Perspectives on Internet Governance – What Might the Future Hold?

My remarks today focus on the key international developments that have formed the basis for the debate on Internet governance. The presentation will necessarily be selective in the examples and themes it discusses. In so doing, I understand that my presentation will satisfy some, and others will be disappointed that much was left out. Finally, the opinions and themes expressed here are my own.

I would like to order my remarks around three principal benchmarks:

1. the original vision and the International Telecommunication Union (ITU);
2. the World Summit on the Information Society; and
3. the emergence of cybersecurity as a policy driver.

In so doing, I hope to support the central thesis of this presentation: that despite considerable economic and technological change, policy debate, and different national agendas, existing international organizations and practices have adapted to the changing Internet environment, and in so doing, they have ultimately supported the resilience of the original U.S. Internet governance vision.

There are presently over 1 billion Internet users. Nothing in history matches the expansion of the Internet as a global medium of communications, information storing, retrieval and sharing. In the compressed period from 1995 to the present, the Internet has become an essential part of our lives. Gathering in Geneva, in 2003, Heads of State and Ministers attended the first phase of the World Summit on the Information Society (WSIS). At that Summit, and at its subsequent phase in Tunis in 2005, the integral part played in our lives by information and communications technology (ICTs) including the Internet was made clear in the final agreed upon documents. Heads of State and Ministers agreed that their “challenge was to harness the potential of information and communication technology” to eradicate poverty and hunger, achieve universal education, promote gender equality, to combat a variety of infectious diseases, ensure environmental sustainability, and to promote global peace and prosperity – among other stated goals.

The beginning and the ITU
The story is now legend. Two young government engineers, Bob Kahn and Vint Cerf, developed the TCP/IP protocol as a further means to ensure network redundancy in support of our national security. Jon Postel, working on the research project known as the Terranode Network Technology (TNT) which was part of a contract between the Defense Advanced Research Projects Agency (DARPA) and the University of Southern California (USC), coordinated the IP numbering system by allocating blocks of numerical addresses to regional IP registries. The registration and propagation of .com, .org, and .net was performed by Network Solutions under a 5 year contract with the National Science Foundation that expired September 30, 1998. The “Green” and White” papers were released in 1998. And the initial Memorandum of Understanding was signed in November 1998 between the Department of Commerce and the Internet Corporation for Assigned Names and Numbering (ICANN).

From the beginning the U.S. Government was opposed to a “monolithic structure for Internet governance.” Instead, the government sought “to create mechanisms to solve a few, primarily technical (albeit critical) questions about administration of Internet names and numbers.” The government’s goals have also remained remarkably constant from the dawn of that policy formulation in the late 1990s:

1. ensure the stability of the Internet;
2. support competition and consumer choice;
3. rely on private sector to perform the technical management of the Internet; and
4. ensure international input in decision making.

In the early period of Internet governance debate, the International Telecommunication Union figured prominently. The Internet Society expressed interest in the ITU playing a more operational role once the contract of Network Solutions expired in 1998. This idea did not gain full international support. But there was an international gathering hosted by the ITU in Geneva in 1997 to discuss the transition from Network Solutions to a different arrangement, and a Memorandum of Understanding was developed for the ITU to act as a depository for the domain name system. A place for the ITU in the Internet field was forever set. However, the scope of ITU’s involvement remains an ongoing issue. In the ITU’s evolving role with respect to the Internet, it should be underscored that the ITU’s role remains anchored in the membership of the ITU, with full recognition of the essential place of the private sector.

By looking at the resolutions adopted in 1998 at the Minneapolis Plenipotentiary, at the Marrakech Plenipotentiary in 2002, and those adopted at the most recent Plenipotentiary in 2006 in Antalya Turkey, the evolution of the ITU in the Internet space is revealed.

Resolution 101 of Minneapolis concerns “Internet Protocol (IP)-based networks,” and resolution 102 deals with “Management of Internet domain names and addresses.” The two resolutions set a vision for the role of the ITU: resolution 101 considers that the Internet is an important engine for global growth and that it is replacing existing services and introducing new ones and “voice over Internet is being developed rapidly.” The resolution calls for a clarification of the role of the ITU in the Internet space and resolves that the ITU should collaborate with other international organizations on matters “related to IP-based networks.” Resolution 102, “Management of Internet domain names and addresses,” considers that the “methods of allocation of Internet domain names and addresses should not privilege any country or region of the world to the detriment of others.” It also considers that “the management of the Internet is a subject of valid international interest and must flow from full international cooperation.” The resolution calls upon the Secretary-General of the ITU “to take an active part in the international discussions and initiatives on the management of Internet domain names and addresses,” with particular attention to the World Intellectual Property Organization (WIPO).

