Spotlight on Cyber V: Back to the Future of Internet Governance?

In that seminal 1980s Hollywood picture, Back to the Future: Part II, the characters travel to the future from 1985 to a then distant 2015 replete with flying cars, hover boards, and instant pizza. The directors envisioned a world of rapid technological progress and in so doing got some things right (like wireless tablets, flat screen TVs, and a version of Google Glass) and some things wrong (we’re, alas, still waiting for the hover boards). Looking at the interconnected reality of 2015, though, one key element largely missing from the plot was the Internet. Yet as we all know today with hindsight’s benefit, the Internet has become arguably the most important driver of disruptive innovation in the early twenty-first century, though how we govern this dynamic space has its roots in earlier eras, including the 1980s.

This article briefly reviews the history of Internet governance, paying particular attention to the period from 2012-14 focusing on the geopolitical fissures exposed at the World Conference on International Telecommunications 2012 (“WCIT-12”) up to the immediate aftermath of the ITU Plenipotentiary Conference 2014 (“PP-14”). Our overarching research question is what conclusions may be drawn from PP-14, including whether concerns over the beginning of a new chapter in Internet governance signaling a greater role for national governments, similar to the role that nations played in the past – particularly during the Open Systems Interconnection (“OSI”) era – may now be put to rest,[1] or whether the multi-stakeholder status quo remains fragile. We also question what impact PP-14 portends for global cybersecurity policymaking and how related efforts may help bridge the new digital divide.[2]

 

A (Very) Brief History of Internet Governance from WCIT-12 to PP-14

Some scholars and policymakers beginning the 1990s perceived the Internet, and cyberspace generally, as a borderless and self-governing space largely devoid of state authority and borders.[3] This was a departure from an earlier era of U.S. government control and international efforts to multilateralize the Internet through OSI networks.[4] Following the commercialization and rapid expansion of the Internet, however, numerous contentious public policy issues emerged that prompted debates about how the Internet should be managed and who should manage it. In particular, the role of governments has been a source of controversy in a field in which multi-stakeholder governance has become the norm. Organizations such as the Internet Engineering Task Force (“IETF”), the Internet Architecture Board, the Internet Society, and the World Wide Web Consortium epitomize the enduring influence and role of non-governmental entities in the day-to-day management of the Internet.[5] In this way, the history of Internet governance may be thought of in three phases. Phase One was shaped by technical experts and the organizations that they developed, such as the IETF. Phase Two coincided with the commercial success of the Internet and the rise of the Internet Corporation for Assigned Names and Numbers (“ICANN”) and other multi-stakeholder organizations, like the Internet Governance Forum. Finally, as the events of WCIT-12 discussed below demonstrate, Phase Three is being[6] shaped by the extent to which States have begun to (re)assert a role in regulating the Internet.

The prevailing multi-stakeholder approach – incorporating a variety of non-governmental actors in an open and participative polycentric governance process – has come under strain, especially following revelations by former NSA-contractor Edward Snowden, prompting, among other things, the Global Multistakeholder Conference on the Future of Internet Governance, or more colloquially known as NETmundial.[7] Some nations like Russia sought to use this opportunity to solidify a multilateral Internet governance regime with states taking on more responsibility for their national intranets under the International Telecommunication Union (“ITU”). However, the outcome document of NETmundial enshrined the prevailing multistakeholder approach to Internet governance, which seeks to ensure “the meaningful and accountable participation of all stakeholders, including governments, the private sector, civil society, the technical community, the academic community, and users.”[8] Indeed, several states, including Russia and India, refused to sign the final agreement fearing that it did not give nations a large enough role in Internet governance.[9]

Yet NETmundial was not the end of the debate. With the growing significance of the Internet for political and economic matters, many national governments have sought to establish an increased role in both the management of the Internet’s technical resources as well as in the contentious policy questions arising from its use. The desire to assert state-centric governance structures has most visibly resulted in an ongoing controversy over the role and oversight of ICANN. This California-based non-profit manages the naming and numbering authority, which matches IP addresses with web domains under contract from the U.S. Department of Commerce since 1998.[10] The role of the U.S. government in the Internet’s functionality has attracted criticism by other countries for years, including during the World Summit on the Information Society held in 2003 and 2005. The creation of the Internet Governance Forum, a venue for other stakeholders including governments to voice their opinions with regard to Internet policy issues, has done relatively little to quiet the discontent.[11] Many groups have continued to call for ICANN’s functions to be transitioned to an intergovernmental organization such as the ITU. A widely publicized effort to do just that was made at WCIT-12, resulting in a fissure as to the most appropriate path forward as shown in Figure 1. Since then, the U.S. government has agreed not to renew its contract with ICANN, opening the door for its further globalization.[12]

Ultimately, eighty-nine countries signed WCIT-12 that embraces multi-stakeholder governance but determined that “all governments should have an equal role and responsibility for international Internet governance and for ensuring the stability, security and continuity of the existing Internet . . .”[13] This language only appears in a non-binding resolution entitled “Fostering an Enabling Environment for the Internet,” but it was seized upon by some as heralding a growing state-centric view of cyberspace.[14] The stage was set for the next round of debate on the future of Internet governance, PP-14, which recently concluded in Busan, South Korea.

