The Open Internet on the Brink: Renewing Domestic and Global Institutions

If geopolitical incentives are failing to promote effective cooperation between key states such as the US and EU, what about institutions? Unfortunately, both domestic governments and international bodies are increasingly ill-equipped to deal with a governance environment that is becoming more and more complex. While the internet itself has developed rapidly, now evolving into new fields such as the “internet of things” and decentralised networks, the institutions of the Web 1.0 era are unprepared for being used as instruments of geopolitical ambition.

Notably, there is wide consensus within internet-governance communities – be it from technical participants, national policymakers or industry players – that the current institutional model is broken. But reform is costly and time-consuming, even if all could agree on a new model. To provide a common understanding of these challenges, this section sets out how these institutions are broken and why reform is so hard.

Internationally, today’s organisations have strengths that should not be disregarded, but the whole governance ecosystem needs significant overhaul to be effective in this more complex environment. At a domestic level, states also need to treat internet governance as a foreign-policy priority and adopt a coherent strategy that integrates existing programmes, domestic regulations and new forms of cooperation.

As we set out earlier, there are several international institutions focused on developing and maintaining the technical aspects of the internet including security standards and communication protocols. In theory, anyone with a technically sound argument can participate in these discussions and decisions are made by consensus. The market then acts as a selection mechanism: if technological proposals are good and useful, they will be adopted; if not, they won’t. These characteristics combine to make up the “open, multi-stakeholder” model of governance that has enabled the internet’s extraordinary growth.

However, these institutions were also never designed to cope with the machinations of geopolitical competition and an increasingly complex internet ecosystem. Organisations such as the International Engineering Task Force (IETF) and the World Wide Web Consortium (W3C) represented the hope and optimism of the early internet, led by technical communities but with representation from civil society and some government actors. Yet many of these institutions are now falling short of what’s necessary.

The most challenging issues are the lack of policy capability, authority and global representation of governance bodies. The lack of authority, in particular, enables geopolitical aggressors to go “forum shopping”: making proposals to multiple bodies in the hope they are taken up by at least one. This is an important constraint on the ability of today’s institutions to counter growing (geo)politicisation.

Lack of Policy Representation

Technical institutions have always embedded internet values, be they focused on privacy, security or openness. But technical decisions increasingly have significant consequences for policy, and states are limited in how they can shape these discussions. Indeed, forum participants with significant market power can both submit standards proposals and choose to implement those standards in services with billions of users. As such, there can be very little opportunity for states or civil society to intervene or raise policy concerns about these technologies.

In general, IETF and other bodies’ commitment to non-prescriptive protocols ensures that the internet’s underlying architecture is secure, effective and free from political interference. The IETF should not be burdened with the weight of geopolitical policy, and the internet would not benefit by reactively intervening more directly in these fora, since preserving the neutrality of infrastructure lower down the stack is important.

Nevertheless, it is also true that the status quo of policy decisions made in fora that cannot envisage, and are not accountable for, their full political ramifications is not sustainable. Unfortunately, the Internet Governance Forum (IGF), which is supposed to promote dialogue on these global internet policy decisions, also lacks the necessary authority to step in.

Lack of Authority and Global Representation

The IGF, a UN-affiliated organisation set up to promote global dialogue on internet policy and governance, lacks any real decision-making power. As such, it is routinely viewed as little more than a “talking shop” by both the biggest technology companies and nation states alike, weakening its relevance. Similarly, while the IETF and W3C are well-respected standards organisations, they are frequently competing for responsibilities with the International Telecommunication Union (ITU), another UN body, which undermines its authority.

Although the IETF and similar bodies are nominally open fora, in reality they have very high barriers to entry in terms of time, resources and technical expertise required to participate. In contrast, the IGF and ITU are among the few fora where the global internet community, and particularly those from under-represented countries, have a voice. This is one variable where the dominant multi-stakeholder model is falling short.

However, voting rights at the ITU, a UN body, are only available to member states. While industry, civil society and the technical community can participate – for example, China’s New IP proposal was ultimately submitted by a group containing private (Huawei) and state-owned companies (China Mobile, China Unicom) as well as the Ministry of Industry and Information Technology – decisions are led by states. As such, despite its strong global representation, empowering the ITU further risks enabling more attempts to co-opt standards settings for geopolitical objectives at the expense of the wider internet ecosystem. Indeed, China’s New IP proposal was originally rejected at the open, multi-stakeholder IETF, but was taken up by the ITU – most likely due to the stronger influence China had there. This illustrates how co-opting standards decisions into geopolitical fora can undermine the quality-assurance role of a market-led, standards-setting culture.

The Impact of Failing Global Institutions

The lack of effective, global internet institutions has forced global technology policy to be increasingly decided in sub-standard fora. For example, Mark Nottingham, the co-chair of the IETF HTTP Working Group, has argued that regulators in the UK and US are becoming de facto internet-governance institutions by setting or overseeing the implementation of privacy, ad tracking or interoperability standards by large technology companies. These regulators are acting without any of the constraints of the community and consensus-based governance model, and all the incentives of national regulators (which tend towards divergence or power-hoarding).

