This is the 10th edition of my annual Internet Governance Outlook. The first one was published on CircleID on January 3, 2013, just a couple of weeks after ITU’s World Conference on International Telecommunications (WCIT). I wrote: “Anyone who expected that with the end of the Dubai Conference, the heated debate on the future regulation of the Internet will slow down should remember the fairytale of the knight’s battle with the seven-headed dragon. Hardly a head is cut off, another one is growing.” And I continued: “2012 did lead to a growing polarization. Now the tone of the controversy seems to become more aggressive. Almost a quarter of a century after the end of the Cold War, we witness now the emergence of a global political scenario, which more or less exactly follows this “cold war model” not along the old “isms,” but along a different understanding of freedom, human rights, innovation, control and the role of governments. Like fire and water, two incompatible ideas about how the Internet should be organized worldwide stand against each other and form two poles of a broad spectrum of different opinions.”
And where are we in 2022? Isn’t this a classical “déjà vu”?
UN as a platform for Multistakeholder Cooperation
Last year, the “polarization” did reach a new level. On the one side, at the “Summit for Democracy” in Washington (December 2021), around 100 governments and many non-state actors discussed how new alliances can be built to strengthen individual human rights and enhance the multistakeholder approach in the development of the Internet. On the other side, the member states of the Shanghai Cooperation Organization (SCO) discussed at their summit meeting in Dushanbe (September 2022) how new intergovernmental treaties could strengthen cybersecurity and how “national Internet segments” could be better controlled.
Nothing has been decided so far. Everything is still under discussion. But the difference from 2012 is that in the 2010s, Internet Governance was a “sectoral issue” discussed by specialized agencies. In the 2020s, it is an issue of geo-strategic controversies discussed at summit meetings by presidents and prime ministers. So what is the Outlook for 2022? Will the polarization continue? Or is it possible to build bridges?
In his “Roadmap on Digital Cooperation,” UN Secretary-General Antonio Guterres has proposed to use the UN as a platform for enhanced multistakeholder communication and collaboration. Part of the “Roadmap” is the idea to turn the Internet Governance Forum (IGF) into an IGF+ by adding new components like a parliamentarian track, a high level intergovernmental segment and a leadership panel, which would build bridges between the various discussion and decision making bodies in the global Internet Governance Ecosystem. With its Multistakeholder Advisory Group (MAG), its Dynamic Coalitions (DCs) and Best Practice Fora (BPFs), with its network of regional and national IGFs (NRIs), the IGF+ could become more than an “Internet Governance Clearinghouse,” it would be something like the “United Constituencies” in the digital age.
In his “Common Agenda” from September 2021, Antonio Guterres also proposed to agree upon a “Global Digital Compact.” At the Lisbon Web-Summit (November 2021), Guterres said: “We can move beyond the current fragmented landscape of digital governance to harness data for the global good. We must build consensus to ensure that human rights offline are the same as human rights online The United Nations offers a natural platform to advance this agenda. Last year, I presented a Roadmap for Digital Cooperation to build a more open, free, diverse and safe digital future for all. A future that will empower individuals and accelerate the implementation of the Sustainable Development Goals. A future where the Internet is a basic human right and everyone is connected by 2030. That Roadmap now has a destination: a Global Digital Compact among governments, the private sector and civil society, at the Summit of the Future in 2023.”
Is this the way forward? Will 2022 become a transition year that will pave the way to go beyond a further splintering of the Internet and re-affirm the values of a free, open, peaceful, secure and democratic Internet, which allowed borderless communication and innovation without permission? Any kind of forecast is tricky. Mixed signals are in the air in all four global Internet Governance Ecosystem baskets.
Basket 1: Cybersecurity
In the field of cybersecurity, there are now three arenas where the battle takes place.
The second Open-Ended Working Group (OEWG) deals with state behavior in cyberspace and has a mandate to discuss “security of and in the use of information and communications technologies.” It operates under the 1st Committee of the UN General Assembly. The OEWG had its first formal meeting in early December 2021, and it will have two formal and two informal meetings in 2022.
