Saturday, November 19, 2022

[Directions/EU Cyber Direct] Multi-stakeholder Governance of the Cyberspace -- Merely a Myth?

Multi-stakeholder Governance of the Cyberspace -- Merely a Myth?

Blocking non-state stakeholders' participation in discussions about the information and communication technology environment may set a dangerous precedent for the future

By Anna-Maria Osula and Charles Mok 

Different approaches to governing the internet and engaging stakeholders in agreeing on what is responsible behaviour in cyberspace has been a source of disagreement since the beginning of the wider spread of information and communication technologies (ICTs). John Perry Barlow famously called for keeping governments (‘weary giants of flesh and steel’) away from controlling cyberspace. Yet, today, states have assumed a central role in governing the development, implementation and employment of ICTs worldwide.

While non-state stakeholders’ role in running the internet (such as providing infrastructure, storing data, designing apps and services) is largely uncontested, fierce discussions over the engagement of these stakeholders in governing ICTs, or cyberspace in general, are ongoing. In addition to heated debates over the rights and obligations of these stakeholders (see, e.g. measures aimed at curbing the increasing power of some stakeholders, such as Big Tech companies), there is much broader disagreement on the substantial engagement of stakeholders in multilateral discussions. Should deliberations on governing ICTs be narrowly state-to-state and closed to other interested parties, or should they follow a truly multi-stakeholder approach and be based on openness and diversity?

Revisiting past discussions

There are plenty of examples of international consultations adopting ‘multi-stakeholderism’ as the most appropriate way forward. Importantly, in 2005, as part of the World Summit on the Information Society, the Working Group in Internet Governance established the core role of the multi-stakeholder approach in governing the internet by defining internet governance as ‘development and application by Governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programs that shape the evolution and use of the Internet’. This reflects a general agreement that the involvement of relevant stakeholders in collectively shaping the development and use of ICTs has multiple benefits. These stakeholders’ diverse views and expertise make discussions better informed. Taking into account the opinions of various interest groups also adds to the legitimacy and quality of agreements and enhances their implementation.

Ideally, a multi-stakeholder governance framework should consist of an open-ended and innovative infrastructure, a decentralised governance institution and open, inclusive and bottom-up processes involving all participants. Participants should represent the private and public sector; industry and government; technical, academic and civil society; and users. It is the antithesis of a top-down policymaking model dictated by governments and others in positions of authority.

However, trends are emerging suggesting that the multi-stakeholder approach to governing ICTs is weakening. Two recent examples related to internet governance and peace and security in cyberspace merit further analysis.

Internet governance

One of the principle commitments of the high-profile Declaration for the Future of the Internet adopted by the U.S. and more than 60 partners, including the European Commission, in April 2022 was ‘multistakeholder Internet Governance’. That means protecting and strengthening ‘the multistakeholder approach to governance that keeps the Internet running for the benefit of all’, including the management of the internet’s technical standards and protocols, and refraining from undermining its technical infrastructure.

Indeed, the internet has almost always been run and governed by a multi-stakeholder policymaking model. The most notable example is the Internet Corporation for Assigned Names and Numbers (ICANN), the global organisation responsible for coordinating and maintaining the names and numbering assignments and databases critical to the running of the single, unified internet. 

Other key internet organisations or processes formed and run under the multi-stakeholder model include the Internet Engineering Task Force (IETF), the internet’s main standards-setting body, and the Internet Governance Forum (IGF), a global platform to facilitate the discussion of internet public policies convened by the UN. These bodies face increasing pressure from nations and authorities trying to usurp their mandates or assert greater government control and influence. 

For instance, the Chinese government, working through Chinese companies such as Huawei, is seeking to establish an alternative to current multi-stakeholder standards-setting procedures by proposing its ‘New IP’ standards through the UN’s International Telecommunications Union (ITU) rather than the IETF. This approach also seeks to avoid criticism of the new standards’ flawed technical foundation, surveillance-by-design capabilities and incompatibility with the existing internet. 

Even the UN’s own multi-stakeholder IGF recently appointed a 12-member ‘Leadership Panel’ in a process lacking transparency and provoking significant concern from civil society. Efforts by governments and intergovernmental organisations to embrace multi-stakeholderism are often held back by worries over inefficiency and the misplaced bureaucratic belief that categories of stakeholders can simply be represented by a few ‘leading figures’. Multi-stakeholderism is all about direct participation and not just a representative system. When such representations are chosen by authorities through an opaque process, the imitation pales further. 

But that is not all. In response to the U.S.-led Declaration for the Future of the Internet, China ‘transformed’ an annual event it has held since 2014, the World Internet Conference, into an ‘international organisation’ made up of an undisclosed list of ‘founding members including “institutions, organisations, businesses and individuals” from nearly 20 countries’. China has long used this forum to establish its vision for an alternative internet governance model, arguing for ‘respect for cyber sovereignty’ and that a new ‘international cyberspace governance’ should not be ‘unilateral’ or have ‘one party calling all the shots’. 

Stakeholders’ role in the discussions on norms of state behaviour in cyberspace
The UN Open-Ended Working Group (OEWG) was proposed as an inclusive setting for discussing international peace and security in cyberspace where ‘effective international cooperation would benefit from identifying mechanisms for the participation, as appropriate, of the private sector, academia and civil society organisations’. Yet, despite stakeholders being widely believed to enrich the discussion on international peace and security in a rapidly changing ICT environment, debates over how these stakeholders should participate in formal meetings have been fierce. At the first meetings, all the eighteen stakeholders that applied for the OEWG 2019-2021 were vetoed from formally joining the discussions. Such a ‘broad and categorical denial of access’ was seen as a dangerous precedent and viewed as extremely rare in UN disarmament and arms control fora. 