 

Analyzing the Build up to PP-14 and its Immediate Aftermath

We now turn our attention to PP-14 paying particular attention to the strategies of some of the leading cyber powers United States, China, Russia, the European Union, and several emerging markets including India in shaping the debate about the future of Internet governance and whether a multi-stakeholder (typically promoting “Internet freedom”), or multilateral (potentially preferencing “Internet sovereignty”) framework should prevail.[15] Our focus is on unpacking the build up to and implications of this gathering and how negotiating strategies have evolved since WCIT-12.

A. United States

The U.S. government has long opposed a larger Internet governance role for foreign nations or the ITU,[16] preferring instead the multi-stakeholder status quo comprised of technical communities, civil society, the private sector, and ultimately, users.[17] Yet as seen in WCIT-2012, relatively few nations have been enthusiastic about the continuation of this model—especially in the wake of the Snowden revelations—preferring instead a larger role for nations and multilateral institutions. In response, the U.S. government and its allies have attempted to make the multi-stakeholder model more appealing by increasing its transparency such as by announcing plans to give up its final vestige of control over ICANN as was mentioned above.[18] There was some evidence that this new approach is having some success as may be seen by the number of developing nations that signed the NETMundial final document on the future of Internet governance that was more or less an endorsement of the multi-stakeholder status quo in April 2014. Yet challenges remained as PP-14 approached, especially in the cybersecurity context with Washington opposing the development of new ITU cybersecurity capabilities or forums.[19]

The U.S. government sought to avoid another “failure of U.S. diplomacy” at PP-14 by learning lessons from WCIT-12. Instead of only appointing a head of the U.S. WCIT delegation a mere six months before the meeting, the U.S. delegation for PP-14 was headed by Ambassador Daniel Sepulveda, who involved “multiple actors, both in and outside of government, in an extended preparation process.”[20] Before PP-14, the U.S. government also was successful in negotiating an agreement with Latin American nations on forty-six proposals,[21] many of which were ultimately adopted. In all, the U.S. showing at PP-14 was a success compared to its performance before and during WCIT-12.

B. China

China has not changed its positions on promoting cybersecurity as a subset of national sovereignty since WCIT-12, nor on establishing an international Internet management system, but it seems to be modifying its tactics. The Chinese government first formalized its desire for a new Internet governance mechanism in 2006 when it drafted the “2006-2020 National Strategy for Informatization Development.”[22] In this document, China made clear that in order to enable domestic Internet development and cybersecurity, they needed to actively engage in international exchanges in order to “contribute to building up an international Internet management mechanism characterized by sovereign equality among different countries.”[23] Over the next six years, China continued to refine its position. In its 2010 white paper, “The Internet in China,” the government declared, “China holds that the role of the UN should be given full scope in international Internet administration. China supports the establishment of an authoritative and just international Internet administration organization under the UN system through democratic procedures on a worldwide scale.”[24] This position was translated into action in 2011 when China, Russia, Tajikistan, and Uzbekistan jointly proposed a UN resolution that encouraged “the establishment of a multilateral, transparent and democratic international Internet management system,” and promoted “the important role of the United Nations in formulating international norms, peaceful settlements of international disputes and improvements in international cooperation.”[25]

At WCIT-12, it appears that the Chinese delegation assessed the international momentum as being appropriate (and the ITU the correct forum) to formalize an international Internet management system under the auspices of the United Nations. Although the joint Chinese and Russian proposed changes to the International Telecommunication Regulations received widespread support, they also generated strong resistance from the United States and its supporters at the conference as shown in Figure 1. More importantly, they popularized the new digital divide in Internet governance.[26] The aftermath of WCIT-12 did not alter China’s desire for a new Internet governance model, but it did change their approach to building support for this model in the international community.

The new Chinese approach has included an active public relations campaign to sell the concepts of Internet sovereignty and multilateral management. The voices in this new campaign are from the highest levels of the Chinese government, including Cai Mingzhao, director of the State Council Information Office, who stated at the 2013 World Cyber Cooperation Summit at Stanford University, “The international community should, as soon as possible, begin discussions within the framework of the United Nations to promote the process of defining international behavior rules for cyberspace.”[27] Even President Xi Jinping made Internet governance a major talking point during his trip to the BRICS meeting in July 2014.[28] Although the 2014 ITU meeting in Busan did not include any Chinese proposals to alter Internet governance,[29]this does not mean that they have backed away from their position, or agreed to compromise with the United States. Within days of PP-14, China hosted the World Internet Conference, advocating the theme of Internet governance to a collection of government and commercial leaders.[30] One line of thought is that China’s goal for the future of the Internet has not changed, just their negotiating strategy. However, there have also been signs that the efforts of ICANN’s President, Fadi Chehadé, among others have met some success in highlighting the benefits of the multi-stakeholder Internet governance model with policymakers in China and Brazil alike.[31] These efforts, combined with the growing clout of Chinese Internet firms such as Alibaba, may further illustrate the benefits of maintaining the status quo--signifying a shift in China’s approach and a departure from its long-term alliance with Russia in this arena.

