become an international rush towards national interest-driven, inward-looking towards parochial centralisation of the Internet, which would fracture as a global entity and become a set of state-bordered and state-governed Wide Area Networks.
Discussions about the growing relevance of data economics to the way businesses re-architect themselves over the next few years may inevitably hinge on the day-to-day cost of moving, processing and storing data anywhere around the globe, but it should not ignore the wider issues of politics, national cultures and attitudes and views on regulation that exist in different countries.
It is an old dilemma - a country may be cheap to operate in, but be overly woefully under-regulated when to comes to the protection of data or, perversely, over-regulated in a biased manner. The cheapness of operating cost may mask the paucity of investment in its infrastructures or its political self-absorption may seriously prejudice its ability to work with international businesses in a sensible way.
A conversation with Dr Konstantinos Komaitis, Senior Director of Policy, Strategy and Development at the Internet Society, an American non-profit organization founded in 1992 to provide leadership in Internet -related standards, education, access, and policy, cast some light on the stumbling blocks data economics may well come up against over the next few year. It is a task that Komaitis sees as important, not least because of the central role that data, its costs and its potential profitability, now plays for every business:
"I am going to use an expression that I really hate, but it's no accident that we have been referring to data as the new oil. It's everything, especially when it comes to the Internet, everything is about data. So to the extent that you are able to control your data, it gives you an advantage, whether that is a competitive advantage, or whether this is an advantage over control. At the same time, if you are a state actor you also want the data, from designing your own government services to actually being able to manipulate the way you interact with your users in the case of non-very democratic countries."
He sees Europe as one of the most advanced areas of the global marketplace when it comes to working with and managing data, citing the driving force behind GDPR - to fix the data privacy issue by providing a framework that would allow users to understand how their data is being used, and at the same time force businesses to alter the way they treat the data of their customers. The result has been that everything that Europe has done since GDPR in terms of either policy or infrastructure has also been centred around data.
It has also played an important part in the development of Gaia-X, the Franco-German infrastructure project, which is linked to the wider subject of digital sovereignty that is an on-going hot topic in Europe. The objective here is to provide a services infrastructure that favours data localisation, and he talks about how the GDPR will be able to encourage that.
Why my Internet’s better...
Gaia-X comes from a place where Europe feels the need to be competitive, and in particular to compete with the likes of AWS. The issue with AWS is that it can now be seen as a level of consolidation that demonstrates a failure in the market to self-regulate. Komaitis sees Gaia -X as a partial answer to creating some sort of competition against the context of a hugely consolidated model:
"The problem with Gaia-X, is that it seeks to create a closed system that is hugely federated and based on data localisation, and that is quite top down. Even in the context of interoperability, which is key for the Internet's present and future, that interoperability is also quite questionable. We don't really know the technical specifications of Gaia and the talk about interoperability doesn't appear to conform with the organic way that interoperability works in the Internet. So if we're talking about a centralised system of interoperability, rather than this whole idea of a decentralised system of interoperability where the Internet is based."
This does put Gaia-X at risk of going down the wrong alley for the wrong reasons, potentially becoming very parochial and looking predominantly inwards, not outwards. It is a view that Komaitis has sympathy with:
"The missed detail in all these conversations is that the Internet, for better or worse, is now part of the traditional geopolitics. So the geopolitical shifts that we're seeing happening outside of the Internet, inevitably will move into the Internet because it's so integrated in societies and the way we work and experience everyday life. The problem now is that nobody really is paying very much attention to the impact that all this has on this global network of networks."
His fear is that people will take the Internet for granted, something that should not be allowed to happen. The danger, he argues, is that we start losing the benefits generated by the Internet’s critical properties, such as its global cohesion. An unintentional consequence of Gaia-X may be the beginnings of Internet fragmentation, higher barriers to entry, and less interoperability – all fundamental to making the Internet what it is today.
Brexit is likely to be another contributor, especially as a worked example of a country becoming inward-looking and parochial, something he sees appearing all round the world now, with many Governments questioning globalisation and how far it has already extended.
Unfortunately, the Internet really is at the middle of this because one of the key things about the Internet is this whole idea of global reach. We were all celebrating this for the idea that we're able to exchange information and provide a global platform where everybody can participate.
"I think that the main question in this context is what sort of an Internet do you want, because there can only be one way for the Internet to work and that is to have networks that are able to interoperate with one another throughout the world and able to exchange information."
His unstated corollary, of course, is that if you can’t do that, because you are inward-looking, then the Internet ceases to exist. You just have state-bordered WANs. It is only if it becomes truly global that the full power of data economics will then come into play. There is another discussion to be had on how many nations and major businesses would prefer to see state-bordered WANs as the better solution.
Regulations need regulating
One potentially important suggestion he offers here is that impact assessments are conducted on regulatory actions in much the same way we accept environmental impact assessments or health and safety assessments. We regulate all the time, so he sees a place for it in the development of the Internet. Without it, he fears, there could be continued growth in the trend towards data sovereignties, centralisations and other trends that would be dangerous to the Internet.
There is certainly a danger that the act of regulation could be used by a nation state to exercise its particular political or cultural biases, but he sees an independently-conducted impact assessment as both a possible brake, and as a fall-back position:
It is their prerogative and they are legitimised to do that. But should a wrong decision be made and you have an impact assessment in place, then you can revert back to it and actually say, `okay, why didn't you follow these? Because if you were to follow these recommendations, then some of those things would have been avoided’.
