Tuesday, January 27, 2015

Book Review – “The Electronic Silk Road: How the Web Binds the World Together in Commerce”

The argument for an electronic silk road, promoting free trade and by extension, harmonious global values and laws, is an inherently appealing idea to all digital natives used to an ‘open web’ experience. Dr Anupam Chander, himself a product of parents who migrated from India to the US in search of a better life, expertly lays bare the changes in global trade patterns – and the resulting complications – in his book ‘The Electronic Silk Road: How the Web Binds the World Together in Commerce,’ released in 2014 in South Asia. Aside from the easy narrative exploring complicated developments, Chander’s book is especially pertinent for an Indian audience, looking to profit off this free trade, often without reading the fine print.

The promise of Trade 2.0 is enormous, begins Chander, but he quickly delves into the real world complications that arise out of these new exchanges. Unlike with goods trade, where a well-defined port of entry and exit serves as points for regulation and new jurisdictions, digital exchanges of services, prove to be far trickier. He raises a metaphysical question: where does an event in cyberspace occur? Simply put, whose jurisdiction extends to these digital transactions – the region where the company providing the services is registered, or the region where these services are consumed?

The real-life examples of the ‘pirates of cyberspace’ are easier understood. For example, the gambling sites operating out of Antigua, where it is legal, were sorely contested in the USA, where, for the most part gambling is illegal. This particular case went to the WTO where the gambling sites argued that they were simply providing entertainment services while the US argued that this sort of activity would promote fraud, money laundering and underage gambling. The WTO sided with the US. Another case, familiar to most young people, is of the file-sharing site, The Pirate Bay, which is under constant legal threat from copyright holders because of the “illegal” downloading of materials that include movies and music. The founders have even been convicted of copyright infringement under Swedish law, and have since moved their domain name from .org to the Swedish address .se to avoid the risk of seizure of their domain name by the US authorities.

 This move too, speaks to the parallel jurisdictions that exist in cyberspace, complicating its ‘free flow.’ In fact, the domain name system is described by Chander as ‘choke point’ in an essentially end-to-end system. What this means is that the body that sets rule for domain names, Internet Corporation for Assigned Names and Numbers, ICANN, can function as an otherwise elusive chokepoint for domain registries such as .com, .net and others. However, this privately held body has so far only chosen to apply its authority on behalf of trademark holders. The recent bitter fights over who would be granted the domain of .vine and .wine saw France lash out against ICANN, and India too expressed its concerns at private companies being awarded domains like .indian and .ram, for fear they could be misused. Another ‘choke point’ is the root server, which serves as the registry for domain names. Who maintains these is a pertinent question. For example, VeriSign maintains the .com and .net root servers, and is based in Virginia, USA. Therefore, that is where its jurisdiction lies. More recently, some root servers have been distributed across multiple jurisdictions, making it harder to locate and attack. However, keeping these root servers under one authority such as ICANN is seen as crucial to many, as it allows web users based in different countries to ‘talk’ to each other. While countries can create a parallel internet system, as China and Russia have done, it would mean that users across the world would have to modify their computers to point to the alternative DNS rather than ICANN DNS. This is seen as a serious affront to the seamless nature of the current, dominant, internet experience.

 Ultimately, the book is an examination of trade and law, and its new avatars in the cyber realm. A new global division of labour – where US legal documents are being prepped by lawyers based in India, and phone calls to big American companies are being answered by Filipino workers – also means countries will display protectionist behavior. For example, in the light of increasing medical images review (including radiology)moving from the US workforce to India, the US Congress restricted Medicare reimbursements for services that were subcontracted to providers located outside the country. This dichotomy between wanting free trade but protecting ones country from the same has come up during Trade 1.0 and continues to be a theme in Trade 2.0

 Chander also flags newer scenarios that are emerging. For example, ‘cloud computing’ is essentially the act of ‘moving a computer service to remote computers, typically with the user both largely unaware of the jurisdiction or jurisdictions from which the service is actually supplied.’ This is important. For companies such as Google, the cloud exists across various techno-legal-economic jurisdictions, which he fears could become a ‘legal black hole’.