By 2006, and as a result of the Antalya Plenipotentiary, the subjects covered by the same numbered resolutions have expanded. The resolutions now consider the vital role that the Internet plays in broad social terms. All three sectors of the ITU, namely Development, Standardization, and Radio are to be involved in matters related to the Internet. This broad perspective is captured by the title of new resolution 102: no longer is the resolution only about the “management of Internet domain names and addresses,” but it is about “ITU’s role with regard to international public policy issues pertaining to the Internet and the management of Internet resources, including domain names and addresses.” New technologies and applications are to be considered, including Next Generation Networks, IPv6, ENUM and Internationalized Domain Names. Finally, the current versions of the Internet-related resolutions give full acknowledgement to the World Summit, its results, and its implementation.

The World Summit on the Information Society
As many of you may know, the World Summit on the Information Society was held in two phases, Geneva (2003) and Tunis (2005). In 2001, the ITU Council (the 46 country governing board of the ITU) issued a decision to endorse the holding of a World Summit on the Information Society at the highest possible level in two phases, which was further endorsed by UN General Assembly in Resolution 56/183, adopted on 31 January 2002. The Summit, in the words of this resolution, was “to be convened under the patronage of the Secretary-General of the United Nations, with the International Telecommunication Union taking the lead role in its preparation.”

From the many negotiations – often intense, always complicated, and sometimes confusing – involved in the WSIS, I wish to focus on two results of the World Summit:

• the clarification of the U.S. position regarding Internet governance through the Four Principles of June, 2005 and the so-called “WSIS compromise”; and
• emergence of a future global agenda contained in the follow-up and implementation of the results of the WSIS.

In Geneva in 2003, the Summit asked “the Secretary-General of the United Nations to set up a working group on Internet governance.” This working group issued its report in June 2005. It defined Internet governance as follows:

Internet governance is the development and application by Governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.

The Tunis phase of the World Summit adopted this definition as a working definition, leaving open the practical possibility that the definition may evolve in the face of technological and other changes. Further, the working group identified a number of issues “of highest priority, including related issues and problems.” First among these issues was the administration of the root zone files, a system which the working group characterized as being under “the unilateral control by the United States Government.” This issue became the focus of considerable debate within the WSIS context. There were contributions on this subject from the EU, Russia, the Arab Group, Japan, and Iran, among others, to the preparatory committee sessions leading to the Tunis Summit in December 2005.

The United States issued its Four Principles on the Internet’s Domain Name and Addressing Systems on June 30, 2005. These Four Principles are the Administration’s fundamental position with respect to Internet governance. The Four Principles were the basis of U.S. positions during the Tunis phase of the WSIS negotiations, and in many bilateral discussions during the summer of 2005. In summary the Four Principles are:

• The United States government intends to preserve the security and stability of the Internet’s domain name and addressing system (DNS).
• Government’s have legitimate interest in the management of their country code and top level domains (ccTLD).
• ICANN is the appropriate technical manager of the Internet DNS.
• Dialogue related to Internet governance should continue in relevant multiple fora.

The last principle set the stage for the ultimate compromise coming during the Tunis phase of the World Summit. This compromise had two parts.

First, WSIS delegations agreed to “invite the UN Secretary-General to convene a new forum for multi-stakeholder policy dialogue.” This new forum was called the Internet Governance Forum. The purpose of the Forum is “to discuss public policy issues related to key elements of Internet Governance”. The Forum would have no “oversight function” and it would be “constituted as a neutral, non-duplicative and non-binding process.” In addition, it would have no involvement in day-to-day or technical operations of the Internet.”

Second, WSIS delegations agreed that there is a “need for enhanced cooperation in the future, to enable governments, on an equal footing, to carry out their roles and responsibilities, in international public policy issues pertaining to the Internet.” Further, WSIS participants agreed that “relevant organizations should commence a process as quickly as possible and responsive to innovation.”

These two elements of the Tunis compromise, we believe, are fully consistent with the Four Principles. Indeed, the U.S. delegation was instrumental in the final stages of the negotiations in forging this compromise. What was not part of the compromise was the creation of a “new cooperation model” as the EU would have preferred. And, as a result, no remit or mandates of existing international organizations were changed as a result of the agreement on “enhanced cooperation.” Rather, the United States sees existing international organizations as the basis for “enhanced cooperation.”

In this last regard, the WSIS did lay out an ambitious program of 11 action lines as follow-up to the conclusions reached during the two phases of the WSIS process. The ITU has been given the role of coordinator/facilitator with respect to two action lines: information and communication infrastructure and building confidence and security in the use of ICTs. The remaining action lines assigned to other organizations include such areas as access to information and knowledge, capacity building, ICT applications, and international regional cooperation.

The Emergence of Cyber-security as a policy driver
We are all aware of statistics that try to capture the scope of cybercrime. It has been stated that in 2007, computer hackers tried to install 500,000 unique viruses and other malware. This number, it is said, will likely double in 2008. Further, the average large U.S business was attacked 150,000 times in 2007. Regardless of the specific statistics that are used, it is clear that cybercriminals grow increasingly sophisticated each year, and cause serious threats to governments and businesses alike. There are efforts throughout the government to deal with these new economic and infrastructure threats.