C. Russia

Russia’s positions expressed at PP-14 were relatively consistent with its WCIT-12 strategy. In his five-minute Member State Policy Statement on the opening day of the conference, the head of the Russian delegation, Nikolay Nikiforov, Russia’s Minister of Telecom and Mass Communications, praised the ITU’s 150 year history, but called on it to respond to a changing world, particularly to the security challenges created by the spread of new information and communication technologies.[32] He noted that “medals always have two sides” in thanking the United States for the creation of the Internet, but also argued that an international convention on Internet governance is needed to protect against the use of ICTs for cross-border criminal purposes contrary to the UN Charter, which can endanger individual privacy or national stability.[33] International norms and rules regulating the Internet must “be based on international law” and include a “commitment to non-interference in the internal affairs of states [and to] their equality in Internet governance, [including] the sovereign right of states to control the Internet in their national information space.”[34] In essence, Russia has long argued that the state is the guarantor of its citizens’ rights, and must also decide the fate of the domestic Internet in a stance similar to China’s historic position.

Russia has emerged in recent years as a proponent of greater control by states over the Internet within their territories and, relatedly, supporting a more prominent role for the UN and particularly the ITU in global Internet governance processes.[35] They have consistently sought to reduce the influence of private sector organizations such as ICANN, which is seen as controlled by the United States, and to increase the role of intergovernmental state-centric processes over and above the multi-stakeholder status quo. At WCIT-12, Russia led a group of seven countries (Russia, Saudi Arabia, China, Sudan, Egypt, Algeria, and the UAE) in submitting a controversial proposal for alterations to the International Telecommunication Regulations that would have given national governments more legal authority over the Internet within their borders.[36] The proposal was widely interpreted by Internet rights activists as a bid to gain international legal legitimacy for domestic censorship and other infringements on Internet access or content.[37] However, this position, after enjoying widespread support at WCIT-12, has now been largely repudiated at both NETmundial and PP-14.[38]

D. European States

The overarching position of European states at PP-14 was characterized by resistance towards an expansion of the ITU’s role in Internet public policy issues.[39] The outcome of the meeting, which resulted in only minor changes to the relevant resolutions dealing with cybersecurity and the Internet, conforms to the position of many European states not seeking to expand the current role of the ITU. Although concessions were made by European states, none of the more broad proposals to increase the ITU’s role in multilateral Internet governance or the importance of states vis-a-vis other stakeholders have been successful in Busan.[40] In particular, Europe was active in calling for increased transparency and openness of the ITU’s work at PP-14. Although the final compromise was not as sweeping as the proponents had wished, European states did successfully lobby for greater public access to ITU documents.[41]

E. India and the Emerging Market Perspective

India’s nuanced position on ITU’s role in Internet governance is emblematic of the tenor of this debate. In particular, India has argued that the ITU is well situated to take on a larger role in the Internet since first the technology underpinning the Internet is inextricably linked with telecommunications over which the ITU already enjoys authority, and second “because countries have legitimate security and access issues that are best addressed through multilateral institutions.”[42] However, India also does not want to see a wholesale move from a multi-stakeholder to a multilateral model of Internet governance. Rather, “Delhi hopes to strengthen the multistakeholder model by unbundling it and distributing various roles to different organizations, including the ITU.”[43] India then may be seen as partial winner at PP-14, though its preference for a greater role of the ITU in Internet governance was not realized. In this way, India may be emblematic of the evolving position of other major emerging markets, including Brazil, which had some issues with the multi-stakeholder model before and during WCIT-12 and the aftermath of the Snowden revelations, but have since come around more to the benefits of the status quo lest Internet balkanization, or at least a more state-centric cyberspace, threaten the economic and geopolitical security of established institutions and global e-commerce platforms.

 

Implications for Global Cybersecurity Policymaking

As the United Nations’ arm for international telecommunications and radio regulation and development, the ITU has traditionally focused on telecommunication standards, spectrum allocation, and satellite orbits. At WCIT-12 and the PP-14 meetings, cybersecurity was put prominently and controversially (in some circles) on ITU’s agenda. So far, however, the ITU’s underlying telecommunications treaty, the International Telecommunication Regulations, permits the ITU to only engage in cybersecurity capacity building and coordination. One example is the International Multilateral Partnership Against Cyber Threats (IMPACT), which has been billed as the “world’s first comprehensive alliance against cyber threats” and is tasked with “providing cybersecurity assistance and support to ITU’s 193 Member States and also to other organizations within the UN system.”[44]

The ITU was entrusted with “building confidence and security in the use of ICTs” under the Action Line C5 of the 2003 Geneva Plan of Action. Under this mandate, the ITU launched its Global Cybersecurity Agenda in 2007 to provide a framework for capacity building and international cooperation in cybersecurity, created IMPACT in 2008 to coordinate resources and train security professionals, issued recommendations about combating spam, and supported the creation of national cyber emergency response teams. In its traditional role, the ITU developed a variety of security standards for telecommunications infrastructure and satellite communications. Yet with the exception of the X.509 standards for public key infrastructure, the ITU played only a marginal role in cybersecurity standard setting.[45]

