digital medusa logo

Digital trade protectionism does not protect workers rights and could cost us the Internet

Cross-border data flows and, as a result, the global Internet are being threatened by usual and unusual suspects. Some nation-states have proposed for some time digital sovereignty laws. But now, even governments that have been advocates for the global Internet are changing course. Think tanks and others who were in favor of the global and interoperable Internet also have turned against it. On top of all this, those opposed to digital free trade have once again risen, with the same tired arguments: cross-border data flow is bad for workers’ and people’s rights. This blog is hopefully a first step to start a conversation that reminds us of the myriad benefits of a global Internet that allows cross-border data flow. It will also provide a few counter arguments for the America’s Unions (AFL-CIO) digital trade agenda published recently. Let us be clear: ordinary workers have faced trouble in recent decades. But the AFL-CIO proposals are detrimental to the global Internet and Internet connectivity. Worse, they are not likely to protect the tech workers the AFL-CIO wants to protect.

Back in 2017, some civil society organizations, including some labor unions, allegedly spoke on behalf of “the global civil society” and argued that the prohibition of WTO on data localization as a trade barrier would disallow countries from coming up with laws to protect the public interest and protect privacy and other fundamental rights. These arguments resurfaced again recently as Biden’s administration announced a worker-centered trade policy

The recent AFL-CIO workers’ agenda starts from the mistaken premise that governments cannot regulate data or big tech companies because of digital trade policies. This, it says, leads to lack of protection for workers. Digital trade agreements do not prohibit countries from regulating data or any digital services and products. Every year, there are  myriad of laws and regulations around the world that increasingly regulate data and tech companies: consider Europe’s Digital Market Act and Digital Services Act, or India’s IT Act, for example. As UNCTAD reports, 71% of countries worldwide have come up with data protection and privacy legislation. 

The workers’ agenda is filled with assertions that trade agreements do not consider workers and people’s fundamental rights and the agenda presents data localization and more regulation as the solution. One argument is that digital apps and social media platforms have eroded privacy. However, trade agreements, unlike human rights instruments, can be effective and binding. Civil society groups have even used trade agreements and regional economic cooperation groups such as Asia-Pacific Economic Cooperation to advance privacy in cross-border data flow. 

Data localization measures tend to work for the benefit of existing, vested interests and against those who might try something new. It is not clear how such measures will make the Internet become a healthier space. 

This takes us to the other argument made in the statement that implies to care about workers’ creativity. To protect their creative rights, it asks for more aggressive copyright protection and less fair-use that supports the interest of creators. Fair use is the mechanism used by creators to assert their rights in the face of large, well sourced corporations. It is unclear how eroding fair use through digital trade agreements can help with workers’ rights and creativity. Especially as the statement itself acknowledges that by advancing intellectual property rights of big-tech corporations, the US government expanded their access to the global market at the expense of others. 

There are many more arguments in the statement that support a protectionist digital trade agenda to seemingly protect the workers and users’ rights. It even goes as far as supporting contested arguments such as online platforms should be held accountable for the third party user generated content and provision of bulk access to source codes and algorithms for the governments to address harmful practices and content is necessary. 

To protect workers and users on the Internet when dealing with digital products and services is a wonderful goal. However, it is unclear how the AFC-CIO solution can actually help with reaching that goal. Fortunately, there are both private and regulatory initiatives around the world that address the well-being of the workers in tech companies. For example, the Digital Trust and Safety Partnership, an industry consortium, includes investing in the wellness and resilience of teams dealing with sensitive materials as part of its Best Practices Framework. Tech workers have also started creating workers’ union inside tech-companies. We need to think about supporting alternatives instead of attacking the critical characteristics of the Internet. It is those characteristics that make meaningful connectivity possible.

Access to the Internet is not just access to another form of communication. It is access to essential services and a lifeline during a crisis. This was quite clear during the years of a global pandemic. We need to stand up against what hampers our interconnectivity. Our solutions should not cost us the Internet.   

Trust and Safety Outreach and Engagement

Digital Medusa supports stakeholders outreach and engagement activities for Digital Trust and Safety Partnership. The activities entail liaising with civil society, academics, governments and external stakeholders. The outreach and engagement takes place through a series of workshops, one-on-one meetings with various stakeholders, taking part and speaking at different digital governance and digital trust and safety gatherings.

