The CyFy Journal, a collection of essays by current experts in the field of internet governance is out today. It has been published by ORF, in collaboration with Global Policy Journal. I am very proud to have been associated with the editorial team behind its publication and have also the opportunity to publish a piece in it, co-authored with my colleague, Samir Saran, Vice President, ORF.
And pasted below is my piece:
The Shifting Digital Pivot Time for Smart Multilateralism*
Samir Saran, Chair, CyFy and Vice President, Observer Research Foundation, India Mahima Kaul, Head of Cyber and Media Initiative, Observer Research Foundation, India
As a decentralised and multistakeholder global internet governance system becomes institutionalised, countries like India need to build strategies to successfully navigate the ecosystem to achieve their national goals. Pursuing a policy of ‘smart multilateralism’— which is a mixed bouquet of bilateral, multilateral and multistakeholder arrangements— suits India’s goals to carve a niche role for itself and achieve Indian exceptionalism in cyberspace.
It is difficult to capture the shifting power centres and discourse of global internet governance in a single sentence, paragraph or even paper. The number of countries actively engaging in this debate is increasing at a steady pace, as is the number of stakeholders. Countries like India, at the periphery of these discussions although crucial to their outcomes, are actively strategising on how to engage with a decentralised and largely multistakeholder global system that does not simply rely on the state as the key interlocutor for its citizens. Who should the state engage with, and how? Which are the focus areas where the state should take the lead, and in which layers of internet governance should it rely on ‘digital ambassadors’ from academia, civil society, the private sector and activist groups to further its national goals? How must it decide these national goals, at a time when internet governance itself is being redefined? How must the state go about creating a pool of digital ambassadors to pursue these goals?
In this paper, we examine why and how sovereignty is slowly being redefined in the global internet governance ecosystem, and suggest that adopting a strategy of ‘smart multilateralism’ is the best way forward for India to carve out a niche role for itself and secure Indian exceptionalism in cyberspace.
Competing Agendas: The New Normal
The network of networks is not only expanding with every new device connected to the internet, but is today a resource as valuable in non-material terms as it is in material terms. This growth of the global cyberspace, and by extension the cyber economy, is adding $450 billion to the global GDP every year according to McKinsey Global Institute’s report ‘Global Flows in a Digital Age.’1 It argues that the flow of goods, services and finance reached $26 trillion in 2012, or 36 percent of global GDP, 1.5 times the level in 1990. This is expected to increase to $85 trillion by 2025, three times the value in 2012. Underneath these figures is the need for data and communication to flow freely—‘connectedness.’ The lack of real world tariffs and barriers has allowed the emerging economies to participate and profit from the world economy. India is currently ranked at 30, jumping 16 spots from the previous year, in McKinsey Global Institute’s Connectedness Index 2012.2
The clear benefits of this new ‘connectedness’ have allowed corporations to earn the trust of large sections of civil society. The rise of social media has also given the consumer-citizen a voice, which is exercised vigorously. A loss of confidence in public institutions across the world has bolstered these trends. The Snowden revelations3 were a watershed moment in internet history, eroding credibility in traditional powers like the US government and opening the door for new players—other governments, businesses and civil society alike— to assume a central role in managing the internet. NETmundial, the international internet governance conference hosted by the Brazilian government soon after the Snowden revelations, is one example. It demonstrated the collective weight of civil society, and both national governments and corporations have had to pay heed to it.
Take, for example, the letter written by Cisco chief executive officer John Chambers to US President Barack Obama,4 warning that America’s technological leadership will be impaired if a fragmented internet is the result of the Snowden revelations about mass surveillance by the US government. Similar misapprehensions surfaced across the world, particularly when countries like Brazil, Germany and even India reacted strongly to the news, to the extent of considering data localisation.5 Further, Germany has announced it is ending its long-running contract with Verizon communications in 2015 over concerns that it is legally required to hand over certain information to the US National Security Agency (NSA).6
US technology companies have begun to feel the consequences, as people around the world have begun to shun them for fear of their close relationship with the US NSA. Various research has pinned losses of US technology corporations over the next few years anywhere from $35 billion to $180 billion.7 Companies like IBM and Microsoft have plans to build data centres across the globe to pre-empt any economic damage they may suffer due to the political damage that has accrued post-Snowden.8 Big multinational companies like Microsoft admit that there is now a ‘value shift’ across the global cyber market, one that the incumbents need to familiarise themselves with.9 This is of particular significance, since US soft diplomacy is often carried out through its corporations, which have become assets to them in places where the American government is unpopular.