 The legal aspects of this new silk road,and how they should be shaped, form the crux of Chander’s book. After going into some detail about one of the biggest companies to exist thanks to the internet – cheekily called Facebookistan due to its billion citizens – Chander quotes founder Mark Zuckerberg acknowledging its special role: “We exist at the intersection of technology and social issues.” But what has this meant? Differing privacy standards across the world, where facial recognition features might not be welcome in some regions as they are in others; differing free speech environments where governments might want to step in to censor content their believe is inflammatory; and different regulatory climate with some states moving to tax Facebook on its growing advertising revenues.

 What does this lead up to? A few steps are outlined by Chanderto ensure trade across cyberspace remains ‘free’. The first is legal glocalization – where sites are localized to conform to varying rules in different jurisdictions. However, Chandertempers this suggestion, warning that excessive interventions will hamper the worldwide nature of the web. This scenario harks back to an earlier question – whose law applies? The choices here are the following: country of origin; country of reception; UN or a treaty-based law; self-regulation by the private companies involved and finally, user-based regulation. There are problems with each scenario. The country of origin suggestion might spark what is called a ‘race to the bottom’ with companies trying to register themselves in places with minimal regulation. An international treaty seems difficult, given that speech, privacy, defamation and a few other concepts are difficult to create consensus around. The country of reception principle would make it very difficult for corporates trying to enter many different markets, and both regulation by users and/or the companies themselves might lead to problems later, given that consumers often lack knowledge about the services they use. All these problems lead Chander to suggest adopting the principle of ‘harmonization’ where one should imagine a regulatory ‘race to the top’; with regulatory competition among countries leading to a global welfare-maximizing ideal. This, coupled with companies abiding by the ‘do-no-wrong’ principle – for example, not assisting authoritarian regimes to suppress free speech and human rights –would help countries across the world reach their goal to manage overlapping jurisdictional authority. Courts could decide on applicable jurisdiction according to the state with the closest connection to the dispute. The creation of international standards and the increasing difficulty of enforcing differences would, according to Chander, encourage the emergence of global best practices.

 Chander’s book is a knowledgeable and a timely intervention in a world increasingly relying on the information society to move it forward. India too, speaks the language of ‘Digital India’ and everywhere one looks e-commerce websites are capturing the public imagination. Start-ups are the order of the day; complementing the already established IT services industries. Global commerce is changing the world, and the internet is now termed a ‘global commons’ – it has achieved as much importance as the seas and space! In this scenario, some of India’s own unique problems in this domain are addressed by this book: that of jurisdiction over transnational data flows. In the past, Indian ministers have offered the opinion that jurisdiction should extent to the country of reception. Currently, India is exploring the idea that data flows originating and ending in one jurisdiction should only be routed through that country, and not through international servers. This does not address the problem of jurisdiction of international data flows, but it is a start. Further, India believes that the routing of internet traffic and their numbering need not be carried out by a private body such as ICANN, but that the role can be shared by governments under bodies such as the International Telecommunications Union. These are suggestions on the table, but strike at the heart of the debates being carried out about the future of the internet – which is also the future of international trade.

 There is only one weak point in the book. Chander wonders if international trade law could encourage political freedom around the world. Human rights in cyberspace do end up in debates about not the production, but the consumption of knowledge. Many in the West want the internet to adopt common values of free expression. Yet, this can often be the point of departure for many countries. Some are authoritarian and want to impose censorship. Others, and India can fall into that category, is not interested in foreign elements dictating national policy. This is the reason why foreign funded bodies often come under the scanner in India. The argument is tricky, and opens up more questions than what this book seeks to answer.

 Ultimately, Chander’s informative book engages the reader. It is recommended for those who want to peek into the nuts and bolts of the internet, understand the application of the law that guides it, and finally, follow the smell of money!

 The author heads the Cyber and Media Initiative at the Observer Research Foundation.

Tuesday, January 13, 2015

Panelist Paper: Internationalization of Internet Governance Council of Councils

Panelist Paper: Internationalization of Internet Governance Council of Councils 

Seventh Regional Conference 
January 11-13, 2015, New Delhi, India 

Mahima Kaul, Observer Research Foundation 

How the Internet should be regulated—and who should regulate it—are the underlying questions in every conversation about global Internet governance. Add to that a few others: what will be the economic impact of any regulation? How should the critical Internet resources be managed? And in the absence of a common set of laws or rules, how is current case law guiding the development of the Internet? 

