Internet Governance/Models and Concepts

The concept of “self-governance” drew attention in the early days of the Internet, when it was felt that the network’s success depended on keeping the State out. At the same time, it was recognized that some form of control and management would be required to deal with increasingly evident challenges such as information pollution, fraud, and the requirements of standardization. Many experts and users therefore called for a form of regulation in which private and other entities would, in essence, police themselves (sometimes in accordance with broad guidelines laid down by the State). In such a framework, network providers, for example, would not have to deal with intrusive government monitoring, but would nonetheless have to adhere to broadly accepted quality of service standards and other obligations. Advocates of self-governance pointed out that one of its chief advantages would be to shift the responsibility of regulation onto those who had the relevant expertise.

Although popular in the late 1990s, self-governance has since fallen on somewhat hard times. There are at least two reasons for this. First, the concept has always suffered from a certain conceptual lack of clarity. As Monroe Price and Stefaan Verhulst noted in a paper on the related concept of self-regulation: “The Internet is a consummate demonstration of the complexity of determining what ought to be included in the ‘self’ of self- regulation.... In many discussions, governments have failed to recognize that the Internet industry is not monolithic and that there is no single ‘industry’ that speaks for the whole of the Internet”42 . This difficulty in identifying a cohesive“self” has also made it difficult to draft a broad series of guidelines that would apply across sectors and user-categories; in effect, it became clear that a somewhat more detailed level of policing was required than that possible under self-governance.

In addition, and perhaps more importantly, it has become clear in recent years that the Internet cannot be managed without a certain degree of active participation by the State. Governments need not be all-powerful, but they are often essential to help manage critical infrastructure, and to ensure civil liberties and other public values. Indeed, the need for the State to be involved in Internet governance was recognized byWSIS, which in its Declaration of Principles states that: “Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues.”43

The failure of self-governance, and the accompanying recognition that action would be required at the many layers described in Section II, have led many in the Internet community to call for a new, multisectoral model of governance. As its name implies, multi-sectoral governance begins from the premise that all stakeholders – governments, private companies, civil society (including NGOs and consumer groups) – need to be involved in Internet governance. Only the collaborative participation of each of these actors can address the range of issues outlined earlier.

In its Declaration of Principles, WSIS outlined the following responsibilities for each sector:44

• Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues;

• The private sector has had and should continue to have an important role in the development of the Internet, both in the technical and economic fields;

• Civil society has also played an important role on Internet matters, especially at the community level, and should continue to play such a role;

• Intergovernmental organizations have had and should continue to have a facilitating role in the coordination of Internet-related public policy issues; and

• International organizations have also had and should continue to have an important role in the development of Internet-related technical standards and relevant policies.

Despite the obvious benefits, some challenges exist to the ideal of multi-sectoral governance. One of the most significant stems from what could be called gaps in culture and vocabulary between sectors. In many ways, each sector speaks a different language, and underlying this linguistic distance is usually a different set of priorities and goals. Historically, for example, the relationship between the private sector and civil society has often been adversial. To take just one issue: while it is clear that both need to work together to ensure privacy, the private sector is likely to continue emphasizing profits (often in the name of greater usability) while civil society groups would, in general, restrict profits in the name of greater individual rights. The State, too, has a somewhat difficult relationship to the private sector, particularly in many developing countries, where the latter has often just emerged from the shadow of heavy government regulation. ISPs, software firms and other companies are likely to be extremely wary of greater State involvement.

In addition to distrust and misunderstanding between sectors, multi-sectoral governance also faces challenges from a lack of co-operation within sectors. It is important to keep in mind that civil society, for example, does not represent a uniform block. In fact, smaller and less lavishly funded civil society groups from the developing world often resent the perceived high-handedness of larger NGOs from the developed world. When a consumer group from Europe or the United States speaks at a governance forum, it is hard to make the case that that group represents users in smaller and poorer developing countries. Likewise, governments from developing countries are often at loggerheads with those from the developed world; in the controversy surrounding ICANN, which has often been perceived as dominated by the US government, this is one of the most contentious issues.

Finally, multi-sectoral governance faces the difficulty of finding and working within adequate institutional structures. Few models, and even fewer unequivocally successful models, for multi-sectoral governance exist. Developing the right structures to ensure accountability, representation and legitimacy are key issues that need to be addressed in the coming years if the ideal of multi-sectoral governance is to be realized.

While the roles of the private sector, governments and civil society are usually recognized, discussions of Internet governance typically overlook the importance of average users.

In fact, however, average users have an instrumental role to play in solving (or at least alleviating) many of the most difficult challenges facing the Internet. For example, users are the first line of defence in combating so-called “phishing”, in which fraudulent e-mailers direct users to websites that collect and misuse passwords and other private (often financial) information. While many such websites are fairly sophisticated, well-informed and educated users are far less likely to fall prey to such scams. Likewise, informed users are less likely to allow their computers to be used in denial-of-service attacks (a process by which spammers hijack a computer and employ it to send out mass e-mails).