On its part, the US government seeks to back a decentralised, multistakeholder internet governance ecosystem at the global level. Currently, the transition proposed by the Internet Corporation for Assigned Names and Numbers (ICANN) away from US government oversight to a new, non-governmental, multistakeholder body is underway. By encouraging this transition, the US government hopes to regain some of its lost credibility and also establish the current ecosystem as the dominant and stable alternative to a traditional UN based system or a US-controlled one. And while this new system certainly accommodates the growing legitimacy of many different groups and their competing interest, it does leave sovereign countries in a dilemma. How can they best leverage the current system to achieve their goals?
Following the International Telecommunications Union’s plenipotentiary10 meeting in Busan, South Korea, in 2014, the official who led the United States’ delegation wrote a blog called ‘The Busan Consensus.’11 The title of this blog reveals as much as its content does. Today, the US’s preferred option for global internet governance decision-making is consensus-driven, where no single party has a veto over the process. This a direct reference to shedding the decision-making structures the UN offers, which have traditionally been a one-country-one-vote system. It may be instructive to add here that the NETmundial Outcome Statement was drafted by the multistakeholder community through a consensusbased process, and is the reason why it has global acceptability across a majority of stakeholders. For its part, ‘The Busan Consensus’ also notes with satisfaction that the International Telecommunication Union (ITU), a body under the auspices of the United Nations, is not going to become a platform to discuss internet public policy issues.
The victory is not a small one. This goal had been outlined quite clearly almost two years before the Busan meeting took place, and US diplomats and envoys travelled the world building consensus on the issue. The ITU resolutions are binding on countries in a way NETmundial is not. It was this gigantic effort made by the US that helped defeat India’s own draft resolution at the ITU plenipotentiary. India had made two suggestions: The first was that the ITU, a UN-led multilateral body, could absorb some key roles related to the critical functions of the internet because, according to the Indian proposal, the internet cannot be separated from telecommunications. The second suggestion built on the premise that regulating telecommunications is the sovereign right of states, and therefore, some features of internet governance would naturally fit into an expanded mandate of the ITU.
This final outcome might seem to be paradoxical at first glance. A move to keep global internet public policy discussions away from a platform where only sovereign countries have a vote is at the same time being claimed as a victory by a sovereign country in its quest to settle global internet governance mechanisms. The fact is that ‘The Busan Consensus’ certainly reads as an affirmation of US dominance, but it is in service of perpetuating the ‘multistakeholder’ consensus-based internet governance model that is currently the global system employed to discuss internet public policy issues. If this sounds confusing, it is because it certainly is. The current internet governance ecosystem can best be described as decentralised, with a number of platforms which range from multilateral to multistakeholder, that are each suited to discuss only particular aspects of internet governance.
What the US and some other countries have understood clearly is that governance of the internet—an entity which means different things to different stakeholders—cannot be regulated in a centralised manner. The old legacy institutions of the UN no longer carry the same weight they used to, and today are often sidelined by agreements in smaller multilateral groupings or bilateral agreements, and multistakeholder meetings.
This is how internet governance works: Those looking to regulate the internet’s technical working flock to ICANN, where engineers, diplomats, business leaders and civil society sit together, while at other forums like the Group of Governmental Experts constituted under the UN to discuss norms of state behaviour in cyberspace, only top government officials take a place at the table. Other meetings, like the Internet Governance Forum, are highly anticipated by civil society, governments and business, but produce non-binding outcomes which only carry moral weight in the internet governance world.
It would be a mistake to assume that the value of sovereignty has diminished in this new dynamic ecosystem. If anything, it has expanded to include participants in the pursuit of sovereign goals by including new stakeholders who are crucial for the growth and security of the internet ecosystem. Businesses, which predominantly own the physical infrastructure the internet is built on, and who run companies which are driving the growth of internet traffic, need to be accommodated in this discussion along with end users, civil society and the technical community, without whom innovative growth is not possible. Therefore, regulating porous digital borders from attacks, protecting the data and privacy of citizens, negotiating and helping to develop technical standards on which the internet is run, and inculcating a system of trust in this network of networks cannot be conducted on a single platform.
The nation-state must be smart and understand that consensus building with multiple stakeholders, including like-minded countries, has become the backbone on which this system is being built. Countries with big diplomatic corps and mature internet industries and civil society movements have been early adopters of the system. They are using the system to keep decision-making open and malleable, especially when it concerns core functions. Other, smaller countries have adopted issues of immediate importance to them—for example, building consensus on the norms of cyberspace—in order to build a safer cyberspace where they do not come under attack from larger powers. Emerging economies have much to gain by consensus building and some are certainly dipping their toes in the system.
