Communication from the Commission to the European Parliament and the Council - Internet governance : the next steps
/* COM/2009/0277 final */
|Bilingual display: BG CS DA DE EL EN ES ET FI FR HU IT LT LV MT NL PL PT RO SK SL SV|
[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES |
COM(2009) 277 final
COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
Internet governance: the next steps
COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
Internet governance: the next steps
Internet governance has been the subject of international discussions since the mid-1990s, with the EU being an ‘early mover’ in terms of identifying key public policy issues to be discussed between EU Member States and with international partner countries.
Since then, governance of the Internet continues to be a crucial public policy priority given the way in which the Internet has transformed the lives and working environments of millions of European citizens. The EU has for example just over 7 % of the world’s population, but nearly 19 % of the world’s Internet users. The Internet has become a ubiquitous tool for commerce, education, social services and everyday social interaction. Human-to-human interactions are now increasingly supplemented by machine-to-machine interactions — the so-called ‘Internet of things’ — that underpin important activities even when we may be unaware that the Internet is involved.
WHY IS INTERNET GOVERNANCE IMPORTANT?
In the last twenty years, the Internet has had a tremendous impact on society. Already by the mid-1990s, what had originally been a small-scale scientific research network had been transformed into a truly global communications platform. Since then, governments have increasingly found themselves challenged with a whole host of public policy issues, ranging from finding ways to ensure their own citizens can fully benefit from the Internet’s potential, to dealing with inappropriate or illegal content, the need for appropriate consumer protection measures and addressing problems of jurisdiction in an increasingly globalised on-line world.
Importantly, Internet usage and penetration is now so high, especially in developed countries such as those of the EU, that it has become a critical resource , where any serious disruption in service can have potentially catastrophic effects on society and the economy. Whole business models are now built on the assumption of near-continuous availability of Internet connectivity. Many government and financial services have also already migrated so extensively to the Internet that any significant service disruption could seriously inhibit the access of citizens to key services.
Most Internet users in the EU therefore have a legitimate expectation about the reliability of ‘their Internet’. Users will also inevitably turn to their governments if there is any major national disruption to their Internet service , and not to the various Internet governance bodies responsible for coordinating resources.
The success of the Internet
An open and interoperable architecture
The early history of the Internet reflects its origins in research and academia. Decisions about what we now understand as ‘governance’ were made by engineers and scientists. To the benefit of millions of subsequent Internet users, this resulted in an open and interoperable architecture, where efficiencies and reliability were achieved by distributing intelligence to the edges of the network. As long as relatively simple protocols were respected, any network could connect with any other network.
This has allowed innovation to occur from anywhere, including from individual users and completely new actors uninhibited by significant entry barriers. Moreover, the distributed nature of the global Internet is also a key security strength since any localised failure is less likely to interfere with traffic elsewhere.
The success of this open and neutral architecture led to many other actors exploiting the inherent flexibility and efficiency of the Internet to deliver services and use it as a platform for their own innovations.
As the Internet migrated from academia to society at large, the private sector in particular assumed an important leadership role in providing the necessary investment, expertise and entrepreneurial initiative to drive forward the rate of innovation and scope of Internet deployment that we see today. It is the private sector that owns and operates most of the international backbone infrastructure, the national cable networks, and provides the various services that facilitate and manage traffic. Many of the technical rules that underlie the functioning of the Internet are drawn up by the Internet Engineering Task Force, IETF, again not a governmental body. The allocation of IP addresses at regional level is carried out also by private entities such as RIPE NCC, which covers the European region. This private-sector leadership continues to deliver important public policy objectives and needs to be maintained and supported .
The multi-stakeholder model
Another aspect of Internet governance that has contributed to its success to date has been the use of multi-stakeholder processes to initiate and develop consensus on Internet governance policies. The Internet Governance Forum is a good example of such a multi-stakeholder forum .