Some discussions have also been pushed into “minilateral” trade negotiations, rather than being agreed at a higher or global level. The US, for example, used the United States-Mexico-Canada Agreement (USMCA) to enshrine liability protections for technology services internationally, akin to its domestic Section 230 law that limits intermediary liabilities. This would also likely affect UK plans for an Online Safety Bill, if the US and UK were to begin trade negotiations. Putting the merits of Section 230 aside, bilateral trade agreements are a poor way to achieve alignment on technology regulations with global impact.

Prospects For Reform

While there is wide consensus that many internet governance fora are broken, reform is challenging because:

• The time and costs involved in a sufficiently radical reform process make achieving a successful outcome very hard

• Broader geopolitical tensions may undermine agreement on a new proposal

• Existing institutions have strengths and expertise that are critical to the working of the internet ecosystem, and which should not be lost in the process

• Many nation-states are already over-extended, leading to reluctance to create any new fora that might duplicate existing discussions.

One promising idea has come from a recent consultation led by the UK–China Global Issues Dialogue Centre at Jesus College, University of Cambridge. This proposed a new ecosystem oversight body modelled on the Intergovernmental Panel on Climate Change (IPCC). Like the IPCC, this would leverage technical expertise from across governments, industry and civil society to increase transparency and common understanding of the issues, threats and opportunities, as well as the specific threats facing the global internet. Given this early-warning system does not yet properly exist, and thus would not duplicate any existing institutions, establishing an “IPCC for the internet” would be a no-regrets move.

For advocates of broader institutional reform, the IGF is a cautionary tale. Established in 2006, it was supposed to be the new institution that resolved the governance challenges of the day. However, in recognition that it has fallen short of promoting action over debate, diplomatic momentum is now building behind the UN’s 2020 Roadmap on Digital Cooperation proposal of a new “Internet Governance Forum Plus” (IGF+) model. This would include:

• Formal anchoring of the IGF within the UN, with responsibility for the IGF moved to the office of the UN secretary general

• New organisational units including an advisory group, cooperation accelerator, policy incubator, and an observatory and help desk. With membership coming from industry, government and civil society, these units intend to promote actionable outcomes by coordinating with, and feeding into, other key governance bodies.

• A new IGF trust fund to promote financial sustainability. This would be a voluntary funding mechanism, with governments, international organisations, businesses and the tech sector encouraged to sustainably support the IGF for the long-term.

Support has been building for this proposal, with the European Commission’s Executive Vice President Margrethe Vestager recently calling for a revamped IGF. By seeking to address the lack of policy capability in particular, if the new model can live up to expectations then the internet ecosystem will certainly be better off. These reforms would also be consistent with the results of the 2020 We, The Internet global citizens dialogue, which indicated strong support for a multi-stakeholder and global approach in internet governance among global internet users. However, given that the most geopolitically important technology companies have traditionally taken minimal heed of the IGF, even a reformed version would have a long way to go to establish its authority.

Domestic state capacity also matters because many government departments – from cybersecurity and military agencies to ministries focused on foreign and digital policy – have a stake in shaping both national regulations and international cooperation.

Some states, such as the UK, have the necessary expertise to promote their interests in the international institutions that govern the internet ecosystem. But all too often, this expertise either isn’t empowered to shape decision-making or is not connected with other work across government. This is both a structural and a strategic problem.

On the structural, elsewhere we have made the case that countries should have an integrated Digital, Data and Technology Department to better align digital policy and delivery. However, in global internet governance and geopolitics, there are foreign-policy aspects that even this department could not reasonably manage. The internet has created new global power dynamics and new types of conflicts while challenging norms around sovereignty and the liberal idea of global interdependence. It is therefore the responsibility of foreign ministries to articulate a comprehensive, coherent and holistic strategy that grasps this new context, articulates priorities, and resolves the clashes that arise between traditionally siloed government departments.

To that end, countries including Denmark, Australia, France, Switzerland and the Netherlands have all designed digital foreign-policy strategies to take a more holistic approach to the intersection of tech and foreign-policy objectives. This has included creating new diplomatic structures such as tech ambassadors, improving skills, ensuring collaboration between national government departments and promoting multi-stakeholder initiatives.

TBI analysis has identified 27 jurisdictions (including the EU) that have established some form of tech-diplomacy initiative to varying degrees of maturity. (In November 2019, the UAE also announced plans to establish an Ambassador for the Fourth Industrial Revolution but the status of this is currently unclear so it is excluded from the list below.)

Crucially, this capability is as much about enabling states to stop initiatives not in their interests as it is about promoting positive initiatives. For example, Russia is currently working to move responsibility for cybercrime from the Council of Europe to the UN, while China would like the ITU to play a greater role in internet governance at the expense of industry-led technical forums that favour the West. Both of these steps would disempower institutions that support Western values, but resistance will fall short without effective state capacity.

An integrated strategy, which takes technology policy seriously as a foreign-policy priority, can provide a guiding framework that empowers different teams within governments to look ahead and identify capabilities that are missing or will be in demand. It would also highlight whether technical representatives in global governance fora are sufficiently well-equipped to take on geopolitical debates, and where like-minded allies can cooperate to stabilise the internet ecosystem.