Upload
ian-brown
View
1.671
Download
0
Embed Size (px)
DESCRIPTION
Seminar given 26/2/09 at the James Martin 21st Century School as part of their global governance challenges series
Citation preview
THE REALITY OF INTERNET GOVERNANCE
Ian Brown, Oxford Internet Institute
Outline
• Legitimacy in global governance• Three sites of global Internet governance
• NSA: Pretty Good Privacy and encryption controls• WIPO: “The answer to the machine is in the
machine” – copyright and Technological Protection Mechanisms
• ICANN: the travelling governance circus• Technocracy vs democracy; realpolitik vs
rhetoric• Regulating technology; technologising
regulation
Legitimacy and Internet governance• Source, process or results-oriented?
Mandates, accountability, consensus and technocracy
• Constitutional review – whose constitution? US, ECHR, UDHR, IETF? Code as constitutional law
• Rhetorical framing – ‘When I use a word,' Humpty Dumpty said, in rather a scornful tone, `it means just what I choose it to mean – neither more nor less.'
National Security Agency
• Lead US Signals Intelligence and Cryptology agency
• Multibillion $ budget• Highly secretive (No
Such Agency 1952-1964): SCIF policy
• Key driver of US and international policy on encryption
Encryption control timeline
1976: New Directions in Cryptography, Diffie & Hellman
1978: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Rivest/Shamir/Adleman: c = me mod n; m = cd mod n
1990: PGP software released via Usenet. Author Phil Zimmerman pursued through courts for 3 years
1977-: NSA attempts to ban publication of cryptographic publications; to control funding of cryptography research; and to ban export of cryptographic software
1993: Al Gore leads US attempts to mandate key escrow
1992: AT&T announce DES phone
Matt Blaze
Encryption rhetoric
• “They have computers, and they may have other weapons of mass destruction.” –AG Janet Reno (1998)
• "Terrorists, drug traffickers and criminals have been able to exploit this huge vulnerability in our public safety matrix.” –FBI Director Louis Freeh (2002)
• “Many people also choose to use readily available encryption programmes to encrypt their email, files, folders, documents and pictures. These same technologies are also used by terrorists, criminals and paedophiles to conceal their activities.” –Home Office (2009)
Encryption realpolitik
• “Law enforcement is a protective shield for all the other governmental activities. You should use the right word – we’re talking about foreign intelligence… The Law enforcement is a smoke screen” –David Herson, SOGIS (1996)
• “We steal [economic] secrets with espionage, with communications, with reconnaissance satellites” –James Woolsey, CIA (2002)
• "Encryption is no more prevalent amongst terrorists than the general population. Al-Qaeda has used encryption, but less than commercial enterprises.” –Juliette Bird, NATO (2006)
Encryption control unravels
1995: Netscape adds encrypted links, enabling e-commerce boom
1997: OECD rejects attempts to mandate key escrow in its Guidelines for Cryptography Policy
1996: IETF declares: “Cryptography is the most powerful single tool that users can use to secure the Internet. Knowingly making that tool weaker threatens their ability to do so, and has no proven benefit.”
1997: European Commission declares key escrow should be limited to that which is “absolutely necessary”
2001: US essentially abandons export controls
NSA summary
• Encryption policy was driven by a small number of executive agency stakeholders (largely excluding legislators) with very little transparency, and widespread contention from Internet community – lack of source, process and results legitimacy
• Differing stakeholder positions meant multilateral fora rejected US demands & bilateral negotiation failed
• Effective regulation extremely difficult given global availability of cryptographic knowledge, programmers, distribution channel, open PC platform and user demand
WIPO
• Part of UN system responsible for “developing a balanced and accessible international IP system, which rewards creativity, stimulates innovation and contributes to economic development while safeguarding the public interest”
• Spent much of 1980s and 1990s “updating” global © treaties
© rhetoric
• “the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” –Jack Valenti (1982)
• “The answer to the machine is in the machine” –Charles Clark (1996)
• “If we can find some way to [stop filesharing] without destroying their machines, we'd be interested in hearing about that. If that's the only way, then I'm all for destroying their machines.” –Senator Orrin Hatch (2003)
Technological Protection MeasuresWIPO Copyright Treaty §11“Contracting Parties shall
provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.”
