Internet Governance Public Policy Shaping the Internet's Future

Lessons Learned from the Multistakeholder Process in the Philippines

In 2018, we began collaborating with the Philippines’ Department of Information and Communications Technology (DICT) to develop the country’s National ICT Ecosystem Framework (NICTEF), a successor to the Philippine Digital Strategy for 2011-2016.

The DICT, like all Philippine government agencies, is mandated by law to hold open consultations as a means of improving transparency and encouraging public involvement in the policymaking process. But it took this initiative further by ensuring that NICTEF is fully reflective of the needs and priorities of different sectors across the archipelago. For one year, the DICT led capacity building workshops, focus group discussions, writeshops, an online public survey, and regional consultations in each of the country’s major island groups, localizing the multistakeholder approach in the process to reach important and difficult decisions.

The NICTEF is now an authoritative guide on the Philippines’ digital ecosystem, and a roadmap to harmonize and coordinate the country’s ICT programs. The multistakeholder process adopted by NICTEF has been documented in a case study, offering other countries in the region a reference in developing public policies that are forward-thinking, inclusive, and suited to the needs of a steadily-interconnected world.

Below are some of our key takeaways from the process:

Develop and clearly present a value proposition to ensure that the multistakeholder process is productive and outcome driven.

In invitations and announcements, it is helpful to clearly specify to stakeholders why they should participate and what they would gain from their involvement in the policymaking process. This would help organizations identify appropriate representatives to take part in consultations and enable them to prepare their inputs.

Build strategic and sustainable partnerships for the implementation of a collaborative, multistakeholder model.

The multistakeholder model needs to be a continuous and sustainable process rather than a one-time initiative. For example, the DICT found it effective to initiate discussions with the policy and planning division of other government agencies. This division is most likely to be familiar with the overall direction, as well as the deliverables of each ministry, and would be able to provide guidance on possible collaboration and relevant divisions that may be tapped to contribute to the NICTEF.

Conduct face-to-face consultations at the regional level to hear from the countryside and harder-to-reach stakeholders.

Working with its regional and provincial offices, the DICT conducted public consultations across the country to reach out to each island group and accommodate different levels of development, priorities, and perspectives.

Tailor the multistakeholder process to the culture of the country.

In many Asian cultures, individuals tend to be reluctant to speak up when senior or governmental personnel are in the room. There is therefore a need to offer multiple ways for individuals to voice their concerns, even anonymously through surveys.

Focus on the entire ICT ecosystem, not just what the government or the ICT sector is doing.

A crucial part of ICT policymaking is identifying existing gaps in different sectors where policy interventions might be useful. To reach individual companies and organizations, DICT engaged with industry and professional bodies, such as the Philippine Chamber of Telecommunications Operators and the Information Technology and Business Process Association of the Philippines. Discussions and consultations were open to all and were announced online on government websites and social media sites.

Previous ICT policymaking exercises focused on governmental efforts in the ICT sector. NICTEF, however, is a national framework for the entire ecosystem of stakeholders to work collaboratively. It represents what the people of the Philippines collectively want for the country, and within this framework, the role that government can play.

Read A Multi-Stakeholder Model in ICT Policymaking: Case Study from the Philippines.

Internet Governance Public Policy

Finding Common Ground on U.S. Net Neutrality

After more than a decade of regulatory ping pong, net neutrality’s future in the United States is still unclear.

Since 2004, FCC rulemakings have been caught in a vicious cycle. They have been passed, fought in court, and returned to the FCC with minor (and sometimes major) revisions. In the last few years there have also been numerous attempts to pass legislation, cementing net neutrality once and for all, but nothing has succeeded in Congress.

Recognizing the importance of finding a sustainable solution, the Internet Society proposed a collaborative process to help experts find common ground on this complex policy issue. Starting in June 2018, we convened an ideologically diverse group of experts to create a baseline set of principles for an open Internet. 

The Net Neutrality Experts’ Roundtable series included representatives from the technical community, edge providers, academia, Internet service providers, industry associations, and both left- and right-leaning civil society groups.

In a series of meetings over ten months, participants discussed how to create a sustainable solution for net neutrality that protect the interests of Internet users while fostering an environment that encourages investment and innovation. 

Ultimately, the group was able to create a consensus-driven set of bipartisan principles for an open Internet in the United States.

It is important to note that the Net Neutrality Principles do not represent or replace the existing positions of the Internet Society or any organization that participated in the project.

Instead, they demonstrate the power of inclusive processes in allowing experts to reach common ground on complex issues, and in delivering a concrete outcome. To us, this work is proof of the value of the collaborative approach.  

Our report on this process outlines the need for a sustainable net neutrality policy in the United States, the importance of using a collaborative model for policymaking, and details about the Net Neutrality Experts’ Roundtable Series.

The Internet Society is pleased to have facilitated a collaborative effort to help experts find common ground on net neutrality in the U.S. The bipartisan principles give policymakers a powerful tool to create a solution that upholds a truly open Internet for all. We would like to sincerely thank all participants of this process for their time, effort, and dedication.

