Last week EFF attended the Global Conference on Cyberspace (GCCS) in New Delhi, India, as one of a small handful of nonprofit organizations invited to participate. This was the fifth in a series of conferences sometimes called the London Process, after the first event that was held in London in 2011. Focusing on international cybersecurity issues, it is a counterpart to other regular government-organized Internet conferences, such as the Freedom Online Coalition (FOC) conference which focuses on Internet freedom and human rights, China’s World Internet Conference which focuses on the digital economy, and the International Telecommunications Union’s WSIS Forum which tracks Internet for development goals.
What these government-led conferences have in common are a lot of long speeches by dignitaries, a schedule of panels or workshops, and usually the issuance of a fairly anodyne closing statement or set of principles. Due to the glacial pace of the talks and similar phrasing of these output documents, it can be easy to dismiss them as unimportant, particularly in comparison to the more dynamic debates that occur in national parliaments. However, they can signal subtle but important shifts in Internet policy for governments, and over time can result in the alignment of countries to new norms of global Internet governance. For example, the output document from the first Freedom Online Coalition (FOC) conference contained one of the earliest statements of the principle that the human rights people have offline are the same online, which was subsequently reflected in a resolution of the United Nations Human Rights Council, and now influences national courts and parliaments.
For this reason it is important that civil society be given the opportunity to contribute to the development of the output documents of governmental Internet conferences. The changes we are able to effect to such documents may be minor and their repercussions hard to gauge in the short term—such is the nature of global Internet policy development—but without external review and input, we can be sure that the resolutions of governments will be less inclusive, less well-informed, and less democratically legitimate.
Here is where this week’s Global Conference on Cyberspace fell down. Unlike at previous GCCS events—the 2015 Hague conference being a high point—only token efforts were made to include civil society representatives in the development of the conference outcomes, which were developed almost exclusively by government representatives behind closed doors. Particularly excluded, ironically, were civil society representatives from the host country of India, who found themselves unable to register for the event, even while foreign guests were welcomed. EFF was fortunate to be invited (two weeks prior to the event) to moderate and speak at a panel on the free and open Internet, while many others who wished to be involved were excluded.
This year, the most interesting normative development came not from the formal GCCS event, but from a side-event held by the Global Commission on the Stability of Cyberspace (since it has a confusingly-similar acronym, GCSC, we’ll call it the Commission). The Commission, much like the similar Global Commission on Internet Governance that completed its work last year, is an official-sounding body that is actually convened outside of any official international organization such as the United Nations, with the aim of bringing together experts from across stakeholder groups to develop proposals for global Internet governance norms.
Last week the Commission issued a Call to Protect the Public Core of the Internet [PDF], which simply proposes:
Without prejudice to their rights and obligations, state and non-state actors should not conduct or knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.
The statement is a little vague about what constitutes the Internet’s “public core”, though a footnote states that it includes “inter alia Internet routing, the domain name system, certificates and trust, and communications cables”. Although there remains scope to define this term more precisely, the idea of a duty on stakeholders not to attack the Internet’s core technical infrastructure has the potential to become an influential and important guiding principle for policymakers and business leaders.
The Call to Protect the Public Core of the Internet is not intended to be legally binding, but like Internet standards, it is hoped that it will acquire influence because the process by which it was developed was relatively thoughtful, inclusive, and balanced. The group of advisors that contributed to the development of this message included EFF Pioneer Award winner Anriette Esterhuysen and EFF board member Jonathan Zittrain, as well as "Father of the Internet" Vint Cerf.
By comparison, the official conclusions [PDF] coming out of this year's GCCS are nowhere near so clear or useful, and have been gently criticized by civil society representatives present here. In a joint statement released at the conclusion of the event, civil society groups pointed out that the GCCS outcomes ought to "Promote and commit to multistakeholder approaches in the development of cyber policies at the national, regional, and international level", and suggested some additional areas that should have been covered in the official outcomes—if civil society had been consulted.
Even governments agree—at least on paper—that Internet governance is a shared responsibility of all stakeholders, including the private sector and civil society. But these words don't always translate into action. This year's official GCCS process was a missed opportunity to allow Internet users a voice in shaping cybersecurity norms, and we hope that the next host of the event will give more attention to making the conference and its outputs more balanced and inclusive.
Having said that, the bright side of this week in Delhi was the release of the Call to Protect the Public Core of the Internet on the sidelines of the official conference. The concept that governments and private actors should avoid actions that could harm key technical foundations of the Internet such as the domain name system and global routing tables, is a sound principle that we endorse. It doesn't surprise us that a diverse, multi-stakeholder group of experts can actually produce more useful outcomes than a group of governments alone, and this could be taken as a lesson by the host of the next GCCS.