Komaitis feels that the EU has a great opportunity here, not least because the one thing Europe is an expert in is how to regulate. He sees the EU on a long and important journey with its Digital Services Act package, which seeks to create rules for platforms as well as rules for the competition and how the competitive economy is going to work within Europe. This gives Europe the opportunity to set the standards of how this can be done, and done in a way that respects and adheres to the design of the Internet:
"We're talking about what the Internet is. We never thought that we would have this tool and suddenly there it is. It's transformative and it really has had a huge impact on all aspects of society. And we are taking it for granted. And because there is clearly a need for governments to address some of the issues, we need to bring the Internet into the consideration process. So I am hoping that they you will see this as an opportunity. I am hoping that we will learn lessons from GDPR – such as that well-intentioned regulation can also create some unintended consequences."
My takeIt is time for business managers to step outside of the straight-jacket of arguing the toss about which technology to use, and then which technology should be used to manage that technology, and then what technology should be used to monitor the technology managing the technology you are using but are starting to have doubts about – and onward into nano-granularity of technologies. If you feel that the Internet is a `good thing’ and using it to exploit all the data that is available to you is a possible fast track to a bigger profit and more sustainable business then forget about the technology per se: whatever you want to do there is now an off-the-shelf service that can deliver it.
But that opportunity for business – how data economics and the wider aspects of the overall data economy can be the basis for huge and largely beneficial developments across the world – is getting ever-closer to being under serious threat. The Internet is already being eyed up as the next plaything of the geo-politicians and geo-commercialists, and the signs are it may not fit with their increasingly parochial purview. I, for one, feel that would not be a good thing.
Note: This post originally appeared on https://diginomica.com/my-internets-better-your-internet-danger-slide-towards-state-bordered-wans
On Thursday the president of the United States signed an executive order that aims to address the liability regime of social media companies. A wide variety of reports have highlighted the problems with this move, but there is one problem that we find especially troubling: the danger of politicizing what is fundamentally a legal debate around party lines.
The president needs to stay out of this debate.
The Internet and politics have always had an awkward relationship. There have been numerous attempts to bring the Internet into mainstream politics over the years, most of which have been unsuccessful. The main reason is that the Internet is not a static “thing,” but a model for how networks and computers can interconnect through voluntary collaboration. A key characteristic of this model is that it’s decentralized, which means it doesn’t have a central point of control that dictates how the Internet should evolve. There is no switch that one can turn on and off, and as soon as policymakers or regulators try to impose one they inevitably chip away at the Internet itself. This characteristic has always been its most powerful asset, and the reason it has been an infinite source of innovation and growth - from the Web to ever-evolving smart devices, homes, etc. This lack of central control is a feature of the Internet, not a bug!
Most of the early legal frameworks that have been implemented in the Internet reflect this apolitical premise, albeit at different levels and to different degrees. But there is really no other law that does this as gracefully as Section 230 of the Communications Decency Act in the United States, which undergirds “intermediary liability” online.
Online intermediary liability protection first emerged in the United States in 1995 as a policy discussion regarding the scope of responsibility intermediaries should have. At the time, there was no Facebook or Twitter, so the law was aimed at services like CompuServe, Prodigy and AOL. However, it set the tone for all future services and would later be exported to the world as one of the most positive Internet legal developments. The question was simple: should intermediaries be liable for content posted using their services or for actions performed by third parties, i.e. their users?
This question would fundamentally shape the future of the Internet. It discouraged attempts of centralized control because it did not force providers to perform functions they were never originally supposed to do. Similar to how telecommunications services are not responsible for the things phone users say over the phone, it was clear that online intermediaries and service providers would need similar commonsense restrictions on what they could be liable for.
Immunity from liability ensures a level playing field and provides autonomy to a diverse set of actors to perform their intended functions. In this context, Section 230 provided predictability in the Internet’s highly unpredictable environment. No one can predict the next innovation; the Internet is designed this way. The Internet’s highly unpredictable environment can only unfold to its full potential if it operates within a legal framework that is obvious in its intention and unsurprising in its outcomes. Section 230 does this. Politicizing it would reverse years of such predictability and could place the Internet’s future potential in jeopardy.
With this in mind, one can see how the executive order is problematic, setting in motion a dangerous precedent both for the Internet and speech. The problem is that a lot of the provisions in this order appear to be what Stanford’s Director of Intermediary Liability, Daphne Keller, calls “atmospheric” – politically driven questions that should not be part of the legal debate related to the scope of intermediary liability protections. They constitute a distraction, which could cause a series of unintended consequences for the evolution of the Internet.
While conversations about the evolving scope of Section 230 are healthy, they should not be based on fashionable political motivations. Section 230 has a historical track record of promoting innovation and creativity online. By separating it from partisan politics, we can ensure that these benefits are retained.
