In the last few years the question of Internet governance seems to have taken a back seat to the increasing prominence indeed anxiety provoked by:

 

1) massive leaks of intelligence and or politically sensitive data

 

2) noticeably increasing patterns of cyber-security attacks from various countries upon security infrastructure e.g. stuxnet attack on Iranian nuclear facility, or on governmental or commercial interests

 

3) revelations about the use of mass surveillance and data gathering by individual nation's security services

 

 

Whilst no one cyber-attack has especially stood out except perhaps for the North Korean? attack on Sony purportedly over a comedy it helped produce which satirised North Korea; what has stood out are the revelations from a few years ago by Wikileaks and by Edward Snowden the latter perhaps far more serious in their implications not only for

 

a) public confidence in the democratic balance of power between state and people and

 

b) between security and privacy and

 

c) what it showed in terms of foreign relations between friendly states - that the US was systematically spying on the activities of German politicians in a way beyond what most likely they suspected and

 

d) what it suggested to potential rivals or even enemies - Russia, China about the use of such technologies.

 

 

But in relation to what we have done for the last couple of sessions we need to focus  also on a less obvious dimension that the Myers-West article highlights.. and that is the implications of Snowden for the question of Internet governance.

 

 

 

 

The Snowden disclosures - a summary (extracted from David Lyon's Surveillance, Snowden, and Big Data: Capacities, consequences, critique)

The first item revealed by Edward Snowden on 6 June 2013 and published in The Guardian (UK) was that the NSA, using an order from the Foreign Intelligence Surveillance Court (FISC), had required the telecommunications giant Verizon to hand over metadata from millions of American's phone calls to the Federal Bureau of Investigation and the NSA Verizon itself was forbidden to disclose to the public either the order or the request for customer records.

The next day, articles in the Washington Post and The Guardian detailed how the PRISM program seemed to give the NSA direct access to the servers of some of the biggest technology companies, including Apple, Facebook, Google, Microsoft, Skype, Yahoo, and YouTube. Encryption and privacy controls were circumvented with the help of the companies. In the UK, the Tempora program appeared to be even more like a dragnet as it gave similar access to GCHQ (General Communications Headquarters; the UK partner of the NSA in the “Five Eyes”). Together, their cable and network tapping abilities are called “Upstream” and can intercept any internet traffic. The database that allows the information to be extracted in real time is called “XKeyscore”. The revelations have continued and Snowden himself has said (in early 2014) that some of the most striking disclosures are yet to come.

The surveillance practices revealed by Snowden show clearly if not completely that governments – especially American, British, Canadian, and possibly other agencies – engage in astonishingly large scale monitoring of populations, and also how they do it. On the one hand, the NSA engages contractors to share the burden of their work and also gathers and mines user data collected by other corporations, especially telephone, internet, and web companies. And on the other, this kind of surveillance also means that the NSA and similar agencies watch for cookies and log-in information. They thus use data derived from the use of devices such as cell phones or geo-locating social media sites. What users unknowingly disclose on those platforms – such as Facebook or Twitter – or when using their phones, is usable data for “national security” and policing purposes. But more importantly from a Big Data perspective, metadata (see the discussion below) relating to users is gleaned without their knowledge from the simple use of these machines. There are thus at least three significant actors in this drama, government agencies, private corporations and, albeit unwittingly, ordinary users.

What holds these groups together, in a sense, is the software, the algorithms, the codes that allow users’ data to be systematically extracted or disclosed, analyzed, and turned into what the data collectors and others, such as the NSA, hope will be actionable data. In other words, it is the (big) data practices that different kinds of operations have in common. As Snowden himself said in a 10 June 2013 video, the “ … NSA targets the communications of everyone … ” then “ … filters, analyzes, measures them and stores them for periods of time simply because it's the easiest, most efficient and most valuable way of achieving these ends”. The NSA thus depends on codes, the algorithms, plus the witting or unwitting cooperation of both telephone and internet corporations in order to do surveillance. Individual users may play a part, too, but their role is hardly one of conscious actors in the drama. This already goes beyond what many once imagined was direct and specifically targeted relationships by state agencies of individuals, to mass surveillance, dependent on a close liaison with corporate bodies and on the self-recording devices used in everyday communications and transactions.

The gathering of national intelligence in the U.S. is a mammoth undertaking, worth over US$70 billion per year and involving extensive links with universities, internet companies, social media, and outside contractors – such as Booz Allen Hamilton that employed Edward Snowden and from which Snowden illegally conducted his removal of sensitive data. If nothing else, the economic value of these operations indicates how much emphasis is placed on data processing by government agencies and in turn by global corporations. But what kinds of data are sucked up so voraciously by these organizations with such sophisticated processing power?

