Skip to main content

Songs on the Security of Networks
a blog by Michał "rysiek" Woźniak

Not-quite-good-enough-Mundial

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

I had been invited to join NETmundial a couple of weeks ago in São Paulo. It’s been an interesting learning experience for – well, I guess for all involved parties (a.k.a. “multiple stakeholders”; “multistakeholderism” was the buzzword du jour). Sadly, not very much more, though.

When the most resounding message in statements made from the stage by organisers and high-profile guests is that the outcome document has to be “good enough”, that sends a strong signal that mediocrity is to be expected.

In that regard, nobody got disappointed.

Now, I do not have as black an opinion of NETmundial as La Quadrature du Net; I even feel that Smári McCarthy’s view that [the entire conference was a waste of time] goes a wee bit too far.

Still I am far from the optimism expressed by the Polish Ministry of Administration and Digital Affairs (among others). Here’s why.

Background

It would be hard not to notice two prevailing contention issues in, of and about the Internet during the last year or so: privacy and net neutrality.

In either both governments and corporations are highly interested; in either different governments and corporate entities have (or claim to have) different interests. And – most importantly – both are inseparably connected to human rights in the digital era, and to the future of the Internet as a whole.

Discussion of these issues, especially privacy, gained much steam after Edward Snowden’s revelations about overreaching mass surveillance programmes run by the US National Security Agency.

In response to, among others, these revelations, in late 2013 Brazilian president Dilma Rousseff announced plans to host a global Internet governance meeting, which came to be The Global Multistakeholder Meeting on the Future of Internet Governance, a.k.a. NETmundial.

At the same time, for the last few years, there was a debate happening in Brazil around Marco Civil da Internet. The debate hinged on the very same two crucial issues – privacy and network neutrality. Few weeks before NETmundial the bill has cleared Brazilian congress, and was passed into law on the first day of NETmundial, April 23rd. The bill contains strong protection of network neutrality and privacy on the Internet.

Few weeks before NETmundial the European Parliament voted for a bill that would (among other things) protect network neutrality in the EU.

Process

The process seemed thought-through and geared towards multistakeholderism. The idea was to gather as many people, institutions, NGOs, governments, interested in Internet governance, as possible, get their input and prepare a single document, outlining the principles and the roadmap for Internet governance.

RFC

Discussion had started long before the April conference. First, a call for submission had been made (around 180 submissions had been received, including mine). Each had to refer either to principles, or roadmap.

Then, a first draft version of the outcome document has been published, and opened for comments. Hundreds of these flowed-in, and the call form comments has ended directly before the conference itself.

Plenary

Finally, the conference was organised as a single-track, massive (more than 800 people in attendance) plenary. After the usual official statements (made by – among others – Mrs. Rousseff, Sir Tim Berners-Lee, Vint Cerf, Nenna Nwakanma, and representatives of several governments, including the Polish Minister of Administration and Digital Affairs), a call for comments – this time submitted in person, via microphones – was open and continued for the better part of the 2 days.

There were 4 microphones: one for civil society, one for governments, one for academia and technical community, and one for business. There were about 200 representatives of each of these groups in the room, and each group has been represented more-or-less equally in the composition of the group of people on stage, running the event. Microphones were called upon sequentially, and each speaker had 2 minutes (later reduced to 1.5 minute) to voice their comment.

Interestingly, remote hub participants were also offered the floor (via an audio-video link) after each microphone call sequence, and there were quite a few quality “remote” remarks that added real value to the proceedings.

Each comment, each word, was transcribed and directly shown on-screen. All transcripts are also available on-line, which is a boon for transparency and accountability.

“It’s who counts the votes”

After the plenary ended for the day, all the comments were then processed and merged with the outcome document draft by the High-Level Multistakeholder Committee. Sadly, while on the plenary every group had the same power, the same amount of time to voice their concerns, things changed in the Committee: there were 3 representatives each from civil society, technical community, academia, business, and (surprisingly) “international organisations” (like the… European Commission!). However, there were 12 representatives of governments.

And the Committee meeting was not recorded nor transcribed. Every NETmundial participant could be in the room the Committee was working in, but they didn’t have a voice.

There goes multistakeholderism, accountability and transparency, out the window.

Content

In the comments, especially those voiced in the plenary, both net neutrality and privacy/mass surveillance issues were not only present, but – I would say – prevalent. While most comments in support of enshrining network neutrality and including strong wording against mass surveillance in the outcome document came (unsurprisingly) from the civil society, there were such voices also from governments, academia, technical community and business, including this great tidbit by Mr. James Seng:

businesses should also be protected from being coerced by their government or any other legal authorities into mass surveillance.

…and this great comment, coming (surprisingly) not from civil society, but from the government side – by Mr Groń, representing Polish Ministry of Administration and Digital Affairs (which does seem to get it as far as Internet is concerned):

Text in the current form may suggest that there might be mass surveillance interception and collection programs which are consistent with human rights and democratic values. By definition, mass surveillance is not consistent with human rights and democratic values.