The role of governments and accountability
The Internet’s growing importance for society as a whole, however, increasingly requires governments to be more actively involved in the key decision making that underlies the Internet’s development.
It is also important to recognise that public attitudes have changed towards the concept of self-regulation in the wake of the financial crisis. When critical resources are concerned, whether they are banking systems or Internet infrastructure and services, there is now a higher and understandable expectation that governments will be more proactive than they may have been in the past in defending the public interest .
Continuing to pursue an exclusively ‘back-seat’ approach to the development of international Internet governance practices is therefore not an option . However, this does not mean that governments need to have any stronger role in managing or controlling the day-to-day operation of the Internet .
Private-sector leadership in the construction and day-to-day management of the Internet that we know today has worked well. As noted before, this private-sector initiative must be maintained . But non-governmental stakeholders must recognise that Internet users world-wide — most of whom do not participate and are not otherwise represented in Internet governance fora — have a legitimate expectation that their governments will guarantee that any current or future governance arrangements will reflect the public interest of society as a whole and will not be subject to capture by narrow commercial or regional interests. Private-sector leadership and effective public policies are not mutually exclusive . A strong and clear public policy framework can also help create a predictable environment conducive to investment by identifying public policy targets that will be supported and ‘red lines’ that must not be crossed. This includes the need for governments to be able to verify whether those principles are followed and thus entails a requirement for accountability of the private entities dealing with everyday Internet operations.
What is the role for the EU?
As mentioned above, the EU has been in the forefront of international discussions on the management of the Internet since such discussions first began. The earliest communication from the Commission on this subject came in 1998 and the European Union was a leading actor in the discussions on Internet governance in the context of the World Summit on the Information Society (WSIS) between 2003 and 2005. In addition, the EU was an active and influential actor in the international discussions surrounding the setting-up of the Internet Corporation for Assigned Names and Numbers (ICANN) in the late 1990s and the shaping of the objectives for the organisation. The Commission Communication in April 2000 on the organisation and management of the Internet and the Council Resolution of 3 October 2000 noted, however, that the objectives which the European Union had set itself on domain name management were not seen as fully achieved, inter alia in relation to the following issues:
- the nature of, and arrangements for, balanced and equal oversight of some of ICANN’s activities by public authorities,
- the rules to govern generic domains, notably database ownership and separation of registries’ and registrars’ activities,
- the transfer of the management of the root server system from the US Department of Commerce to ICANN, under appropriate international supervision by public authorities.
Not all aspects of those issues can be considered as having been addressed in a satisfactory way to date.
In the interim, it is important to note that the EU initiative to set up its own Top Level Domain ‘.eu’ has been a major success, with more than 3 million EU domain names registered to date.
The development perspective
The EU has also always given political priority to the developmental aspects of Internet governance, and the importance of bridging the ‘digital divide’. The first billion Internet users have been largely from the developed world, and the initial governance decisions and structures were, not surprisingly, mostly made by participants from developed countries. The next billion users will mostly come from the developing world, however, and their interests must be taken into account in any governance arrangements made for the future.
Internet governance principles
The experience of the last 10 years demonstrates the viability of the policy approach advocated by the EU for Internet governance so far. The Commission believes in maintaining the EU’s strong emphasis on the need for security and stability of the global Internet, the respect for human rights, freedom of expression, privacy, protection of personal data and the promotion of cultural and linguistic diversity .
In addition, the key principles enabling the success of the Internet promoted by the EU remain:
- The open, interoperable and ‘end-to-end’ nature of the Internet’s core architecture must be respected. This was stressed by the Council in 2005 and reiterated in 2008.
- Private-sector leadership of day-to-day Internet management needs to be maintained but private bodies responsible for the coordination of global Internet resources need to be accountable to the international community for their actions. The role of governments should be mainly focused on principle issues of public policy, excluding any involvement in the day-to-day operations.
- The multi-stakeholder process on Internet governance continues to provide an inclusive and effective mechanism for promoting global cooperation and needs to be further encouraged.
