At APNIC, we continually keep track of Internet governance discussions, both at regional and global levels, making positive and constructive contributions where possible. Here are some highlights from the last three months of 2018.
Strengthening relationships between ICANN and RIR communities
In October, APNIC staff attended the ICANN 63 meeting in Barcelona, Spain.
Apart from participating in the High-Level Governmental Meeting, we were involved in discussions surrounding an ‘Expedited Policy’; specifically, whether a ‘Temporary Specification’ for registering generic Top-Level Domain (gTLD) data will become a consensus policy supported by the ICANN Community. The Temporary Specification changes the way registries and registrars under contract with ICANN, publish registration data on the whois system. It seeks to avoid the exposure of personal data to bring them into compliance with the European Union’s General Data Protection Regulation (GDPR) which became effective in May 2018.
Last week, #ICANN‘s EPDP Team made important progress on the Temporary Specification for #gTLD Registration Data during their meeting in Los Angeles! Read the team’s blog and learn about the #EPDP‘s latest updates and next steps >> https://t.co/Aqlq89GSR9 pic.twitter.com/D5tq6QROL5
— ICANN (@ICANN) October 1, 2018
While these policy measures mostly affect the world of gTLD names, many discussions from ICANN extended into the realm of Regional Internet Registries (RIRs) because whois is a globally distributed system that also includes Internet numeric address data. Although no important changes to the way whois is published by the RIRs are foreseen in response to the GDPR, we have been promoting the value, and supporting the continuity of the whois service. Even if there are many whois policy frameworks led by different communities, fragmentation of the whois ecosystem can jeopardize the stability and security of the Internet.
At APNIC, we promoted discussions on whois in several events during 2018:
- We ran a series of workshops dedicated to whois accuracy and privacy at the Cooperation SIG sessions at APRICOT 2018 and APNIC 46.
- At the APrIGF meeting in Vanuatu (13 to 16 August) we co-organized the workshop Whois collected, disclosed and protected: How we care about protecting data privacy?. It was a good opportunity to talk about the origins of whois and the features that should continue to be available in the future.
- At the IGF meeting in Paris (12 to 14 December), we co-organized a workshop about the importance of Computer Emergency Response Teams (CERTs) having guaranteed access to the whois databases (read more below).
Also at ICANN 63, the RIRs, via the Number Resource Organization Executive Council (NRO-EC), held initial discussions with ICANN executives and the ICANN Board about the implementation of the recommendations of the second independent review of the Addressing Supporting Organization (ASO). The NRO-EC shared progress with ICANN about the ongoing public consultation to determine the future structure of the ASO.
Paul Wilson, Chair, NRO Executive Council, recognizes the early #Internet pioneers and their ongoing commitment to #ICANN. Watch the full #ICANN63 video here >> https://t.co/jUp9dJWBMj pic.twitter.com/hE1ivjQhlA
— ICANN (@ICANN) October 23, 2018
In the case of APNIC, a third consultation session on the ASO Review was held during APNIC 46 in Noumea. In this session, the APNIC community considered what happened in other RIR consultations and analysed the NRO-EC input about the future structure of the ASO. After the session, an online survey was launched to seek wider views from the APNIC community (see survey results).
The engagement with ICANN on the future structure of the ASO will continue in 2019, once the public consultations in all RIRs conclude.
RIRs, Root Server Operators, #IETF and the entire Technical Community are also ack-ed in Cherine Chalaby’s thanks for their services for Internet development. Nice to hear! #ICANN63. pic.twitter.com/R1bQvVoTBH
— Filiz Yilmaz (@koalafil) October 22, 2018
Security captures focus from Wuzhen to Paris
The 5th World Internet Conference (WIC) was again held in Wuzhen, China. This conference brings together important Internet players in China and the rest of the world, both at the governmental and the private sector levels.
This year, a High Level Advisory Council, where APNIC has a place, helped to comment on a series of policy statements that define China’s cyberspace strategy. These statements refer to what President Xi Jinping envisioned as a “community of common destiny”, which he articulated at WIC 2015, including four principles (cyber sovereignty, peace and security, openness and cooperation, and good order) and five action proposals (digital divide, cultural diversity, digital economy, cyber security and Internet governance).
During this year’s conference, the organizing committee released the Wuzhen Outlook, considering comments by the members of the Council. This document acknowledges: rapid developments in IPv6; supports the international community to work on a concept of collaborative cybersecurity; suggests that the United Nations play an important role in cybersecurity, and; is in favour of developing new global norms for cyberspace, while respecting national sovereignty.
Following WIC 2018, APNIC participated in two international events held in Paris, France: the Peace Forum and the Internet Governance Forum (IGF) which coincided with a series of events in France commemorating the centenary of the end of the First World War.
The Peace Forum (11 to 13 November) was the first iteration of an event dedicated to global governance and included many discussions surrounding digital and new technologies. APNIC attended a keynote by Brad Smith, President and Chief Legal Officer of Microsoft, where he argued that private companies, such as Microsoft, are first responders to cyber conflicts. He promoted a petition about digital peace, calling governments not to use technology as a weapon.