The spirit of the 1st meeting was constructive. There is a general agreement that international law and the Charter of the United Nations constitute the legal basis for state behavior in cyberspace. But there is no consensus about the interpretation of what means “use of force” (Article 2.4 of the UN Charter) and “self-defense” (Article 51) in the digital world. There is a general agreement about eleven voluntary norms for good behavior of states in cyberspace – as the prohibition of cyberattacks against critical infrastructure—but there is no agreement on a definition what exactly constitutes a cyberattack. There is agreement that confidence and capacity building measures (CBMs) are useful – as the establishment of a “red digital telephone” for crisis situations – but there is disagreement, whether the already existing regional CBMs—as agreed upon within the European region (OSCE)—should be implemented at the global level or whether new CBMs should be negotiated.
Another controversy is how non-state actors should be involved. The new OEWG-Chair, Ambassador Burhan Gafoor from Singapore, announced the convening of a series of “informal consultations” with stakeholders from business, civil society and the technical community, which would feed into the formal meetings. However, the procedure, how the interaction should be organized and how non-governmental input can impact the inter-governmental negotiations remains an open issue. Some governments prefer to keep non-state actors at an arms-length outside the inter-governmental deliberations; other governments prefer to involve them also in the formal meetings.
At this stage, it is also unclear what the final outcome of the OEWG will be: A Program of Action? A Code of Conduct? A Non-Cyber-Aggression-Pact? The OEWG has a mandate until 2025. In other words, one should not expect too much for 2022.
The second arena is cybercrime. Organized crime has now discovered cyberspace as the most lucrative field for its operations. Ransomware attacks can bring more money than trading drugs, weapons, or human beings. The newly established UN “Ad Hoc Committee” (AHC) has a mandate to draft a UN Convention against cybercrime until 2023. The first meeting of the AHC is scheduled for mid-January 2022. The plan is to have six meetings in the next 20 months. The hope is to present a final text to the 78th UN General Assembly in September 2023. This is an ambitious plan.
For years, western countries advertised the Budapest Cybercrime Convention from 2001 as a solution for the world. The Budapest Convention was negotiated under the Council of Europe and adopted just weeks after the terrorist attacks of September 11, 2001. The treaty is open for any country. However, only one-third of the UN member states signed the Budapest Convention. Countries like China, India and Brazil argued that they were not involved in drafting the Budapest Convention. Instead, they supported a Russian proposal to develop a new UN instrument. The fear of western states is that a new treaty could weaken existing standards in fighting cybercrime and open new fields of conflict if some governments want to include controversial content-related issues into the new treaty. It is rather unrealistic to expect that democracies and autocracies could agree, what is good and bad content on the Internet.
Anyhow, international cybercrime is now organized like the mafia, and it goes beyond ideological borders. To stop criminal attacks against hospitals or public administrations, critical infrastructure or supply chains are in the interest of all countries. Insofar there is a chance that the ambitious timeline could work if the negotiating parties concentrate on a limited number of key issues where consensus can be achieved.
The third area is the digital arms race. Since 2014 a group of governmental experts has been discussing the issue of lethal autonomous weapon systems (LAWS) under the umbrella of the Convention on Certain Conventional Weapons (CCW). For years UN Secretary-General Antonio Guterres has called for a ban on such weapons. The NGO “Stop Killer Robots” has mobilized public opinion against coming “wars of drones,” where weaponized machines, programmed with face recognition software, are searching individuals which they have to kill. However, there is a mixed coalition of states—from China and Russia via Turkey to Israel and the US—which have no interest in a legal ban. And while the filibuster continues in Geneva, LAWS are used in regional conflicts as Nagorno Karabakh, Yemen, Libya, and the Middle East with disastrous collateral damages.
This is indeed a complex issue that goes beyond the traditional rituals of disarmament negotiations on conventional and nuclear weapons. It is easy to count tanks, planes, and missiles, but how do you count bits and bytes? To control some lines of code is nearly impossible. And what about “Partial Autonomous Weapon Systems” (PAWS)? It needs trust among the parties. And trust is missing in today’s world.