Countries like India, which are neither the incumbents nor yet the biggest beneficiaries of the Internet, have an interesting road to navigate. They have engaged with the current global governance system but find it inadequate to address issues that concern them. They also find that big businesses, motivated by profits, and civil society groups, often universalizing the values they believe in, are fighting to preserve a ‘multistakeholder’ system of global governance, which doesn’t necessarily provide a platform to discuss domestic concerns. 

India isn’t alone. Events taking place across the world are making it increasingly clear that national governments are not ready to let global rules dictate how the Internet functions in their territory. These moves range from the United Kingdom asking Facebook to let it directly access its platforms to monitor terror related activity, to Spain banning ‘free shipping’ from online retailers to help those offline compete, to Turkey passing a law to allow its regulators to block websites within four hours for national security concerns. The already complicated global governance landscape is made more complicated by these local laws. 

Therefore, it would benefit countries like India to focus on progressive policies to foster the power of the Internet. The first is to engage in global multistakeholder processes as they attempt to evolve to accommodate the needs of sovereign nations. The second is to study the apportioning of jurisdiction in current cases concerning international digital transactions, and learn from developing case law around the world. The third is to strengthen international cooperation in crucial areas like cyber crime investigations, and counterterrorism. Finally, while keeping in mind the needs of a developing economy, it must encourage laws and regulations that preserve the free spirit of innovation that has allowed the Internet to become a driver of the global economy. 

Multistakeholder vs Multilateral 

The truth of the matter is that multistakeholder, a term used so frequently that many experts complain it is starting to impact negatively on discussions, is a philosophy that goes beyond the structure of meetings at the Internet Governance Forum, ICANN (Internet Corporation for Assigned Names and Numbers) and other platforms. The idea that private individuals and corporations could share in the structure and management of the Internet—a network of networks—came out of the growth of the largely unregulated Internet. This network enabled unprecedented exchange of information between individuals. Not only has it enabled knowledge sharing, creativity, innovation, and trade, but also the creation of global companies which have profited from collecting and curating this data. For many users, some of these big tech companies have come to define the Internet for them, most notably those that provide social media tools, information search, and e-commerce platforms. Not surprisingly, these companies are now experiencing a pushback from governments, which seek to also benefit from their company profit revenue that Internet commerce allows. Governments, including India, are mulling regulation of ecommerce through taxation and other prudential norms. There is more. Questions about data privacy and security are now center stage, as cyberspace has increasingly become the new frontier for terror-related activities, cyber crime, and cyber war. Necessarily, governments are compelled to take action on all fronts. 

The global reach of the Internet and the companies that predominantly influence it, postulates that regulating the Internet cannot be the result of discussions restricted to only between governments. Unfortunately, though, the current global governance debate seems to have pitted governments against everyone else. This is not constructive, nor is it realistic. Perhaps the suspicion towards government should also be seen in context to the aftermath following disclosures by Edward Snowden in June 2013, about global mass surveillance by the U.S. government, in collusion with its European allies and some telecom companies. Citizens around the world were aghast at the news. At the Netmundial multistakeholder conference, held in Brazil in April 2014, following Snowden’s disclosures, the multistakeholder community met to discuss a common vision for the future of the Internet. At this meeting, the Indian government expressed reservations about signing the Netmundial outcome document that had failed to incorporate some of India’s ideas on developing multilateral Internet governance mechanisms and global cyber jurisprudence. i Did that mean that India is opposed to a free and open Internet and working with various stakeholders to achieve these aims? Take for example that the country is working with the private sector— including multinational companies—to achieve its goals of last-mile connectivity, e-governance, infrastructure security, protection against online terror and crime, and preserving a free and open Internet. At the same time, it is being aggressively challenged by, and is responding to, civil society on issues of accountability and transparency. 