@BradSmi keynote @ParisPeaceForum talks to leaders from around the globe on the need for all to come together to make cyberspace safer because we are all at risk pic.twitter.com/GrRz46hFV7
— Duncan Hollis (@DuncanHollis) November 12, 2018
Later, there was a panel on Crafting Peace in Cyberspace, with speakers from the UN, the Global Commission on the Stability of Cyberspace, Microsoft, the Internet Society, and the French Government. There was no clear agreement by the panelists on whether multilateral or multistakeholder mechanisms were needed to promote and sustain trust in cyberspace.
On that same afternoon, at the IGF (12 to 14 November), there were two speeches: one by the UN Secretary General, António Guterres, and the second by the President of France, Emmanuel Macron. These two speeches asserted the difficult times that the Internet is facing due to the increased number of cyber attacks.
Guterres talked about the recently established High-level Panel on Digital Cooperation, which tends to see cyber-issues as wider than the Internet, including cybersecurity, big data and artificial intelligence. This panel is expected to propose new solutions to digital cooperation, and suggested the IGF to take a more multidisciplinary approach in supporting these solutions.
Macron spoke about the importance of regulation. He suggested there are two types of Internet: a Californian form of Internet, and a Chinese Internet. He said that in his view, neither of them had proper governance models and suggested, through regulation, a new path can address the multiple threats that the Internet is facing. While this regulatory approach generated controversy, at the end of his speech he referred to a more subtle initiative called “The Paris Call for Trust and Security in Cyberspace”, a high level declaration suggested by France and supported by more than 250 entities, among them governments, private sector and several organizations, including APNIC, to implement cooperative measures to address these threats.
With the Paris Call, Macron wants to limit cyberattacks French President Emmanuel Macron gave a speech at the Internet Governance Forum at the UNESCO in Paris. While the IGF has been around for a while, it hasn’t been as active as some would have hoped… https://t.co/2eXLgP3Rtz pic.twitter.com/eqeUh6N0qk
— ARC Consulting (@ARC_Consulting) November 12, 2018
Read Event Wrap: IGF 2018 for all APNIC activities at the recent IGF.
Strengthen cooperation for IPv6 deployment
While these three events were happening in Wuzhen and Paris, the ITU Plenipotentiary Conference was taking place in Dubai, United Arab Emirates. APNIC also took part in this Conference, which sets the budget and defines the strategic plan of the ITU for a cycle of four years.
The main goals for APNIC in this conference were to: provide technical insights to the delegations, be a resource for those interested in understanding the Internet addressing community, keep the network operators at top of mind during negotiations, and promote further collaboration with ITU in the Asia Pacific region.
.@apnic correspondent @bout_policy reports from on-the-ground in Dubai where midway through ITU #Plenipot 2018 collaborative, civil mood has yet to provide consensus on most contentious issues https://t.co/zSxq2so3AP pic.twitter.com/iVePX88emn
— Klee Aiken (@a_Klee) November 9, 2018
During the conference there was much debate on resolutions related to Internet matters, including governmental views on IPv6 deployment. It was a good outcome that the conference recognized, through amendments in these resolutions, the importance of cooperating with RIRs and engaging in capacity building efforts.
Reflecting on what has happened
In early December, I presented on the fundamentals of Internet governance to an audience of 80 senior government officials participating at the Program on Cybersecurity Studies (PCSS) at the Marshall Center.
My presentation touched on: the previous two months in Barcelona, Wuzhen, Paris and Dubai, the last 20 years; and the next five years of international Internet governance discussions, focusing on:
- The increased level of concerns by governments about Internet threats
- A higher probability of governments playing a stronger role in regulating the Internet in the national and multilateral arenas; and
- Whether the ‘securitization’ of Internet governance is an opportunity for convergence or an indication of a split on pending agreements and future governance decisions.
Referring to the 20+ years of history, I noted the efforts by different stakeholder communities to develop international governance frameworks for the coordination of the Internet addressing system, sometimes also known as ‘critical Internet resources’. Decisions around these issues have been relatively open to the participation of different interest groups, and the viewpoints of the technical community have proven significant in those decisions.
The problem statement these days is one of cybersecurity risks associated with national fears in a difficult geopolitical context. As a result, cybersecurity problems tend to disassociate from the overall evolution and operation of the Internet, including the evolution of its governance frameworks. This in turn, can result in restricting future governance discussions to mostly state actors, while the probabilities of them reaching agreements at the international level could be very low.
However, this can also result in a scenario where the history of cybersecurity and the Internet can converge in seeking innovative governance solutions through inclusive processes that can learn from past experiences but offer feasible solutions to maintain trust in the stability and security of the Internet.
Has been an honour to speak at the #PCCS by @Marshall_Center about Internet governance: from WSIS to Digital Cooperation. Whether securitisation of the debate is an opportunity for convergence or split. #netgov @apnic pic.twitter.com/KLcq5jOapp
— Pablo Hinojosa (@lphinojosa) December 7, 2018
The APNIC community has 25 years of experience on just that: seeking innovative governance solutions through our Policy Development Process and through sharing best practices for network operators, on IPv6, cybersecurity, and the development of a stable and secure Internet in Asia Pacific.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.