The CFR Report on Internet governance: Good intentions. No new ideas

U.S. policy toward Internet governance has not been innovative, or even clearly focused, since 1999. With its wholesale liberalization of telecommunication and information services in the 1980s and ’90s, its 1996 Framework for Global Electronic Commerce and its (semi-) privatization of DNS via ICANN, the US took bold moves that forever altered the landscape of global communications.

The world has been adjusting to and debating those moves ever since, but US policy has been static. It tries to preserve the status quo; it fends off attacks from authoritarian countries; it tries to keep the ITU in its place. Often US initiatives push and pull in conflicting directions in response to domestic political demands and foreign policy imperatives. The commitment to new, ‘multistakeholder’ forms of Internet governance, while mostly sincere, constantly battles against the demands of IPR interests, law enforcement and governments to override bottom up processes and reassert state power. The Internet freedom agenda, while sincere and meaningful, is constantly undermined by perceived national security imperatives and domestic intellectual property interests.

This month the Council on Foreign Relations released a report on cyber policy called “Defending an Open, Global, Secure and Resilient Internet.” The report is the fruit of a task force of eminent Americans from business and academia chaired by former State Department official John Negroponte and IBM Executive Samuel Palmisano. Adam Segal directed the report. Google, Microsoft, Facebook and other big American Internet firms were well represented on this task force. Its goal was, apparently, to renew and revitalize American policy on Internet governance.

Alas, it did not succeed. To an informed reader it only displays the stasis, contradictory forces and status-quo preserving instincts discussed above.

Although we were underwhelmed by the recommendations of the report, we consider it to be important – worth reading and worth reviewing. First, it tried to put together all of the key elements of Internet governance – trade, innovation, freedom of expression and cybersecurity – into a comprehensive policy overview. That in itself is an all too rare yet badly needed effort. Second, the report explicitly recognizes that “the open, global internet” is threatened by the twin problems of assertions of national sovereignty and cybersecurity concerns. It seems genuinely concerned with finding ways to preserve the Internet’s freedom and openness while taking account of the security problems and the new geopolitics of Internet governance. Indeed, the report could be characterized as an attempt by mainstream American liberalism to regain the initiative in this policy domain, which it has clearly lost since 2000. In that respect the intentions of the report’s team are good.

Good intentions are not enough, however. There are no powerful new ideas in this report, certainly none that could cut through the Gordian knots in which U.S. approaches to global Internet governance are entangled. On the contrary, in many places the report displays precisely the limitations and self-contradictions that have led to the current state of stagnation and deadlock.

Let’s highlight some of the good aspects of the report first.

As noted above, the report tries to bring together all the relevant policy domains. “U.S. decision-makers,” it says, “do not have the luxury of pursuing Internet trade, freedom, and security policies in isolation.” (p. 6) It also concludes that (p. 13) “the open, global Internet is unlikely to continue to flourish without deliberate action to promote and defend it.” True: its beneficial features need to be institutionalized – globally – as this blog has long argued.

The report reminds US policy makers that “Washington’s influence is more likely to be positive when it recognizes that cyberspace is a global issue, not one simply of national economic, strategic, and political interest.” Very important advice, though difficult for domestic politicians to heed. It also asks the US not to be hypocritical: “When the United States works counter to its principles and restricts cyberspace, it provides justification and coverage to other states looking to limit the openness of the Internet.” An important reminder. It provides a pointed example of the double standard: “Congressional efforts to pressure the Commerce Department to have ICANN respond to demands outside of the usual consultative process…” It calls for the formation of a “multistakeholder alliance of ‘like-minded actors’ — including governments, companies, NGOs, and the noncommercial sector” (though it does not follow through on this vision).

So the tone and intentions of the report are good: we should synthesize Internet policies to pursue trade, freedom and security; we should form a broad transnational and multistakeholder alliance to pursue that agenda; and we should lead by example. But that’s the easy part; what are the specifics?

The 4 “pillars” of the CFR’s Internet agenda are:

  • Alliances
  • Trade
  • Governance
  • Security

Our review will come in two parts. Part 1 will discuss Trade and Governance. Part 2 will discuss Alliances and Security.


Trade in information services is flagged as a top priority. That’s good. As Google and others have pointed out, it is intellectually and politically feasible to link free trade and freedom of expression when information services are involved. The scope of Internet communication should be global; protectionism and barriers, for either political or economic reasons, should be overcome. The CFR report calls for bilateral and multilateral trade agreements to “guarantee the free flow of information and data across national borders.” But the problems that have led to the stagnation of trade agreements since that time – IPR and privacy – are still visible in the CFR report. The Task Force has no new ideas about how to handle them.

Regarding IPR, the US push for free trade in information services has been consistently undermined, if not corrupted, by its subordination to the agenda of copyright, trademark and patent holders. Instead of consistently pushing for openness and market access in information services, we try to use trade agreements to push other countries into adopting American  IPR laws and standards, or use market acccess as IPR enforcement leverage. TRIPS, for example, was not really a trade agreement, but a way for the US to make access to its huge market contingent upon compliance with US IPR protection standards. What is known about the intellectual property chapter of the Trans-Pacific Partnership agreement also involves IPR protections that are more restrictive than current international standards, and would require significant changes to other countries’ copyright laws.

This linkage generates opposition to free trade agreements on the part of civil society and many emerging-market states. Free trade economists have long challenged this linkage. As reknowned trade economist Jagdish Bhawgati wrote, “The WTO ought to be about lowering trade barriers and tackling market access problems. The inclusion of intellectual property protection has turned the WTO into a royalty collection agency.”