Digital Medusa supports stakeholders outreach and engagement activities for Digital Trust and Safety Partnership. The activities entail liaising with civil society, academics, governments and external stakeholders. The outreach and engagement takes place through a series of workshops, one-on-one meetings with various stakeholders, taking part and speaking at different digital governance and digital trust and safety gatherings.

  • Year of collaboration: Started in 2022
  • Status: Ongoing

Related Events

Immersive technology is poised to transform the way people work, play, and learn. From an emerging creator economy of virtual goods and services to cutting-edge applications that can improve education, health care, and manufacturing, augmented and virtual reality (AR/VR) technologies are unlocking new opportunities to communicate, access information, and engage with the world. These changes raise important questions, and how policymakers respond will have profound implications for the economy and society.

https://itif.org/events/2022/09/14/ar-vr-policy-conference-2022/
Watch here: ARVR Policy Conference 2022
Trust and Safety Research Conference 2022: https://www.tsresearchconference.org/
OECD Ministerial meeting: Building an Inclusive Digital Future: Digital Ministerial 2022

Syllabus for Schools on Internet Governance

This syllabus was designed for the United Nations Internet Governance Forum. The syllabus is an advisory document that may guide those who wish to convene a school or teach Internet governance, or know more about the structure of IG courses.
In addition to explaining how the syllabus was created and how it could be used, the document contains the following sections:.

This syllabus was designed for the United Nations Internet Governance Forum. The syllabus is an advisory document that may guide those who wish to convene a school or teach Internet governance, or know more about the structure of IG courses.
In addition to explaining how the syllabus was created and how it could be used, the document contains the following sections:.

  • Core Internet governance modules and elective modules, learning outcomes as well as a sample of faculty members and topics they teach.
  • Teaching methods such as practicums, hands-on industry presentations, moot courts and others, How to find lecturers and experts?
  • How to build coalitions, contribute to the Dynamic Coalition on Schools of Internet governance (DC-SIG)?
  • Teaching methods such as practicums, hands-on industry presentations, moot courts and others, How to find lecturers and experts? How to build coalitions, contribute to the Dynamic Coalition on Schools of Internet governance (DC-SIG)?
  • Year of collaboration: 2022
  • Status: Complete

Human Rights Lifecycle of a Terrorist Incident Online

From January 15 to May 31, 2022, the Working Group on Crisis Response Protocols (CRWG) – a subgroup of the Global Internet Forum to Counter Terrorism (GIFCT) – met with stakeholders across civil society organizations, governments, academics and companies (through a series of individual and group meetings in addition to tabletop exercises). The output of this effort is the present report that aims to: 1. Outline the lifecycle of a terrorist incident on the Internet and its human rights impact; 2. Propose a framework for crisis protocol operators and GIFCT to use for explicating the lifecycle of incidents and to consider human rights implications in crisis response; and 3. Clarify the relationship between human rights and GIFCT’s mission through explaining the human rights impact at each stage of the crisis lifecycle. It also provided one of the first “categories of terrorist attacks with an online angle”. Digital Medusa led the working group and wrote the report with the help of the working group members.

From January 15 to May 31, 2022, the Working Group on Crisis Response Protocols (CRWG) – a subgroup of the Global Internet Forum to Counter Terrorism (GIFCT) – met with stakeholders across civil society organizations, governments, academics and companies (through a series of individual and group meetings in addition to tabletop exercises). The output of this effort is the present report that aims to: 1. Outline the lifecycle of a terrorist incident on the Internet and its human rights impact; 2. Propose a framework for crisis protocol operators and GIFCT to use for explicating the lifecycle of incidents and to consider human rights implications in crisis response; and 3. Clarify the relationship between human rights and GIFCT’s mission through explaining the human rights impact at each stage of the crisis lifecycle. It also provided one of the first “categories of terrorist attacks with an online angle”.

Digital Medusa led the working group and wrote the report with the help of the working group members.

  • Year of collaboration: 2022
  • Status: Complete

Defeating Digital Perseus: 2022 Version

2022 was a tough year for the Internet. Digital Perseus came out in full force to fragment the Internet, to stop unfettered access and sometimes even friends turned into Digital Perseuses. But overall, it has been a productive year for Digital Medusa. Despite all the trouble and barriers that Digital Medusa faces, this year was filled with exciting projects. 