- Governments need to fully interact with such multi-stakeholder processes, with stakeholders accepting that it is governments alone who are ultimately responsible for the definition and implementation of public policies.
- Internet governance arrangements need to be fully inclusive, addressing the urgent need to improve the participation of developing countries in the key governance decision-making fora.
Internet naming and addressing
How naming and addressing works
A central management function necessary to ensure that the global Internet functions properly is the coordination of its ‘naming and addressing’ resources. With so much traffic passing through the global Internet each day, it is very important that individuals’ devices can be reliably identified so that Internet packets go to the right place.
The process of communication is further facilitated by the association of many of the numerical addresses used for this purpose with unique Internet ‘domain names’. Such domain names have become increasingly popular in recent years, and there are now over 170 million domain names registered world-wide under about 270 ‘Top Level Domains’.
For historical reasons, the IANA (Internet Assigned Numbers Authority) functions relating to the main global naming and addressing resources are carried out in the United States of America. As the Internet became more expansive and central to economic and social activity, the United States government decided in the late 1990s to contract related services from ICANN, a private-sector non-profit organisation.
The current situation regarding these functions was recently reviewed by the international community within the context of the WSIS, where it was agreed that "Policy authority for Internet-related public policy issues is the sovereign right of States". It was also agreed that ""Countries should not be involved in decisions regarding another country’s country-code Top-Level Domain (ccTLD)" .
ICANN, the Internet Corporation for Assigned Names and Numbers, was set up in 1998 and was created as a unique experiment in self-governance with an ambitious agenda to bring together all the relevant stakeholders to cooperate on the coordination of these resources.
The EU was an active partner in this process, expressing conditional support for the US government initiative on the basis that the coordination of such key resources would primarily rest with the private sector that operates the resources on a day-to-day basis, but ultimately be properly accountable to the international community as a whole and managed in the broader public interest for the benefit of Internet users world-wide.
ICANN has now completed its first ten years. In September 2009 the latest in a series of agreements between ICANN and the US government regarding its objectives will come to an end. It is an appropriate time therefore for the EU to review the progress of ICANN to date, and to identify what changes if any may be desirable.
The Joint Project Agreement (JPA)
The indication by the US government in 2006 that the current agreement should be the last such agreement with ICANN was largely welcomed by the international community (including the EU). At the same time, the US government has consistently indicated that it will maintain effective control of the coordination of key global naming and addressing functions and this is likely to mean that the problem regarding the ‘unilateral oversight’ of such resources will remain unresolved.
How has ICANN performed in its first ten years?
Undoubtedly, the experience of ICANN to date in its first 10 years has provided a rich range of issues for analysis. It is important to note at the outset that the stability of the Domain Name System has been maintained during this period and this is a key objective that ICANN and the US government can confidently claim to have fulfilled. The creation of a broad multi-stakeholder forum for inclusive policy making is also a feature of ICANN’s activities that has been valuable.
At the same time, while ICANN has been successful in demonstrating what is possible with such a model, it has also been useful in delineating the limitations of such a model.
One example is that the Governmental Advisory Committee (GAC) of ICANN does not yet comprise the full community of states and is thus exposed to criticism regarding its representativeness. It has, however, issued a number of substantive principles on important public policy questions, e.g. on country code Top Level Domains, new generic Top Level Domains and Whois principles. At the same time concern has been expressed about the due consideration given by the ICANN Board to GAC advice. A further example relates to possible competition concerns which may arise from the position of ICANN, a private sector body, as a monopoly supplier of certain services.
What is meant by ‘accountability’ in the ICANN context?
Accountability means an organisation such as ICANN being answerable for its decisions. ICANN has recently devoted significant efforts to reviewing arrangements for its internal accountability — i.e. the accountability to those who actively participate in each of the various ICANN constituencies. The problem is that the vast majority of Internet users do not participate in ICANN activities. There is therefore a need to ensure that ICANN is accountable externally to the global Internet community, which in the first instance (partly by virtue of the absence of alternatives in many countries) means being accountable externally to the governments of the various countries of the world.