The word that has perhaps appeared most in relation to the Snowden revelations is “metadata.” This term refers – rather imprecisely – to the “data about data” such as the IP address, the identity of the contact, the location of calls or messages, and the duration of the contact. However, metadata takes many forms, well beyond communications. For example, automatic license plate recognition systems or word-processing programs also generate metadata. While specific cases of monitoring the content of phone calls and examining text messages exist as well, the extremely large-scale collection and analysis of metadata characterizes many of the disclosures about the kinds of activities with which the NSA is engaged. When the Snowden revelations began in June 2013, governments and agencies were quick to dismiss them by downplaying the significance of metadata.

In the U.S., the collection of metadata was permitted after 9/11 under the “Section 215 Bulk telephony metadata program” but it is unclear how far similar such programs extend to other countries such as Canada or the UK. However, it was revealed in 2014 that the Canada Border Services Agency made 19,000 requests for subscriber data in one year but this and other related Canadian agencies are under no statutory requirement to say how often such requests are made or for how much data. More specifically, a program that featured in the news media as Canada's CSEC (Communications Security Establishment of Canada) collecting data from airport Wifi systems was actually a general means of identifying travel patterns and geographic locations using ID data (that is, metadata) in conjunction with a database of IP addresses supplied by the company Quova over a two-week period in January 2014. What this shows is how data are analyzed, rather than just the fact of its collection. Such data may be used, for instance, to set up an alarm when a “suspect” enters a particular hotel, or to check on someone – a kidnapper, maybe – who may have repeatedly visited a particular location. But it takes little imagination to think of other potential uses for such datasets.

This is why security critic Bruce Schneier cuts through the obfuscations to state unequivocally that “metadata is surveillance.”1 As he also observes, while the mass media accounts focus on what surveillance data are being collected, the most significant question is how the NSA analyzes those data. On the one hand, the nearly five billion cell phone records collected by the NSA each day by tapping into cables that connect mobile networks globally can reveal personal data about where users are located, anywhere in the world. The NSA can attempt to track individuals to private homes and can also retrace earlier journeys, whenever the phone is on, because phones transmit location data whether or not they are in use. On the other hand, the NSA also analyzes patterns of behaviour to reveal more personal information and relationships between different users

 

 

 

Questions

 

1) What does  e-comms have to do with the possibility of security in relation to threats whether in the form of illegal materials - crime, porn, non-state dealing in arms etc or in coordinating/mobilising anything fro protest/social movements through to insurgent and terrorist groups

 

Take into account encryption powers for all users; the bottleneck problem of too much data flow/insufficient monitoring and interpretation powers; legal problems of what is and is not worth pursuing; International cooperation

 

 

2) What other problems are there, perhaps more in democratic states, that inhibit surveillance powers? The prob of major net players - Google et al a well as ISPs cooperating with Government where there is reputational damage over their sharing data with NSA et al. and building backdoors. Users tightening up of their security n the wake of Snowden; Use of VPNs/proxy servers

 

 

3) To what extent should states be accountable for their deployment of intelligence strategies -or is it simply an issue of state sovereignty?

 

and the other side:

 

4) Is privacy a human right for the purposes of international recognition?

 

 

 

 

Why Surveillance?

 

 

Ontologies:

 

1) humans + epistemological givens that are traded on

 

a) their curiosity;

 

b) their ignorance (buy into the govt/media line - "it's only the metadata not the content, so its not surveillance")

 

c) marginal rate of disinterest

 

 

2) Institutional imperatives e.g. NSA et al

 

a) shaped by political or economic or security needs

 

b) shaped by established purpose driven culture

 

c) perceptions of needing to overcome those who stand in the way of (b)  e.g. lawyers, civil libertarian et al. (irritants)

 

 

 

3) Culture and ideology

 

a) resulting from values in this nation

 

b) conflicting forces -liberal v conservative views which show up as value dispute between national interest ad individual freedoms

 

c) split between cosmopolitan and isolationist orientation

 

 

4) Multi-polar versus convergent attitudes

 

a) in a Huntingtonian world of cultural clash

 

b) in a world of global capitalism that seeks outward looking identity - individualism

 

c) return to fundamental values either in small domestic world of the Tea party or in the large in the Islamic world

 

 