Note: this post originally appeared on The Hill
On January 28, the UK government was set to announce whether it would allow Huawei, the Chinese information and communication technologies provider, to develop its 5G infrastructure. Given Brexit and its need to form new alliances, the decision was marked as a significant moment for the UK’s trade future. Leading up to the day of the decision, the UK was subjected to a significant amount of pressure from the United States government to reject any deal with Huawei. (Similar pressure was exercised towards any other US ally considering to use Huawei’s 5G infrastructure). In a tweet sent by US Secretary of State, Mike Pompeo, the day before the decision was due, he made the claim that Britain’s decision would effectively be one of sovereignty.
We can debate the merits of this claim, but the thing that I want to focus on is the often-use of the word ‘sovereignty’ in conjunction to the Internet and technology. It is interesting to observe how in almost every single discussion about the role governments should have in the Internet, the term ‘sovereignty’ pops up. Terms like “digital sovereignty”, “technological sovereignty” or “Internet sovereignty” have become commonplace.
But, does sovereignty help advance the Internet governance conversations?
The answer is an emphatic ‘no’; sovereignty adds an extra layer of complexity and only pushes states further apart while, simultaneously, it undermines and fragments the Internet. Sovereignty and the Internet are – prima facie – two irreconcilable concepts.
Born out of the effort to connect networks with one another, the Internet was originally designed to not recognize any geographical boundaries. Its design embodies a true decentralized structure in the sense that it is both architecturally decentralized – it runs on multiple computers – as well as politically– no central authority has power over those networks. This decentralized nature has further allowed the various autonomous networks to interconnect with one another irrespective of where in the world they are located. In fact, since its inception, one of the Internet’s distinguishable characteristics has been its global reach: “any endpoint of the Internet can address any other endpoint, and the information received at one endpoint is as intended by the sender, wherever the receiver connects to the Internet. Implicit in this is the requirement of global, managed addressing and naming services”.
Sovereignty, on the other hand, is all about strict geographical boundaries. It refers to the legal autonomy of the state to act independently and without constraints within its own territory. Under its Rousseaunian tradition it reflects the power of the state emerging from its people and for the people.
In the context of geopolitical disputes for transnational communication technologies, sovereignty is currently seen as the construction of a governance system with the ability to coordinate and manage exchanges that may or, may not, address primarily issues of privacy/data protection and security. In this context, its application is one of scale. Historically, countries always sought to impose some sort of domestic legislation to the Internet, but, at the same time, most of them equally understood and respected the need for network autonomy and integrity. Over the past few years, however, there has been a significant shift in this thinking, with an increasing number of countries now actively seeking to centralize control over the Internet. For any country interested in the governance of the Internet, the claim to sovereignty is a claim to power.
Such a Foucauldian approach considers sovereign power as a constant negotiation about the validity of claims of knowledge and truth, which dictates the power dynamics within a system. In this context, we can observe countries, like Russia and China, racing to codify their own notions of sovereignty in international law, much in the same way, the West was integrating its ideas of “universal values” when the Internet first emerged and for the best part of the its commercial history.
Three distinguishable forms of “Internet sovereignty” have emerged thus far.
The first one is China’s vision of sovereignty which is predominantly attached to notions of national security and securitization. (Russia is also part of this thinking, but its vision and technology implementation is not nearly as advanced as China’s.) China’s Internet sovereignty is all about the right of national governments to supervise, regulate and censor all electronic content that passes through its borders – what Bill Bishop has referred to as the “invisible birdcage”. In China, “Internet sovereignty” first appeared in a 2010 White Paper, which indicated that “within Chinese territory the Internet is under the jurisdiction of Chinese sovereignty. […] To build, utilize and administer the Internet well is an issue that concerns national economic prosperity and development, state security and social harmony, state sovereignty and dignity, and the basic interests of the people”. Since then and through a series of laws focusing primarily on cybersecurity, China has increasingly placed chokepoints on its Internet infrastructure, requiring network operators to store data within China and allowing Chinese authorities to conduct spot-checks on the network operations of any company operating out of China. On December 1st, 2019, China rolled out its Cybersecurity Multi-level Protection Scheme (MLPS 2.0), aiming to create a system that is able to monitor every activity in China: Internet, mobile, WeChat type social networks, cloud systems, national and international email – everything. The framework’s goal is not to empower users or even allow companies to make money; it is an attempt to centralize control over key network operations to the Chinese government. With this strategy China does not seek to close itself out of the global Internet but, instead, to strengthen global network integration.
For Europe, sovereignty means independence from the dominant US technology companies. Europe started flirting with “digital sovereignty” as a response to the Snowden revelations in 2013. A 2014 research paper by the Global Public Policy Institute (GPPi) and New America’s Open Technology Institute identified around 12 European countries using the term or considering practical policy solutions to its end. These policies ranged from the construction of new undersea cables to stronger data protection rules; they detailed different layers of extreme with some going as far as to suggest forced data localization and routing rules. Although most of these proposals never materialized, Europe has integrated sovereignty in its recent digital strategy. Last year, Ursula Von Der Leyen, Europe’s chief Commissioner stated that “it is not too late to achieve technological sovereignty in some critical areas.” Similarly, her number two and the EU’s competition czarina, Commissioner Margrethe Vestager argued that digital sovereignty can be achieved through “the development of key value chains and technologies that are of strategic importance for Europe” and which should be “open, truly European, innovative and lead to widespread knowledge dissemination”.