For India, the assertion of sovereignty must straddle both worlds: One where governments are looking for a place in the critical resource management of the internet, and the other where other stakeholders are equally invested in the success of this enterprise and need to be accommodated in this high-stakes debate. India too must, as it is doing slowly, embrace this new digital complex. A country which has 300 million internet users (with the ‘next billion’ yet to be connected to the internet), large scale e-governance projects underway, an innovative and growing e-commerce market already generating sales of $16 billion in 2014, and is especially vulnerable to cyber threats given its scale and low-cost-low-security devices, has a unique set of issues it needs to address. The scale of India’s net population, the variety of services it seeks to supply and its social imperatives make India’s position special. Indian exceptionalism needs to be fulfilled in the internet era. What the country imperatively needs next is a strategy for the road ahead.
It is an unlikely scenario that India will carry the weight of a billion people in a single vote on a common platform like the UN. Such a situation is not desirable either. India cannot and should not have the same weight in internet discussions as countries with small internet populations and even smaller economies. It should take the lead in carving out rules of the road that are beneficial to the healthy growth of India’s cyberspace. The underlying question being asked here is: What is the best suitable platform for negotiations in order to achieve a positive result? Traditional multilateralism has to be tweaked to become ‘smart multilateralism’: The state must take the lead in core strategic areas of concern at platforms best suited to these discussions, while relying on other stakeholders to take the lead in other contemporary forums and institutions where the state has less sway and acceptability.
Smart multilateralism can be divided into four broad pillars. The first would be for India to institutionalise its exceptionalism through bilateral agreements with like-minded and relevant partners. Already there is momentum in India’s relationships with key countries, which can be strengthened further. In fact, bilateral agreements between countries can lead to changes in international arrangements and laws at the highest level. Take for example how the India-US nuclear deal, borne of a bilateral arrangement, is compelling the UN to change its rigid architecture. India was one of 23 founding members of the multilateral General Agreement on Tariffs and Trade arrangement, raising developing country concerns at the grouping which later grew to become the World Trade Organization, a body that today boasts of 123 signatory countries. India has far greater weight and participation at the G20 and even greater significance at the BRICS. This is because the former was a focused group created to respond to a specific economic task at hand, while the latter was made in response to an infirmity in the global governance system. Contrast this to India’s single vote—and not even a veto—at the UN. India could create a rule-making body—a new ‘Digital 20’—which could have members who are equally invested in the system. The key to success would lie in choosing the right partners, whose influence would be proportional to their ‘buy-in’ and stakes. This right mix of partners with real-world influence could come together to agree on digital norms and rules for the 21st century.
The second would be to engage with opportunities for rule making and norm shaping outside the UN. The state-led London process is one such avenue. The ICANN transition process is another. There are plenty of smaller gatherings, such as technical meetings, regional forums and high-level meetings organised by academic institutions and think-tanks, which help steer public policy thought in specific directions. These must be leveraged after careful selection. At the same time, one must add that there is still space for norm making within the UN system, most notably through the Group of Governmental Experts, which looks at shaping norms of state behaviour in cyberspace, and through interventions at the World Summit on the Information Society review meetings.
The third broad pillar to pursue is the creation of a platform that would manage and shape the discourse on managing the digital world. This is admittedly easier said than done, as the internet governance ecosystem is dotted with overlapping conferences in all parts of the world. However, not all attempts to create a platform have been successful. The recent example of a lukewarm response to the NETmundial Initiative spearheaded by ICANN, Brazil and the World Economic Forum comes to mind. Volunteers at ICANN too have complained of process fatigue. However, meetings which can take a fresh and honest look at problems from new perspectives are needed if the decentralised ecosystem is to work, and this gives emerging economies an advantage. Given that the next four billion to come online are going to be from their countries—reflecting a digital pivot to Asia—conversations crucial to the growth, freedom and security of these regions have automatically become pressing. Often, gatherings in the developing world do not reflect these concerns accurately, paying lip service to concepts like the ‘digital divide’ and ‘capacity building’ as they discuss issues important to emerging economies, such as intellectual property rights and a possible cyber arms race. This is where a country like India, representing all spectrums of the digital society—the uber-connected, the recently-connected and the completely unconnected—can present a legitimate platform to hold discussions on pertinent digital debates. Weight must be given to the platform by having the Prime Minister chair it, with the Minister for Communications and Information Technology co-convening, and it must give equal weight to the views of non-governmental stakeholders as it does to the government.