5) Socio-technical structures

 

a) the capacity of systems

 

b) Big data

 

c) 'because we can' and 'we have the technology'

 

 

Recent article in Big data and Society  noted:

 

The crucial concept is surveillance, that can be understood as any systematic, routine, and focused attention to personal details for a given purpose (such as management, influence, or entitlement. This too is a broad definition that needs some tightening for the present purpose. Our task here is to examine how far Big Data intensifies certain surveillance trends associated with information technologies and networks, and is thus implicated emerging configurations of power and influence. Of course, as political-economic and socio-technological circumstances change, so surveillance also undergoes alteration, sometimes transformation. Classically, studies of surveillance suggest that a shift in emphasis from discipline to control (Deleuze, 1992) has been a key trend associated with the increasing use of networked electronic technologies that permit surveillance of mobile populations rather than only those confined to relatively circumscribed spaces, and depend on aggregating increasingly fragmented data. Surveillance practices have been moving steadily from targeted scrutiny of “populations” and individuals to mass monitoring in search of what Oscar Gandy calls “actionable intelligence” and Big Data surveillance exemplifies this.

 

 


But what about the IR implications of the revelations?

 

Xenia Wickett has suggested three area of concern:

 

1) Rels with Europe a) because of spying on friends; b) that it might disrupt the Transatlantic Trade and Investment plans; c) weakening of cooperation on data gathering between US and Europe in wake of revelations

 

2) US - China rels: argument is that China goes in for extensive commercial hacking whereas US keeps to good old-fashioned diplomatic (political) data gathering/spying implication - 'respectable' spying but Snowden has put US on back foot and China will play it for all its worth

 

3) US-Russia rels: some as China prob but also prob with Snowden asylum

 

 

 

 

Implications for Internet Governance matters:

 

Three broad perspectives on Internet governance largely frame the debate as it exists today: distributed governance, multilateral governance, and multistakeholder governance.

 

A distributed system is where governance is relatively unorganized within online communities that were able to police themselves when faced with conflicts, using both consensus-building dialogues and networked systems of coding.

 

Changes in the use of the Internet over the past decades have introduced a major challenge to the legitimacy of this approach. Consensus was much easier to achieve when the group of stakeholders involved was small and their makeup more homogeneous. A survey of Internet users in 1994 found that as many as eighty percent of those using the Internet were both male and white. The Internet today looks quite different – the ITU’s 2009 Information Society Statistical Profiles found that since 2004, the fastest Internet user growth rates came from Afghanistan, Myanmar, Vietnam, Albania, Nigeria, Liberia, Sudan, Morocco, and the Democratic Republic of the Congo. With the addition of millions of users from around the globe, the amount of dissonance has grown substantially. In order for Internet governance to become more effective, then, it requires more formalized institutions and mechanisms.

 

This ties directly to the issue of legitimacy: more structured and formalized systems would provide a solid foundation for governance to proceed. Thus, an argument has been made for the base of legitimacy of the governance model to transition from one of technical expertise involving a wide range of industry players to a political process involving a narrower set of stakeholders.

 

 

The second approach to Internet governance prizes national sovereignty, and is led by a coalition of governments including China, Russia and India but supported by many emerging and developing economies. It argues in favour of a multilateral system that puts both policy and power in the hands of nation states. This approach would include the creation of a body within the UN system responsible for Internet governance, while also giving ultimate sovereignty to nation-states to set their own national policies. This view has gained some weight in the wake of the NSA scandal, leading additional players including the European Union to consider this view as they seek to protect their own borders against the surveillance of the United States intelligence system. To a certain extent, the powers these governments say they seek already rest in their hands: at any time, a national government or alliance of governments could break off from the current Internet and form their own national or regional Intranets not connected to the rest of the domain name system.

 

 

 

In the post-Snowden era: a group of German telecommunications companies has said they will create an Internet territorially limited to nations within the Schengen Area. India has also begun to push for all Internet data to be stored on servers within the country, though the extent to which this is feasible is questionable given the Internet’s distributed architecture. The states now considering quarantining the flow of their data are powerful political and economic players. None of the countries have actually launched these national intranets. What prevents them from doing so is their economic interest in the flow of information across national borders – the incentives to stay connected to the network.

 

...and they have to make a nuanced power calculation between the value of political control against networked economic growth.