In this scenario, why would a democratic country that does not have a dedicated centralized Internet ministry, and is already dealing with various stakeholders separately to discuss concerns related to the Internet, insist on a single multilateral mechanism for Internet governance? The answer could lie in the fact that, traditionally, the role envisaged for governments in the current multistakeholder model—that is to be simply be one stakeholder among the many—is at odds with the mandate that governments in developing countries, like India, see for themselves. It is also reflective of their view that the current mechanisms do not afford them the space they require. Indian government officials at Netmundial spoke of an ‘equinet’, in which all governments can have an equal say in global governance matters. Many developing countries, which are new to the Internet, are uncertain of where to go for the resolution of matters important to them. However, should this translate into creating one body to look over technical and trade issues pertaining to the Internet? 

Therefore, the challenge is not simply for governments across the world to adapt to a decentralized, distributed, Internet governance landscape, but also for multistakeholder institutions to respond to the need of governments across the board. As can be seen by the IANA transition process at ICANN, there is currently an attempt to expand the management of the critical resources of the Internet. This is a positive sign, and governments like India must engage in the process. At the same time, a platform called the ‘Netmundial Initiative’ to discuss what are called ‘orphan issues’ of the Internet has been attempted by ICANN, the World Economic Forum, and the Brazilian Internet Steering Committee. Whether it can truly respond to the needs of governments and smaller businesses, and find solutions to their problems, needs to be assessed. The next few years will be the crucial testing period for the strength, responsiveness, and true democratic ethos of the distributed multistakeholder governance system. 

“Free-Exchange Zone” 

Many governments and technology companies are pushing to ensure the Internet remains free and interoperable, without barriers to the free flow of trade. In fact, one can argue that consequent to the growth of the Internet, countries that are now invested in the international e-commerce would certainly like to see it grow. The same is true of incumbent technology companies which are benefitting from the current system, thus are actively engaged with governments, across the board, to shape and comply with regulations, so as to retain market dominance. 

Equally, it important to note that despite the impression that the Internet benefits even the smallest companies, in reality, big corporations, the intellectual property lobbies, which can bid on top level domains and the companies that have business models based on deriving profit from the private data of individuals, have in a sense already put in a centralized system of operating on the free and open platform. Governments which seek to impose ‘restrictions’ on communications and trade, could either help grow this ‘free exchange zone’ or limit it. The debate on net neutrality, taking shape in various ways in different countries, is one such example. 

Other cues can be taken from current court cases between businesses and states, as they expose many of the gaping holes that exist in Internet governance currently. Digital jurisdiction is one such important issue that has not been resolved. How complex and challenging the issue truly is has been revealed by a case currently playing out in Ireland between Microsoft and the U.S. government. The latter obtained an order in July 2014, from a U.S. court which directs Microsoft to release personal data about an unidentified citizen, stored in a server in Dublin, Ireland. Microsoft has appealed the order on the grounds that cloud privacy would be endangered. Furthermore, the government of Ireland has supported Microsoft, on the ground that the case could have ‘heavy consequences’ for international sovereignty and data privacy.ii According to one European expert, U.S. conduct is tantamount to ‘territorial encroachment’ implying that data stored in an Irish server is akin to it being stored in a U.S. server. A fallout of the Ireland case has been the introduction of the ‘Law Enforcement Access to Data Stored Abroad Act’ (LEADS Act) in the U.S. senate which requires U.S. law enforcers to obtain a judicial warrant for data stored abroad, to comply with national laws of other sovereign countries, and to use existing inter-state legal mechanisms for the purpose of obtaining the required data. In the meantime, this case continues to raise questions about the larger ideas of national jurisdiction and digital sovereignty. 

Recently, a similar question came up in the Ben Haim vs Islamic Republic of Iran case, when a U.S. court awarded damages to terror victims in the case in November 2012. In this case, the plaintiffs (victims) had asked the court to transfer in their favor Iran’s country code top-level domain name (ccTLDs)—that is ‘.ir’—reserved for a country or sovereign state, so as to facilitate collection of the quantum of compensation awarded in liquidated damages. The request set off alarm bells. Could or would ICANN, a private organization registered in California, USA, handover the ccTLD belonging to a sovereign country (in this case Iran, ‘.ir’ ), to a group of private persons (in this case the plaintiffs), under a U.S. court order? As it happened, the U.S. court ruled in November 2014, that since the ccTLD was not “subject to property attached under District of Columbia lawiii it would not award .ir to the victims.” However, what if, in the future, an action is brought by claimants in the court of competent jurisdiction in which the registered office of ICANN is situated? It is reasonable to assume that there will be many other cases concerning domain names, in the future. The question is open. 