Sanctions and the Internet

We have been dealing with sanctions and their effect on the Internet for years. Ordinary users of the Internet in sanctioned countries,sanction regulators and those who have to comply have been struggling. As Digital Medusa had done some work on Iran and Afghanistan on sanctions, it made sense to make it an agenda for 2022 as mentioned in Digital Medusa’s last year blog. Little did we know that sanctions became the talk of town and everyone would want to get involved with it one way or another due to the unfortunate barbaric war Russia started in Ukraine. Then the Iranian uprisings happened and more sanctions ensued. As Internet governance organizations and other service providers on the Internet are increasingly dealing with sanctions imposed on many countries, RIPE NCC funded Digital Medusa to undertake some preliminary research on the effect of sanctions on access to the Internet. Read more about the projects and progress here.

Christchurch Call and Global Internet Forum to Counter Terrorism

Digital Medusa was more active this year as a member of CCAN (a network that provides advice to governments about handling terrorist, violent extremist behavior, attending the multistakeholder leaders summit as well as writing a report about the human rights impact of crisis protocols during terrorist attacks with an online angle. 

Human Rights Impact Assessment: DNS Over HTTPS (DoH)

The DNS over HTTPS is a protocol that brings privacy to Domain Name System queries. Taraaz and Digital Medusa got involved with a project that assessed the human rights impact of a product that used DNS over HTTPS. Our partners plan to publish this report in the coming months.

United Nations and Internet Governance Syllabus

The Internet Governance Forum at the United Nations commissioned Digital Medusa to do an Internet Governance syllabus as a guide for Internet governance educators. The syllabus can be found here.

Digital Medusa is an organization

I promised Digital Medusa won’t remain a one woman show and I more or less made it happen: GEORGIA EVANS has finalized a report on how Canada upholds its Christchurch Call commitments, ZHENYE (RYAN) PAN helped with mapping the actors in sanction and Internet space and attended the workshop on sanctions at the IGF. LAURA VUILLEQUEZ did some preliminary work on sanctions and the Internet literature review and mapped the European Trust and Safety actors.
ANGIE OREJUELA has helped with so many aspects of preparing and presenting the research update regarding trust and safety and Internet and sanctions and RITHIKA SHENOY works on the humanitarian aspect of access to the Internet and has co-authored a few funding proposals with us. Working with the other Medusans was the best part of 2022. Their ideas, their enthusiasm and words of encouragement got us where we are at.

Future

In 2023, Digital Medusa will continue to protect the core values of our digital space: interconnectivity, interoperability, security and the global and open nature of the Internet. We will do so by promoting decentralization of the Internet, increasing access to the global Internet especially during crises and contributing to governance mechanisms that help connectivity and trust and safety. In order to do that, we will vigorously work on and provide a few services in 2023: 

  1. Outreach and engagement: hopefully Digital Medusa will continue with Digital Trust and Safety Partnership’s outreach and engagement but will try to provide this aspect as a service

  2. Research and impact assessment: we will provide various governance impact assessment analysis and do research on the Internet stack.

  3. Policy and advocacy: we will promote policies and work with various vulnerable communities around the world who do not have access to the Internet or are in crisis such as Afghanistan and help them be connected and use the Internet to have access to essential services and education. 

Dear Digital Peruses

2022 was only the beginning of Digital Medusa. Despite your every effort in weakening the Internet and Internet governance organizations, the Internet is here to stay: “Don’t ever say it’s over if I am breathing”. 

Peering and Sanctions

Farzaneh Badiei and Angie Orejuela

When individuals want to use services on the Internet—for example, browse a website or send an email—various networks handle these requests. The requests go through networks in the form of packets, and that makes up what we call Internet traffic. Network operators are in charge of carrying this traffic. Through Internet peering, networks agree on helping one another to handle the traffic.
Economic sanctions can potentially impact actors involved with Internet peering. In this blog, we outline the potential impact of sanctions on Internet peering and the various actors involved. This piece is a work in progress, and as a part of the SancNet project, we are always open to feedback, corrections, and additions. A link to an online form for feedback can be found here and in the concluding remarks of this blog.

