(Today, blogging in english, for a change. Also on: https://www.iis.se/english/blog/new-eu-internet-governance-policy/)


Last Wednesday, European Commission published a renewed policy for global internet governance. Substantial parts of the policy are well known oldies, like e.g. the COMPACT acronym, the GIPO observatory, the defense of human rights also online, the belief in an ‘un-fragmented’ internet, and in the defense for basic net neutrality. EC also reiterated its belief in a multi-stakeholder process of governance, etc. So far so good.

However, some parts of the new policy stood out as specifically detailed:

  • The EU intent to “…globalise the IANA functions…”
  • and to “… establish a clear timeline for the globalisation of ICANN, including its Affirmation of Commitments”.

Commissioner Kroes was also refreshingly clear about the rationale behind this revised policy:

”Revelations of large-scale surveillance programmes and a fear of cybercrime have negatively affected trust in the Internet.” I’m not sure about the cybercrime bit, but I’m convinced the first part had substantial effect for policy revision.

So with the new EU policy, Commission will contribute to take away the US governments control of internets structural pivotal point. With the explicit aims of a thoroughly internationalized ICANN and IANA functions, Europe has an agenda to set ICANN sailing off without and governmental strings left. Or?

In preparations for the 2003 and 2005 World Summit on Information Society (WSIS), many participants erroneous perceived a fundamental truth: – The one that control the domain names and the IP address allocation (IANA functions) can ultimately control and close down sites with unwanted online content. However, this is merely one perspective of the issue. But the EU tend to close its eyes for any other perspective.

ICANNs present CEO Fadi Chehadé constantly repeat that there is no one single entity to govern the internet infrastructure. He does this to nuance the above  perception of absolute power.  This way of thinking has nonetheless remained in the global internet governors way of thinking. We have during the last years seen an increase in such behavior, where service providers, police fighting child porn or just IPR interests all glance at the possibility to control internet content via its technical infrastructure. Unwanted internet content is increasingly being filtered via IP-addresses, Domain names or both.

But apart from getting even for the NSA surveillance, what is the actual EU agenda? Kroes tend to call the European strategy shouldering the “…role as honest broker in future global negotiations on Internet Governance.” [1]

And surely, from one point of view, there is substantial potential influence in being the one giving balance between US on the one hand and the BRIC countries on the other. But is it a strategy? Or just being positioned right? It says little about what specifically should be done.

Or to put it more concrete:

–         Who, according to the EU, should in the future control the IANA functions? Under whos jurisdiction? Commissioner Kroes only tells us it is going to be internationalized. But it doesn’t actually solve the governance bit.

Let’s for an instance assume that the EU might establish global consensus to move ICANN and the IANA functions to a server in Burundi. The operations would still be subject to a nation state law, and the global conflict of mutual distrust would probably remain. Not because of Burundi, but because this is the fundamental spine reflex from someone educated in the context of national law.

And additionally: governance of internet infrastructure is so much more than the IANA-functions. The second question to the policy is the obvious issue of the often referred-to elephant in the room. There is no mandate within the EU to challenge the fundamental drivers behind US (NSA), British (GCHQ) or Swedish (FRA)  surveillance: the preparations for Cyber war. The Policy mentions both NIS-directive and rules for safeguarding user privacy online. But declarations of policy for nation state sponsored denial-of-service attacks, spreading of malware, data theft or other form of intelligence abuse is absent in the policy. This is regrettable and a flaw, since that apparently is a fundamental driver for international discussions, and necessary to address if consensus should be reached.

So instead of avoiding the landmine – EU should participate in disarming it. The strategy for establishing a sustainable internet governance model for the specific IANA functions need some other mechanisms than geography, and its inherent jurisdictions. It is fundamental to the Internet structure not being based on nation state or its jurisdictional borders.

One way forward would be to de-politicize such explicitly technical aspects, i.e. establishing a model for governance of the IANA functions that can not take into consideration of closing down or filtering unwanted internet content. An internet infrastructure that is unable to relay denial-of-service attacks, etc. This is not necessary done with technology, but might be achieved with institutional design. We’re not there yet, and such a suggestion raises further questions in itself. But it is a necessary path to take, if a universal internet is to remain.