About Internet Society Building Trust Community Networks Growing the Internet Improving Technical Security Internet Governance Internet of Things (IoT) Mutually Agreed Norms for Routing Security (MANRS) Public Policy Security Shaping the Internet's Future

Working Together the Internet Way to Build Success in North America

One of the most common lines you’ll hear in the virtual halls of the Internet Society is that the Internet’s success is due to its open, distributed, and global nature.

Think about it. A network of voluntarily-connected networks changed the course of history in a matter of decades because people agreed to work and innovate together. It’s a deeply profound source of inspiration about the power of humankind.

It practically begs the question: can we replicate even a portion of its success by embodying the “the Internet way” of working in North America?

The answer is yes.

As part of this, one thing is strikingly clear. Chapters and partners are the lifeblood of the organization. They are critical to working more closely with communities at the front lines of our work.

The Internet’s own globally-operable infrastructure proves the infinite potential of what can happen when people work together. In the same way, we will come together as a diverse community to help define future priorities.

We’ve already seen successes in the North American region that show how closer collaboration with Chapters and partners can help us reach new levels of success.

Enhancing IoT Security

Canada is changing how countries around the world think about securing our connected future.  Last year, the Internet Society launched and led the Canadian Multistakeholder Process oversight committee to secure Internet of Things (IoT) in Canada.

Throughout this project, the Canadian chapter helped plan meetings and enlist a dedicated group of partners, stakeholders, and youth participants to develop recommendations for an IoT policy to ensure security is ingrained in Canadian innovation. The Quebec chapter also organized a focus group on IoT during an Internet Engineering Task Force meeting in Montreal last year.  Even our U.S. Chapters and organization members are supporting the cause. For instance, the Internet Society’s New York Chapter hosted a session on how to make trustworthy IoT last October.

Thanks to this collaboration, countries and policymakers around the world are being inspired by our work. While the final recommendations aren’t expected until April 2019 (Canadians can comment on the draft here), we’re already helping countries like Senegal, France, and others to adopt similar regulatory approaches to build a future we can trust.

Indigenous Connectivity

Connecting the world is critical and we won’t rest until everyone who wants to be connected has the option to do so. Thanks to a dedicated group of individuals, communities, and local Chapters like New Mexico, we’ve made great headway to inspire solutions to close the digital divide in Indigenous communities throughout North America.

We’ve already held two successful Indigenous Connectivity Summits (ICS) to explore the potential of community networks to empower communities to connect to fast, affordable, and reliable Internet on their own terms. The ICS has also inspired plans to create a new Chapter focused on Indigenous connectivity.

You can read about last year’s event held in Canada’s Artic community of Inuvik, NT in Empowerment Through Connectivity.  We’re already looking forward to the third Summit in Hawaii this November, and not just for the change in weather. Stay tuned here for more details on ICS!

Promoting a Healthy Internet for Everyone

When it comes to advocacy, we have a lot of ground to cover as a global organization. There is a wide range of issues critical to ensuring an open Internet for all, and Chapters and partners are crucial to speaking with a stronger regional voice.

Just last month, Konstantinos Komaitis led a speaking series on regulation in the United States and Canada to bring attention to our Chatham House call for papers on consolidation. Thanks to help of the Washington DC and Canada Chapters to organize these events, our “regulation on the road” tour brought attention to the unintended consequences of regulation in key newsworthy moments, such as securing Canada’s federal election.

One of the successes that inspired our collaborative efforts was supporting DC Chapter Executive Director Dustin Phillips’ Internet community road trip last year. His collaboration with the San Franscisco-Bay Area chapter and other partners to promote the importance of getting involved in Internet Governance helped bring some powerful doers and shakers to the ecosystem.

This year, we’ll be advocating for security standards like MANRS. We’ll also continue to collaborate on even more events, educational resources, and webinars to amplify what we do, why it matters, and how it’s important to the future of the Internet.

Moving Forward Together

When it comes to making a difference, the Internet has already taught us that we’re stronger together than we are apart.

By integrating “the Internet way” of working with Chapters and partners based on our shared goals and values, the Internet Society can take greater strides to making the Internet a better and more inclusive place for everyone.

Based on our early successes, we’re more confident than ever that collaboration will take us to new levels of success.

Economy Internet Governance Privacy Public Policy Reports Shaping the Internet's Future

Future Thinking: Orla Lynskey on Data in the Age of Consolidation

Last year, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. We interviewed Orla Lynskey to hear her perspective on the forces shaping the Internet’s future.

Orla Lynskey is an associate professor of law at the London School of Economics and Political Science. Her primary area of research interest is European Union data protection law. Her monograph, The Foundations of EU Data Protection Law (Oxford University Press, 2015), explores the potential and limits of individual control over personal data, or “informational self-determination’” in the data protection framework. More recently, her work has focused on collective approaches to data protection rights and mechanisms to counterbalance asymmetries of power in the online environment. Lynskey is an editor of International Data Privacy Law and the Modern Law Review and is a member of the EU Commission’s multistakeholder expert group on GDPR. She holds an LLB from Trinity College, Dublin, an LLM from the College of Europe (Bruges) and a PhD from the University of Cambridge. Before entering academia, she worked as a competition lawyer in Brussels and as a teaching assistant at the College of Europe.