And, then there is the case of India. India presents a big oxymoron being both the largest democracy in the world and the world leader in deploying Internet shutdowns as a political tool to assert its sovereignty. Since August 2019, India has sanctioned the longest Internet shutdown ever to occur in a democracy, in the disputed Kashmir region. Discretionary and vague legal rules regarding the control the government can exercise over India’s Internet service providers has further enabled the government to restrict or limit access on regional and district levels. But, it is its data localization laws that further indicate India’s direction towards a more sovereignty-based Internet. A series of recent laws require different forms of data, from governmental to heath and financial to be stored in India. Additionally, India’s data protection legislation lays out the conditions under which “critical” and “sensitive” data are to be stored locally; this includes, financial, health and biometric information. An official document by the Committee of Experts on data protection acknowledged that although “laws facilitating cross-border data flows […] greatly foster research, technology development and economic growth”, critical personal data should be processed only in India with no cross-border transfer allowed.
So, what does this all mean and why should we care?
For the state, to view the Internet as nothing more than an extension of its sovereignty right should not come as a surprise. The key role of states is to make more of life ‘legible’ as James Scott has convincingly argued – this means to better record and measure human affairs in an effort to make them easier to manage. However, the drive for ‘legible’ or readable structures that can be easily understood and regulated often comes with a fatal flaw; in the top-down drive to simplify and formalize our understanding of complex systems, we sometimes disregard the local and practical knowledge critical to managing the complexity. To this end, our expectations that the state should – or would for that matter – see the Internet in a different fashion must be moderated. With this in mind, what is the impact sovereignty has on the current state of play?
The first point of this consideration is the pressure sovereignty places on the Internet. Although as we said previously, it should be expected that governments apply rules of sovereignty in all aspects of international relations, including the Internet, the stricter the application of those rules, the more danger there is for the Internet to splinter and fragment. And, by this we don’t mean that the global Internet will cease to exist; rather, it will not be neither desirable nor beneficial for people and networks to participate in the global Internet. Its resilience, which depends on the very fact that networks are diversely spread around the world, will diminish and with it any need for interoperation.
The other problem is how sovereignty contributes to state actors not being willing to collaborate. States are already split in their views of the Internet – a split that grows bigger. A UN resolution by Russia in the last days of 2019 on cybercrime, demonstrated the increasing division amongst the views of states. The resolution, which was opposed by the US and Europe but backed by China, passed 79 to 60, with 33 abstentions. And, although we should not be sounding the alarm bells yet, still this resolution indicates a clear move towards a more sovereign based approach for the Internet, which does not create any conditions for collaboration. In fact, sovereignty is the antithesis to collaboration and, this constitutes a problem. The Internet’s past is based on collaboration. Its future also depends on it.
Why is all this important? Because, whichever nation manages to crack the sovereignty code, will also determine the Internet we will end up using. Will it be an open and global space based on interoperation and mutual agreement? Or, will it be a closed and fragmented model based on geographical boundaries and cultural relativism.
The "Kiwi" way of Interneting
By now, are all exposed to the narrative of how the Internet is no longer a safe place. It is full of bots, misinformation, abuse and violence; it is a space that has been overtaken by terrorists and extremists. The Internet is weaponized to influence elections, undermine democracies and instill fear in its users. That’s the story we are told.
No one can deny the swift change that is taking place in global politics. The “brave new world’ that has emerged is, currently, based on isolation and fear. We have officially entered the politics of fear.
How true is this though? How real is fear in the Internet?
Arguably, fear is as old as life. It is deeply part of all living organisms that have survived extinction through billions of years of evolution. Its roots go deep in our biological and psychological existence, and it is one of the most intimate feelings we get to experience. Demagogues have always used fear as a means to intimidate their subordinates or enemies, while shepherding the tribe by the leaders. Fear is a very strong tool that can blur humans’ logic and change their behavior.
Fear has become part of the Internet experience. Every week there is another data breach, another privacy violation, child abusive content proliferates, questionable forums like 8chan are inreasing and people are constantly bullied for expressing – or not expressing – their opinions. The Internet is a dark place. That’s the only story we get to hear. That’s the story world leaders – democratic and not – tell to justify their attempts to control the Internet and turn it into a centralized and restricted space. This is the global trend. But, is it?
The past ten days I have been fortunate to spend some time in New Zealand. What a pleasant surprise it has been. I left the European way of Interneting, a way that is based on distrust, individualism and fear, only to be exposed to the Kiwi way, which is based on trust, collaboration and hope. I, myself, had lost hope that such a way still exists.
March 15, 2019 is the date New Zealanders - and the rest of the world - will never forget. A gunman, carrying two semi-automatic weapons, two shotguns and a lever-action firearm opened fire indiscriminately at two mosques in Christchurch during Friday prayer. The first attack was livestreamed on Facebook. It was viewed 200 times during its live broadcast and 4000 times in total before it was removed. According to Facebook, the company was notified about the livestream 12 minutes after the video had ended. Over the 24 hours following the attack, individuals attempted to re-upload the video 1.5 million times.