States have faced challenges in agreeing on the involvement of multi-stakeholders ever since, despite numerous calls during OEWG discussions to deepen multi-stakeholder engagement (e.g. High Representative for Disarmament Affairs Izumi Nakamitsu’s speech and the December 2021 letter to the Chair).

On one side are voices supporting the continuation of the previous OEWG practice allowing substantial input from stakeholders with official UN observer status or existing ECOSOC accreditation, as well as those invited to participate based on no-objection from other Member States. The issue was widely discussed during the UN OEWG first and second substantial sessions (for great overviews, see here and here). Some states believed that attending informal consultations held by the Chair and accessing the formal discussions via online broadcasting provided the stakeholders enough time and opportunity to express their views. Several countries argued that the OEWG sessions should retain the intergovernmental nature of the formal sessions, allowing all the UN Member States to interact, and that further engagement with stakeholders should not tilt this balance. Furthermore, some states expressed concern that spending too much time arguing about the modalities of stakeholder participation was distracting the OEWG from its mandate and blocking its work.

The opposing viewpoint argued for:

extended stakeholder participation which would also allow for non-accredited participation (with references to the long and cumbersome process for ECOSOC accreditation),
a transparent process for objections regarding stakeholder participation (especially for those already officially recognised by the UN in other contexts, and referring to other UN processes),
sufficient time to review documents and prepare input,
a hybrid format (allowing for more flexible use of resources by non-state stakeholders)
and ways for stakeholders who couldn’t formally join the discussions to express their views (see the letter here).

Stakeholders have expressed on several occasions that they want to be involved and heard in the process and are not arguing for the ability to vote during decision-making. Further, it was pointed out that the informal consultations implemented during the last OEWG are not a substitute for formal participation of stakeholders in the OEWG, which is crucial for the transparency, credibility and effectiveness of the process. Several countries supported giving stakeholders the opportunity to present views and contributions in the official meetings and substantive sessions, as well as during the intersession periods. 

After long discussions, and based on the Chair’s April 2022 proposal, countries finally managed to agree upon the modalities for non-state stakeholder engagement (involving a transparent non-objection mechanism) and to move on with formal discussions. However, despite the Chair’s encouragement that Member States ‘utilize the non-objection mechanism judiciously, bearing in mind the spirit of inclusivity’, over 30 non-state stakeholders were still vetoed from joining the OEWG formal discussions. They included the 150 technology companies represented by the Cybersecurity Tech Accord and the incident responders and security professionals represented by the Forum of Incident Response and Security Teams (FIRST).

The OEWG illustrates an example of an opportunity to benefit from the multi-layered expertise and experience of stakeholders interested in contributing to the discussions being turned into a political contest between states. It could be argued that this contest was fuelled by geopolitical complexities including Russia’s aggression in Ukraine. However, it should be acknowledged that efforts to limit the participation of non-state stakeholders may affect these stakeholders’ future investment in the implementation of the agreements put forward by the OEWG. It is clear that the private sector, academia, and NGOs are crucial for following through with the agreements and their implementation on the national, regional and international levels. Extended disagreements on engaging these stakeholders will also contribute to the substance of the OEWG discussions, eventually decreasing the relevance of the discussions in the global arena.

Muddy future ahead
That is why this is both the best of times and the worst of times for multi-stakeholderism. The enhanced levels of support and attention it receives from national governments may allow for its further adoption in various aspects of ICTs, cybersecurity and technical standards processes and policymaking systems. Yet, in an increasingly polarised global political environment, what some governments label multi-stakeholderism may not be the genuine item at all, but something else that suits their own political agenda. 

As can be seen from the OEWG example, compromises between states are often made at the expense of the non-state stakeholders. Even though the stakeholder engagement modalities included a step towards greater transparency by sharing which states objected to the participation of which stakeholders, such objections may still be employed as the basis for eliminating selected stakeholders based on political decisions. Yet, the efforts of some states to keep certain stakeholders from formally engaging with the OEWG have not decreased the civil societies’ appetite to partake in these discussions. On the contrary, despite their different views on some topics, their motivation to contribute has stayed strong and they stand unified in believing in the importance of diplomacy and of ensuring that member states benefit from relevant perspectives in their deliberations. Calls for robust civil society participation have also been made on other occasions, such as in the format of the UN Ad Hoc Committee on Cybercrime.

Multi-stakeholderism is not perfect and many aspects of its functioning need refinement. It can be inefficient, expensive and slow. In some countries, true multi-stakeholderism may not even be possible because autonomous stakeholders such as civil society may not be allowed to exist. But it is still by far the most open and participatory model that allows for accommodation and consensus building for the widest possible range of views and perspectives. It would be a mistake to criticise its shortcomings and then move in the opposite direction, towards less participation and more top-down power for the authorities. 

Therefore, avoiding the devaluation of the concept of multi-stakeholderism should be seen as a priority. Instead of it becoming an empty buzzword thrown around in official documents, states should find ways to meaningfully engage with stakeholders on international fora. In addition to increasing engagement in multilateral platforms, states should work on substantiating multi-stakeholderism on national and regional levels by encouraging discussions between domestic actors and drawing on their input in states’ official statements.

The civil society, research, technical and industry stakeholder groups must guard against political influence from state actors to revise or reject multi-stakeholderism. This would only lead to the splinternet, where the open, globally connected internet is divided into fragmented networks controlled by governments or, to a lesser extent, major corporations. If that happens, everyone will get less of what the internet has promised, and what each of us deserves.

Any views or opinions expressed in this blog are personal and do not represent those of institutions or organisations that the authors are associated with in their professional capacity.

Published Directions, an inititative by the EU Cyber Direct project coordinated by the EU Institute for Security Studies, November 18, 2022


Post a Comment

<< Home