Privacy is another barrier. Just as the US tries to use trade agreements to foist its copyright and patents laws on the rest of the world, Europe is prone to using trade agreements to extend its data protection laws to American companies. The problem is not just domestic differences over privacy policy, it is also national security policy. US efforts to reach a “safe harbor” agreement regarding privacy/data protection likely have been thoroughly killed by the recent NSA revelations, which make it clear that foreign traffic or facilities can be ransacked at will by our national security agencies. What European is going to sign on to a safe harbor agreement after PRISM has been exposed?

One simple way to move forward would be for the U.S. to just back off on IPR in trade agreements. We can and should stop holding the enormous benefits of trade in goods and services hostage to the copyright industries, and rely on other means to protect intellectual property rights. We need to decouple IPR policing and enforcement from trade in information services. We also need to moderate our national security establishment. Long term, economic strength is far more important to our security than surveillance, yet national security demands have become far too pre-eminent at the expense of trade. Anyway, no new Internet trade agenda will gain traction unless it comes up with a creative new way of handling these problems.


This part of the report is especially revealing of the way Washington’s conventional wisdom leads to dead ends in Internet governance. It claims, correctly, that there are “competing visions” of Internet governance. It characterizes one of those visions as wanting to “extend national sovereignty into cyberspace” and as involving “state-centric control of the Internet.” It never really defines the alternate vision. It vaguely refers to it as “the multistakeholder process.”

What are the characteristics of “the multistakeholder process?” How well do current IG institutions conform to those ideals? Those questions aren’t asked, perhaps because the answers would make mainstream Washington uncomfortable. Indeed, we rarely hear about the interests of any stakeholders except states and business in this report, and when changes are proposed, they all involve greater accommodation of states and never the empowerment or involvement of civil society. Where is the competing vision? All I see is a lame set of concessions to the other side.

The report acknowledges that “many states are already skeptical of ICANN’s autonomy from U.S. government control, given its history and the Commerce Department’s contract with ICANN.” But its proposed solution to this is an incredibly ignorant one: it proposes that the U.S. should provide more support to the Governmental Advisory Committee (GAC) “so that it can be seen as an effective place for governments to advise and shape policy and be accountable to the public at large.” In other words, we should improve the “multistakeholder process” and oppose the “competing vision” of a state-centric Internet by further empowering governments and making ICANN more like an intergovernmental organization. Makes sense, no?

Not surprisingly, the CFR Task Force was completely unaware of the raging controversies over GAC encroachment on, and replacement of, the bottom up policy making process that “the multistakeholder model” is supposed to represent. It is oblivious to the fact that ICANN’s staff and board have bypassed its bottom up policy development process repeatedly and that governments in the GAC – and the US government in particular – share a great deal of the responsibility for that. The report utters not a word about strengthening the ability of ordinary internet users to shape policy.

The report also proposes that the US should give more money to the UN Internet Governance Forum, as if that would solve its problems. The IGF could definitely use more support – but money for what, exactly? The report has no diagnosis of the IGF’s problems, its potential, or why the real players in global Internet governance do not take the Forum seriously. As with ICANN, their proposal for solving the problems we have now seems to be: “keep doing what you have already been doing for the past 10 years with a bit more money.” That won’t work. It is is precisely what got us where we are today.

Even when the report tries to level criticism at ICANN it is way off target. On p. 15 it claims that “ICANN’s four-year delay in rolling out new international (as opposed to generic) top-level domain names…alienated many in the developing world.” This is just false; in fact, ICANN accelerated the granting of multilingual domains to country code top level domain registries (ccTLDs). Commercial and private applicants are still waiting for the chance to offer domains in Russian, Chinese, India or Vietnamese scripts. Consequently, ICANN reinforced the local governments’ monopoly on domain name registrations in their territory. ccTLD operators, many of which are government-owned or licensed, now have a 3-5 year head start against any and all private competitors, in a market where first mover advantages are strong. It is probably not coincidental that the CFR report’s erroneous interpretation is slanted toward accommodating the interests of nation-states. This is the conventional wisdom in Washington these days.

There are no new or interesting ideas about how to deal with the ITU, either. The report simply implies that we failed to engage with it early and often enough. I am not sure whether this is true or not, but it is a pretty superficial point. The US should have clear ideas and proposals about how the ITU can be reformed structurally (e.g., it could detach vital radio spectrum functions from the other parts); and about whether it should or should not defund those parts that are dysfunctional.

The simple fact is that nation-states such as Brazil or many African and Middle Eastern nations do not oppose multistakeholder governance because of specific actions or problems with ICANN. They oppose it because they are representatives of states, and states are intrinsically wedded to a sovereigntist, state-centric model of governance. This is especially true of the younger, post-WW2 states. The real goal ought to be to get the other constituencies – civil society internet users and local internet businesses – more involved and supportive of the bottom up model. Nothing is going to make representatives of states happy with bottom-up, democratic governance, especially if they are authoritarian states. The idea that empowering them in ICANN will get them to approve of new forms of governance is seriously misguided – it will simply cause ICANN to be increasingly dominated by national governments.

Next week: Alliances and Cybersecurity.


  1. Richard Hill

    Pages 14 and 15 of the CFR report reproduce some of the criticism commonly voiced in the US regarding WCIT and the ITRs, including “The language detailing how cybersecurity measures would be implemented, for example, was broad enough to allow for an abuse of power by states claiming to fight cyber criminals but actually cracking down on dissidents.”

    Such criticism is totally invalid from a legal point of view, as I’ve shown in an article published in the Oxford University International Journal of Law and Information Technology. A summary of the article, with a link to the full article, is at:

    In fact, as explained in my article, refusal to adhere to the ITRs is more likely to result in greater restrictions on Internet freedom than adherence.

    Richard Hill

  2. Pingback: The NTIA’s New Policy of Appeasement | IGP Blog