digital medusa logo

XR: Innovate and Protect with Community Governance

The World Economic Forum published a report in 2019 that tackled the importance of building beneficial and reliable governance standards for the Fourth Industrial Revolution. Of course, obtaining proper governance within the complex environment of regulatory bodies, private companies, and the speed at which technology advances is difficult. Nevertheless, engaging in ongoing discussions regarding appropriate governance mechanisms for emerging technologies that are adaptable and protective of users remains crucial.

Community governance is a participatory approach to decision-making where a community of stakeholders collaboratively governs and manages a particular domain. This approach emphasizes a bottom-up, inclusive process that considers all stakeholders’ diverse perspectives. In emerging technologies such as extended reality (XR), community governance is particularly relevant as it allows for innovation while protecting communities from abuse and evolving private governance mechanisms. However, many current XR environments have terms and conditions that are not bottom-up or community-oriented, highlighting the importance of developing community governance mechanisms to ensure that these technologies are used to benefit everyone.

Implementing community governance in the early stages of XR development can set the tone for future innovations and help mitigate potential problems. Community governance allows for a more democratic and inclusive decision-making process where various perspectives and interests are considered. This can lead to more informed and equitable decision-making, setting a precedent for future regulations prioritizing the users’ interests. Additionally, it can help protect users and communities from potential abuses of the technology and help promote innovation and creativity, which can lead to new and innovative approaches to technology development and use.

The rapid fruition of Extended Reality (XR) ideas and products has proven to be much more than a gimmick for the average consumer, having become lucrative and pervasive in government and private spaces. XR, an umbrella term for Augmented Reality, Virtual Reality, and Mixed Reality has been around since the 1800s and is used in many everyday use cases, such as video games or Google Earth. Governments and private companies still find themselves at a crossroads when discussing further development, research, and governance within XR.

Many XR environments’ current terms and conditions are often developed and enforced by a centralized authority, such as the platform owner or developer. For example, the Stockholm-based VR and AR studio’s terms and conditions state, “accessing the Game, you agree to abide by the Terms, and a legally binding agreement is created between you and Resolution Games.” In many cases, XR companies provide a sentence within their terms and conditions explicitly stating the relationship is only between the user and the owning company. This approach can lead to a lack of transparency, accountability, and inclusivity in the decision-making process, as the perspectives and interests of users and other stakeholders may not be considered. This can result in issues such as content moderation policies that disproportionately impact certain groups or the use of user data without their consent.

Like the Internet or other emerging technologies, XR has various facets that contribute to a user’s experience, ultimately bringing into question individual rights and protections. For example, a clear definition of a “virtual crime” within XR has not been established. Even though it is more apparent in other technologies, like account hacking or ransomware, defining virtual crimes becomes murky when differentiating real-life experience and the type of reality that XR provides. Additionally, privacy and security concerns have emerged considering XR usage of a user’s data for its functionality. Bloomberg Law published an article discussing eye-tracking and its ability to collect information, such as mental and emotional state, age, gender, and sexual orientation.

According to the General Services Administration, no laws or policies govern XR usage. Governing XR technologies is a multifaceted challenge, with governments creating their policies and regulations for aspects of XR but not XR itself. For instance, the EU’s General Data Protection Regulation (GDPR) defines items like personal data tied to XR. Similarly, the U.S. has created an “AI Bill of Rights” that touches upon aspects of XR but does not directly discuss XR.

Conversations around governance within XR have been prevalent but have not been collaborative or community-based. Many existing proposals for XR governance have only come from private companies or international organizations. Meta, formally known as Facebook, is dedicated to building the “Metaverse,” an immersive XR environment. In doing so, it has published its expectations and regulatory practices on data and safety, essentially leaving the responsibility to oversee these concerns to itself.

On the other hand, international organizations have provided a much more in-depth analysis of the negative implications of XR and how to address them. The XR Safety Initiative (XRSI) published a paper addressing many issues within XR environments, like digital divides and profiling, providing multiple regulatory suggestions ranging from hardware and language. XRSI introduces “Internet hindsight,” which is the lack of regulation and oversight for the Internet that led to misuse, abuse, and the breakdown of trust, arguing that it is happening or can happen to XR systems. One example of lack of Internet hindsight was the data concerns that arose when it was revealed that Cambridge Analytica had misused data for Facebook users in 2018 during the 2016 U.S. elections.

In April of 2022, the Bipartisan Policy Center published a report that revealed a high estimated increase in the market size of XR usage, not only in everyday usage in video games but also in healthcare and engineering. Revealing this information not only shows the popularity of XR in various fields but asks for laws and policies to be created because of this popularity. While XR support is becoming more apparent, XR can be detrimental to individuals without proper governance.

The Bipartisan Policy Center, the XRSI, and other organizations continue to prove that community governance is needed to ensure XR user protection. Community governance calls for implementing rules and regulations through a collective effort of various bodies, from governments to individuals. Digital environments like the Internet or XR are vast, and the task of governing them can be daunting, considering varying jurisdictions, opinions, customs, and other factors. 