The Internet Society: You recently edited a symposium edition of International Data Privacy Law (IDPL) in which you argue that the interplay of law related to data protection, competition, and consumer protection is at a crucial crossroads. Why, and how does this play out in the Internet domain?

Orla Lynskey: These areas of law are at a crossroads in two senses. The first is that there has now been increasing recognition from regulators that they do overlap in some circumstances. A good example of this is the reference in the Microsoft/LinkedIn merger decision to data protection as a parameter on which firms compete, or the claim that Facebook is abusing its position of market power by making access to its service conditional on excessive data collection on various third-party websites being investigated by the German Competition Authority. However, we are also now at a crossroad in a second sense: having recognised that these areas of law need to be applied in a holistic manner, we now need to consider from a practical, procedural perspective how this overlap can be managed.

You’ve written elsewhere that digital consolidation can have an effect on digital inequality by giving platforms not just market power, but also the “power of providence.” What do you mean by this and how does it impact marginalised communities in particular?

Providence is defined in various ways, including as a form of non-human influence that controls people’s lives. I argue in the paper that dominant digital platforms have a “power of providence,” as they are – like the eye of providence – all-seeing: they have the ability to link and analyse diverse datasets in a way that provides a comprehensive overview of the lives of individuals, rendering them transparent in the process. Furthermore, they can use this unique vantage point in order to influence individuals in ways that we might until now have viewed as dystopian, for instance through personalised political advertising. Finally, the Internet’s architecture and the terms used to describe its processes (for instance, “machine learning”) give the false impression that the way in which our data is used to influence us online and nudge us in particular directions is untethered from human input, or is “neutral.” In this sense, it is given a quasi-divine status.

I suggest that this power of providence can have the particularly pernicious effect of exacerbating existing societal inequalities. I argue in the paper that this ability to use data to influence people can be used to discriminate, to differentiate and also to create perceptions. For instance, I was able to draw on the work of other scholars to indicate that data mining facilitates differentiation on the basis of socioeconomic status, which is not something that discrimination law prohibits. This research suggests that the poor are subject to more surveillance with higher stakes and are particularly vulnerable to data mining processes as a result of the devices used to connect to the Internet (notably, mobile phones which are less secure than other devices). While differentiation via data mining is not the sole purview of platforms which such power, their privileged position gives them superior data-mining capacity and means the existing information and power asymmetries are exacerbated.

Can competition law challenge the power of providence? What about data protection law? How can these work together to protect digital rights?

Competition law provisions are the only legal provisions explicitly designed to constrain the exercise of private power and so it makes sense to consider whether they can be of assistance in challenging this power of providence. I believe that, at a minimum, competition law should not make matters worse by, for instance, facilitating data-driven mergers that further consolidate our data in the hands of a very limited number of private actors. However, in some circumstances competition law could also limit abusive behaviour – for instance, exploitative terms and conditions for data usage – by firms with market power.

That said, competition law has its own limits and should only ever be a part of the overall jigsaw puzzle, with data protection law playing a leading role in regulating how our personal data can be used. To date, EU data protection law has not been robustly enforced, but I am one of those who remain optimistic that with stronger enforcement this system could be really effective.

If data protection, consumer protection, and competition law are all important in challenging harmful digital dominance, how do the different regulatory agencies responsible for dealing with these respective issues work together without encroaching on each other’s domains? Is there a need for better multistakeholder collaboration in this regard?

It is this question – of the division of labour between regulatory authorities – that has yet to be really ironed out. Ideally, as the European Data Protection Supervisor has proposed, these agencies would collaborate with one another under the auspices of a “Digital Clearing House,” or something similar.

Germany recently announced plans to try to curb digital dominance using competition law. Have you noticed any trends when it comes to other competition authorities’ responses to tech dominance around the world, and particularly how they are defining relevant markets?

There is definitely a growing recognition of the power of technology companies amongst regulators, and the wider public. This may be where competition law hits its limits, however: competition law provisions do not prevent a company from acquiring a position of market power, they simply make it unlawful for that company to abuse that position of market power in a way that is exploitative or that would exclude equally efficient competitors from the market. Economic regulation could, for instance, force tech companies to ensure structural separation between various operations (e,g., a structural separation between Facebook and WhatsApp). However, this would require legislative intervention.

The exception to this is in the context of mergers, where competition authorities get to look at the potential future impact of a transaction on the market. Here, I have argued in the past that data-driven mergers should be treated in an analogous way to media mergers and subject not only to an economic assessment but also to a broader non-competition assessment to gauge their impact on data protection and privacy. This is one of the ideas being considered in Germany and I think it is likely other competition authorities will introduce similar measures in due course.

What do you think of the idea that user data should be given digital property rights (i.e., that platforms should pay users for their data)?