New Zealand had a choice to make: succumb to fear or hang on to hope. And, it chose the latter. Post-Christchurch, the government of New Zealand did not order a shutdown of Internet or its services; it did not rush through legislation that sought to regulate the way companies and users interact in the Internet. Its government did not engage in fear mongering. Instead, led by its Prime Minister, Jacinda Ardern, New Zealand turned to the international community asking for collaboration to address what she considered to be a global issue -- how to deal with extremist and violent content online (what would become the “Christchurch call”). In praising this collaborative approach during my panel intervention at NetHui, New Zealand’s version of an Internet governance dialogue, I was told: “this is the Kiwi way of doing things”. Well, the Kiwi way, is also the Internet way. Bringing people together, to collaborate to solve “wicked problems” and address complex questions has been the “Internet way” all along. Without necessarily realizing it, New Zealand was upholding one of the Internet’s most fundamental properties.
During her speech at NetHui, the Prime Minister recognized the challenges the Internet is facing and the slow progress post-Christchurch. Yet again, this did not make her move into panic mode. Instead, she reaffirmed and recommitted to an open, secure and free Internet. She mentioned that she still believes in the ability of the Internet to bring positive change; to be the space of expression and creativity; to be the engine of unstoppable innovation. She said she wanted to do the right thing.
Let's not miss the significance of this. Without intending, New Zealand has become the example of how we must all approach the challenges we face in the Internet; it has become the Internet's champion. Sure, there are still things that the Kiwis need to learn about the Internet and understand better the way it works. Sure the “Christchurch call” process has its own deficiencies and issues. But, ultimately, it is all about New Zealand’s willingness not to close, shut down, centralize or try to control the Internet that they must be commended.
The ‘kiwi way’ of Interneting must not go unnoticed. It must become a lesson for the rest of the world leaders.
Europe’s missed opportunity: How the Internet’s global regulator is failing … the Internet!
Last week was a busy one for Europe. A preliminary question over the global reach of “right to be forgotten” reached the European Court of Justice, the European Parliament voted on the highly contested Copyright Directive and a new regulation to curb online terrorism was hinted. (More on these regulations in a while).
Such an activity should not be a surprise to anyone. For quite some time now (but mainly over the past couple of years), state actors have engaged in a regulatory race over the Internet. Concentrated at national regulation, this race is important because whoever comes on top will get to determine much of the way the Internet will evolve.
Europe is leading the regulatory race. This is not surprising, given the historical broad consensus that sees Europe as a regulatory “great power”. A combination of a significant market size, a sophisticated regulatory capability and a culture of rigorous regulations - all these make Europe a leader in regulation. Europe has the reputation of a ‘normative hegemon’ or even an ‘empire’ that is in the position to coercively promote its own regulatory culture in areas as diverse as the environment, competition, consumer protection, etc.
The Internet is its next frontier. Over the past few months, Europe has been preoccupied with either adopting or working on legislation that would end up affecting the global Internet (and users around the world).
The start was with the General Data Protection Regulations (GDRP). Seeking to address the real issue of privacy, Europe promulgated the GDPR as a statute that would protect the data of European citizens held anywhere in the world. The impact of the GDPR was asteroid-equivalent. Companies, NGOs and any entity holding any personal data of European citizens have rushed to comply. A growing number of countries have been reshaping their laws to reflect the language of the GDRP.
Moreover, a preliminary question before the European Court of Justice is asking whether Google must enforce the “right to be forgotten” – which necessitates that search engines delete results based on European law – at a global scale, i.e. deleting results from its global index. But “can Europe export privacy rules world-wide” is the question that will determine much of the conversation in the future and depending on how the court rules.
And, then there is the Copyright Directive. Like everywhere else, Europe has been struggling to figure out how to update its copyright regime in light of the Internet. And, this time around there was no exemption. A highly contentious article 13 see platforms directly accountable for content they host (apart from some minor exemptions). The Directive is not explicit as to how platforms will go about doing that but there is general consensus that in order to comply they will need to implement “upload filters” – detection tools that will crawl all over the Internet ‘judging’ the content we upload. And, this rule will not remain shy of any global implications. According to Wired, “although the rules would only apply inside the EU, it's possible that companies would apply filters globally, just as some companies are complying with EU privacy regulations even outside of Europe.”
Similar effects will ensue from the Commission’s proposal “to get terrorist content off the web”. During his State of the Union address, President of the European Commission, Jean-Claude Juncker, stated: “[…] the Commission is today proposing new rules to get terrorist content off the web within one hour—the critical window in which the greatest damage is done.” Given the state of the debate currently across the world over the content hosted in platforms, it should be anticipated that, platforms will implement this rule globally, only if for the costs associated with not doing this.
In all this regulatory action, Europe has the unique opportunity to be seen as the beacon of promise to address some of the real issues that permeate the Internet. Fake news, extremist content, manipulation of democratic processes and, massive user-data breaches are only but a few of the current problems the Internet faces. Europe could have set a positive tone, one that could demonstrate its wish to protect the Internet. But, it didn’t.
The thing is this. When people say that the Internet is a complex ecosystem, they do not exaggerate. Its complexity mainly derives from the diverse number of participants and the relationships they need to have in order to make sure the networks they join the Internet interoperate. Unlike other technologies, the Internet comes with certain characteristics as part of its design. These characteristics are unique in that they “have enabled the Internet to serve as a platform for seemingly limitless innovation, outline not only its technology, but also its shape in terms of global impact and social structures”.