The starting point is the general agreement that decisions about life or death should not be made by an algorithm. But there is no consensus, how to translate this fundamental statement into a concrete legal obligation. The recent meeting of the GGE LAWS in Geneva (December 2021) didn’t produce any progress. Will 2022 see a continuation of the filibuster or will it bring new hopes?
Basket 2: Digital Economy
The main four issues in the digital economy are digital taxation, digital trade, platform regulation and sustainable development.
In the first arena, digital taxation, 2021 produced a real breakthrough: In November 2021, following years of intensive negotiations to bring the international tax system into the 21st century, 136 jurisdictions (out of the 140 members of the OECD/G20 Inclusive Framework on BEPS) joined the statement on the two-pillar solution to address the tax challenges arising from the digitalization of the economy. Countries are aiming to sign a multilateral convention during 2022, which could enter into force in 2023. This is a big step forward. Now it is time to implement it and analyze how the new mechanisms will further stimulate the growth of the digital economy worldwide under fair conditions.
Regarding digital trade, there is still a long way to go. There was a general agreement within the World Trade Organization (WTO) to terminate the provisional moratorium on customs duties on electronic transmissions from 1998. Dateline was the 12th WTO Ministerial conference, originally scheduled for June 2020 in Kazakhstan. In a “Joint Declaration,” more than 70 WTO members agreed already in January 2019 to explore opportunities to negotiate a new WTO Treaty on Digital Trade. Due to Corona, the WTO Ministerial Meeting was postponed twice and will now take place in 2022. The WTO negotiation group on eCommerce—co-chaired by Australia, Japan, and Singapore—has made progress and reached until December 2021 an agreement on eight articles. The co-chairs expressed optimism that they could reach full consensus by the end of 2022. But the whole project is overshadowed by sanctions and counter-sanctions among China and the USA in the digital sphere. And it is also part of a general WTO reform, which has been under discussion for years. If this fails, the prospect for a bright future of a digital trade treaty will look less radiant.
The third arena is Internet platform regulation. There is a growing consensus around the globe that monopolization is a bad thing. The “Winner Takes It All” mechanisms of the digital economy have produced oligopolies—based mainly in China and the US – which dominate the world and have negative consequences for national economies, macro, small and medium-sized businesses (MSMEs) and also for innovation. More and more governments see anti-trust regulation as a useful instrument to give the future development of the digital economy another direction. It is, in particular, the European Union (EU), which is pushing to write a new “digital rulebook.” But also, US and Chinese authorities are discussing how to deal with the GAFAs (Google, Apple, Facebook, Amazon) and BAHTs (Baidu, Alibaba, Huawei and Tencent). In 2021, the European Commission tabled drafts for a “Digital Market Act” (DMA) and a “Digital Service Act” (DSA). It is expected that both legal instruments will be adopted in 2022. It remains to be seen whether DMA and DCA will have similar consequences as the European Directive on Data Protection (GDPR) from 2016 did have for the world. The GDPR is now seen as a global standard, which is used both by China and US and many other countries as a blueprint for their national privacy regulation.
A fourth arena is sustainable development. Regardless of all the progress in recent years and the fact that nearly five billion people are online, there is still a digital divide. A lot of regions in the world are underserved and miss basic information infrastructure. It needs more efforts, especially from the private sector, to close the gaps if the world wants to meet the sustainable development goals (SDGs) until 2030. An important contribution is expected from the ITU World Telecommunication Development Conference (WTDC), which will be hosted by the Government of Ethiopia in June 2022.
Basket 3: Human Rights
The pandemic has proved that Internet access is a basic human right in today’s world. And the corona crisis also re-confirmed the importance of the UN Human Rights Council (HRC) resolution from 2012 which stated, that “the same rights that people have offline must also be protected online.”