Property rights in personal data are a terrible idea: they offer no real advantages compared to the current legal framework and risk exacerbating information and power asymmetries while undermining data protection as a fundamental right. Giving property rights in data would not strengthen our hand when it comes to negotiating with the tech giants, rather it would simply mean that we would lose all rights over that data once we entered into contracts with these companies. I also worry that going down this route would make data protection a luxury that can be enjoyed by those who could afford not to have their data processed, even perhaps creating the skewed incentive to reveal more data, or more sensitive data to profit from it. This is incompatible with the EU Charter right to data protection. I discuss this issue in my book on the foundations of EU data protection law. 

Is there hope in data portability as a way of countering data effects and addressing consolidation concerns?

Potentially. One explanation for the GDPR right to data portability is that it may empower consumers to switch service providers if they are unhappy with a service (for instance, to switch from Facebook to a mythical alternative if you are unsatisfied with the quality of the data protection offered). However, as I discuss in my research, the impact of this right on competition and innovation is ambiguous. It could, for instance, deter innovation by locking in the standards used by incumbent companies or increasing the costs of startups. This is all the more so as it does not require interoperability. However, whether interoperability is desirable from a data protection perspective is equally contestable. I would suggest that portability should be viewed through the lens of individual control over personal data rather than simply as a market tool, given these ambiguous effects.

What are your fears for the future of the Internet?

My main fear about the Internet is that a medium which promised so much for the advancement of rights – such as freedom of expression and of association – may end up having corrosive and divisive real world effects. One of the advantages of the Internet was that it offered people the opportunity to connect with those with similar niche interests (the Eric Cantona Appreciation Society, for example) but the personalisation of all content, including for instance political content, may push this to an extreme. That is not to say that personalisation is the only factor feeding into this concern, needless to say.

What are your hopes for the future of the Internet?

I think the Internet at present is based on a data bubble that needs bursting. The primary example of this is the excessive data processing that online behavioural advertising entails. Even if we could argue that processing of personal data is the quid pro quo for access to online services and content that are free at the point of access, the amount of personal data processed for that exchange is clearly disproportionate. Regulators have not yet gotten to grips with this but data protection law provides a potential ground on which to challenge this processing: when considering whether consent is freely given, utmost account needs to be taken of whether the service is made conditional on consent to unnecessary processing. I have not yet seen any empirical evidence that convinces me that online behavioural advertising is so much more effective than contextual advertising that it justifies this excessive incursion into our rights.

We’re getting ready to launch the next Global Internet Report! Read the concept note and learn how the Internet Economy might shape our future.

Internet Governance Public Policy

Philippines Department of ICT Sets the Multistakeholder Model into Action

Early this year, we embarked on an initiative with the Philippines Department of ICT (DICT) to co-develop the country’s National ICT Ecosystem Framework (NIEF) in a multistakeholder fashion. The NIEF, which succeeds the Philippine Digital Strategy, will guide the course of ICT use and development, as well as the priority areas for government, until 2022.

Our collaboration builds upon the success of the Philippine Chapter’s work with key stakeholders to advance open Internet development in the country, particularly in the policy sphere, and DICT’s sustained drive to expand avenues for participation in its policy formulation. Just last year, DICT and the Chapter, together with the Foundation for Media Alternatives, spearheaded the first Philippine Internet Governance Colloquium, which has been scaled up to a countrywide roadshow this year to help address pertinent Internet issues in different localities.

Having formalized our partnership in a memorandum of understanding, signed in July by DICT’s Secretary, Eliseo M. Rio, and the Internet Society’s Regional Bureau Director for Asia-Pacific, Rajnesh D. Singh, we pledged to support the DICT in embedding the multistakeholder approach not only in the framework’s development but in its implementation. Our engagement was complemented by an Internet Governance training workshop to broaden understanding among civil servants of the principles that underpin the architecture and continued evolution of the Internet.

The DICT has since conducted six focus group discussions in the areas of participatory e-governance; industry and countryside development; user protection and information security; sustainable ICT environment; resource sharing and capacity building; and improved public links. It has organized several writeshops and, with our support, is in the process of conducting public consultations in each of the three major island groups, in addition to the capital, Metro Manila, to ensure that the NIEF fully reflects the needs and concerns of the whole archipelago.

The first one, held last week in the burgeoning tech city of Iloilo had over 110 participants from key sectors in local government, industry, academia, civil society, and the technical community providing valuable insights on the progress of ICT development in rural areas and secondary cities in the Visayas region.

Three more will be held this month, in Cagayan de Oro for the Mindanao region; Bulacan for Luzon; and in Quezon City for the Metro Manila area. Together with DICT, we have also launched a public survey, both in Filipino, the national language, and in English, to further solicit input from citizens on the ICT issues that affect their day-to-day lives.

Through DICT’s commitment to putting the multistakeholder model into action, the Philippines joins a growing number of countries around the world demonstrating that making sound decisions in a rapidly evolving, globalized yet decentralized digital landscape begins with policymaking processes that are open, inclusive, and accessible to everyone in the ecosystem.

Internet Governance Public Policy

Plenipot 2018 – What’s Up for the Internet?