Proposals attempting to expand the ITU’s role in cybersecurity have incited discussion in the international community both prior to and during the PP-14 meeting. Such proposals seeking to modify existing or create new cybersecurity agreements reflect growing concern over cyber attacks and recent revelations of global surveillance by national intelligence services. The Information Technology Industry Council, a U.S.-based industry interest group of major information technology corporations, for instance, expressed that cybersecurity and cybercrime should be left to institutions with established expertise and experience in this realm. They argued against a widening of the ITU’s mandate on technical mandates, standardization and efforts to instigate a global treaty-making process in the cybersecurity domain.[46] Such concerns echo Dubai, which was similar to Busan in that observers proclaimed that language in tabled proposals about networks security may be exploited by authoritarian regimes to further network surveillance and the cause of Internet sovereignty. Controversies unfolded about proposals, which if adopted would have required cooperation to resolve cybercrime, harmonized data retention laws, and imposed limitations on the routing of Internet communications.[47] Concerns were particularly directed against efforts – and their implications for Internet governance and Internet freedom – by some member states to entrust the ITU as a locus for international cooperation in cybersecurity and related treaty making processes.

Three proposals were particularly important with regard to cybersecurity and its implications on Internet governance: (1) modifications to Resolution 130 “Strengthening the role of ITU in building confidence and security in the use of information and communication technologies”[48]; (2) to Resolution 174 “ITU’s role with regard to international public policy issues relating to the risk of illicit use of information and communication technologies”[49]; and (3) a new resolution, IND/98/1, introduced by India entitled “ITU’s role in realizing Secure Information Society.”[50]The need to modify Resolution 130 was itself contested, particularly by the U.S. delegation that argued against the need for any changes. On the other end of the opinion spectrum, Brazil pushed a proposal to foster Internet users’ privacy protection.[51] The adopted resolution (editorial changes aside) encouraged capacity building and coordination in cybersescurity; imbedded further references to the right to privacy in the digital age (UN resolution 68/167);[52] and affirmed the applicability of international law and the UN charter to cyberspace (UN resolution 68/243).[53] The proposal spearheaded by the Arab States to “start reflection on the implementation of a global charter related to ICT security” did not make it into the final version of Resolution 174.[54] India’s new proposal “ITU’s Role in Realizing Secure Information Society,” proposed modifications to Internet routing and IP allocations to “effectively ensure the traceability of communication.”[55] Some commentators have noted that such intrusive measures erode privacy and can have chilling effects on Internet communications.[56] The proposal did not garner sufficient support and the Indian delegation subsequently withdrew it.

Overall, PP-14 resulted in no major changes for the ITU’s role in cybersecurity – controversial, expansionary proposals were either stopped or watered down during the conference. The ITU will continue its educational and capacity building efforts, and provide assistance for developing countries to enable their secure and trusted participation in the digital economy. With regard to global cybersecurity policymaking, the issues hotly debated at PP-14 will very likely keep resurface at WSIS 2015. Cybersecurity has become one of the most prevalent issues in Internet governance, though some bilateral headway in this arena has been made. In 2013, the United States and Russia signed a cooperation agreement on cybersecurity.[57] Russia and China, who sought support for a global cybersecurity treaty, have unveiled plans for a bilateral cybersecurity agreement to be signed in the first half of 2015, according to Russian news organization Interfax.[58] However, tensions remain about the most appropriate path forward and which forum is best suited to promote cyber peace. At WCIT-12, for example, the ITU was criticized as being “ill-suited to addressing the problem of cybersecurity effectively and that by adopting cybersecurity as part of its mandate, it could delay, supplant, or frustrate other more meaningful efforts.”[59] Observers noted that contentious cybersecurity proposals, if accepted, could be exploited to legitimize repressive measures in form of network surveillance or content control. However, it is important to keep in mind that sovereign states are free to implement measures to block traffic, filter content, or restrict access whether or not that conduct it is sanctioned by an intergovernmental organization such as the ITU. At the end the enemy of Internet freedom advocates are governments, not the ITU; articles 34, 35 and 37 of the ITU constitution recognizes the nation state’s sovereign on communications – and interference thereof – in matters of national security.[60]

With regard to Internet governance more broadly, in many ways, PP-14 was a stark reversal from the Internet freedom agenda’s setback at WCIT-12. For example, all of the U.S. government’s primary goals were achieved, including most importantly “member states decided not to expand the ITU’s role in Internet governance or cybersecurity issues, accepting that many of those issues are outside of the mandate of the ITU.”[61] Instead, the ITU’s mandate was extended in other ways, such as promoting gender empowerment and addressing youth unemployment.[62] What are the lessons from this reversal of fortune, and what does it portend for the future of both Internet governance generally and cybersecurity policymaking in particular in a multipolar world?

