Link

A Brief Unpacking of a Declaration on the Future of the Internet

Cameron F. Kerry has a helpful piece in Brookings that unpacks the recently published ‘Declaration on the Future of the Internet.’ As he explains, the Declaration was signed by 60 States and is meant, in part, to rebut a China-Russia joint statement. Those countries’ statement would support their positions on ‘securing’ domestic Internet spaces and removing Internet governance from multi-stakeholder forums to State-centric ones.

So far, so good. However, baked into the Kerry’s article is language suggesting that either he misunderstands, or understates, some of the security-related elements of the Declaration. He writes:

There are additional steps the U.S. government can take that are more within its control than the actions and policies of foreign states or international organizations. The future of the Internet declaration contains a series of supporting principles and measures on freedom and human rights, Internet governance and access, and trust in use of digital network technology. The latter—trust in the use of network technology— is included to “ensure that government and relevant authorities’ access to personal data is based in law and conducted in accordance with international human rights law” and to “protect individuals’ privacy, their personal data, the confidentiality of electronic communications and information on end-users’ electronic devices, consistent with the protection of public safety and applicable domestic and international law.” These lay down a pair of markers for the U.S. to redeem.

I read this, against the 2019 Ministerial and recent Council of Europe Cybercrime Convention updates, and see that a vast swathe of new law enforcement and security agency powers would be entirely permissible based on Kerry’s assessment of the Declaration and States involved in signing it. While these new powers have either been agreed to, or advanced by, signatory States they have simultaneously been directly opposed by civil and human rights campaigners, as well as some national courts. Specifically, there are live discussions around the following powers:

  • the availability of strong encryption;
  • the guarantee that the content of communications sent using end-to-end encrypted devices cannot be accessed or analyzed by third-parties (include by on-device surveillance);
  • the requirement of prior judicial authorization to obtain subscriber information; and
  • the oversight of preservation and production powers by relevant national judicial bodies.

Laws can be passed that see law enforcement interests supersede individuals’ or communities’ rights in safeguarding their devices, data, and communications from the State. When or if such a situation occurs, the signatories of the Declaration can hold fast in their flowery language around protecting rights while, at the same time, individuals and communities experience heightened surveillance of, and intrusions into, their daily lives.

In effect, a lot of international policy and legal infrastructure has been built to facilitate sweeping new investigatory powers and reforms to how data is, and can be, secured. It has taken years to build this infrastructure and as we leave the current stage of the global pandemic it is apparent that governments have continued to press ahead with their efforts to expand the powers which could be provided to law enforcement and security agencies, notwithstanding the efforts of civil and human rights campaigners around the world.

The next stage of things will be to asses how, and in what ways, international agreements and legal infrastructure will be brought into national legal systems and to determine where to strategically oppose the worst of the over reaches. While it’s possible that some successes are achieved in resisting the expansions of state powers not everything will be resisted. The consequence will be both to enhance state intrusions into private lives as well as to weaken the security provided to devices and data, with the resultant effect of better enabling criminals to illicitly access or manipulate our personal information.

The new world of enhanced surveillance and intrusions is wholly consistent with the ‘Declaration on the Future of the Internet.’ And that’s a big, glaring, and serious problem with the Declaration.

Link

Finding a Foreign Policy for the Internet

Justin Sherman and Trey Herr have an outstanding essay that clarifies the need for Washington and its allies to build a cohesive foreign policy for the Internet instead of simply opposing the strategies presented by competitors such as China.1 Poignantly, they write:

Washington needs a foreign policy for the internet that advances a vision for the internet that speaks to the language of trust and embraces the need to focus on the role of individuals, grasps the utility of iterating small changes instead of grand bargains, and embraces the reality that the clock cannot be turned back. This strategic product must do more than reject the sovereign and controlled authoritarian internet model, based on principles of tight state control over internet data routing, tight state control over data storage, and limited content freedom. A foreign policy for the internet must build on not just U.S. government agencies but allies and partners overseas, and leverage the influence that the American tech industry has over internet infrastructure. It must realistically address the shortfalls and risks of a free and open internet but seek to maximize and revitalize that internet’s benefits—across everything from speech to commerce. A foreign policy for the internet should rest on three assumptions; there are myriad others but these three are systemically significant.

These strategies absolutely must be developed and cohere given the importance of the Internet for day-to-day life; the Internet underlies everything from trade coordination, military engagements, and is increasingly lifeblood for civic life or organizing. It is time for the West to make clear what it is for, and how it plans to navigate the challenges that the Internet has wrought, without succumbing to fear or abandoning the democratic principles which have undergirded the Internet and its composition for the last several decades.


  1. Should you doubt that China has a cohesive strategy for the Internet, I’d recommend reading about the prospect of a splinternet forming as a result of China and its allies building out competing standards that prioritize placing control in centralized and obedient-to-government hands. ↩︎