Two weeks ago, the Editorial Board of the New York Times published a piece predicting that the Internet is heading for a breakup.

Based on the comments made by Alphabet Chairman Eric Schmidt during a private event the Times set out to paint a picture of a world with three Internets.

The timing is understandable. We’re in a world where things like the European Union’s General Data Protection Regulation is met with an equal measure of acceptance, annoyance, and confusion around the world.

And, just last week, my colleague Konstantinos Komaitis warned about what could happen as decision-makers are imposing rules that spill over onto the Internet, hamper innovation, deter investment in their own countries, and risk creating new digital divides.

These events set the stage for the Plenipotentiary meeting of the International Telecommunications Union (ITU).

And, in today’s climate, there are many who believe the Internet could be failing us.

So, we need to speak loudly about the fact that the Internet is not failing.

So far, I think the Internet has been a force for good.

The Internet allows us to do things like expand our access to education, build businesses, and grow our economy.

The Internet connects people because of its open, distributed, and interoperable design. Each network that joins the Internet becomes part of the Internet. A network of networks cannot be centrally controlled because it has no center. This is not some accidental design choice we can alter. It is an essential feature. A feature that has allowed for permissionless innovation and for technological scale beyond the dreams of its early creators.

The Internet was not designed to recognize national boundaries. It just wasn’t relevant to the technical design. Resiliency is achieved through diversity of infrastructure. Having multiple connections and different routes between key points ensures that traffic can “route around” network problems.

It is this design that makes it an Internet for everyone, and this is what makes it such a powerful tool for our global economy. The very nature of its design also has driven global technical collaboration between and among experts and stakeholders.

The Internet works through collaboration; singular control weakens it at every step.

For the new challenges of the twenty-first century, we need new models of collaboration. The way the Internet infrastructure was operated and managed by the community over the last 25 years is a novel model of successful global self-regulated collaboration. And, the truth is that nobody has a magical cure for global challenges. The world is still struggling to apply the old national and international governance models to solve today’s global challenges such as climate change, human migration, wars, and occupations. Perhaps the story of the Internet will inspire us to work together even more.

So over these next three weeks, let’s be loud and tell our story – a story of collaboration. If you are part of the community who are creating the Internet of tomorrow tell the world about it by using the hashtags #Plenipot18 and #DontBreakTheInternet.

By sharing our stories, we also can inspire others to join us in our cause and remind the world that the Internet is for everyone because only everyone can make a better tomorrow.

Image ©Internet Society/Nyani Quarmyne/Panos Pictures

Public Policy

Splintering the Internet: The Unintended Consequence of Regulation

In early 2000, two Paris-based, anti-racism groups sued Yahoo on the basis that its auction’s site was exposing French people to more than 1,000 objects of Nazi memorabilia. In May of that year, a French court confirmed the illegal nature of the sale under French law, claiming that the company had offended France’s “collective memory.” More importantly, the judge also ordered Yahoo to identify ways to block French users from its Nazi auction site or other Yahoo sites with content deemed to be racist. [1]

The case attracted significant attention, due to the legal precedent it could set on the right of one country to reach across borders and impose its own laws on online material stored in other countries. At the time, Yahoo’s lawyer expressed his hope that “other countries [wouldn’t] take the same route.”

Fast forward 18 years and today’s Internet is going through an intense phase of regulation with similar effects to those of the Yahoo case. Almost every country in the world is currently in the business of “regulating the Internet.” A clarification is important at this stage. “Internet regulation” is a somewhat loaded and misguided phrase. In reality, what most state actors seek to address are issues of anticompetitive behavior, content moderation, or the handling of personal data. None of these issues takes place “on the Internet.”. Instead, they occur at the applications’ layer of the Internet – what we refer as the World Wide Web. But, this is a discussion deserving of a whole different note.

But regulation of the Internet can have unintended consequences. One such consequence is extra-territorial application. It’s particularly important for what it means for a resilient, global Internet. The Internet was not designed to recognize physical boundaries or to comply with only one actor’s rules. It wasn’t being anti-conformist – it just wasn’t relevant. Resiliency is ensured through diversity of infrastructure and this diversity comes from nodes located globally, in different parts of the world. The more there is a push to try to make the Internet fit within national borders or to make it comply with one nation’s regulatory thinking for the sake of maintaining some sense of control, the more we risk sabotaging the diversity that is critical for its resilient and global nature. Extra-territorial application of laws can provide the wrong incentives for state actors to engage in a regulatory race that will only result in a fractured, less resilient Internet.

Courts, international lawyers and academic scholars are familiar with the notion of extra-territoriality as an evolving manifestation of state sovereignty, which, historically, has gone through a constant transformation seeking to adapt to an ever-changing international system. With the Internet, the pace of this has intensified.

The main challenge here is that the Internet is global, so regulations and court decisions that affect it may have extra-territorial effects. There are two questions we seek to advance as part of our concept note on “The Internet and Extra-Territorial Effect of Laws.”