ICANN and IANA 

Internet resource management is equally, if not more, important to the smooth functioning of the Internet, as it calls for harmonious laws and values to guide its growth. ICANN—the Internet Corporation for Assigned Names and Numbers—that is the global coordinator for the Internet’s domain naming system, IP addresses, and root server management—functions under U.S. oversight. Many countries have questioned the United States’ extraordinary influence over this process, as much as the fact that a private organization is running the Internet. As a result, ICANN is engaged in a multi-stakeholder process to gather inputs on how the IANA (Internet Assigned Numbers Authority) functions could be handed over to a larger multistakeholder body in the future. Presently, IANA functions under contract to the National Telecommunications and Information Administration (NTIA), under the U.S. Department of Commerce. 

While the community works on these proposals, a few developments on the sidelines have reemphasized the relevance of the IANA functions. Politicians in the United States fear that giving up stewardship over IANA functions would enable authoritarian governments to censor the Internet through control of ICANN. The 2015 FY Appropriations Bill, passed in the US Congressiv, has attempted to stop the NTIA’s IANA transition, stating that, “none of the funds made available by this Act may be used to relinquish the responsibility of the National Telecommunications and Information Administration during fiscal year 2015 with respect to Internet domain name system functions, including responsibility with respect to the authoritative root zone file and the Internet Assigned Numbers Authority functions.” However, some experts feel that since the NTIA was only going to relinquish oversight by simply not renewing its contract with ICANN, the Bill does not actually stop the process.v 

In fact, the political significance of ICANN is growing beyond its original technical mandate of being an Internet registry. For example, controversies over domain names have revealed, in part, the political and economic aspects of its work. Peeved over issues pertaining to ‘.wine’ and ‘.vin’, France had earlier suggested that ICANN should adopt a new general assembly with a one country, one vote model.vi This is not a new critique of ICANN. Traditionally, except the United States, other countries did not have much of a say in ICANN functioning. During WSIS, governments sought to increase their role in Internet governance, including in the functions of names and numbering. Internal reform initiated by the international community has slowly been trying to move ICANN from a private regulatory entity to one in which national governments can further engage with the process. Much of the success of ICANN lies in an acceptable multistakeholder, bottom-up plan by the Internet community, for the IANA transition. This is crucial, as its success could potentially kill any future calls for ICANN to either answer to, or give up its functions to, a multilateral body. 

The ‘Balkanized’ Internet 

Fears of a balkanized Internet, or a broken Internet, or a splinternet, have been around for years. Iran had talked about building a ‘halal Internet’—a national network not connected to the World Wide Web. In September 2014, Russian officials revealed that their country was working on a radical plan to be able to unplug Russia from the global Internet, should the occasion arrive.vii This was later denied. Countries like Brazil called for creating a national intranet after Edward Snowden’s disclosures about the U.S. National Security Agency spying on citizens around the world. Brazil was joined by Germany in its call for data localization. Both ideas have not been acted upon. However, trust in the safety of data stored in other jurisdictions has been permanently eroded, and the moral leadership of the United States questioned. Brazil and Europe have agreed to lay an undersea cable from Lisbon to Fortaleza to reduce reliance on U.S. communication cables and, consequently, U.S. surveillance, in order to ‘guarantee the neutrality’ of the Internet.viii 

What are the critical resources of the Internet? Often, people think of Internet resources which include IP addresses, affordable domain names, reliable root servers, bandwidth, affordable devices, and progressive policies.ix However, some experts restrict it to “Internet-unique logical resources” that meet the criteria of “globally unique identifiers,” and not simply any infrastructure used for running the Internet. This would limit critical Internet resources to IP addresses, domain name system, and Autonomous System Numbers (ASNs), which is a network operator—“central currency of the Internet’s routing system.”x 

Yet, China, which has its own IP address allocation service and domain name registry, has begun to participate at ICANN events and has indicated its willingness to join more global institutions that look at international Internet issues. All this, while still maintaining its “great firewall,” which relies on content filtering, control over Internet service providers, clamping down on free speech (including jailing those who dare to dissent), and the interception of communications. 