Such community governance would involve an organized coalition of various stakeholders, including governments, XR professionals, and international organizations. Instilling a community governance model can benefit current users, protect future users, and mitigate issues that have not been realized yet. Methods of thinking like “Internet Hindsight” would assist in mitigating these issues by providing cases of issues that may not have been experienced in XR but can be possible. Furthermore, community governance would provide insight from various corners of XR experiences and important developments and innovations. This way, future developments will be prioritized correctly and handled ethically, reducing the biases that come with private companies. 

Digital technologies will continue evolving as more users participate in the experiences and creators develop new ideas. However, that does not mean that users should wait for a lawsuit to find assistance through unfortunate negative experiences, nor that private companies should take the lead on governing XR environments and products. XR is quickly growing and being adopted in many areas, but users remain unprotected if community governance is not implemented. 

Peering and Sanctions

Farzaneh Badiei and Angie Orejuela

When individuals want to use services on the Internet—for example, browse a website or send an email—various networks handle these requests. The requests go through networks in the form of packets, and that makes up what we call Internet traffic. Network operators are in charge of carrying this traffic. Through Internet peering, networks agree on helping one another to handle the traffic.
Economic sanctions can potentially impact actors involved with Internet peering. In this blog, we outline the potential impact of sanctions on Internet peering and the various actors involved. This piece is a work in progress, and as a part of the SancNet project, we are always open to feedback, corrections, and additions. A link to an online form for feedback can be found here and in the concluding remarks of this blog.

Revocation of membership from Internet Exchange Points/De-peering
When specific sanctions apply to individuals with formal roles in telecommunication services (for example, the CEO of a telecom operator), the Internet Exchange Point subject to the sanctions regime in question, will have to terminate the network operator’s membership. This‌ can have the following consequences:

  • De-peering has consistently been recognized as an extreme step, as it means customers might not reach specific sites on the Internet. (Werbach, Kevin. “Only connect.” Berkeley Tech. LJ 22 (2007): 1233.)
  • If the network operator is large and serves smaller network operators, those network operators are also affected. This will affect the quality of access and create latency. Some argue (as reported in  Russian state-owned media) that it does not impact their services. Such network operators claim they can have access to global traffic through Asia. But there are restrictions. For example, it is difficult to peer with Chinese operators due to their domestic restrictions on Internet traffic.
  • Network operators that are sanctioned might carry Internet traffic of other non-sanctioned countries. In such a case, the sanctions (and revocation of membership from IXPs) can affect other network operators based in other countries.
  • When revocation of membership from a well-established Internet Exchange Point happens, the individual members of that exchange point will likely stop peering with the sanctioned network bilaterally.

Peering and Sanctions in the US and EU
In the US, the Office of Foreign Assets Control (OFAC), in its FAQ, has clarified that sanctions in case of peering do not apply to the Cuban telecommunication operator. This is because of a specific regulation that authorizes “the exportation, reexportation, directly, or indirectly to Cuba of services incident to the exchange of communications over the Internet.” (31 CFR (Electronic Code of Federal Regulation) § 515.578 Exportation, reexportation, and importation of certain internet-based services; importation of software.)

For peering and transit in the EU, some advocated an “Internet carve-out” from EU 269/2014 that would blunt the effects on the Internet. The council adopted an amendment decision and inserted Article 6c, which provides that

“Article 2 shall not apply to funds or economic resources that are strictly necessary for the provision of electronic communication services by Union telecommunication operators, for the provision of associated facilities and services necessary for the operation, maintenance and security of such electronic communication services, in Russia, in Ukraine, in the Union, between Russia and the Union, and between Ukraine and the Union, and for data centre services in the Union.”

While some interpretations might make this amendment applicable to peering, other perspectives might differ. Legal counsels might argue that this Internet carve-out is not specific enough to include all the services, including transit and peering. Also, because peering usually involves many jurisdictions, providing carve-outs for just one or two countries (like the case of Cuba) or even a region does not solve the problem.

Cache Servers
Cache servers are a means by which much of the most popular content available on the Internet is always “close” in a network sense. These services enable the web, in particular, to satisfy enormous demands. Cache servers do not necessarily serve a peering function, but they are essential for cloud providers and peering locations, as well as for the quality of access to the Internet. They are even sometimes critical for having meaningful access to the Internet. A cache server temporarily stores information on a local network, making browsing faster. Cache servers are usually installed in data centers, ISPs, and peering locations. Trade restrictions, export, and import controls, and sanctions could impact the availability of these servers. There were two reported cases of Google shutting down its caching servers in two Russian ISPs. Google (reportedly) stated that the reason was a change in legal practices and compliance with sanctions. There are reports about Cache servers being unavailable in Afghanistan as well.

The Transborder Effect of Sanctions
Sanction regimes are designed in a way that could impact and apply to third parties that are not in sanctioned and sanctioning jurisdiction. This can especially apply to network operators that are located in areas with neighboring sanctioned countries.

Concluding Remarks
These are only a few preliminary and potential findings about the effect of sanctions on the operation of Internet Exchange Points and the provision of peering. If you would like to reach out and tell us about the problems you have faced, please do so by filling in this form. You can remain anonymous.

About The Author

Farzaneh Badii

Digital Medusa is a boutique advisory providing digital governance research and advocacy services. It is the brainchild of Farzaneh Badi[e]i.Digital Medusa’s mission is to provide objective and alternative digital governance narratives.