In previous years, the HRC special rapporteurs for freedom of expression, privacy, and freedom of association have produced numerous reports outlining which new challenges and threats for individual human rights have arrived in the digital world. The reports did cover a broad range of issues, from mass surveillance to online censorship. But all the reports didn’t produce any concrete programs of action or specifications on respecting, protecting, and promoting existing human rights in the digital age. This includes both political and civil rights as well as social, economic, and cultural rights. Foremost, the rights to education and work got a new meaning in the digital world.
Against the backdrop of the development of new technologies such as the Internet of Things (IoT) and Artificial Intelligence (AI), there are also new questions on the table which raise the very fundamental issue of “human dignity.” It was a milestone that the 41st UNESCO General Conference could agree in November 2021 in Paris on a recommendation on “Ethics and Artificial Intelligence.” The Recommendation calls for action beyond what tech firms and governments are doing to guarantee individuals more protection by ensuring transparency and control over their personal data. It states that individuals should all be able to access or even erase records of their personal data. It also includes actions to improve data protection and an individual’s knowledge of their own data and right to control it. It also increases the ability of regulatory bodies worldwide to enforce this. The UNESCO Recommendation explicitly bans the use of AI systems for social scoring and mass surveillance. These types of technologies are very invasive; they infringe on human rights and fundamental freedoms. Ultimate responsibility and accountability must always lie with humans, and AI technologies should not be given legal personality themselves.
The UNESCO Recommendation is not a legally binding instrument. But it was adopted by acclamation, supported also by China and Russia. The US isn’t a member of UNESCO anymore but didn’t express opposition. In 2022 both the European Union and the Council of Europe are working on legally binding instruments. The EU Commission has proposed an “AI Regulatory Package,” the Council of Europe’s Ad Hoc Committee on Artificial Intelligence (CAHAI) has started to draft a legal framework for AI. In September 2021, China published its own AI framework, which was partly inspired by the EU proposal. And the Global Partnership on Artificial Intelligence (GPAI), a multistakeholder initiative hosted by the OECD, aims to bridge the gap between theory and practice on AI by supporting cutting-edge research and applied activities on AI-related priorities. GPAI now has 25 member states, is supported by many multistakeholder expert groups, and has two “Centres of Expertise” in Montreal and Paris.
Basket 4: Technology
In 1999 Lawrence Lessig described “code as law of cyberspace.” He argued that “we recognize how laws regulate—through constitution, statutes and other legal codes in real space. In cyberspace, we must understand how code regulates—how the software and hardware that makes cyberspace what it is regulated cyberspace as it is.” And he concluded that man-made technical code—like the man-made law—could serve different purposes and is not neutral: “This code presents the greatest threat to liberal or libertarian ideals, as well as their greatest promise. We can build, or architect or code cyberspace to protect values that we believe are fundamental, or we can build, or architect or code cyberspace to allow those values to disappear. There is no middle ground. There is no choice that does not include some kind of building. Code is never found; it is only ever made, and only ever made by us.”
Since the early 2000s, we have seen growing conflicts between “code makers” and “law makers”. There is a great gap, little mutual understanding, and a low level of communication among the two groups. When UN Secretary-General Antonio Guterres addressed the 14th IGF in Berlin (2019), he recognized that “there’s an absence of technical expertise among policymakers even in the most developed countries, invention is outpacing policy setting, and measured difference in culture and mindset are creating further challenges. … while industry has been forging ahead and at times breaking things, policymakers have been watching from the sidelines”.
In a fully digitalized world, this could become a problem. Code makers must understand the political, social and economic implications of their work. And lawmakers must understand how technology works to avoid unworkable or counterproductive legislation with unintended side effects. And there is the question of accountability. Who is accountable to whom? And what are the right mechanisms to strengthen transparency and accountability, both in law and code making?
This is not easy. And while the code as such is not neutral, the technical resources, which constitute the public core of the global Internet, have no political flavor. The critical Internet resources are like air. There is not “American air” or “Chinese air”; there is only “clean or polluted air.” It would be like a pollution of the Internet, if those technical resources as IP addresses, domain names or root servers are pulled into geo-political conflicts.