Europe did not deal with this complexity nor were the Internet’s characteristics part of its regulatory thinking. Why else, when parts of the copyright directive were debated, would it turn its back on the advice of 70+ creators and innovators, including the father of the Web, Sir Tim Berners-Lee and Wikipedia’s Founder, Jimmy Wales? Why would Europe be instructing companies to deploy technology -- “automated detection tools” –tools that will directly impact the openness of the Internet?
So, we need to take a step back and recalibrate. Collaboration is key as is the realization that, if regulation is to be effective, it needs to be technology-neutral, and technology-informed so it does not operate to the detriment of the Internet.
My current boss, Andrew Sullivan, summarized all this pretty accurately when he wrote: “Things have changed. Every technology can be used for negative ends. The Internet still, plainly, brings gains in efficiency, convenience, and communications. Yet in the recent past, some of the negative uses have become apparent, which leads some people to ask whether the Internet is just too dangerous. This environment has produced a golden opportunity for those who always preferred a sanitized, tightly-controlled utility to the generative, empowering Internet. These forces claim that only national governments, treaties, laws, regulations, and monopolies can protect us from the problems we face. They do not want the extraordinary collaboration of the Internet. They think there is some mere political choice to be made between the Internet we have known on the one hand, and a tidy, regulated network on the other. If these forces are successful, we will all lose.”
 To date, the European Commission has recognized Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and the USA (limited to the Privacy Shield framework) as providing adequate protection, while Japan and South Korea are in discussions with the EU. European Commission, ‘Adequacy of the Protection of Personal Data in Non-EU Countries. How the EU Determines if a Non-EU Country has an Adequate Level of Data Protection’, https://goo.gl/8a4Sds
There is an undeniable attractiveness to decentralization. As social animals, we are naturally drawn to anything that allows us to participate and have a voice and decentralization does that naturally by dispensing power amongst many different actors. Decentralization is condition sine qua non for democracy and democratic consolidation; in theory, it exists to strengthen private autonomy and political self-government while permitting a market-like process in political decision-making. The idea is that political decision making becomes more democratic, processes become more transparent and societal progress is achieved through civic freedom.
Just like democracies, however, decentralization can be messy and the cause for dysfunctional decision making and increased cost of control (in the form of monitoring to ensure that delegated decision-making authority is being used appropriately). That’s why for decentralization to work there needs to be something more – something that most technologies and, in particular, the Internet can point to for their existence. That something is collaboration.
History is replete with examples of decentralized collaborations that led to great things. In 1903, Wilbur and Orville Wright developed the three-axis controls that made flying an airplane possible. In 1913, Albert Einstein published with Marcel Grossman a joint paper “Outline of a Generalized Theory of Relativity and a Theory of Gravitation”, which acted as the precursor to the final theory of relativity. When Paul McCartney and John Lennon started writing songs together for the Beatles, they could never imagine that their creative partnership would become the driving force behind the sound that would change popular music forever.
In all these examples, we still do not know who the leader was. And, therein lies the main attractiveness of decentralization: all this innovative and creative thinking happened in spite of a central authority; it happened because collaboration enabled a decentralized relationship which, in turn, enabled decentralization to take effect. In many ways, decentralization and collaboration complement each other in a seamless way. And, there is no better example to this than the Internet.
When it comes to the Internet, decentralization sits at its core. Early on, its small community of engineers realized the need for the Internet to depart from any design that resembled a government, the classic example of a top-down, centralized structure; and, to achieve this, it was important that any notion of “kings, presidents and voting” was rejected. This choice has proven key for the Internet’s past, present future. “We believe in rough consensus and running code” the engineering community would proclaim. And, the only road to consensus is through collaboration.
In his terrific book, “The Innovators,” Walter Isaacson, writes: “The Internet was built partly by the government and partly by private firms, but mostly it was the creation of a loosely knit cohort of academics and hackers who worked as peers and freely shared their creative ideas. The result of a such a peer sharing was a network that facilitated peer sharing. The Internet was built with the belief that power should be distributed rather than centralized and that any authoritarian diktats should be circumvented”.
In addition, beyond the cultural influences that shaped the Internet, the process that led to its creation is as significant. “The creation of a triangular relationship among government, industry and academia was, in its own way, one of the significant innovations that helped produce the technological revolution of the late twentieth century," wrote Isaacson. "The Defense Department and the National Science Foundation soon became the prime funders of much of America's basic research, spending as much as private industry during the 1950s through the 1980s. The return on that investment was huge, leading not only to the Internet but to many of the pillars of America's post-war innovation and economic boom."
As the Internet grew in size and use, however, so did its complexity. In the meantime, the appetite for collaboration was shrinking. In the beginning, there was collaboration if only to ensure a certain level of interoperation. The new applications that emerged brought new actors that had to collaborate in order for their systems to interoperate with the existing ones. But, as actors grew, so did their power, which became more concentrated. Suddenly, collaboration shifted from being a shared commitment between a variety of actors to a single act predominantly dictated by players with a significant market power. (manifestations of this include bigger players absorbing smaller ones or annihilating them). With so much concentrated power gathered in the hands of a few players, collaboration appeared to be less necessary or relevant.