Revocation of membership from Internet Exchange Points/De-peering
When specific sanctions apply to individuals with formal roles in telecommunication services (for example, the CEO of a telecom operator), the Internet Exchange Point subject to the sanctions regime in question, will have to terminate the network operator’s membership. This‌ can have the following consequences:

  • De-peering has consistently been recognized as an extreme step, as it means customers might not reach specific sites on the Internet. (Werbach, Kevin. “Only connect.” Berkeley Tech. LJ 22 (2007): 1233.)
  • If the network operator is large and serves smaller network operators, those network operators are also affected. This will affect the quality of access and create latency. Some argue (as reported in  Russian state-owned media) that it does not impact their services. Such network operators claim they can have access to global traffic through Asia. But there are restrictions. For example, it is difficult to peer with Chinese operators due to their domestic restrictions on Internet traffic.
  • Network operators that are sanctioned might carry Internet traffic of other non-sanctioned countries. In such a case, the sanctions (and revocation of membership from IXPs) can affect other network operators based in other countries.
  • When revocation of membership from a well-established Internet Exchange Point happens, the individual members of that exchange point will likely stop peering with the sanctioned network bilaterally.

Peering and Sanctions in the US and EU
In the US, the Office of Foreign Assets Control (OFAC), in its FAQ, has clarified that sanctions in case of peering do not apply to the Cuban telecommunication operator. This is because of a specific regulation that authorizes “the exportation, reexportation, directly, or indirectly to Cuba of services incident to the exchange of communications over the Internet.” (31 CFR (Electronic Code of Federal Regulation) § 515.578 Exportation, reexportation, and importation of certain internet-based services; importation of software.)

For peering and transit in the EU, some advocated an “Internet carve-out” from EU 269/2014 that would blunt the effects on the Internet. The council adopted an amendment decision and inserted Article 6c, which provides that

“Article 2 shall not apply to funds or economic resources that are strictly necessary for the provision of electronic communication services by Union telecommunication operators, for the provision of associated facilities and services necessary for the operation, maintenance and security of such electronic communication services, in Russia, in Ukraine, in the Union, between Russia and the Union, and between Ukraine and the Union, and for data centre services in the Union.”

While some interpretations might make this amendment applicable to peering, other perspectives might differ. Legal counsels might argue that this Internet carve-out is not specific enough to include all the services, including transit and peering. Also, because peering usually involves many jurisdictions, providing carve-outs for just one or two countries (like the case of Cuba) or even a region does not solve the problem.

Cache Servers
Cache servers are a means by which much of the most popular content available on the Internet is always “close” in a network sense. These services enable the web, in particular, to satisfy enormous demands. Cache servers do not necessarily serve a peering function, but they are essential for cloud providers and peering locations, as well as for the quality of access to the Internet. They are even sometimes critical for having meaningful access to the Internet. A cache server temporarily stores information on a local network, making browsing faster. Cache servers are usually installed in data centers, ISPs, and peering locations. Trade restrictions, export, and import controls, and sanctions could impact the availability of these servers. There were two reported cases of Google shutting down its caching servers in two Russian ISPs. Google (reportedly) stated that the reason was a change in legal practices and compliance with sanctions. There are reports about Cache servers being unavailable in Afghanistan as well.

The Transborder Effect of Sanctions
Sanction regimes are designed in a way that could impact and apply to third parties that are not in sanctioned and sanctioning jurisdiction. This can especially apply to network operators that are located in areas with neighboring sanctioned countries.

Concluding Remarks
These are only a few preliminary and potential findings about the effect of sanctions on the operation of Internet Exchange Points and the provision of peering. If you would like to reach out and tell us about the problems you have faced, please do so by filling in this form. You can remain anonymous.