Technical Internet Governance (TIG) is certainly interlinked to Political Internet Governance (PIG). But TIG and PIG are two different shoes that must be treated differently. Such a differentiation was already recommended by the WSIS Tunis Agenda (2005), which made a distinction between the “development” and the “use” of the Internet. In the 2010s, this was described as a two-layer system: “Governance OF the Internet” and “Governance ON the Internet.”
To keep this in mind is important if Internet technology continues to evolve. There is a risk that different technological approaches can lead to a new “standardization war.” This would backfire on everybody. Technical Internet resources have been well managed by the technical community for more than three decades. Mistrust, that organizations like ICANN, IETF, RIRs or others will be unable to manage the public core of the Internet in the long run, as expressed by some governments from time to time, are unjustified.
The Corona crisis is a good proof that the system is working. The pandemic produced an explosive growth of Internet use around the globe: home office, zoom conferences, online shopping etc. And regardless of this tremendous challenge, there was no shortage of IP addresses or domain names. The root and name server system worked. The problems which came with the pandemic were not the functioning of the Internet but the misuse of its resources by bad guys. It makes no sense to beat the horse if the horseman is riding in the wrong direction.
If the management of those universal resources would be pulled into geo-political conflicts, everybody would lose. Against this background, ITU’s World Telecommunication Standardization Assembly (WTSA), scheduled for Geneva in March 2022, is an interesting meeting worth to watch.
Multilateral and Multistakeholder Meetings
2022 will see again an endless chain of multilateral and multistakeholder meetings and conferences dealing with the long list of controversial Internet Governance issues.
At the multilateral level, cybersecurity and the digital economy are now permanent agenda items for intergovernmental summit meetings. The “Digital Ministers” of the G7 and the G20 have their own regular negotiation platforms. Germany chairs the G7 in 2022, Indonesia chairs the G20.
In 2021, under the British G7 presidency, the digital ministers of the G7 made a strong statement on digital technical standards. In its “London Framework” (April 2021), they have committed themselves “to support industry-led, inclusive multistakeholder approaches for the development of digital technical standards in line with our core values.” Will the rest of the world listen? Not an easy task for Germany to take the next stumbling step forward.
Digital transformation is one of the three priorities for the Indonesian G20 presidency. China will overtake in 2022 the presidency both for the BRICS (Brazil, Russia, India, China, South Africa) and the Shanghai Cooperation Organization (SCO). While BRICS has lost its influence in recent years, the SCO has developed ambitious plans, which also include cybersecurity and digital development. It remains to be seen how this political power play will be orchestrated and whether it will contribute to a “Global Digital Compact” or stimulate the bifurcation of cyberspace.
Many intergovernmental UN bodies will deal with Internet-related public policy issues in 2022. One key organization is the Geneva-based International Telecommunication Union. The ITU will have its Plenipotentiary Conference (PP) in Bucharest in Fall 2022. ITU PPs take place every four years. Under its present Secretary-General Houlin Zhao the conflict between ITU and ICANN, which did overshadow the Internet Governance debate in the 2000s, has been watered down. In 2022 ITU must elect a new Secretary-General. So far, there are two candidates: An American woman, Doreen Bogdan-Martin, and a Russian man, Rashid Ismailov. Which signal will come out from the Bucharest conference?
Other UN Specialized Agencies as UNESCO, WIPO, UNDP, UNCTAD, ILO and others, as well as regional organizations like OSCE, OAS, ASEAN, and the African Union (AU), have Internet Governance, cybersecurity, digital development, human rights, or artificial intelligence on their agendas. And 2022 will probably see the kick start of a preparatory process for WSIS+20, the review conference of the Tunis Agenda, scheduled for 2025.