With regards to the ITU’s role in Internet governance, the back-to-back “wins” at NETmundial and PP-14 seem to set the stage for the continuation of the multi-stakeholder status quo for the foreseeable future. Russian plans to allow the ITU to allocate IP addresses, Arab proposals to strengthen the ITU’s role in shaping international online surveillance law and policy, and Brazil’s efforts to allow the ITU to address privacy largely went nowhere or were watered down to such an extent than their practical impact is minimal.[63] However, the United States also gave ground by withdrawing its request to have NGOs invited to ITU working groups.[64] Yet new alliances were formed with emerging markets steering (at least for the time being) more in Washington’s than Moscow’s orbit in a departure to WCIT-12. In the end, much of the hot button issues were sent to the Council Working Group on International Internet-related Public Policy Issues (“CWG-Internet”), which has limited membership and decides what issues to hear.[65]

In some ways, targeted forums such as CWG-Internet may be the way forward as multilateral tensions continue following WCIT-12. Existing (G7 and G20) or new forums could be leveraged, for example, to identify and spread cybersecurity best practices without the need to reach consensus between 193 member nations. One potential example, if realized, is the Northeast Asia Peace and Cooperation Initiative, which included cybersecurity in one of its three working groups during the 2014 inaugural meeting.[66] Such an approach may evolve into a true polycentric cybersecurity regime, bringing, as the U.S. government has called for, “like-minded nations together on a host of issues, such as technical standards and acceptable legal norms regarding territorial jurisdiction, sovereign responsibility, and use of force.”[67] However, the drawbacks of polycentric regimes must also be overcome, including the fact that they can be susceptible to institutional fragmentation and gridlock caused by overlapping authority that must still meet standards of coherence, effectiveness, and sustainability.[68] Yet if its promise of polycentric governance is realized – as stakeholders including the President of Estonia and head of ICANN are promoting[69] – then such bottom-up efforts would form part of an overarching framework complementing top-down international law in a network of mutually reinforcing governance structures. This seems to be the U.S. approach, which received two important boosts in 2014. Whether that successful track record can continue going forward depends on the continued attractiveness of the multi-stakeholder model and the willingness of disruptive emerging markets – including China, India, and Brazil – to support it.

 

Conclusion

Following the announcement of the U.S. Department of Commerce not to renew ICANN’s contract but to transition oversight to the global multi-stakeholder community, the role of states in the governance structures and processes of the Internet promises to remain a source of major controversy. As a result, structures and processes of Internet governance are bound to remain fluid and with this the shape and functionality of Internet governance. However, we have seen something of a thaw from WCIT-12 to PP-14 in the new digital divide with the multi-stakeholder vision for Internet governance, and perhaps the wider Internet freedom agenda, buttressed and other nations’ efforts to build a global consensus for a state-centric Internet chastened--at least for now. The next important global meeting will take place in December 2015, when a special high-level UN General Assembly meeting will review the progress made since the 2005 WSIS. Debates will continue, new alliances will form, and existing ones will fray, which is as it should be with something as integral to the twenty-first century as cyberspace and cybersecurity. Whether we can make the Internet more open, secure, and robust over the next thirty years to 2045 is up to all of us. Hopefully, we can at least be able to get to that year’s summit via hover board.

 

[1] See David G. Post, In Search of Jefferson’s Moose: Notes on the State of Cyberspace 140 (2009) (noting that as late as the early 1990s, OSI networks practically were “the Internet”; in fact, until 1994, much of the U.S. government used OSI); John R. Aschenbrenner, Open Systems Interconnection, 25 IBM Systems J. 369, 369 (1986).

[2] For more on this topic, see Scott J. Shackelford & Amanda N. Craig, Beyond the New ‘Digital Divide’: Analyzing the Evolving Role of Governments in Internet Governance and Enhancing Cybersecurity, 50 Stan. J. Int’l L. 119 (2014).

[3] See, e.g., John Perry Barlow, Declaration of Cyberspace Independence (Feb. 8, 1996), https://projects.eff.org/~barlow/Declaration-Final.html. For a good overview, see Jack Goldsmith & Tim Wu, Who Controls the Internet? Illusions of a Borderless World (2008).

[4] See Andrew W. Murray, The Regulation of Cyberspace: Control in the Online Environment 64–70 (2006).

[5] For a brief introduction to these organizations, see Harold Kwalwasser, Internet Governance, in Cyberpower and National Security 491, 491 (Franklin D. Kramer, Stuart H. Starr, & Larry K. Wentz eds., 2009).

[6] See Shackelford & Craig, supra note 2.

[7] For more on the application of polycentric governance to Internet governance and cybersecurity, see Scott J. Shackelford, Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace (2014); Scott J. Shackelford, Toward Cyber Peace: Managing Cyber Attacks through Polycentric Governance, 62 Am. Univ. L. Rev. 1273 (2013).

[8] NETmundial Multistakeholder Statement (Apr. 24, 2014), http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf.

