Next week comes the UN Internet Governance Forum, and alongside it, the French government’s noble project of a Paris Peace Forum. The conjunction of these events has led to a proliferation of cyber norms declarations. As nice as all these calls for good behavior in cyberspace are, they inspire a sense of uneasiness here at IGP.
On November 12, the Paris Peace Forum will release the “Paris Call for Trust and Security,” a two-page list of lofty goals. Not to be outdone, the Global Commission on the Stability of Cyberspace (GCSC) released a “norm package” at the beginning of the month. Prior to that, a new UN High Level Panel on “Digital Cooperation” has been formed to foster “cooperation across domains and across borders …to realiz[e] the full social and economic potential of digital technologies, mitigating the risks they pose…” Microsoft, until recently a leading purveyor of norms via its Digital Geneva Convention proposals, is now positioning itself as a social movement leader calling for “digital peace now.” In Paris, Microsoft seems to have joined forces with the French government’s Paris Call (and its ideas seem to have been swallowed up by it).
Most of these initiatives, appropriately enough, are focused on cybersecurity, making it clearer than ever that the IGF program committee, the MAG, made a huge mistake in downplaying this topic. As a result of the IGF MAG’s short-sightedness, leadership in global internet governance is, as we predicted, migrating to places outside the IGF – though fortunately for the IGF the French government found a linkage to IGF to be useful.
There is much good to be said about these efforts. First, there is an explicit recognition that this is all about global governance. Many of the norms being proffered are sensible, decent things. The GCSC, if you’ll pardon the expression, has a nice package. Among others, it posits that
“State and non-state actors should not tamper with products and services in development and production, nor allow them to be tampered with…”
“State and non-state actors should not commandeer others’ ICT resources for use as botnets or for similar purposes.”
So why the feeling of uneasiness? There are several causes.
One is that we see too much public posturing, more interest in running out in front of a parade as “leaders” and getting publicity than in doing the real work it will take to achieve effective global governance in cyberspace. People and organizations are positioning themselves to further their own status and goals rather than creating a common institutional infrastructure that can generate effective shared rules and procedures.
Another cause of uneasiness is the way in which national governments are gradually edging aside the multistakeholder community. The high-level panels, commissions, and norm proclamations are increasingly state-driven and state-aligned, even as they pay lip service to multistakeholder governance. The meetings of these entities are hopelessly hierarchical, with only favored people invited to participate; their consultations are based on a model of noblesse oblige: we shall, at our leisure, allow the peasants an audience. The French government’s Paris call even dusts off the hoary rhetoric of “stakeholder roles.” Apparently, no one told them that the Tunis Agenda’s dictum that Internet stakeholders should be confined to different “roles,” with governments the sole makers of policy, is moving us backwards 15 years. Microsoft seems to have abandoned its globalist and non-national approach to cyberspace governance and is cozying up to the U.S. and French governments. Their idea of a neutral attribution institution formed and operated by non-state actors is all but abandoned. There are token Russians and Chinese in these panels, but the world’s real “digital divide” over sovereignty in Internet governance remains.
Additionally, there is something a bit ridiculous about the burgeoning norms business. (“What do you do at work, daddy? Oh, I make norms”). These lists of pious do’s and don’ts seem to assume that people don’t already know it’s harmful to make botnets or tamper with products and services. The problem is not that they don’t know it’s wrong, it’s that they can still attain benefits from doing so. What are these norm packages doing to alter the incentive structure?
At a deeper level, we find many of these efforts missing the forest for the trees. The purveyors of norms generally fail to understand or accept the fact that there is no agreement on a basic principle regarding cyberspace governance, namely the status of national sovereignty. There is still a fundamental divide in the world between those who believe that cyberspace governance is subject to traditional principles of national, territorial sovereignty, and those who believe that cyberspace is a globally shared commons where national sovereignty does not belong and is an obstacle to effective and human capacity-enabling Internet governance.
The theory of international regimes identifies norm development as the second step in a process of institutionalization. The first step involves agreement on principles; that is, foundational facts about the sector or domain to be governed. It is unfortunate, but true, to say that all of the international calls for cyber norms have skipped agreement on principles and are trying to promulgate norms despite a huge, gaping chasm in the way states understand their role in cyberspace. There will be no effective operationalization of norms until there is agreement on the status of cyberspace as a global commons, a non-sovereign space.
The French government’s Paris Call is scheduled for November 12, one day after Remembrance day, which commemorates the slaughter of World War 1. And that is the cause of the greatest unease. Today’s norms proclamations bear an eerie resemblance to the Kellogg-Briand pact of 1928. The signatories, including the U.S., Germany, Japan and France, agreed to abandon war as a tool of national policy. The U.S. Senate ratified the treaty in 1929. The Christian Century proclaimed: “Today international war was banished from civilization.” We know what happened next.