Both these examples suggest the importance of user education and information. Any system of governance that excludes average users is simply limiting its own effectiveness.

On the face of it, this should be an easy question to answer. As the preceding discussion has shown, including average users is often critical to the success of governance mechanisms. More generally, at a time when the world’s polity is moving towards near-universal adoption of democratic processes, it would be strange indeed if the Internet were to remain an exception.

Nonetheless, Internet policy-making does raise some difficult questions regarding the balance between technical expertise and widespread public participation, and more generally between efficiency and democracy. Many Internet bodies (particularly those in the standards-setting arena) are composed of experts who make decisions on the basis of consensus regarding the best technical solutions. Given the high level of technical knowledge required for such decision-making, many feel that opening up such bodies to participation by the general public would limit their effectiveness. After all, the argument goes, what does an average user know about standard-setting, interconnection regimes, or intellectual property? Their participation is only likely to slow the process, or lead to lowest-denominator compromise solutions that harm the Internet.

ICANN, in particular, has been at the centre of the debate over democracy and technical decision-making. ICANN’s 2000 “At-Large Elections”, in which anyone with an email address could participate in a process to elect board members, were billed as the first instance of true international democracy. A few years later, however, the experiment was felt by some to have been a failure, and the elected board seats were cancelled, replaced by a nominating committee that selects more than half the board and a number of other ICANN leadership positions. Although this change elicited widespread opposition, ICANN defended it as necessary to streamline the organization’s decision-making processes. As one ICANN board member put it at the organization’s meeting in Montevideo, Uruguay, in 2001: “ICANN is a technical organization, not a democracy.”45

Such arguments need to be taken seriously. But many civil society and other representatives also argue that considerations of efficiency and technical expertise should not be taken as a license to impose unrepresentative decision-making on the Internet. After all, such considerations could logically be extended to various aspects of political life, too (for example, in the realm of economic decision-making). More generally, as we have seen, user participation and trust is essential to the success of the Internet. This means that a balance must be achieved between both technical and democratic requirements. This balance is likely to be found in institutional structures that permit public participation, but allow decision-making to be guided by, for example, elected technical experts. Education and awareness-building programmes that build technical capacity in average users are also critical.

Economists and sociologists now recognize that trust is central to the functioning of any social and economic system. Trust, as defined by the sociologist Niklas Luhmann in a classic work on the subject, mediates risk;46 or, as another sociologist puts it, trust is “a kind of social glue that allows people to interact” in a coordinated and co-operative fashion.47

Trust plays a particularly critical role in the online world. In a famous cartoon, published in 1993 in The New Yorker magazine, a dog sitting at a computer states that: “On the Internet, nobody knows you’re a dog.” The darker side of the anonymity celebrated by the dog is the fact that it also facilitates fraud and other illicit actions. Much as no one can identify a dog, so it is difficult to identify a fraudster hiding behind a fake user name on the other side of the world. Anonymity on the Internet also permits the spread of spam, viruses and other forms of pollution by making it harder to track down perpetrators.

The proliferation of fraud and pollution is a serious problem that risks eroding the trust of Internet users. If that happens – if users stop using e-commerce or email for fear of being cheated or overrun with viruses – then the Internet would be in grave jeopardy. Mechanisms to encourage trust are therefore essential components of any governance toolkit. They are particularly important to the spread of e-commerce in the developing world, where credit card penetration is low and payment is often made by cheque or other non-real-time methods that facilitate fraud.

Mechanisms to enhance trust can, of course, include traditional law-enforcement techniques that punish perpetrators of fraud, and establish laws for tracking down content polluters. However, several nontraditional mechanisms have also arisen that include other sectors. These include third-party verification entities that certify websites. Another common mechanism is the use of online reputation systems, such as those promoted by eBay and other e-commerce sites that allow buyers to rate sellers’ reliability and honesty.

The Internet is one of the key drivers of globalization. It is largely because of email, cheaper international IP telephony, and the ease of publishing content for a global audience that the world feels smaller than ever before.

At the same time, the Internet is itself in many ways affected by globalization. Indeed, some of the key challenges confronted on the Internet are the results of globalization. For example, the sprawl of the network across national legal systems and jurisdictions is part of what makes it very difficult to manage (or “govern”) the network. When users in one country download information posted in another country, national jurisdictions frequently collide. Perhaps the most famous instance of this occurred in 2000, when a French court demanded that Yahoo! remove Nazi memorabilia from an online auction site; while sale of the memorabilia was legal in the United States (where the seller was based), it was illegal under French hate-speech laws. Earth Station 5 (ES5), a file-sharing network that has been accused of facilitating copyright infringement, also illustrates the problem of jurisdiction; operated from the West Bank and Gaza, the network exists in a legal no-man’s land, safely beyond the reach of most state authorities.