  • How mindful are states about avoiding harmful and unnecessary impact outside their borders?
  • How can they minimize such negative effects?

As this concept note uses the term, extra-territoriality refers to the applications of the laws of one country to persons, conduct, or relationships outside of that country. Globalization has intensified both the quantity of transnational interactions and the interest of states in regulating them. But, when it comes to the Internet, things are a bit more complex; although by accident, globalization is an Internet feature, not a bug, and legal systems everywhere should recognize this, not try to “fix” it. We must make decisions that exert jurisdiction extra-territorially in ways that allow the Internet to evolve as an open, globally-connected, secure, and trustworthy technology for everyone. But, when a law does not specify its geographic reach, what limits (if any) could courts place on its application?

In order to answer this question, we need to first understand the causal link between social and economic progress and the Internet. The Internet is premised upon a set of fundamental properties, including openness, innovation, permission-less innovation, interoperability, collaboration, and competition. These properties allow the Internet to be a driver for new economies to emerge, for bringing societies closer together, and for allowing novel forms of political expression. These are known as the “Internet invariants” because without them, the Internet would not be like the one we know and use today.

Unfortunately, in many cases, decision-makers are imposing rules that spill over on the Internet elsewhere, hampering innovation, deterring investment in their own countries, and risking a new digital divide. You only need to look at the annex of the concept note to see how overwhelming the regulatory activity currently is.

The concept note does not suggest that regulation should not happen. Regulation is the prerogative of nation states and state actors have the responsibility to defend the interests of their citizens. However, there is a valid argument that many of the problems associated with the extra-territorial application of laws can be mitigated if stakeholders encourage decentralized, collaborative approaches, including international norms development processes. Such processes and structures can create better outcomes because they have broader participation and are more politically responsive and economically sustainable than some top down approaches.

We often talk about the importance of collaboration in the Internet. In this specific case, we must collaborate to avoid such things like inconsistency, uncoordinated action, fragmentation, and international tension, to name a few. Our thinking has shown that all these unintended consequences can be real in an environment where nation states seek to regulate the global Internet.

Read “The Internet and Extra-Territorial Effect of Laws.” The concept note is also available in French and Spanish.

[1] In fact, the students who initiated the case had to deliberately and consciously navigate to from before they could find the auction of Nazi war memorabilia. They did not “accidentally” encounter this auction. They sought it out.

Internet Governance Public Policy

What’s Ahead at the 2018 Plenipotentiary Conference

Today the Internet Society published a matrix of issues that will be discussed at the International Telecommunication Union’s (ITU) Plenipotentiary treaty conference (PP-18) in Dubai next month.  The matrix reflects common proposals adopted recently at some of the ITU’s regional preparatory meetings. It is intended to aid our community in preparations and serve as a useful guide on where governments stand on some of the issues that are important to the Internet Society community. Note that the matrix will be updated periodically as individual country proposals are submitted closer to the conference date. Based on the input from governments so far, Internet Governance, emerging technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), and Over-the-Top (OTT) applications and services will rank high on the agenda at the Plenipotentiary.

While the Plenipotentiary happens every four years, it comes at a time when Internet Governance stakes are particularly high, as governments’ response to the borderless nature of Internet issues such as cybersecurity and data privacy is intensifying, and support for multilateral solutions to deal with them grows. Those that favor a multilateral governance approach might view the ITU’s international cooperation framework for global telecommunications as the natural vector into Internet policy issues, and could be seeking a firm role for the ITU in the Internet Governance realm.

The Internet Society sees the Internet’s success as the result of open, inclusive, and collaborative processes that allow a wide range of people with expertise and interest to contribute to its development and find collaborative solutions.

As a Sector Member of the ITU, the Internet Society will be at PP-18 as an observer. We support the technical evolution of the Internet and are committed to making sure that everyone has access to it. We will work with our partners and community to raise awareness amongst delegates on the importance of a distributed model of governance, encourage more open and inclusive processes within the ITU to enable development, and provide our expertise on Internet technical and development aspects so that delegates can be better informed in the discussions.

Please see our PP-18 page for more information about the conference:

Suggestions and comments on the matrix are welcome and should be sent to

Building Trust Events IETF Improving Technical Security Public Policy Technology

Registration Open for “Cyber Diplomacy Meets InfoSec and Technology” Alongside IETF 102

As we recently announced, the Global Commission on the Stability of Cyberspace (GCSC) will host a lunch panel on “Cyber Diplomacy Meets InfoSec and Technology” alongside IETF 102 on Tuesday, 17 July. Registration opens today in two time slots for global time zone fairness, at 08:00 UTC and 20:00 UTC. Register here.

The Global Commission on the Stability of Cyberspace is developing norms and policy initiatives that intend to counter the risk to the overall security and stability of cyberspace due to rise of offensive cyber-activities, and especially those by states. During this session, the Commission wants to inform and engage with the IETF community on its work so far and the work that is in the pipeline.