Sanctions and the Internet: Project Update 

Farzaneh Badii, Angie Orejuela

Introduction

A few months ago, RIPE NCC announced that they have commissioned Digital Medusa to undertake a research project based on the issue of sanctions and the Internet. We aim to include the RIPE community for consultative insights that the design of the projects will benefit from. More details about SancNet can be found on Digital Medusa. This blog discusses the direction of the project and briefly discusses future endeavors. We welcome input on what can be added or redirected in this study. We will also do a presentation about the project next week during a BoF session in Belgrade, Serbia. We look forward to seeing you in person or online. The session will take place on Tuesday, 25 October, from 17:30 to 18:30 (UTC+2).
To date, we have been conducting mixed research methods for the project. These include desk research and interviews with industry, operators, and policy actors. We plan on undertaking 10 to 15 interviews, and have completed 5 so far. If you want to talk to us about sanctions and their impact on your work, please reach out to Digital Medusa. In addition to conducting formal interviews, we hope to collect your feedback on the design and other aspects of the project.

Below is an outline of the work so far:

Scope

There are various types of sanctions that are usually imposed by nation states on specific nation states or certain activities (which includes sanctions on non-state actors). Sanctions include: trade restrictions (or more broadly economic sanctions), travel bans, the freezing of assets and arms embargoes. The focus of this research is strictly economic sanctions, because those are the primary kinds of sanctions that affect Internet resources. We also focus on access to critical properties of the Internet, specifically access to IP addresses. While we might learn from other compliance and policy practices related to other Internet services, our focus is primarily on access to IP addresses.

A brief history of sanctions related to the Internet

While the history of anything that can be called “sanctions” is long, the sanctions regimes that are common today derive mostly from ideas that emerged around the time of World War I and that were refined during the Cold War. The United States in particular embraced sanctions in an effort to confront political developments contrary to its interests and as an alternative to direct military engagement.
For better or worse, the Internet was largely designed to disregard jurisdictional borders. In keeping with that, nations and even regions were mostly ignored when allocating numbers and talking to other networks. Since the Internet Assigned Numbers Authority in particular (in the person of Jon Postel) was based in the US, this was a decision of some consequence, as every decade the US list of sanctioned countries expanded. It was not possible to have a global interconnected network based exclusively on US relations with other nation states. By 1990 it was already clear that handling all number registrations in a single registry was not able to keep up with the growth of the Internet, and the Internet Activities Board recommended to the US Federal Networking Council that mechanisms of delegation be embraced.  By 1993, the emergence of regional allocation authorities was already acknowledged, and by 1996 the use of Regional Internet Registries (RIRs) was already a best practice.
In the early to mid-90s, the Internet was still in its infancy, and in the US, it was not even clear that commercial traffic was permitted on the Internet (or the parts connected to the National Science Foundation’s NSFNet). Commercial pressures towards institutionalization were new, and organizations such as the RIRs had to feel their way through the implications of international sanctions regimes. Perhaps the regional division also made it easier for these organizations not to be affected by sanction regimes they were not based in. This, however, did not last long. By the end of the 90s and especially after 9/11, the US sanction regime underwent an evolution. The US Treasury office redesigned the system so that the private and especially the financial sector globally became entangled with the US sanction regime. Read Treasury’s War: Unleashing of a New Era of Financial Warfare by Juan Zarate to know more about that development. Later on, the EU and Australia also put in place their own sanction regimes.
The twin pressures of simultaneous expansion of the Internet, and the expansion of various sanction regimes, meant that inevitably the allocation of Internet resources became subject to sanctions. This sometimes happened directly, as RIRs were unable to provide services to sanctioned countries or persons. It sometimes happened indirectly, as the financial services necessary to pay Internet registries’ service fees were unavailable. It also affected the development and partnership of network operators.

Sanctions Timeline

This timeline is a work in progress. It is evolving as we continue our research and it is not fully representative of all the sanctions instances. We very much welcome your feedback on the timeline as we would like to present something comprehensive and more global in nature at the end of the research project. Click here for the PDF version.

Effect of sanctions on the operation of Regional Internet Registries

Legally, whatever can be categorized as a “transaction” may be subject to sanctions. RIRs’ services can be affected because of the jurisdiction in which they are located as well as third-party service providers’ jurisdiction. At a minimum, the following can be affected:
Inter-RIR transfers
Transfers can be recognized as a transaction and since IP addresses are economic resources, then transferring IP addresses from one RIR to another might face issues because of sanctions.
Payment systems
Payment systems such as banks, credit card companies and financial entities may not provide services to entities that have members from sanctioned countries, refuse to provide service to those members directly, or both.
Software providers
Software providers that RIRs procure to provide services such as dual factor authentication might refrain from providing their services to members from sanctioned countries.