When it came to governance questions, things looked more optimistic. The decentralized architecture of the Internet was mirrored in the multistakeholder model that was meant to serve the multiplicity and diversity of the Internet’s interested parties. In the beginning, this new structural arrangement brought a great deal of enthusiasm. Multistakeholder governance assumed that democracy would deepen by the extension of political representation at places like the Internet Governance Forum (IGF) and that democratic processes would be strengthened through enhanced political participation by a diverse set of stakeholders; it also assumed that benefits in socio-economic development would increase through governments and decision-makers and influencers being more responsive and more accountable to users’ needs and desires.
In many ways, the multistakeholder model hit those targets; but, it also missed a lot others. With no real guidance, lack of a unified purpose and absent a focused goal, there are not a lot of examples globally of truly collaborative processes that came out of the multistakeholder model to lead to something tangible and impactful (an exemption would perhaps be the IANA transition process – the only real and tangible success of a global multistakeholder process). Did multistakeholders miscalculate the potential for collective action? Overestimate the ability and willingness of people to participate? Assemble the wrong type of interested parties? Set untenable goals? Was it an issue of timing, wrong choice of terminology or simply bad luck? Or, is the vulnerability of the multistakeholder approach part of a larger design flaw that considered collaboration and collective action as default settings?
All these questions would most likely involve both a ‘yes’ and a ‘no’ answer. But, the last one in particular, merits a bit of more thinking. The hope was: allow people to participate and they will collaborate. But, that is a big assumption. The idea that people would creatively come together to deal with the Internet’s challenges is certainly appealing. But, how do you ensure that people actually collaborate? The answer lies in “four important characteristics of collaborative activities that have driven the success and innovation of the Internet to date”:
We rarely see this level of collaboration in the Internet any more. Instead we are noticing an increasing number of actors who are acting alone. Yet, no single entity can solve the problems that face the Internet. Because any single entity will eventually get distracted and self-serving.
I truly think that decentralization can provide many answers to the many questions we face in today’s Internet environment and it is important for the health of the Internet. But, do not believe that by simply calling for decentralization suddenly everything will fall into place – the market will get less consolidated and we will see fewer single points of failure in the way governments approach Internet policy issues. We must collaborate!
I explore all this in a TedX talk below.
We need to talk about Internet responsibility and we need to talk about it now. By “Internet responsibility”, I am not referring to some abstract subjective connotation of it, but rather to an attempt to identify objective criteria that could be used as a benchmark for determining responsibility. For the past 20 something years we all have been using the Internet in different ways and for different reasons; but, have we ever contemplated what our levels of responsibility are? Have we ever taken the time to consider how certain behaviors by certain agents affect the Internet? But, more importantly, do we even know what it is that we are responsible for?
Responsibility and technology seem to have a special relationship mainly due to technology’s pervasiveness role in societies. But, to understand what is so special about this relationship, we should first ask ourselves what it means to be responsible.
In everyday life situations, there is typically an individual confronted with an ethical choice. Although the choice at hand may be morally complex, we tend to think of the actions and what ethical concerns they may raise as well as what are the direct consequences of that action. And, in most cases, it is often the case that there is a degree of certainty on what these consequences may be. In this context, ethical literature operates under three assumptions: (1) it is individuals who perform an act; (2) there is a direct causal link between their actions and the consequences that follow; and, (3) these consequences are most of the times a certainty. None of these assumptions, however, apply when trying to rationalize the nexus between responsibility and technology.
First, technology is a product of a highly collaborative process, which involves multiple agents. Second, developing technology is also a complex process, which is driven by the actions made by technologists and the eventual impact of such actions. And, third, it is very difficult to predict in advance the consequences or the social impact of technology.
But, there is yet another reason why responsibility plays such an important role in technology. Technology informs the way we, as human beings, go about living our lives. An example of this informative role is the correlation between the Internet and fake news. Who is, for instance, responsible if the news spread in the Internet are predominantly fake? Does it make sense, in such situations, to attribute responsibility to technology or is it possible to understand these complex situations so that, in the end, all responsibility can be attributed to human action? More interestingly, what – if any – is the responsibility of the actors running the platforms where fake news get disseminated? It may be argued that these platforms produce the algorithms that sustain and support an environment of fake news. And, ultimately, what is the impact of such actions to the Internet itself?
These are hard questions that invite some even harder answers and I am not alone in thinking of them. For the past few months, the press has been replete with articles on the impact the Internet has on societies and there is compelling data, which accurately points to the fact that, in 2018, our online interactions have changed dramatically compared to just 2 years ago.
Most of these stories, however, fall short on two counts: first, some of them at least, take the mistaken, yet predictable, route of placing the blame on the Internet itself – its decentralized architecture and design. But, as many of us have asserted, these stories lack an understanding of what decentralization means for the Internet. Secondly, these stories also use the current division on pro and against technology to sensationalize their points of view. But, as Cory Doctorow, argues: “This is a false binary: you don’t have to be “pro-tech” or “anti-tech.” Indeed, it’s hard to imagine how someone could realistically be said to be “anti-tech” – your future is going to have more technology in it, so the question isn’t, “Should we use technology?” but rather, “Which technology should we use?”
The answer to this question must be – at least in part: we should use “the technology that is responsible towards technology itself”. In other words, any technology that uses the Internet as its foundation should be responsible towards the Internet itself.
In other words, what are the characteristics of the Internet that make it unique, that allow others to build, create and innovate? And, once we know these characteristics, do we understand them well-enough to make sure we are responsible to preserving them?