Finally, the fourth pillar must entail creating a robust multisectoral debate on the digital economy. India has already shown very positive first steps with the overwhelming response to the question of network neutrality. This engagement must be encouraged so that the resulting digital society is shaped by the concerns, suggestions and goals of the domestic stakeholders, to be then exported to global forums. One only need to look at the intermediary liability protections offered in the US’s domestic Digital Millennium Copyright Act of 1998 to understand how civil liberties groups, corporations and academics have successfully managed to fight for similar protections the world over. Not only have the European Union and other countries accepted this, Indian civil society groups too have taken up the cause of intermediary liability, drawing inspiration from what they see as successful examples like the US digital copyright act. A robust domestic debate will encourage an acknowledgement of India’s own larger goals in the global sphere, and allow it to rely on its digital ambassadors to pursue a positive agenda at platforms where the state has little influence or space.
Ultimately, there is no escaping the reality of our times. The decentralised, multistakeholder model of internet governance has broad global acceptance, even as its exact form is being worked out. The experiment at ICANN, i.e., handing over oversight of critical functions to a multistakeholder body, is an example of how this global governance system is being operationalised. Many countries around the world have openly declared their support for the multistakeholder system, including the US, the UK, the Netherlands and Brazil. Others are still learning to straddle the new system.
This is where the second reality comes into play. States will increasingly manipulate digital spaces to their advantage, and this control and manipulations will be managed through third parties, including corporations, civil society, scientists and academia. The strength of this will lie in domestic multistakeholder processes that will allow these different actors to work towards a common long-term vision of the internet, even as short-term goals may differ. The states which will succeed in meeting their broader internet policy goals in this age of ‘smart multilateralism’ will be the ones who are able to create strong partnerships with non-state stakeholders.
At the start of 2015, India’s Minister for Communications and Information Technology was famously quoted as saying that “India will decide on its internet governance model which will be consistent with the role private players play in the spread of internet and the pre-eminent role played by government in public welfare… to come up with a broad framework, we will need to consult various stakeholders.”12 This must also be the blueprint for India’s approach towards international internet governance. The objective, therefore, for India to pursue must be “how to retain agency with the government while leveraging the creative capacities outside.”13
1 James Manyika et al, “Global Flows in a Digital Age,” McKinsey Global Institute, April 2014, http://www.mckinsey.com/
3 In June 2013, Edward Snowden, a contractor working with the US National Security Agency (NSA), leaked classified documents to several media outlets around the world. The first batch of documents published revealed mass surveillance practiced by the NSA and other security agencies within the USA through programmes like PRISM and Boundless Informant. Later leaks revealed varying degrees of collusion with US agencies by foreign security agencies and private companies. Data was collected directly from fibre optic cables and through information sharing systems. As he leaked the documents, Snowden fled first to Hong Kong and then to Russia, where he remains.
4 Arik Hesseldahl, “In Letter to Obama, Cisco CEO Complains About NSA Allegations,” Re/code, May 18, 2014, http://recode.net/2014/05/18/
5 Jonah Force Hill, “The Growth of Data Localization Post-Snowden: Analysis and Recommendations for U.S. Policymakers and Industry Leaders,” Lawfare Research Paper Series 2, no. 3 (21 July 2014), http://www.lawfareblog.com/wp-
6 Kristin Bent, “German Government Ends Contract With Verizon Over U.S. Spying Concerns,” CRN, June 27, 2014, http://www.crn.com/news/
7 Claire Cain Miller, “Revelations of NSA spying cost US tech companies,” The New York Times, March 21, 2014, http://www.nytimes.com/2014/
9 Aaron Kleiner, “Rethinking the Cyber Global Market,” Panel discussion at CyFy 2014: The India Conference on Cyber Security and Internet Governance, New Delhi, October 15-17, 2014, http:// orfonline.com/cms/sites/
10 The ITU Plenipotentiary Conference is the top policymaking body and supreme organ of the International Telecommunication Union. It is a meeting of ITU Member States and is held every four years. Plenipotentiary conferences adopt the underlying policies of the organisation, determine its structures and activities, establish the financial plan for the organisation and revise the Constitution and Convention when needed. They set the ITU’s general policies, adopt fouryear strategic and financial plans, and elect the senior management team of the organisation, the members of Council and the members of the Radio Regulations Board. The Plenipot is the key event at which ITU member states decide on the future role of the organisation, and determine the ITU’s position on issues such as convergence, telephone tariffs, the internet, universal service and electronic commerce.
11 Daniel Sepulveda, “The Busan Consensus,” U.S. Department of State Official Blog, November 10, 2014, http://blogs.state.gov/
12 “India’s Internet Governance Model to Balance Public & Private Interests”, The Huffington Post, January 1, 2015, http://www.huffingtonpost.in/
13 Samir Saran, “A Time to Lead”, The Indian Express, April 16, 2015, http://indianexpress.com/ article/opinion/columns/a-