At the multistakeholder level, the number of institutions, conferences, and projects, dealing with Internet Governance has grown enormously. Multistakeholder conferences like RightsCon or the Lisbon Web-Summit have 50.000 and more participants. Annual reports about the “State of the Internet,” tabled by ISOC, Freedom House, Reporter without Frontiers, the Internet & Jurisdiction Project (which celebrates its 10th anniversary in 2022) and others have delivered facts and figures. Private sector initiatives as the “Tech Accord” (initiated by Microsoft), the “Charter of Trust” (initiated by Siemens) or the “Digital Peace Institute” (DPI) have made substantial contributions to enhance cybersecurity. Facebook’s Oversight Board (FOB) has entered the slippery territory of dealing with fake news and hate speech. Human Rights Watch (HRW) carefully analyzes Internet shutdowns and the violation of digital rights around the globe. The “Freedom Online Coalition” (FOC), in 2022 under Canada’s chairmanship, will continue to promote human rights in the digital age. NGOs like “Stop Killer Robots” or “Algorithm Watch” have an eye on the future of AI developments. The OSCE Office for Free Media will have in 2022 a multistakeholder conference on “AI and Freedom of Expression” to discuss machine-based content moderation and curation. Civil society organizations as Global Digital Partners (GDP), Association of Progressive Communication (APC) and others are organizing input into intergovernmental cybersecurity negotiations as the OEWG and the AHC.
Moving towards a Sustainable Architecture for Digital Peace?
The priorities on the Internet Governance agenda have shifted in the last decade since my first Internet Governance Outlook was published. Cybersecurity is now THE top priority. US President Joe Biden said recently that if the United States ended up in a “real shooting war” with a “major power,” it could be the result of a significant cyber-attack. And Jens Stoltenberg, Secretary-General of NATO, included an “early warning” in a speech he gave in September 2021: “Living in Belgium, I’ve learned a lot about the First World War and how the world underestimated the consequences of the Industrial Revolution, or on warfare. And we just must avoid making the same mistake that even if we – in theory—know, that all these new technologies would totally change, how wars are fought or weapons are working and that we realize those dangers before we end up in a situation where we really need to get this tested for real”.
In 1914, the German Nobel Chemistry Prize winner Franz Haber hoped that chemical weapons would bring the war to a quick end. But the use of deadly gas, which he helped develop, led to a human catastrophe and prolonged World War One. Do the political leaders of today underestimate the consequences of the information revolution? What would happen if Pandora’s Box of autonomous weapons were opened in a new military conflict among big powers?
Joseph N. Nye Jr., former dean of Harvard’s Kennedy School, argued in an article in the January 2022 edition of “Foreign Affairs” that it took 18 years between the first use of a nuclear bomb in Hiroshima and the first agreement on nuclear weapons—the test ban treaty – among the US and the Soviet Union. Also, Wolfgang Ischinger, former head of the Munich Security Conference (MSC), remembered experiences from Cold War 1.0 and recommended in the “Sueddeutsche Zeitung” to re-activate commitments, which were made by governments in the Helsinki Final Act (1975) or the Paris Charter (1992). The idea of the Finish president Sauli Niinistö, to use the 50th anniversary of the Helsinki Final Act in 2025 to re-confirm its principles and to extend it to the global challenges of the digital age gets more and more supporters. A digital war cannot be won and must never be fought.
The “Paris Call for Trust and Security in Cyberspace,” a multistakeholder document adopted at the 100th anniversary of the end of World War One in November 2018 and signed meanwhile by 80 governments, 36 public authorities, 390 civil society organizations and 706 companies, is another important stone in a wall against a digital disaster. It was a big step forward that US Vice President Kamela Harris announced during the Paris Peace Forum in 2021 that the US government has signed the call. What about the governments of China and Russia? Do they consider joining the Paris Call in 2022?
Cybersecurity in the 2020s needs new thinking, a “new multistakeholder diplomacy.” Innovative thinking out of the box is needed to find creative solutions for the next generation of digital challenges. Think tanks have a lot to do in 2022. In recent years, independent multistakeholder networks as the “Global Commission on Stability in Cyberspace” developed ideas—as the protection of the public core of the Internet – which made its way into the Paris Call, into EU regulation and UN reports. But more new ideas are needed. If another “Global Commission” would be able to develop a “code” for a sustainable cyber peace architecture, such a commission would be a good candidate for the next Nobel Peace Prize.