[9] See The Future of the Internet, Bus. Standard (May 3, 2014), http://www.business-standard.com/article/opinion/the-future-of-the-internet-114050300990_1.html.

[10] For detailed contract arrangements see Resources, ICANN, https://www.icann.org/resources/pages/agreements-2012-02-25-en (last visited Dec. 8, 2014).

[11] See Milton L. Mueller, Networks and States. The Global Politics of Internet Governance 107–26 (2010).

[12] Press Release, NTIA Announces Intent to Transition Key Internet Domain Name Functions (March 14, 2014), http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functionsns.

[13] Resolution Plen/3 (Dubai 2012): To Foster an Enabling Environment for the Greater Growth of the Internet, in Final Acts of the World Conference on International Telecommunications (2012) at 20, available at http://www.itu.int/en/wcit-12/Pages/default.aspx [hereinafter ITU Resolution].

[14] See WTIT-12 Final Acts Signatories, Int’l Telecomm. Union (Dec. 14, 2012), http://www.itu.int/osg/wcit-12/highlights/signatories.html; Shackelford, supra note 6.

[15] Cf. Hillary Rodham Clinton, U.S. Sec’y of State, Remarks on Internet Freedom (Jan. 21, 2010), available at http://www.state.gov/secretary/rm/2010/01/135519.htm (emphasizing the need for behavioral norms and respect among states to encourage the free flow of information and protect against cyber attacks) with Evan Osnos, Can China Maintain “Sovereignty” Over the Internet?, New Yorker, June 11, 2010, available at http:www.newyorker.comonlineblogsevanosnos201006what-is-internet-sovereignty-in-china.html (noting that originally, Internet sovereignty was used by U.S. academics in the 1990s to pose that the Internet itself should be thought of as a kind of sovereign entity with its own rules and citizens).

[16] See, e.g., Leo Kelion, US Resists Control of Internet Passing to UN Agency, BBC (Aug. 3, 2012), http://www.bbc.co.uk/news/technology-19106420.

[17] See Adam Segal, Holding the Multistakeholder Line at the ITU, Council on Foreign Rel. (Oct. 21, 2014), http://www.cfr.org/internet-policy/holding-multistakeholder-line-itu/p33644.

[18] See Craig Timberg, U.S. to Relinquish Remaining Control Over the Internet, Wash. Post (Mar. 14, 2014), http://www.washingtonpost.com/business/technology/us-to-relinquish-remaining-control-over-the-internet/2014/03/14/0c7472d0-abb5-11e3-adbc-888c8010c799_story.html.

[19] See Segal, supra note 16.

[20] Id.

[21] Id.

[22] Central Committee, State Council Issues ‘2006-2020 Informatiozation Development Strategy,’ Xinhua (May 8, 2006), http://news.xinhuanet.com/newscenter/2006-05/08/content_4522878.htm.

[23] Id.

[24] The Internet in China, Info. Off. of the State Council (June 8, 2008), http://www.china.org.cn/government/whitepaper/2010-06/08/content_20207975.htm.

[25] United Nations General Assembly, International Code of Conduct for Information Security (Sept. 14, 2011), https://www.ccdcoe.org/sites/default/files/documents/UN-110912-CodeOfConduct_0.pdf.

[26] WCIT-12 Leak Shows Russia, China, Others Seek to Define ‘Government-Controlled Internet, ZDNet (Dec. 8, 2012), http://www.zdnet.com/wcit-12-leak-shows-russia-china-others-seek-to-define-government-controlled-internet-7000008509/.

[27] Speech by Minister Cai Mingzhao at #cybersummit2013, Transpacifica (Nov. 5, 2013), http://transpacifica.net/2013/11/full-text-speech-by-minister-cai-mingzhao-at-cybersummit2013-nov-5-2013/.

[28] Wu Jian & Xiao Shengnan. Xi: Respect Cyber-Space Sovereignty, China Daily (July 17, 2014), http://usa.chinadaily.com.cn/world/2014-07/17/content_17814829.htm.

 

[30] World Internet Conference Opens in Wuzhen, Xinhua (Nov. 20, 2014), http://news.xinhuanet.com/english/special/2014-11/20/c_133802779.htm; China Delivers Midnight Internet Declaration – Offline, Wall St. J. (Nov. 21, 2014), http://blogs.wsj.com/chinarealtime/2014/11/21/china-delivers-midnight-internet-declaration-offline/tab/comments/.

[31] See David Bandurski et al., Can China Conquer the Internet?, China File (Dec. 3, 2014), http://www.chinafile.com/conversation/can-china-conquer-internet.

[32]Samantha G. Dickinson, ITU PP14 Day 1: An overview, Lingua Synaptica: Internet governance, policy & writing (Oct. 21, 2014), http://linguasynaptica.com/pp14-day-1-overview.

[33]Text of Russian PP-14 Policy Statement, Busan, Korea, delivered by Nikolay Nikiforov, Minister of Telecom and Mass Communications: Russian Federation, Policy Statement, ITU Plenipotentiary Conference 2014 (Oct. 20, 2014), http://www.itu.int/en/plenipotentiary/2014/statements/file/Pages/russian-federation.aspx. (Translation by Jaclyn A. Kerr).