The Tunis Agenda for the Information Society (WSIS December 2005) acknowledged the need “to build confidence and security in the use of ICTs by strengthening the trust framework.” Participants at this phase of the World Summit affirmed “the necessity to further promote, develop and implement in cooperation with all stakeholders a global culture of cybersecurity.” It was mentioned earlier that the ITU was given the facilitator role with respect to WSIS action line on building confidence and security in the use of ICTs. In 2007, the Secretary-General of the ITU launched the Global Cybersecurity Agenda. In so doing, he stated that “cybersecurity and cyberpeace are the most critical concerns of our information age.” He went on to say that “making a simple transaction on the Internet using a credit card can be fraught with danger. Imagine the difficulties this could pose in an increasingly networked world of e-commerce and e-government.”

The Secretary-General formed a High Level Experts Group to develop advice on what the ITU can do with respect to cybersecurity. The report of this group will be forwarded by the Secretary-General to the ITU’s Council (the 46 country governing board of the ITU between Plenipotentiaries) on the occasion of its meeting this November. The Council will then decide on a course ahead for the ITU. But whatever advice comes from the experts group will be given against a background of policy and technical work already being done at the ITU, whether in the Standardization or Development sectors of the Union.

There is considerable global cooperation underway on cybersecurity: I mentioned the ITU but there is also work being done in such organizations as the Organization of Economic Cooperation and Development (OECD), North Atlantic Treaty Organization (NATO), the Council of Europe, the Asia Pacific Economic Forum (APEC), and within this hemisphere at the Organization of American States (OAS). The work underway at various universities and informal networks of cooperation bring together governments and a variety of stakeholders.

Cybersecurity is one of the principal policy drivers in the Internet space moving the international community toward “enhanced cooperation.” Certainly, views on the best approach to cybersecurity are not without differences among key international players. The United States has ratified the Council of Europe’s Convention on Cybercrime. We believe that this convention offers the best legal framework for the international community. We certainly work actively with many bilateral partners to assist in the development of their own national legal infrastructure to combat cybercrime. We believe that through these means – bilateral legal assistance and training and through the Council of Europe’s Convention there is no need for the creation of another international instrument for this purpose. This position has been made known at the ITU and elsewhere.

We have also made clear that we believe the ITU should continue its work in the area of cybersecurity. However, the ITU mandate does not extend to cybercrime. Each international organization should continue its “enhanced cooperation” work and initiatives within its existing remit and mandate. Other key international players wish to broaden the mandate and scope of work of the ITU to include cybercrime and much else in the area of “information security.” Presently, we are debating these points within many working groups of the ITU, and the scope and mandate of the ITU will certainly be a major issue at the ITU’s Plenipotentiary in 2010.

Conclusion
We all know that the Internet is based on a distributed design and decentralized control. New applications are always emerging – many call this creating value or innovation at the edges. We return to the working definition of Internet governance offered by the World Summit. It speaks of “shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.” It also speaks of multiple stakeholders: “Governments, the private sector and civil society.” Note that nothing in the definition limits our understanding of Internet governance to a single structure – Internet governance is clearly much broader than ICANN.

International attention, debate, and dialogue on matters related to the Internet cross many organizations and regions. This fertile global dialogue has and will occasionally lead to negotiations and binding agreements. But to date the original intent of the Internet governance vision of the United States in 1997, and as elaborated in the Four Principles in 2005 have remained viable and, to an extraordinary degree, accepted by the international community. At the core of the U.S. Internet vision is stability, competition, multi-stakeholder and international dialogue. It has been the case from the beginning, when the Department of Commerce requested comments on the registration and administration of Internet domain names in July 1997, to the signing of the Joint Project Agreement with ICANN in September 2006, to the recently concluded mid-term review of that Agreement.

Two distinguished members of your Bar, Jack Goldsmith and Tim Wu, have stated that like all previous forms of technological development and forms of technology-based communications, the Internet has not displaced “the central role of territorial government in human governance.” But whereas Goldsmith and Wu principally address the role of government coercion in Internet matters, I choose to emphasize a different face of governance. It is the potential to address human needs, at an unprecedented level, that lies before us as a consequence of the emerging Internet-based Information Society. I have noted that this is the conclusion of those who participated in the World Summit. At the end of the day, the WSIS was, to a remarkable degree, affirming of human freedom and potential – resting on the evolution of the Internet and ICTs, and positively supported by governments. In Tunis, Heads of State and Ministers, for the first time at a global summit, recognized “that freedom of expression and the free flow of information, ideas, and knowledge, are essential for the Information Society and beneficial to development” (Tunis Commitment paragraph 4). Perhaps this connection between the original U.S. vision of Internet governance and the affirming values of the World Summit, accounts for the resilience of the original U.S. Internet governance vision. At the very least, we can say that all future agendas regarding the Internet will be judged by these values.

Thank you.