Implementations
• DMCA §1201: “No person shall circumvent a technological measure that effectively controls access to a work protected under this title”
• EUCD §5: “Member States shall provide adequate legal protection against the circumvention of any effective technological measures”
• Similar provisions in various US FTAs ever since• All mirror detailed US proposals to WIPO that
were overruled during development of WCT and WPPT
TPM realpolitik
• “Accurate, technological enforcement of the law of fair use is far beyond today's state of the art and may well remain so permanently” –Ed Felten (2003)
• “Legal backing for the right of access is essential in the interests of social inclusion and equitable treatment of people with disabilities” –European Blind Union (2006)
• “Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music piracy.” –Steve Jobs (2007)
WIPO summary
• Consensus reached on TPM policy in UN agency, but implementation was driven by US and EU IP/trade agencies with widespread contention from users of © works – limited process and results legitimacy
• Effective regulation extremely difficult given global availability of TPM circumvention knowledge, programmers, distribution channel for code and unprotected works, existing insecure platforms (CDs), open PC platform and user demand
ICANN
• Internet Corporation for Assigned Names and Numbers
• Private, public-benefit Californian corp (1998) operating under agreement with US Department of Commerce
• Manages DNS, IP address and port allocation
ICANN governance
• Original attempts to elect board abandoned in 2002
• Now focused on process and result legitimacy• “to ensure the stable and secure operation of the
Internet's unique identifier systems”
ICANN rhetoric
• “Burdensome, bureaucratic oversight is out of place in an Internet structure that has worked so well for many around the globe.” –Condoleeza Rice (2005)
• "No intergovernmental body should control the Internet, whether it's the UN or any other.” –David Gross (2005)
• “On Internet governance, three words tend to come to mind: lack of legitimacy. In our digital world, only one nation decides for all of us.” –Brazilian WSIS delegation (2005)
ICANN realpolitik
• Internet governance is “definitely a travelling roadshow, if not a flying circus”-Markus Kummer (2004)
• “The ITU version of [the Internet] blurs…boundaries and takes us a step backwards into a centrally controlled, centrally managed, ‘more than good enough’ network—administered, of course, by the ITU.” –Ross Rader (2004)
• "Using 'talking shop' as a negative suggests communication is a bad thing” –Emily Taylor (2007)
ICANN summary
• Source legitimacy still highly contentious – online board elections abandoned, relies on extreme consensus processes and result legitimacy – limited objectives have been achieved
• Governance has just about held together, partly due to Internet community grudging acceptance of ICANN as least-worst solution. DNS alternatives are possible but so far unpopular
Comparison
Encryption control Anti-circumvention Identifier management
Policy objective
Maintain intelligence and law enforcement intercept capability
Maintain excludability of information goods
Maintain a stable and secure addressing system
Stakeholders
SIGINT agencies, law enforcement (US: NSA, NSC, DoJ), software cos
Copyright holders, trade and IP agencies, consumer electronics firms
Registrants, registrars, trademark holders
Legitimacy
Source; little transparency
Source, some process Multi-source, extreme process, result
Framing Terrorists, paedophiles Piracy is killing music Private-sector innovation
Sites COCOM/Wassenaar, OECD, G8, special envoy
WIPO, US-EU-Japan coordination, FTAs, special 301 procedure
The travelling circus
Counter-framing
Anti-Big Brother, US business interests
Defective by design, anti-innovation, anti-competitive, anti-fair use
Anti-democratic, US-dominated
Main challenges
Open source software, 1st amendment, economic espionage, consumer preferences, campaigners
Open source software, P2P networks, consumer preferences, Apple market power, campaigners
Finding consensus across extreme range of stake-holders; legitimacy
Conclusions
• Internet policy cycle takes decades, not years; it does not provide democratic panaceas nor trivial consensus
• Multi-stakeholder forums can take better account of technocratic expertise and civil society than bilateral and multilateral fora, building process and results legitimacy
• Internet, cryptography and PCs have acted as a powerful constraint on public and private sector power; network effects and sunk cost make change difficult – does some code have a constitutional quality?
• Effective, legitimate global regulation of information is hard; technological regulation is even harder
• legem de machina non dat machina ;-)
References
• W. Diffie & S. Landau (1998) Privacy on the line, MIT Press• L. Lessig (1999) Code: and Other Laws of Cyberspace, Basic
Books• P. Drahos with J. Braithwaite (2002) Information Feudalism,
Earthscan• V. Mayer-Schönberger & M. Ziewitz (2007) Jefferson
Rebuffed: The United States And The Future Of Internet Governance, Columbia Science & Technology Law Review 8, 188—228
• I. Brown (2007) The evolution of anti-circumvention law, International Review of Law, Computers & Technology 20(3), 239—260
• R. Weber & M. Grosz (2008) Legitimate governing of the Internet, In S. M. Kierkegaard (ed.), Synergies and Conflicts in Cyberlaw, 300—313
• A. Adams & I. Brown (2009) Keep looking: the answer to the machine is elsewhere, Computers & Law 20(1)