Parallel Internets, another Internet treaty or both? The next pieces of the internet governance jigsaw puzzle – Part 2

cannataci's picture
Professor Joe Cannataci holds the Chair in European Information Policy & Technology Law and is Co-Director STeP - Security, Technology & e-Privacy Research Group, Department of European and Economic Law, Faculty of Law, University of Groningen, The Netherlands. He is Head of Department of Information Policy and Governance, Faculty of Media and Knowledge Sciences, University of Malta, and Adjunct Professor at the Security Research Institute and the School for Computer & Security Science at Edith Cowan University, Australia. With a background of over 25 years of working in data protection law and cybercrime, he is currently scientific co-ordinator of a number of inter-disciplinary collaborative research projects in the fields of security, surveillance, smart surveillance and internet governance.

PuzzleThe long-standing expectation for a legal instrument such as a framework convention (as discussed in the first part of this two-part blog) is not the only dimension which needs to be examined with a certain amount of urgency. The technical environment which would enable and facilitate the right legal framework also needs to be discussed and determined as a matter of urgency. For some people the concept of “one internet” seems to be a holy grail, or is it a holy cow? Some advocate that one must ensure the existence of “an un-fragmented, interconnected, interoperable, secure, stable, resilient, sustainable and trust-building Internet” [1].  One is compelled to ask why un-fragmented? Are there not some types of fragmentation which could actually be healthy and certainly healthier than what we have at present?  Would a certain amount of fragmentation not possibly make the internet even more trust-building, not to mention “more interconnected, interoperable, secure, stable, resilient, sustainable” ? Fragmentation does not necessarily mean internets walled-off at national boundaries or parallel universes which are not accessible to all, though some have mistakenly or deliberately linked these concepts. For a long time before Brazil, Angela Merkel and others had awoken to the possibility of networks separate though connected to the currently US-dominated ones, there has been a quiet discussion on "parallel Internets that would be run as distinct, private, and autonomous universes." as extolled by Crews in 2001[2] when he popularised the term “Splinternet”.  While technically a parallel Internet could be distinct and autonomous, it does not necessarily need to be private: indeed it could be just as public and just as accessible as other parts of the Internet.

A separate set of rules could however possibly be applicable to those internet users accessing this parallel Internet. These rules could include technical standards as well as, for example, higher standards for privacy, free speech vs. defamation, and protection of intellectual property rights. Ten years down the line Crews was still advocating the utility of parallel internets: “One Internet is probably not enough. Instead, owned Internets-proprietary “Splinternets” where prespecified ground rules regarding privacy and other governance issues replace regulation and central planning-may be superior. What matters most is not necessarily the Internet as it exists today, but Internet technology. Physically, parallel Internets could be up in short order.” [3] He continues to see advantages in this approach: “At some point, the benefits of tailored, owned networks capable of harmonizing issues of privacy, values, access, and participation outweigh the costs of regulation, endless governance fights, and the costs of inherent insecurity on a nonowned Internet from which criminals and hackers can’t be excluded.”  [4]

Crews may have popularised the term “splinternet” but he was not the first to conceive of parallel internets or parallel universes in cyberspace. Four years previous, in 1997 Paul Sagawi had used the term “Balkanization of the internet”. Now some people have since turned balkanization into a “dirty word” but let’s see what Sagawi was saying all of 17 years ago: “This balkanization of the Internet into multiple interconnected network families, each with a distinct user community and differentiated capabilities, means that the flat pricing regime that has encouraged wasteful use and discouraged responsible network engineering will soon be gone. Instead, users will be charged for what they use. Gone, too, will be the painfully slow response times, the lost messages, and the network outages that have become all too common on today's Internet. Users will get what they pay for - even if they have to pay a lot. [5]Sagawi’s vision of the inevitability of the abandonment of a “one internet” communal model  and the splintering into “multiple interconnected internet families” may not have come to pass within the time-frame that he may have predicted in 1997 but is it an idea , in part at least, whose time has come? Angela Merkel seemed to think so – though for different reasons - when in her weekly podcast in February 2014 she declared “We’ll talk with France about how we can maintain a high level of data protection,” and “Above all, we’ll talk with European providers that offer security for our citizens, so that one shouldn’t have to send emails and other information across the Atlantic.” [6]