[34]For text and video of all country policy statements at PP-14 in Busan, see:

http://www.itu.int/en/plenipotentiary/2014/statements/Pages/countries.aspx.

[35]Id.

[36]Jaclyn A. Kerr, IGF 2013: Surveillance and the Future of Internet Governance, Ctr. for New Media & Soc’y Blog (Nov. 11, 2013), http://www.newmediacenter.ru/2013/11/11/igf-2013-surveillance-and-the-future-of-internet-governance; Joshua Keating, Vladimir Putin Wants His Own Internet: What’s behind the push for Internet Sovereignty, Slate (April 25, 2014), http://www.slate.com/articles/technology/technology/2014/04/russia_internet_sovereignty_vladimir_putin_is_tightening_his_grip_on_the.html.

[37]See, e.g., Eli Sugarman, The Russian and Chinese Governments' Threat to the Internet As We Know It, Atlantic (Dec. 3, 2012), http://www.theatlantic.com/international/archive/2012/12/the-russian-and-chinese-governments-threat-to-the-internet-as-we-know-it/265782.

[38] Russia’s recent domestic Internet policies have reinforced its state-centric position. While throughout the 2000s Russia was known for a relatively laissez faire approach to domestic control over the Internet, this has changed dramatically since 2012. In November 2012 the first law went into force permitting legal censorship of the Russian Internet. While the law was ostensibly designed for the protection of children online and its scope was first limited to blocking sites that contained child pornography or information about illegal drugs or methods to commit suicide, the blacklist that this law created has since been expanded to encompass sites blocked for other reasons. Over ten new laws have been passed in Russia in the past two years that further restrict Internet content or access, or increase the potential liability of Internet content-producers or intermediaries. More than 4000 sites have now been legally blocked, and an additional 140,000 have been affected by mechanisms such as IP-level blocking. Regime-critical bloggers and online activists have been imprisoned, and major independent online news outlets have been blocked. See for example Jaclyn A. Kerr, Chill of Victory: Russia Targets Bloggers Amid Celebrations, Journalism For Change (May 13, 2014), http://www.journalismforchange.com/on-citizen-journalism/2014/5/13/new-russian-law-targets-bloggers; Anton Nossik, Russia’s First Blogger Reacts to Putin’s Internet Crackdown, New Republic (May 15, 2014), http://www.newrepublic.com/article/117771/putins-internet-crackdown-russias-first-blogger-reacts; Matthew Bodner, Russians' Internet Increasingly Subject to Control, Moscow Times (Sep. 19, 2014), http://www.themoscowtimes.com/business/article/putin-seeks-ways-to-cut-russia-off-from-the-internet/507449.html.

[39] See Christian Schaller & Johannes Thimm, Internet Governance and the ITU: Maintaining the Multistakeholder Approach, Council on Foreign Rel. (Oct. 22, 2014), http://www.cfr.org/internet-policy/internet-governance-itu-maintaining-multistakeholder-approach/p33654.

[40] Danielle Kehl, Final Dispatch from Busan: Closing the Books on the 2014 ITU Plenipotentiary Conference, News Am. (Nov. 10. 2014), http://www.newamerica.org/oti/final-dispatch-from-busan-closing-the-books-on-the-2014-itu-plenipotentiary-conference/.

[41] Danielle Kehl, Dispatch from Busan No.2: Recapping Last Week´s Negotiations and Looking Ahead to the Final Week of the ITU Plenipot, News Am. (Nov. 3, 2014), http://newamerica.org/oti/dispatch-from-busan-no-2/.

[42] Samir Saran, The ITU and the Unbundling Internet Governance, Council on Foreign Rel. (Oct. 22, 2014), http://www.cfr.org/internet-policy/itu-unbundling-internet-governance/p33656.

[43] Id.

[44] About Us, IMPACT, http://www.impact-alliance.org/aboutus/ITU-IMPACT.html (last visited Feb. 9, 2014); see Strategy, ITU, http://www.itu.int/en/ITU-D/Cybersecurity/Pages/Strategy.aspx (last visited Jan. 24, 2014);IMPACT, http://www.impact-alliance.org/aboutus/mission-&-vision.html (last visited Jan. 24, 2014).

[45] Milton Mueller, Threat Analysis of The WCIT Part 4: The ITU and Cybersecurity, Internet Governance Project blog (June 21, 2012), http://www.internetgovernance.org/2012/06/21/threat-analysis-of-the-wcit-4-cybersecurity.

[46] Danielle Kriz, ITU Not Suited for Increased Cyber Role, ITI Policy Blog (Oct. 26, 2014), http://blog.itic.org/blog/itu-not-suited-for-increased-cyber-role.

[47] Security Proposals to the ITU Could Create More Problems, Not Solutions, Ctr. for Democracy & Tech. (Sept. 6, 2012), https://www.cdt.org/files/pdfs/Cybersecurity_ITU_WCIT_Proposals.pdf.

