The Narrative: IGF16 still on; Insurers confront cyber-attribution; India & cryptocurrency

Posted on by , and General

Amid Covid concerns, IGF meets in Poland

As of this moment, the UN Internet Governance Forum will still hold a hybrid meeting in Katowice, Poland. The hosts made an announcement affirming that “it goes ahead with the physical meeting as planned as it has taken all necessary precautions to make the event safe.” Our group has organized a workshop on Multistakeholder Initiatives in Content Moderation which involves business, government and civil society representatives involved in the Christchurch Call Advisory Network, the Facebook Oversight Board, and the Global Internet Forum for Counter Terrorism (GIFCT). We are also hosting a Town Hall with colleagues from the UN University and the Free University of Brussels on Digital Sovereignty, entitled “Beyond Hype: What Does Digital Sovereignty Actually mean?” 

In the run-up to the Forum, controversy has erupted over the UN Secretary-General’s attempt to create an IGF “Leadership Panel.” IGP and IT for Change issued a joint letter asking the SG to end the plan, claiming that it “foster[s] the increased stratification of IGF participants into status-based categories that undermine the Forum’s original goal of encouraging bottom-up stakeholder participation.” Various civil society and technical community organizations have expressed reservations about the panel, including the Internet Society CEO and the Internet Technical Collaboration Group.

IGP will be an active participant in Poland.

  • On Day 0, IGP researchers will present the paper Making Data Private – and Excludable: A new approach to understanding the role of data enclosure in the digital political economy. The Giganet Annual Symposium will take place Monday, December 6, with the panel starting at 14:00 CET. Register to get your Zoom link for Symposium here.
  • IGP and the Free University of Brussels have come together to organize a session titled Beyond hype: what does digital sovereignty actually mean?  As the name suggests, the session will deal with the consequences of widespread use of this contentious concept in policymaking. The session is Town Hall #23 and will take place in Hall A3 on Wednesday, December 8, at 10:45 CET, you can register to join online here.
  • IGP is organizing a session, Multistakeholder initiatives in content governance which examines several content governance initiatives including the Christchurch Call, the Facebook Oversight Board, and the Global Internet Forum to Counter Terrorism. These initiatives raise important questions about the relationship between private commercial platforms, governments, law, human rights, and the role of public input in resolving the ongoing tension between freedom of expression and controversial social media content. The session is Workshop #57 and will take place in Ballroom A on Friday, December 10, at 11:15 CET, you can register to join online here.

Insurers and attribution

Lloyd’s Market Association (LMA), a trade association for insurers, has issued draft Cyber War and Cyber Operation Exclusion Clauses, including guidance on attribution of cyber attacks. Authoritative attribution remains one of Internet governance’s thorniest problems, especially when the adversary is a state or an agent of one. The yet to be settled Mondelez v. Zurich case hinges on the US government’s and allied states’ attribution of NotPetya to the Russian government. The LMA draft clauses lay out conditions for possible exclusions of coverage and how attribution shall be determined. In one version (LMA5565), certain states including “China, France, Germany, Japan, Russia, UK or USA” were specified suggesting that cyberspace conflicts between them remain active and particularly problematic for insurers. The language seems pretty reasonable, stating that the “primary but not exclusive factor in determining attribution” resides with the state, but absent that “it shall be for the insurer to prove attribution by reference to such other evidence as is available.” The obvious risk is that a state continues to use attribution strategically, blaming another state and thus denying the victim any coverage. But this may incentivize victims to pressure their governments to be transparent in attribution details and rigor, lest their claim be denied. It also indicates that insurers will want to build up their own capacity to evaluate attribution work done by others. An independent body capable of making authoritative attributions still seems like a desirable solution.

India and cryptocurrencies

From a proposed outright ban in 2016 to the current administration racing to finalize legislation in time for the last parliament session of the year – regulation of cryptocurrencies in India have come a long way. The Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 is listed for introduction in Parliament’s Winter Session. Reports suggest the bill seeks to prohibit all “private cryptocurrencies” in India. However, it allows for certain exceptions to promote the underlying technology of cryptocurrency and its uses. Spurred by losses and misuse of cryptocurrencies for money-laundering, the central bank has been calling for greater oversight of the industry. Last year, the Supreme Court of India had to intervene to reverse Reserve Bank of India’s (RBI) order banning banks from supporting crypto transactions. Given the rapid adoption of, and investment in cryptocurrencies in India – a complete ban is unlikely. On Tuesday, Finance Minister Nirmala Sitharaman said the bill was being reworked to take into account the rapid changes in the industry, without offering details of the changes to the original draft.

Will The Internet Fragment?

“In characteristically rigorous fashion, Mueller’s outstanding book punctures the alarmist myth of Internet fragmentation and helps us to understand what is really at stake as nations and other groups vie for power over the Internet.”

Jack Goldsmith, Harvard Law School

Purchase Online