Therefore, one must consider if restricting information on the Internet constitutes its balkanization. For example, would regional filters that prevent netizens from watching certain content constitute balkanization? Those who point to China, preventing content for political reasons, might answer in the affirmative. Would they apply the same logic to corporations that could restrict content across geographies for economic reasons? Is customized search fragmenting the Internet? Ultimately, a common experience of content around the world would be impossible to maintain, for reasons that are beyond censorship, like language, local laws on content such as porn and hate speech, including local content creation. 

However, there are economic implications to consider in the event of a balkanized Internet. As mentioned in Time Magazine, “netizens would fall under a complex array of different legal requirements imposing conflicting mandates and conferring mutually exclusive rights. And much like different signaling hampers the movement of people and the trade of physical goods, an Internet within such a complex jurisdictional structure would certainly hamper modern economic activity.”xi Therefore, those who wish to reap benefits from a common Internet economy are incentivized to remain connected to the system, even as they attempt define digital sovereignty through investments in infrastructure. Further, a strategy to maintaining a common IP registry such as ICANN to ensure seamless coordination between computers around the world goes back to the question of reform of ICANN to ensure greater participation from the international community. 

Sharing critical resources helps to preserve the safety and longevity of the Internet, although it would be unrealistic to expect the Internet experience to remain exactly the same across digital borders. 

Policy Recommendations: 
 India must actively engage in the IANA transition, and other Internet governance forums, embracing the global multistakeholder processes. 
 India must invest in basic infrastructure required for the steady growth of the Internet, including investments in electricity, bandwidth and local language content. 
 India must learn from international experiences as it seeks to develop its own laws and regulations concerning the Internet. 
 International cooperation is crucial to developing a secure Internet, especially in the areas of cyber crime and counter terrorism. 

i Kaul, Mahima, “Global Internet Governance: India’s Search for a New Paradigm” September 2014. Availble at: http://www.globalpolicyjournal.com/blog/30/09/2014/global-internet-governance-indias-search-new-paradigm 
ii “Ireland backs Microsoft against US Email Demand” December, 2014. Available at: http://www.usnews.com/news/articles/2014/12/24/ireland-backs-microsoft-against-us-email-demand 
iii “Judge sides with ICANN: Plaintiffs can’t take all of Iran’s domain names” November 2014. Available at: http://arstechnica.com/tech-policy/2014/11/judge-sides-with-icann-plaintiffs-cant-take-all-of-irans-domainnames/ 
iv FY2015 Omnibus; Consolidated and Further Continuing Appropriations Act, U.S. Congress. Available at: http://docs.house.gov/meetings/RU/RU00/20141210/102799/BILLS-113rcp113-59pp.pdf 
v Rosenzweig, Paul, “Congress Tries To Stop the IANA Transition — But Does It?” December 2014. Available at: http://www.lawfareblog.com/2014/12/congress-tries-to-stop-the-iana-transition-but-does-it/ 
vi “France sparks .wine address row ahead of Icann meeting” June 2014. Available at: http://www.bbc.com/news/technology-27974293 
vii “Iran: Cyberspace Ayatollahs” March 2014. Available at: http://12mars.rsf.org/2014-en/2014/03/11/iran-therevolutionary-guards-the-supreme-council-for-cyberspace-and-the-working-group-for-identifying-criminal-content/ 
viii “Brazil, Europe plan undersea cable to skirt U.S. spying” Febuary 2014. Available at: http://www.reuters.com/article/2014/02/24/us-eu-brazil-idUSBREA1N0PL20140224 
ix Center for Democracy and Technology, USA, “What Does “Governance” Mean? What Are “Critical Internet Resources”?” Available at: https://cdt.org/files/pdfs/20071114Internet%20gov.pdf 
x DeNardis, Laura, ‘The Emerging Field of Internet Governance” September 2010. Available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1678343 
xi “The Future of the Internet: Balkanization and Borders” September 2013. Available at: http://ideas.time.com/2013/10/11/the-future-of-the-internet-balkanization-and-borders/