[48] The following modifications were proposed: USA USA/27R1-A3/4; Cuba CUB/70/2; Regional Commonwealth in the Field of Communications (RCC) RCC/73A1/16; Brazil B/75/4; Arab States ARB/79A2/13; European Conference of Postal and Telecommunications Administrations (CEPT) EUR/80A1/14; and Indonesia INS/82/2.

[49] The following modifications were proposed: Cuba CUB/70/3; Brazil B/75/6; Arab States ARB/79A4/4.

[50] Other resolutions related to cybersecurity broadly conceived included: Resolution 179: ITU's role in child online protection; Resolution 181: Definitions and terminology relating to building confidence and security in the use of ICTs.

[51] Danielle Kehl, Final Dispatch From Busan: Closing The Books On The 2014 ITU Plenipotentiary Conference, Open Tech. Inst. (Nov 11, 2014), http://www.newamerica.org/oti/final-dispatch-from-busan-closing-the-books-on-the-2014-itu-plenipotentiary-conference/.

[52] Resolution adopted by the General Assembly on 18 December 2013; 68/167. The right to privacy in the digital age http://www.un.org/ga/search/view_doc.asp?symbol=A/RES/68/167.

[53] Resolution adopted by the General Assembly on 27 December 2013; 68/243, Developments in the field of information and telecommunications in the context of international security http://www.un.org/ga/search/view_doc.asp?symbol=A/RES/68/243.

[54] Arab States Common Proposals for the Work of the Conference, Part 27, Draft, New Resolution, Addendum 4 to Document 79-E, Arab States Administrations (Oct. 7, 2014), http://files.wcitleaks.org/public/S14-PP-C-0079!A4!MSW-E.pdf.

[55] Proposals for the Work of the Conference, New Resolution on ITU’s Role in Realizing Secure Information Society, draft, Document 98-E, India (Oct. 20, 2014), http://files.wcitleaks.org/public/S14-PP-C-0098!!MSW-E.pdf.

[56] Geetha Hariharan, Good Intentions, Recalcitrant Text - I: Why India’s Proposal at the ITU is Troubling for Internet Freedoms, The Center for Internet & Society blog (Oct.28, 2014), http://cis-india.org/internet-governance/blog/good-intentions-going-awry-i-why-india2019s-proposal-at-the-itu-is-troubling-for-internet-freedoms.

[57] FACT SHEET: U.S.-Russian Cooperation on Information and Communications Technology Security, White House (June 6, 2013), http://www.whitehouse.gov/the-press-office/2013/06/17/fact-sheet-us-russian-cooperation-information-and-communications-technol.

[58] Russia, China to Sign Cyber Security Agreement in 2015, Interfax (Nov. 12, 2014) http://rbth.com/news/2014/11/12/russia_china_to_sign_cyber_security_agreement_in_2015_-_newspaper_41321.html.

[59] Security Proposals to the ITU Could Create More Problems, Not Solutions, Ctr. for Democracy & Tech. (Sept. 6, 2012), https://www.cdt.org/files/pdfs/Cybersecurity_ITU_WCIT_Proposals.pdf.

[60] Mueller, supra note 45.

[61] Outcomes from the International Telecommunication Union 2014 Plenipotentiary Conference in Busan, Republic of Korea, U.S. Dep’t St. (Nov. 10, 2014), http://www.state.gov/r/pa/prs/ps/2014/11/233914.htm.

[62] 19th ITU Plenipotentiary Conference Closes with Celebration of New Spirit of Cooperation, Korea IT Times (Nov. 10, 2014), http://www.koreaittimes.com/story/42371/19th-itu-plenipotentiary-conference-closes-celebration-new-spirit-cooperation.

[63] See Samantha Dickinson, How Will Internet Governance Change After the ITU Conference?, Guardian (Nov. 7, 2014), http://www.theguardian.com/technology/2014/nov/07/how-will-internet-governance-change-after-the-itu-conference.

[64] See id.

[65] See id.

[66] See NAPCI, http://www.iss.europa.eu/activities/detail/article/the-northeast-asia-peace-and-cooperation-initiative-napci-and-the-european-experience/ (last visited Nov. 4, 2014).

[67] Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure iv(2009), http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf.

[68] See Robert O. Keohane & David G. Victor, The Regime Complex for Climate Change at 2, 18–19, 25 (Harv. Proj. on Int’l Climate Agreements Discussion Paper No. 33, 2010).

[69] See Nancy Scola, ICANN Chief: ‘The Whole World is Watching ‘the U.S.’s Net Neutrality Debate, Wash. Post (Oct. 7, 2014), http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/07/internet-operations-chief-snowden-disclosures-make-my-job-easier/. See also John G. Ruggie, Just Business: Multinational Corporations and Human Rights 78 (2013) (stating, “The overriding lesson I drew . . . was that a new regulatory dynamic was required under which public and private governance systems . . . each come to add distinct value, compensate for one another’s weaknesses, and play mutually reinforcing roles – out of which a more comprehensive and effective global regime might evolve, including specific legal measures. International relations scholars call this ‘polycentric governance.’”).