RIRs New membership, assignment, allocation or transfer requests (including End User requests)

RIPE NCC has been clear about the need to undertake due diligence in case of several services that it provides to the members, namely new membership, assignment, allocation or transfer requests.

Inequitable access to number resources because of indirect consequences of sanctions

Using compliance processes, RIRs can do the minimum to stay in compliance with sanction regimes and provide their services legally to the sanctioned countries. However, there is only so much they can do compliance wise. When the impact of sanctions is indirect and entangled with other industries, then inequitable access to number resources might emerge. The inequitable access can happen because nationals of sanctioned countries (that are not themselves the target of sanction regimes) might not be able to register new number resources because banks are not willing to facilitate their transactions. The issue goes beyond that, sometimes countries that are not sanctioned but are transacting and sharing IP blocks with sanctioned countries might be affected as well.

Impact of sanctions on network operators

This category of impact on Internet resources goes beyond RIRs’ mandate but affects the communities RIRs serve. Most network operators want to connect indiscriminately and based on technical considerations such as overcoming latency and not based on nationality, creed, or related matters. It is this value of global interconnectedness that made the Internet global. However, network operators are also institutionalized, and many cannot simply connect with other networks without considering sanctions. Besides, sanctions might impact peering and collaboration among ISPs and Internet Exchange Points. This was evident in the case of Serbia in 1998 and then Cuba. American sanctions against Cuba (combined with restrictive national Cuban measures) stifled the development of networks in that country for a long time. Network operators might also be impacted in “sanction-locked” countries. Countries surrounded by sanctioned countries especially might be impacted because the network operators in sanctioned countries cannot peer with others effectively.

Current and future policy solutions. Tell us what you think

Our study so far has highlighted the following policy solutions to maintain the Internet global and interconnected. At this stage, we are only briefly mentioning each, it is by no means exhaustive and we can change the list based on your feedback. If you would like to add to the list please contact us.

A balanced, transparent compliance process: RIRs (specifically RIPE NCC) have been transparent about their compliance process and the initiatives they took to comply with sanctions but, at the same time, not affect access to IP addresses. However, there are shortcomings in compliance processes in sanction regimes. The list-based approach (which is an effective compliance approach) has affected access to Internet services in the past for nationals of sanctioned countries. But they seem to be still fairer than blanket-blocking a whole country because of sanctions. Investigating various compliance solutions in this space might help with easing access to Internet resources.

Sanction waivers, exceptions and regulations for access to essential properties of the Internet: This is also another approach to seek some relief from sanctions when it comes to access to the Internet. We need to explore the effect of waivers and licenses on sanction relief. There have been some cases in the past where specific licenses and waivers have been obtained for certain services on the Internet which can help us understand how the processes work and how we can use these processes to successfully seek relief.

Convening intra-industry coalition to provide services to facilitate access to critical properties of the Internet: This suggested approach convenes the finance industry and other industries and organizations that have a key role in facilitating access to Internet critical resources to work on their compliance, obtain specific licenses if needed, and undertake other efforts of this nature to mitigate the adverse effect of sanctions on access to essential properties of the Internet.

Changes in governance structure of the RIRs: this might come across as controversial but needs to be discussed. RIRs are regional for historical reasons. If there were technical reasons to prefer geographic distribution rather than using some other criteria, those reasons are not clear in the historical documentation. In the future, should we consider changing RIR’s governance structures, or creating some Internet registries along non-regional lines to preserve access to Internet resources?

Arguing for a global Internet in international fora: another solution for the problem of sanctions would be to build on cyber norms, explore the humanitarian value of access to essential properties of the Internet and draw infrastructural analogies to argue for exemption of RIRs from sanctions in international fora. We will delve into this issue and identify the appropriate fora and the grounds for which there can be exemption or other avenues.

Planning for a public sanctions and Internet database

We want to encourage public accessibility of our findings and are creating a database of current regulatory frameworks, industry actors and approaches that could affect providing access to essential properties of the Internet. In the process of that, we will be identifying and mapping the actors that are involved in the field of sanctions and the Internet: for example we will list compliance regimes, sanction regimes, and different private and governmental actors that may have a role in affecting access through sanction regimes. We will also enumerate key industry actors and their compliance practices which could potentially facilitate or hamper access to numbers resources. We look forward to your feedback on the usefulness and design of such a database.