Only a few know of these features and they are mainly engineers and Internet geeks. For most people the Internet appears as an awesome tool but, what is the source of this awesomeness is, is widely unknown. Why is it important that we know the source? Because we will appreciate the Internet better but also because it can provide us with the necessarily legitimacy to call out actors and their actions. Ultimately, it can help us answer the question “which technology we should use”.
The truth is that these characteristics remain mainly unknown because of two reasons: first, they have been baptized “invariants”, which is a very awkward and pretty incomprehensible to most people; secondly and more seriously, even by those who know or are supposed to know about them, they are either taken for granted or ignored.
In order to help you understand these ‘invariants’ and their importance, think of the oaths of knighthood. They were about honor, loyalty and faith. But, that’s not only why they were important. They were particularly important because they were an expression of such sincerity that it was backed up by the sense of responsibility towards a common goal.
Similarly, the ‘invariants’ of the Internet – the oaths we all should be striving to uphold – are the expression of the sincerity of choices made in the early days of the Internet’s development by the Internet engineers. And, they are:
These should be oaths that everyone connecting and connected to the Internet should swear to. Understand these features and you can start to get a sense of what responsibility towards the Internet means.
Now, I will let you start thinking how many of the current actors have sworn and upheld the oaths of the Internet.
It is pretty simple: if we want an open Internet, we need to celebrate and support its decentralization.
When I was young, my friends and I, had formed a secret group called “The Five Hounds”, inspired by Enid Blyton’s book series The Secret Seven. The group’s main purpose was to identify and solve school mysteries – who had written bad words on the board, where the attendance sheet had gone or who had scratched the Math teacher’s car. During school hours, we would gather evidence and then meet after school to exchange notes. Our meeting places included abandoned buildings, buildings under construction, the playground. Often times we would exchange notes even during class, which would get us into much trouble. We were all consumed by our mission. We were all equally committed.
Of course, we would end up solving none of the mysteries we had taken on. Actually, we were pretty awful at finding clues. But, what was cool about all this was the group and how it worked. The group had no assigned leader and had no hierarchical structure. We were all responsible for our own actions and we all had the same liberty to make the choices we made. We operated on the basis of openness and were driven by what was good for the group. Most importantly, we were all accountable to each other for any success or failure. And, trust me, there were a lot of failures.
This was my first encounter with the idea of decentralization. (Of course, back then, I could not even spell the word). This idea of the dispensation of power and responsibility and the ability for everyone to be their own self within the collective. This feeling that we were all equals and there was no one that we had to ask permission from. For me and my friends, decentralization meant the willingness of the group to be open to new ideas, suggestions and direction.
Decentralization has been applied to different disciplines from political science to group dynamics and project management. Its meaning varies. But, whatever meaning one attaches to it, it should not be one that views decentralization as a free-ride system of anarchy or lack of responsibility.
This is the major flaw in Niall Ferguson’s essay “In Praise of Hierarchy” for the Wall Street Journal. In his piece, he questions the idea of decentralization as a future course for the Internet, blaming it for its current challenges – fake news, propaganda, online extremism or the rise of big tech. He points the finger to the Internet’s decentralized nature, asking whether “we perhaps overestimate what can be achieved by ungoverned networks—and underestimate the perils of a world without any legitimate hierarchical structure”. But, he completely misses the point of what decentralization means in the context of the Internet.
Let’s start, by what it doesn’t mean. It does not mean the lack of governance. And, it certainly does not mean that those who are responsible should not be held accountable. Internet decentralization is not meant to protect the powerful at the expense of the weaker. It is not about creating permanent favorites.
On the contrary, it is about the invariants of the Internet – the characteristics that make the Internet what it is. It is ultimately about openness. It is about interoperability, accessibility, collaboration and global reach. All these characteristics exist because of decentralization and they are very-well elucidated by Leslie Daigle in her piece “On the Nature of the Internet”. They are important because, as Daigle argues, “by understanding the Internet — primarily in terms of its key properties for success, which have been unchanged since its inception — policy makers will be empowered to make thoughtful choices in response to the pressures outlined here, as well as new matters arising.”
So, decentralization enables the existence of these unique features, which, in turn, ensure an open and free Internet. In this context, decentralization is not an end in and of itself – it is a means towards reaching that end. And, that end, is openness. It is pretty simple: if we want an open Internet, we need to celebrate and support its decentralization.
For the Internet, hierarchy will not work. Imagine asking for permission every time someone has an idea that wants to connect to the network? Imagine governments – the principals of hierarchy – being the only ones making the based purely on their national interests. Or, imagine a system that only supports the strong and creates permanent favorites without accountability. All these things are things hierarchy feeds from.
This does not mean that we should give decentralization absolution. Because, its success is only ensured if there is accountability and transparency. When we talk about anyone being able to operate within a decentralized structure, it should not mean that anyone can do what they want without being accountable or transparent. We are all equally responsible for the decisions we take and for the course of our actions. We should make sure that no one uses the unique features of the Internet only for their benefit and not for the benefit of all, including for the Internet itself. When we feel that some lack accountability we should call them out. We should certainly get better at that. But, whatever we do, we should never prefer hierarchs to visionaries.
Views are my own and my own only!