It may be useful at this stage to clarify that the term “parallel internet” may be slightly misleading, certainly from a technical point of view. It does not mean that there exist two or more different Internets working in a way where these “internets” are not connected to each other or closed off to each others’ users. It would be more correct to think of the Internet being organised in different parts which can co-exist in parallel but where every single site must by definition continue to have a unique address. Perhaps a useful way to think of parallel internets is to think of it in terms analogous to the way geology developed on planet Earth. The present Internet is like the one big land-mass, the supercontinent we call Pangaea that dominated the Earth’s surface 300 million years ago. A hundred million years later Pangaea started to break up leading to the separate continents that we have today. Yet, even today, many of the continents remain interconnected and it is still possible to walk or more feasibly drive or cycle across from Africa through Asia to Europe. In the same way the Internet may conceivably be divided into three or more interconnected “continents” which exist contemporaneously but where the climate may be different and where the laws and customs may likewise be different.  What would also be different is that in this brave new virtual world personal and state geography is not fixed and both individual citizens as well as entire states may freely decide in which “cyber-continent” they may wish to locate themselves.  They would be able to contract themselves into their preferred cyber eco-system either through a framework treaty or convention (states) or by an ad hoc on-line contract (for individual netizens) similar to the dozens of on-line agreements that compel millions of citizens to tick boxes every day to signal their consent. This process would be pretty much instantaneous and, once consent is given that one accepts to be bound by the laws of that part of the Internet, transparent.

If Merkel and Hollande were to agree and sway the majority of other European leaders, then would the new European parallel Internet be given only a technical dimension or would a legal framework also be used to facilitate the governance of the new technical realities? It would not be surprising if this would be a discussion and venture where the UK will be pointedly ignored, excluded and isolated because of its membership of the Five Eyes and the Snowden revelations as to the extent to which GCHQ has been in bed with the Americans busily spying on a bunch of European neighbours. In this scenario, the bulk of the Europeans would go their own way and – again – the UK would be left out in the cold. Call it “virtual Schengen” if you like, or “Schengenet” or whatever but in essence it would be a large parallel cyber-universe with the potential of having at least 500-800 million users. Why that much? Because the EU would be very careful to open up its parallel cyber-universe to the rest of the world and certainly, in the first instance, to the other European countries outside the EU. The European parallel internet would not only be for the Europe of the 28 – i.e. the EU but would be targeted for much of the Europe of the 47 – all those members of the Council of Europe who would want to buy into the concept. In that context it is easy to see that the Europeans may also be keen to keep up their track record of creating a legal framework which would ensure that European values and fundamental human rights are properly protected in this part of cyberspace built and run to European standards.

As Jan Kleijssen has pointed out “The Council of Europe would offer an appropriate framework to facilitate a more thorough discussion on this [the creation of a convention]. In recent years, the Council of Europe has carried out its continent-wide mandate to protect and enhance human rights, democracy and the rule of law also as regards the Internet. Our 47 member states have developed a series of Conventions, open to all states, to protect people against cybercrime, combat the sexual exploitation and abuse of children, fight counterfeit medicine, as well as the protection of personal data. We have also developed a range of political principles, policy standards, practical tools and opportunities for multi-stakeholder co-operation, which are helping governments, the private sector and civil society to protect and respect and uphold the values of our Organisation.”

This is not as far-fetched as it may seem at first glance. It is indeed thanks to the Council of Europe (CoE) that we today have the only international treaty governing some activities in cyberspace, the 2001 Cybercrime Convention, a treaty to which even the US is a signatory, since like many other CoE treaties it is open to any country around the world. The Council of Europe has the international credibility to attract signatories far and wide outside Europe and a framework convention pushed forward under its auspices could conceivably attract Brazil, India and several other emerging large countries which would be important to have on board to increase critical mass. And, as several corporations and politicians in the USA know only too well, critical mass there will be. No large multinational or indeed any upwardly-mobile SME would be able to ignore such an on-line marketplace which is an eighth or a seventh of the world’s population. Yes, users of that part of the Internet may have to mind their Ps and Qs and yes, the privacy and data protection regime may be stricter and possibly a bit more restrictive and yes, the data centres would need to be under European jurisdiction if not actually located on European soil. The investment in technical infrastructure would make a parallel investment in the legal infrastructure an attractive proposition especially if that creates transparent, predictable rules about how and when lawful interception, monitoring and surveillance could be carried out and by whom.

