The current Internet governance regime (which I have called "a Cartel
masquerading as anarchy" ) came about largely because the ITU gave up
after the failure of X25 to provide effective standards for
any-to-any packet switched communications. It left vacant the role of
providing an umbrella organisation for these
to be developed and implemented. The vacuum was filled by a motley collection of self-appointed, semi-academic or US government groups such as the Internet Engineering Task Force, WC3 and ICANN.
now living with the consequences.
Vanity Fair article takes a US-centric view and considers these in the context
of SOPA , PIPA and the problems that 20th Century
American lawyers and lobbyists created, when they turned Intellectual Property Rights from mechanisms
to encourage, foster and protect creativity and innovation into a Wild West
style "race to stake the land claim" followed by a legal gravy train in which law firms and collecting agencies commonly trouser considerably more in fees than R&D labs, authors or composers receive in royalties.
The current ICANN programme to create Top level Domain names can be seen as another example of that "first to file" mentality applied to the on-line world. No wonder so many ITU member states fear they will share the fate of the Indian Tribes of North America if they do not band together and find suitable allies.
IPR is, however, only
one of the battlefields.
To quote the calling notice to a forthcoming discussion event being organised by the UK chapter of the International Institute of Communications: "The preparatory negotiations have seen a flurry of activities, claims and demands, on topics ranging from who will govern the architecture and 'domain name' system of the Internet, to online content regulation, human rights, roaming, or governments setting telecom prices.
'"Behind these topics lie some very concrete issues: many countries still feel that they need to, and can only, rely on the UN system for many of their technical and development needs around ICT; a number of governments still extract significant revenues from their incumbent telecom operators and many see as a threat - and certainly as an unknown quantity - the changes in the dynamics of the ICT value chain globally. This is whether because they are losing revenues due to modern routing practices or believe that 'the Internet is run by America' and certainly largely outside their control, making them all too vulnerable to such threats as spam and cyber-security attacks. The WCIT's possible outcome of bringing in more Internet supervision under a UN aegis therefore seems appealing, bringing more certainty and levelling the playing field. If WCIT does not achieve it, the ITU's 2013 World Telecommunication/ICT Policy Forum (WTPF) or the 2014 - 2015 review of the UN World Summit on the Information Society (WSIS) - or the follow-up to the UK-led 'Conference on Cyberspace' of November 2011 - could provide other platforms for governments to negotiate on these topics.
"At the other end of the spectrum, many
have called for restraint ,
pointing to the obvious and enormous social and economic benefits brought to
the world by the Internet thanks largely to its open, decentralized and
multi-stakeholder nature. More significantly perhaps, the 'freedom of the
Internet', outside of governments' control, has been widely praised for having
catalyzed the 'Arab Spring' and other recent positive developments elsewhere in
the world. It is thus no wonder that a number of civil society groups, from
Human Rights Watch to Reporters Without Borders, joined forces in May of this
year, to demand
more transparency and participation in WCIT
We should, however stand back and look at the some of recent publicity for Flame , including that which puts it into more sobre technical context and the public admission that Stuxnet was indeed a US-led attack on Iran . Now add the case being made for the Interception Modernisation Programme in the UK and previous publicity for attacks by others on US and UK Government establishments and you can put the UK Cyber Security strategy, with most of the £650 million for GCHQ and MoD, and exercises to attract and educate a new generation of cyberwarriors , into context.
The processes that protect the identities of freedom fighters, dissidents, terrorists and pederasts also protect those of electronic warfare teams who control many (perhaps even most) of the worlds botnets. Publicity during the run up to the London Cyber Space security conference last year was largely about criminal activities and those of "rogue states". But arguably the most important discussions were those in closed session between those who run "our" and "their" covert cyber warfare operations about norms of engagement and the means of preventing state sabre-rattling from being confused with the activities of "outsiders" operating without permission.
The words used were "international rules of the road" establishing "norms of acceptable behaviour", "while stopping short of a full treaty advocated by some countries".
The meaning was that those running "our" cyberwarfare operations wanted to stop short of a Hague or Geneva Convention (boht back by Treaty), but still wanted routines to better identify which attacks are "criminal" or "terrorist" and which are "state sponsored" and to prevent demonstrations of capability and attacks on proxy states from escalating by mistake.
The Flame virus is not that new or sophisticated but what is new is the publicity it has given to the ongoing cyberwar between the Israel (and its allies and agents) and Iran (and its allies and agents). Similar tools are being used to help explore the files of defence contractors, pharmaceutical companies and government agencies. But those using them have no wish to publicise their success. The security compromises at Diginotar and Global Payments both ran for months (perhaps years) before the former was publicised by the Iranians (who wanted the West to be humiliated by the knowledge they had been able to monitor the use of supposedly the secure webmail services used by their dissidents) and the scale of fraud caused by the latter led to investigation by the main card operators.
A third dimension of conflict is the need to take effective action against criminal malpractice over the Internet, in the knowledge that removing the vulnerabilities that facilitate much of that malpractice will entail reducing anonymity and crippling the cyber warfare capabilities of "our" side as well as theirs.
Can we trust an inter-government organisation like the ITU to take this dimension seriously?
Equally, can we trust industry players whose main concern appears to be a mixture of advertising and royalty revenues based on selling our personal information and the creativity of the past.
The past attendance of industry players at Internet Governance Forum events, national or international, indicates not.
Who do we trust least?
The only certainty is that the silent majority gets what it deserves: ignored.
The problem is that well-informed debate requires bringing together communities with very different and equally entrenched prejudices, overlaid with partial (in more than one sense of the word) understandings of how the relevant technology, business, legal, regulatory and business models work.
My own prejudice would be to leave it to market forces, using regulation
only to protect customers from the cartels that arise when a market is left entirely to its own
devices and ensuring that the regulators are under democratic control, with no "commercial
confidentiality" for any of their dealings. But I also enjoyed watching the synchronised
swimming pigs immediately behind the Royal Barge in the River Pageant yesterday.