The Internet Society is assisting with logistics. Internet Society Chief Internet Technology Officer and GCSC Commissioner Olaf Kolkman will moderate the panel. The panelists are:

  • Irina Rizmal, researcher at the DiploFoundation specialized in policy analysis in matters pertaining to national security and defense.
  • Bill Woodcock, Commissioner and Executive Director at Packet Clearing House, the non-profit agency that supports critical Internet infrastructure.
  • Jeff Moss, Commissioner, founder of Black Hat and Defcon, member of the DHS security council, and former ICANN CSO.


The panel takes place during lunch on Tuesday, 17 July, at the Fairmont The Queen Elizabeth in Montreal alongside IETF 102. Lunch will be provided to those who pre-register.


Pre-registration is required to attend this briefing panel in person. Registration is now open, so register here.

This event will also be webcast and audiocast. Pre-registration (or IETF attendance) is not required to attend online. Watch this space or the session page for more information and links on remote participation.

We hope you can join us in Montreal, or online!

Public Policy

Article 13 of the Copyright Directive Raises Serious Questions

The next couple of days will be important for the future of the Internet, as the European Parliament’s Committee on Legal Affairs (JURI) will vote on the proposed Copyright Directive. The Directive, which aims to update and reinforce the rights of rights holders within Europe’s Digital Market, is largely a positive step forward inasmuch as the law needs to be updated in light of modern technologies and the Internet. However, Article 13 of the directive raises serious questions about the implications for free expression, creativity, and the freedom to publish.

Under this article, “information society service providers” will be required to use “content recognition technologies” to scan videos, audio, text, photos, and code to the detriment of open-source software communities, remixers, livestreamers, and meme creators.

Last week, many Internet luminaries penned an open letter to the President of the European Parliament asking for the deletion of Article 13. The Internet Society agrees with the concerns raised in this letter and urges the Parliament to reconsider Article 13 in light of the implications for the open Internet.

In the meantime, civil society and academia, including EFF, EDRI, Creative Commons, and the Max Planck Institute for Innovation and Competition have all raised concerns over the potential negative impact of Article 13 on freedom of expression, the rule of law, market competition, and the Internet architecture as a whole. In their analyses, they additionally note that Article 13 is contradictory to the existing EU legislation and case law.

There are two problems with Article 13.

Firstly, Article 13 turns Internet content sharing platforms of all kinds into the “content police” obliging them to implement surveillance tools in order to carry out this function. According to cryptographer and security expert Bruce Schneier, “Aside from the harm from the provisions of Article 13, this infrastructure can be easily repurposed by government and corporations – and further entrenches ubiquitous surveillance into the fabric of the Internet.”

Secondly, while Article 13 calls for the introduction of, “measures, such as the use of effective content recognition technologies” (our italics), it could be argued that such technologies do not exist. As the Internet Society has written, content-blocking technology is often highly ineffective, overly broad, and even counterproductive. Technologies deployed today often block legal content and do not differentiate between fair use and copyright infringing activity.

We believe that all Internet-related IP discussions should be conducted under a multistakeholder framework that includes technologists and all impacted parties, and in a transparent manner, based on the Rule of Law, without undermining the global Internet architecture and permissionless innovation.

We, therefore, join all the other voices in requesting that Article 13 is removed from the Copyright Directive and we ask European users to visit and contact their MEP.

Growing the Internet Public Policy

Net Neutrality Round Table

Debates regarding net neutrality regulation in the United States have been carried out for over a decade. Rulemakings by the FCC have been passed numerous times, won and lost in court, and been repealed, resulting in years of political back and forth. Now, net neutrality is being argued for and against on Capitol Hill and its regulatory future is unclear.

To address this political limbo, the Internet Society convened experts from the technical community, public interest groups, and academia to discuss how we can create a permanent solution for net neutrality that protect the interests of Internet users while fostering an environment that encourages investment and innovation. During this half-day event, participants began a conversation to define net neutrality, what conduct it should cover, how compliance could be assured, and how to balance consumer and private sector interests.

The discussion was moderated by Larry Stickling, Executive Director of the Collaborative Governance Project at the Internet Society, and included a balanced group of politically left- and right-leaning public interest groups, private sector organizations, and academics. The event was under Chatham House Rule and did not allow tweeting during the meeting in order to encourage participants to freely and respectfully voice their opinions.

Participants began by discussing high-level principles for the open Internet and agreed that Michael Powell’s 2004 ‘Internet Freedoms’ were a good starting point. With a few adjustments, the group reached consensus on the following principles for the open Internet:

  • Users should have access to their choice of legal content.
  • Users should be able to run and create applications of their choice.
  • Users should be permitted to attach any devices they choose to the connection in their homes.
  • Users should receive meaningful information regarding their service plans.

The discussion then turned to stakeholder expectations. Participants identified six relevant stakeholder groups that may impact or be impacted by these principles, including Broadband Internet Access Providers (BIAP), users, platforms, content providers, device makers, and the government. They then attempted to reach consensus on what each stakeholder group should reasonably be expected to do to uphold the agreed upon open Internet principles. Though several points were discussed for each, the group agreed that “protect security” and “be transparent” were reasonable expectations for every stakeholder group, though implemented in different ways depending on the stakeholder.