The only external accountability that ICANN currently has is to the US government under the JPA and the IANA contract, but this provides only for unilateral accountability to a single government. The stability and management of the root zone file is, however, a matter of crucial importance not just to the US government but to all countries of the world. However, there is no international consensus on the creation of a new intergovernmental organisation to exercise such oversight or on the delegation of such responsibilities to any existing organisation. An alternative would be to make ICANN externally accountable so that each government can exercise in their own interest those responsibilities which should properly sit at their level.
Are there other issues that need to be addressed?
The legal structure and incorporation of ICANN under Californian law poses problems, including conflicts of applicable law and jurisdictions. In addition, legitimate concerns remain as to whether a governmental committee advising a private corporation is an appropriate and effective mechanism to enable governments to exercise their public policy responsibilities. Moreover, the self-regulatory approach as practised by ICANN means that incumbent operators play a potentially inappropriate role (e.g. from the standpoint of competition policy) in setting entry conditions for new competitors.
Moving the agenda forward
Translating public policy principles into action will require concerted efforts to create an inclusive dialogue to develop effective accountability mechanisms which ensure that principles are duly implemented. The deliberations and reflections on governance should also be designed to be ‘future proof’. In particular, the results of such reflections should be adaptable to prospective future developments of the Internet, including the ‘Internet of things’.
To this end, the Commission proposes that the EU should actively engage its international partners in discussions on how to stimulate and support intergovernmental dialogue and cooperation to implement the public policy principles agreed for Internet governance in the WSIS beyond the existing work carried out through action lines.
The starting point for such discussions should be the need to maintain private-sector leadership in all matters of the day-to-day management of the Internet. The multi-stakeholder process must also be encouraged wherever possible.
At the same time, public policies for key global Internet resources (especially those that require global coordination) need to be based on multilateral intergovernmental cooperation.
One element of an evolution of the current governance system could be the completion of an internal ICANN reform leading to full accountability and transparency.
As regards external accountability, the current arrangements for unilateral oversight in regard to ICANN and IANA need to be replaced with an alternative mechanism to ensure that ICANN has multilateral accountability .
This should be part of an evolutionary approach to allow governments to duly exercise their responsibilities. In this context, the question will need to be addressed of how to ensure that the legal character of ICANN’s incorporation in California does not prevent proper account being taken of governmental input.
In addition, the EU should take a leadership role in working towards the goal of increased security and stability of the Internet by initiating dialogue with international partners.
Finally, the Commission also proposes that the EU should seek to initiate discussions with the US government on how a more equitable arrangement might be found for oversight of the management of IANA which respects the national priorities of the US while at the same time reflecting the legitimate expectations and interests of the international community.
 Réseaux IP Européens Network Coordination Centre
 And indeed further afield, covering Europe as a whole, central Asia and the Middle East.
 COM(98) 111, 20.2.1998 ‘International policy issues related to Internet governance’ (followed by subsequent communications on the same subject later in the same year: COM(1998) 476, 29.7.1998, and then again in 2000: COM(2000) 202, 11.4.2000).
 See 8.2.
 COM(2000) 202.
 OJ C 293, 14.10.2000, p. 3.
 Cf. document 10285/05 (Presse 156).
 Conclusions of the telecommunications Council of 26-27 June 2005 regarding the WSIS, and of 28 November 2008 regarding ‘Future networks and the Internet’ (COM(2008) 594).
 Source: Verisign ‘Domain Name Industry Brief’, February 2009.
 See: http://www.ntia.doc.gov/ntiahome/domainname/iana/ianacontract_081406.pdf.
 Paragraphs 35 and 63 of the Tunis Agenda. See: http://www.itu.int/wsis/docs2/tunis/off/6rev1.html
 As illustrated by the continued absence of several major countries from the GAC and the fundamental criticisms that continue to be made by several countries that actively participate.