A multistakeholder summit? the case of Christchurch Call 

Too many summits are high-level, ineffective meetings filled with well-meaning but empty speeches. But the multistakeholder Christchurch Call summit this year differed greatly from the usual UN General Assembly meetings. New Zealand and France used their political capital in this meeting to bring together representatives of different stakeholders to have a discussion about countering terrorism online.To the participants’ surprise, most of the interventions were conversational and civil society was included on an equal footing. 

This blog includes Digital Medusa’s opinions about the summit and the Christchurch Call. 

Background

In 2019, New Zealand and France convened Christchurch Call to Action after the terrorist attack that killed 51, and injured 50, Muslims in a mosque in Christchurch. The horrendous attack was live streamed on Facebook and other tech-corporations’ platforms. 

When the Call was launched in 2019, civil society globally criticized their own lack of presence and complained of being treated as an afterthought. But for the past 3 years, we have witnessed a slow but sustainable change and a move towards convening a true multistakeholder forum. It has become a forum that can go beyond mere lip service, that is genuinely multistakeholder, and that takes part in the Christchurch Call commitments to preserve a secure, open, interoperable Internet while fighting with terrorist behavior online.

The governments of New Zealand and France convened the Christchurch Call Advisory Network (CCAN) which comprises civil society organizations including impacted communities, digital rights organizations and the technical community that aims to defend a global, interoperable Internet. While the role of civil society organizations in other similar forums is often contested and not very clear, CCAN has made real progress towards meaningful participation. It is important now that progress continues beyond just attending a high level meeting with the leaders of the world. 

Crisis Response Management and Internet Infrastructure

During the summit, we discussed the crisis response management and protocols. A lot of progress has been made by various countries to create a voluntary but cohesive protocol management that can also adapt to the global nature of the Internet. However, we increasingly see calls for content moderation at the Internet architecture level (domain names, hosting providers, cloud services etc). A proportional moderation of content at the infrastructure level might not be possible in all cases. Especially during a crisis, we have to be extremely careful with the techniques we use to filter and block access to domains and websites, as it might not be possible to do proportionally. Such techniques might hamper access to other services online. We also need to evaluate the impact on human rights of each at each stage of crisis response. A global interoperable and interconnected Internet needs a holistic approach to safety—one that does not focus exclusively on blocking, take-downs and after the incident responses, but that offers a systematic way of tackling the issues raised by horrific content online.

Researchers Access to Data

Perhaps surprisingly, Digital Medusa deviates from various researchers and civil society organizations in calls for researchers’ access to data. While the Digital Services Act will facilitate such access, I do not believe we have the governance structures in place to validate research, nor to provide the privacy-enhancing structures to diminish abuse of personal and private data. New Zealand, France and a few others announced an initiative that can address this issue while also facilitating researchers’ access to data. The effectiveness of such an initiative remains to be seen, especially as it primarily focuses on fixing problems by focusing on technology.  

Internet of the Future

It is natural to think that, if bad content online is the source of danger, then all that is needed is to remove that content and moderation. But content removal does not on its own bring safety to the Internet. For our future efforts, we need holistic approaches. We also need to work with impacted communities and operators on the Internet. Content removal and take-downs on the Internet can have a major impact on the well being of individuals. Careless removal and takedown can affect access to a host of essential online services and it can also hamper uprisings and information sharing online during a crisis. I hope that content moderation will become only one tool (and not even the most important), and we come up with more innovative ways to deal with governance of our conduct on the Internet.  

 

SancNet

Geopolitical conflicts and wars have been affecting access to the Internet since the Internet became more formalized and in a way, industrialized. This project focuses on “economic sanctions”, their effect on access to the Internet and the value of interconnectedness without discrimination.

Geopolitical conflicts and wars have been affecting access to the Internet since the Internet became more formalized and in a way, industrialized. This project focuses on “economic sanctions”, their effect on access to the Internet and the value of interconnectedness without discrimination.