After establishing the principles of the open Internet, relevant stakeholders, and expectations of stakeholders, the group discussed how to define net neutrality. All participants agreed that any rules must include protection against blocking or throttling of content. The group determined that net neutrality must include a degree of transparency and a prohibition against any anticompetitive interference, though there was not consensus on how to define either of those terms. They also agreed that net neutrality must be subject to reasonable network management, though a means of defining “reasonable” was not reached, and that there must be a general conduct standard.

To end the conversation, participants discussed which regulatory agency should be assigned the task of ensuring net neutrality is upheld. Ultimately, the participants agreed that, with concessions and the creation of a general conduct standard, they could live with either the FCC or the FTC as the net neutrality regulatory body. However, some participants cautioned that the FTC has shortcomings that would need to be addressed in further discussions.

Moving forward, this group has agreed to continue to meet in an attempt to reach consensus on what a general conduct standard may look like, whether or not paid prioritization should be included in the definition of net neutrality or whether a general conduct standard could replace it, and how penalties or remedies should be addressed.

The Internet Society was very pleased with the open conversation participants engaged in and the progress that was made as a result. We look forward to hosting additional meetings in the coming months as we attempt to find a multistakeholder solution to the net neutrality regulatory debate in the United States.

Internet Governance Privacy Public Policy

GDPR: Going Beyond Borders

Today, the EU General Data Protection Regulation – or GDPR – comes into effect amid a great deal of anticipation and build-up. For the past few years, companies and policy makers around the world have been preparing for this legislation to come into force. It introduces higher and stricter privacy requirements and heavy fines for noncompliance. The interesting, yet challenging, part of the GDPR is that it applies to all organizations processing the personal data of subjects within the European Union, regardless of their location.

In this sense, the GDPR is an ambitious effort that seeks to fill a gap in the field of Internet privacy. Implementation by organizations around the world has not been easy as the statute is complex and, in many ways, difficult to enforce. This has been particularly so for small and medium enterprises (SMEs) and startups as the costs of ensuring compliance are considerable.

At the Internet Society, we are pleased to see privacy becoming a priority, not just a “nice to have.” As an organization with a global community, operating all over the world, we are among those who have been preparing for the GDPR. Doing privacy well is not easy, but it’s something we care about and believe everyone should have, no matter where they are.

Europe’s intention to create a much stronger and more robust privacy framework has been quite clear all along. For the past few years, Europe has hinted that its understanding of the right of privacy is not only different from many of its counterparts, but also one of its key priorities. The 2002 ePrivacy Directive, the 2014 landmark ECJ decision on the Right to be Forgotten, the 2017 ePrivacy Regulation proposal, and now the GDPR are all clear examples of a region determined to provide strong privacy protections.

All this has allowed Europe to achieve two things: first, provide some much-needed substance to the global debate on Internet privacy, which has long been a philosophical debate with few tangible results, and second, through the GDPR, Europe seeks to position itself as a de facto global regulator for privacy.

In the first case, what Europe has achieved is quite remarkable. For the many years of the commercial Internet, privacy outcomes have largely been left in the hands of companies that collect and use personal data, with the result that data collection and use has increased exponentially, often at the expense of users’ privacy. Recent disclosures from leading Internet companies suggest that society still hasn’t managed to strike the necessary balance between data protection and data monetization.

The GDPR seeks to change that by shifting the dynamics of personal data use towards users. It seeks to give them ultimate control over the processing of their data. For instance, the GDPR obligates companies to avoid the current practice of long, legalese, and unclear provisions hidden in the small print of their Terms of Reference. This will certainly change the dynamics of how privacy is presented and offered to users.

It is in the second point, however, where things start to become complicated.

By applying the GDPR to any organization around the world that collects personal data from any data subjects in the EU, Europe is setting itself up as the leading voice on Internet privacy globally. The question is, will Europe hold the limelight for long? Or will other countries and regions step up their own efforts to tackle privacy in the context of a global Internet?

There is also an element of extra-territoriality in the GDPR with the potential to have a “spill over” impact on larger Internet Governance considerations, including:

  • Setting a precedent where countries could start imposing national or regional legislation that has global impact;
  • Creating unintended clashes between different laws, which can result in unpredictability and lack of clarity, which could subsequently impede the roll out of global technology
  • Producing “regulatory competition,” the notion of state actors seeking to command the international Internet regulatory environment.

These trends will inevitably create fragmentation.

How this will play out is yet to be seen, but it is likely that this will have repercussions for the future of Internet Governance. At the Internet Society, we believe in a global, open, interoperable, and secure Internet. We also believe in inclusive Internet Governance that strives to accommodate the interests of all stakeholders globally.

As the GDPR comes into force, therefore, we should work collaboratively with all stakeholders towards a more coherent global privacy framework that incorporates compatible global approaches about privacy and personal data protection. One that, just like the GDPR, puts users at the center of control over their data, backed by a global consensus to ensure a more predictable, consistent and enforceable privacy ecosystem.

Read the Privacy policy brief.