 

 

 

Myers-West comments: Each of the above approaches to Internet governance persists in some form today , making up a complex ecosystem of Internet governance groups distributed governance at organizations like the IETF, multilateral governance at the UN and to  some extent at the ITU, and multi-­stakeholder governance at the IGF. At the same time, each of them continues to face challenges as an overarching framework within which to understand the governance processes: distributed governance is challenged by the push toward formalization in order to legitimate Internet governance processes, multilateral governance is increasingly seen as a potential threat to economic progress, and multi-stakeholder governance is encountering enforcement and accountability problems.

 

None of them on their own accurately capture the political environment as it exists in the postSnowden world . While  the individuals responsible for running the Internet in its earliest days formed a distributed network, the invention of the Internet itself would not have been possible without government funding, and this has introduced politics into critical decisions about its governance at a number of key moments. And as Snowden revealed, governments have developed the capacity to exploit the network to achieve their own ends. Still, Internet governance  is not dominated by the state – the existence of a number of important non-­governmental players such as ICANN and the Internet Governance Forum problematizes the multi-lateral approach. Cleavages between a number of the great  powers over Internet governance issues also have a downstream effect on the effectiveness of international governance organizations like the United Nations and  International Telecommunications Union in Internet policymaking. (p.12)

 

 

 

 

 

...a multi-stakeholder system that integrates states and non-state actors representing business and civil society. Supported by the United States, United Kingdom, Canada, Australia, and organizations including the Internet Society and International Corporation for Assigned Names and Numbers (ICANN), multi-stakeholderism has become a dominant ideological position, often elevated as a value in itself rather than an approach to meeting public interest objectives.

 

Cracks in the multi-stakeholder system are appearing: individual stakeholder forums increasingly centre on who can participate, rather than the issues themselves. They tend to silo off civil society, the technical community, and governments from one another, weakening the incentive to build cross-cutting mechanisms or overarching consensus

 

A whole host of perennial issues that have not reached a final resolution in multi-stakeholder fora: while relatively successful at achieving agreements on general principles, debates over cybersecurity, spam, crime, intellectual property rights and others frequently arise. Moreover, the multi-stakeholder system as it exists faces political challenges regardless of its performance due to the shift in global influence from transatlantic to emerging powers.

 

 

Snowden revealed, governments have developed the capacity to exploit the network to achieve their own ends

 

 

The release of Snowden’s documents elevated discussion to the level of high politics.

 

It also gave greater impetus to governments seeking to implement national controls over the Internet. Brazil’s discussed routing its Internet traffic to bypass the United States, and its parliament considered inserting language requiring Brazilian citizens’ data remain within its territorial boundaries into the Marco Civil legislation. Germany and France revived discussions about creating a European Intranet, separated from the global network. There was also a substantial growth in the number of governments deploying Internet censorship and shut-offs as a means of asserting political control. In the year following Snowden’s release of the documents, China, Pakistan, Russia, Syria, Turkey, and Venezuela among others took these types of heavy-handed national-level controls over the Internet space. Thus, in addition to igniting a global conversation about privacy and surveillance, Snowden’s revelations accelerated long-standing debates over the issue of sovereignty in Internet governance. 

 

They revived proposals for an international system of governing the Internet, which were a key point of contention at prior fora, notably the World Conference on International Telecommunications in Dubai (WCIT-12). At WCIT-12, there was an unprecedented international split over the issue of multilateral domain over Internet issues, with 89 governments signing on to the International Telecommunication Regulations (ITRs) and 55 declining.

 

 

Brazilian President was furious at the revelation that the US had spied on her personal communications, as well as those surrounding a trade negotiation between the United States and Brazilian oil company Petrobras. After cancelling a state visit to Washington, DC, she went before the United Nations to make a passionate call for the UN to establish a multilateral framework to govern the Internet to prevent such abuses from occurring in the future: “the time is ripe to create the conditions to prevent cyberspace from being used as a weapon of war, through espionage, sabotage and attacks against systems and infrastructure of other countries”. Together with Angela Merkel, she proposed a non-binding UN resolution protecting the right to privacy of Internet users, which was adopted on December 18, 2013 (UN, 2013).

 

On March 14, 2014, NTIA (Department of Commerce National Telecommunications and Information Administration) announced its intent to transition domain name functions “to the global multi-stakeholder community” through a process facilitated by ICANN. Almost immediately after the announcement, the discussion became highly politicized, with the end of US oversight framed by conservatives as turning the web over for authoritarian control. Three bills were introduced by lawmakers to prohibit the NTIA from relinquishing its responsibility over the domain name system and asserting US authority over the Web.

 

So we have here in the wake of Snowden a political mess at the level of US stewardship of the DNS and at the International level.