Because of its history, the Internet and access to it were always affected by geopolitical conflicts and wars. Once it became widely accessible to consumers, however, the Internet became subject to trade sanction regimes in the US and Europe and possibly elsewhere.  There are debates about whether sanctions are effective for changing States’ behavior and what can be effectively sanctioned. As the Internet is a relatively new industrial area, this project proposes to adopt a systemic approach and document how sanctions are currently applied to the Internet, why there have been previous attempts not to apply sanctions to the Internet, whether contemporary problems necessitate application of sanctions to the Internet, and what a desirable outcome might be for sanctions and Internet access in the future.

We will use interviews, desk research and analytical narratives to provide a background on how sanctions have directly or indirectly affected access to the Internet. 

- Policy solutions: considering past sanction exemptions, what are the potential pathways to arguing for policies that can diminish the impact of sanction on access to the Internet but at the same time help governments achieve their sanction goals. 

- Strategies for compliance with sanctions while keeping the Internet global: the research discovers why businesses over comply with sanctions and how the risk strategies can change to maintain provision of services while still being in compliance with sanction rules. 

- Institutional changes: the research will also look into whether we need institutional and governance changes in Internet governance organizations in order to maintain interconnectedness.

Related meetings

Articles

Progress reports

Researchers 

  • Farzaneh Badiei, Digital Medusa 
  • Zhenye (Ryan) Pan, Columbia University 

Funding

This project is being funded by RIPE NCC 

Contact 

https://digitalmedusa.org/contact-2/

The Domain Name Multistakeholder Theatre

At the early stages of the Internet, domain names (example.com) were the point of entry for the majority of people’s online presence. As a result the allocation of these domain names mattered for the Internet. The general public, using the Internet for personal growth and development and citizen journalism cared about their domain names. Small businesses cared as well about their domain name, if the amusing case of armani.com is any indication

1998 saw the creation of a new body that, at a high level, would govern overall the allocation of domain names.  It was called Internet Corporation for Assigned Names and Numbers, or ICANN. For the reasons outlined above, ICANN mattered a lot to the Internet, so its policies affected a large number of people on the Internet. 

That has changed. The Internet has developed such that, while the Domain Name System is ever more important to technical operation, the role of ICANN (while still critical) has been diminished. Most of the time, people’s point of entry to the Internet does not expose them to domain names anymore.* 

Despite this change, some at ICANN still believe that ICANN is in charge of security and stability of the Internet as a whole and believe there is much at stake at ICANN. They also believe that the multistakeholder model that ICANN runs can only be done through bloated layers of processes and bureaucracy. This was evident in the recent ICANN Hague meeting which happened last week. 

For any issue that ICANN has to deal with, it comes up with an elaborate process that involves a wide variety of stakeholders (though it is dubious what stakes some have) and a very detailed process that will take months to operationalize. This was obvious from the re-opening of the issue of Closed Generics, a term for an obscure operational wrinkle where allocation of generic names such as .books to corporations like Amazon is disputed.  While the policy development group did not come up with a resolution on Closed Generics, the Board (instead of making a decision) sent the issue back to the community to make a decision. The community obviously came up with an elaborate process of having a facilitator, a bunch of representatives and so on.  

The problem with having a multistakeholder theater is that it leads ICANN away from its important but narrowly-limited mission. There are a bunch of regulators around the world that want to see things are happening. If ICANN is not doing that narrow, limited mission that it has, then the regulators will regulate. So while it is very gratifying to be transcribed, have high level panels with distinguished stakeholders and talk about issues and reopen them many times, we might have an irrelevant multistakeholder body soon. 

 

*This might be anecdotal but a cursory look at the number of domain name registration (from Verisign report) is indicative of such change: “New .com and .net domain name registrations totaled 10.6 million at the end of the fourth quarter of 2021, compared to 10.5 million domain name registrations at the end of the fourth quarter of 2020.” https://www.verisign.com/assets/domain-name-report-Q42021.pdf we can compare this number to Facebook’s new users which is 500,000 every day. https://backlinko.com/facebook-users, another reason might be that while apps and other Internet services use domain name system extensively, the general Internet user doesn’t use it directly.

About The Author

Farzaneh Badii

Digital Medusa is a boutique advisory providing digital governance research and advocacy services. It is the brainchild of Farzaneh Badi[e]i.Digital Medusa’s mission is to provide objective and alternative digital governance narratives.