Confusion over jurisdictions (which often reflect clashing social and cultural norms in different countries) makes it difficult to manage the Internet in a cohesive manner. Many experts feel that effective Internet governance relies on greater legal harmonization at the national level, for example, in treaty-based or other multilateral organizations. But even were such harmonization achieved, the Internet makes it complicated to enforce and implement an international governance system. For one thing, the Internet’s technical architecture, and particularly the anonymity it confers, makes it difficult to track down perpetrators, especially if they are located in another country. In fact, the architecture makes it difficult even to know in which country a user is located. Faced with the French court’s ruling, Yahoo! argued that it was impossible to comply as it had no way of identifying the location of its users. Removing the auction items altogether, the company reasoned, would amount to imposing French laws on a global audience.48

Such difficulties have, to an extent, been mitigated by the rise of geo-location devices that make it more feasible to identify where users are based. But it is still easy for users with even a modicum of technical knowledge to sidestep such technologies. And geo-location techniques are themselves controversial; many people fear that they permit an unhealthy level of control on the network.

Ultimately, successful Internet governance will depend on finding solutions to such thorny problems raised by globalization. A number of governance bodies, notably treaty-based entities like WIPO, WTO and ITU, have always taken an international approach to governance, but they need to contend with a very different problem: the need to remain sensitive to local laws, norms and sentiments. It is unlikely that any one-size-fits-all model of Internet governance will prove sufficient. Successful governance will depend on finding the right balance between the global and the local – a process that development experts call “glocalization”.

Although a somewhat contested notion, convergence broadly refers to the gradual erosion of boundaries between different forms of communication. This process is driven by the digitalization of media: because different types of content (e.g., voice, data and images) can today be broken up into bits and bytes, this means that they can be transmitted along the same networks. Although convergence remains a work in progress, many users already use a single broadband line to send email, listen to music, engage in telephony, and watch movies or TV.

Convergence is a powerful force that is redefining the landscape of Internet governance. Two important consequences in particular can be highlighted:

First, the blurring of lines between means of communication also implies a gradual blurring of lines between governance bodies and responsibilities. In an era of convergence, it no longer makes much sense to have separate systems for governing, say, telecommunications and television. Indeed, a growing number of countries have introduced legislation or already have systems in place to install so-called “super-regulators” that would govern across media sectors. Singapore, for example, was one of the first countries in the world to create a converged regulatory body, the Info-Communications Development Authority of Singapore (IDA), which in 1999 merged regulation of telecommunications with information technologies. Malaysia, too, has a converged regulatory body, the Malaysian Communications and Multimedia Commission; and India’s Communication Convergence Bill, which was passed by parliament but is currently pending, similarly envisions a cross-sectoral regulator.

This union of governance functions is not restricted to oversight by national governments. At the international level, too, there is growing awareness that multilateral organizations and other groups whose responsibilities have hitherto been restricted to a single form of media may need to widen their horizons. ITU, for instance, has gradually widened its responsibilities beyond pure telecommunications; today it is intimately involved in a number of Internet and, more generally, ICT-related issues. The work surrounding ENUM, which involves IETF, ITU and other bodies, is another example of attempts to establish a governance framework across distinct media categories.

This convergence of governance functions, like the underlying convergence of technologies by which it is driven, is still incomplete. Turf-fighting and lack of cross-sectoral technical capacity continue to slow it down. Nonetheless, it is an inevitable process that is already having dramatic effects on the landscape of Internet governance, and is likely to continue having such effects in the future.

Convergence is but one (albeit dramatic) instance of the rapidity with which technology changes. Just a decade ago, it would have been virtually unimaginable for a user in Asia to purchase and download music across a global network from America. Yet today this happens on a regular basis, and in the process, raises difficult questions regarding governance. We have seen some of these questions in our discussions of globalization and convergence.

Such questions and challenges are only likely to intensify in the coming years. As technology continues to change ever more rapidly, existing governance bodies and institutions have two options. They can either re-tool their systems each time a new technology comes along, or they can create systems today that are flexible enough to accommodate new technologies as they emerge. The first response is called “reactive regulation”, and is generally considered an unsatisfactory and inefficient form of governance. It means that governance is always one step behind technology, and it can lead to governance systems that lack coherence or unity. In addition, it leads to a form of “technological determinism,” in which our laws and governance systems are shaped (i.e., determined) by technology rather than by broader social, political and economic goals.

To avoid such reactive responses, governance structures should be shaped, to the greatest extent possible, so that they are “technology neutral”. This means that they remain broad, and flexible enough to accommodate new technologies as they are developed. Laws need to be framed not with reference to any specific technology, but rather with reference to a society’s underlying values and socio-political goals.

Consider, for instance, the issue of universal access. Universal access policies that are narrowly tailored to a specific technology (e.g., fixed-line telephony) are unlikely to fulfill their underlying motive (i.e., providing access to as many people as possible). This is because they leave new, potentially cheaper and more flexible, technologies out of their ambit. As cheaper wireless technologies emerge on the market and become viable methods for access, it no longer makes sense to exclude them from universal service obligations or government subsidies aimed at boosting access. For this reason, universal access policies need to be drafted in as broad and technology neutral manner as possible, with reference to the wider goal of providing access, not to the specific technologies deployed towards that goal.