A new Internet treaty in the form of a frame-work convention may be used to achieve either of two different realities: we can take the Internet exactly as it is today and use a new treaty to codify values and establish governance measures and remedies in areas like surveillance, privacy, defamation and personal dignity.  Or else we can have another treaty, equally multilateral but with the objective of regulating and establishing values and remedies for only part of the current Internet, that part which would be defined by technical parameters which would mark it off as being the European cyber-continent or an Asian cyber-continent or a muslim cyber-continent or a Catholic cyber-continent.  The treaty would contain or reflect the defining characteristics of that particular cyber-continent thus reducing uncertainty and establishing clear jurisdiction for fundamental values which would enjoy a higher level of protection through a well-defined system of safeguards and remedies including affordable on-line dispute resolution.

Even if, by way of example, we were to here restrict our attention to a discussion of how a new treaty could be created to facilitate the operation of a new European “cyber-continent” (Schengenet?), it is important to note a number of key points about such a new framework convention for part of cyberspace. Firstly, this should be understood in the original sense made explicit by Mathiason and Mueller, i.e., after the Cybercrime Convention, it would be the second in “a set of authoritative agreements”.7 It would be the next piece in the jigsaw puzzle that is formal internet governance. Secondly, since it would be part of “a set of authoritative agreements”, I would not expect it to cover everything that needs to be governed on the Internet but only those parts on which a good number of countries could agree about at present. For this read the burning issues of privacy, lawful interception, mass surveillance, data protection, dignity, defamation and free speech  with a couple of other fundamental values thrown in. Thirdly, I would not expect it to be the only legal dimension of an EU parallel cyber-universe. Individual internet users would be able to access this part of Cyberspace even if their country of residence would not have yet ratified a Council of Europe treaty and in such cases one may expect a reliance on the law of contract: before entering the space the user would, at no financial cost, tick a box – and thus sign a contract which would signify his or her acceptance of playing by European rules and subject to the jurisdiction of the designated courts. Fourthly, as the promise – to some it will be a threat – of parallel Internets and/or a new European-sponsored Internet treaty looms closer, and a number of politicians are awakened by corporations and voters to new realities on the Internet, it would not be surprising to see competing as well as complementary efforts to create the next Internet treaty...and the most competitive low-cost parallel Internet.

At this moment in time technically we already have at least two Internets in the two Internet protocols which are working behind the scenes in most people’s computers i.e. IPv4 and IPv6. They follow distinct protocols with different addressing systems but in most cases, for the average user, they are brought together by the browser in a way which is very often automatic and easy to use. Indeed, with a well-developed browser the user may often not even know whether a site is being accessed via IPv4 or IPv6.  Will we be seeing the next generation of browsers cater also for parallel Internets enabling netizens to travel seamlessly from one parallel internet to another? Will they be doing so in the context of one or more new Internet treaties? We’re in for exciting times and the MAPPING project www.mappingtheinternet.eu  promises to be charting some of these waters during the next four years. For some it will be sink or swim.


Professor Joe Cannataci holds the Chair in European Information Policy & Technology Law and is Co-Director STeP - Security, Technology & e-Privacy Research Group, Department of European and Economic Law, Faculty of Law, University of Groningen, The Netherlands. He is Head of Department of Information Policy and Governance, Faculty of Media and Knowledge Sciences, University of Malta, and Adjunct Professor at the Security Research Institute and the School for Computer & Security Science at Edith Cowan University, Australia. With a background of over 25 years of working in data protection law and cybercrime, he is currently scientific co-ordinator of a number of inter-disciplinary collaborative research projects in the fields of security, surveillance, smart surveillance and internet governance. This article is written in a purely personal capacity and does not necessarily reflect the views of the institutions to which he is affiliated or the projects he leads or is otherwise involved in.

 

 


5