The rule of law and democratic values states that surveillance must respect specific and strict rules. There must be specific legislation setting limits of powers of surveillance authorities and providing necessary protection for citizens’ rights. Use of surveillance mechanisms must be under supervision of court. Such mechanisms may be used only in a case of reasonable suspicion of committing a crime and only against specific person or persons.

Mechanism used must be proportional and may be used only for specific time period.

Many comments called for explicit acknowledgement of Edward Snowden’s role in the conception of NETmundial. Many others for outright calling access to the Internet a human right. Several about the need to connect developing nations.

I also took to the microphone to underline the issue of walled-gardens and consequent growing balkanisation of the Internet.

Of course, voices advocating stronger protection of imaginary property where also there, but (and again, this is my subjective take on it) there were much fewer of them than one would have expected.

And of course there were pro-censorship statements, thinly veiled behind the usual “think of the children” (Tunisia) and “the right of the government to decide what is best for the people” (China).

Outcome

As good as the comments were, the outcome document is sadly very disappointing. There was a strong urge to build a consensus around the document, which obviously meant that certain things were hard to introduce – but during the work of the committees merging comments with draft documents there were several positive changes introduced, including strong language against mass surveillance both in the Roadmap, and in the Principles. The latter being most clear-cut:

Mass surveillance is not compatible with the right to privacy or the principle of proportionality.

Then the draft document, merged and polished by the respective Principles and Roadmap committees, went under consideration of the High-Level Multistakeholder Committee. And that’s where things got cut and mangled. The strong anti mass surveillance language disappeared, leaving only watered-down version that can be read as if suggesting mass surveillance can be carried out in a way that is compatible with human rights law.

Make no mistake – this is due to vehement opposition to such strong condemnation of mass surveillance, voiced by none other than the United States. US representative went as far as to state, that in the view of the US (compare and contrast with the Polish statement above):

Mass surveillance not always a violation of privacy.

For the same reason there is no acknowledgement of Edward Snowden in the document, of course. And, of course, these were voiced unequivocally only at the not recorded nor transcribed HLMC meeting.

Net neutrality got a boot and was only included as a “point to be further discussed beyond NETmundial” (along with roles of stakeholders, jurisdiction issues and benchmarking).

Finally, intermediary liability only got a weak acknowledgement, anchored in “economic growth, innovation, creativity and free flow of information”, instead of human rights (like freedom of expression or privacy):

Intermediary liability limitations should be implemented in a way that respects and promotes economic growth, innovation, creativity and free flow of information.

Little wonder, then, that civil society organisations decided to voice their disappointment with the outcome document in a common statement; its the last sentence seems a fitting summary:

We feel that this document has not sufficiently moved us beyond the status quo in terms of the protection of fundamental rights, and the balancing of power and influence of different stakeholder groups.

Conclusions

The document is far from satisfactory, especially in the context of the very reasons NETmundial was conceived (mass dragnet surveillance by the US), and legislative work being done around network neutrality (including Marco Civil and the Europarlament vote). And as far as privacy and mass surveillance is concerned, we know it’s of rising importance for more than a decade. Time to up our game.

With FCC proposing watered-down and meaningless net neutrality rules during NETmundial proceedings, US agencies blatantly advocating more surveillance and smartphone remote “kill-switch” law being passed in California, NETmundial could have sent a strong, unambiguous signal about the need of protecting human rights also in the digital domain.

Instead, due to political pressure to find a compromise, however mediocre and meaningless (quipped “overwhelmingly rough consensus”), the outcome document doesn’t really introduce any new quality to the debate.

To some extent, though, it’s the journey that counts.

NETmundial was as much an Internet governance meet-up, as an experiment in multistakeholderism. And even though it was slanted (due to, among others, the HLMC having a large over-representation of governments), even though it was far from perfect, even though the process could have been better designed, it is still an experiment we can learn a lot from.

I feel that somewhere along the road NETmundial organisers missed the fact that:

Multistakeholderism is a framework and means of engagement, it is not a means of legitimization. – via Wikipedia

With eyes on the prize of a consensual outcome document, there was a vague feeling that civil society has been invited to the table to legitimize the process and the outcome, and that there are little to none concessions that would not be considered to keep all parties at the table.

It eventually turned out a bit better, and I find the fact that the US had to unequivocally advocate mass surveillance, is one of the positive outcomes of this meeting. The king had to acknowledge its lack of clothing.

While it is hard to disagree with Jeremié Zimmerman, writing for La Quadrature du Net:

Governments must consider the Internet as our common good, and protect it as such, with no compromise.

…we can, and should, learn from NETmundial. As Human Rights Watch put it:

What was evident throughout the two days of discussions in São Paulo is that a “multistakeholder” approach to Internet governance – however vague a term, or however difficult a concept to implement – is a far more inclusive and transparent approach than any process where only governments have a seat at the table

I think I’ll finish this off with a question raised by Smári McCarthy:

We’re going to need to do something better. The people running OurNETmundial were doing a fairly good job of drawing attention to the real issues. Perhaps OurNETmundial should become an event. But where? When? By whom? And how do we avoid cooption?