1. Introduction:
rational and scope of the report
1.1. Why internet governance matters
1. The internet is a “transformative
phenomenon, with the capacity to touch nearly every aspect of life”;
it is a kind of core superstructure
for the functioning of all the others which are essential for our
societies. Internet users are estimated to be more than 4.15 billion
people, i.e. more than 54% of the world population.
According to Eurostat, in 2017,
internet users amounted to 84% of the population of the European
Union aged between 16 and 74.
We communicate between ourselves,
access and consume content (including news and information which
are crucial for informed citizens’ choices and the functioning of
our democracies), trade goods and services, manage our bank accounts,
dialogue with our local and national administrations, have access
to services (health, social care, justice, among others), pay our
tax contributions and participate in political processes through
the internet.
2. It is therefore self-evident that internet governance is a
sensitive crucial global public policy issue. Sensitive, because
of the inherent complexity of problems of a legal and technical
nature that are posed, also resulting from the transnational nature
of the internet communication flow which goes beyond nation States’ sovereign
borders. Crucial, also, because today the internet must be considered
a common good, impacting on many aspects of our lives and touching
upon our fundamental rights.
3. Our future is closely linked to the way the internet will
develop. The report on One Internet by
the Global Commission on Internet Governance (2016) captures the
main risks and hopes in three possible scenarios. There are certainly
many more which could result from less radical trends and from a
combination of the key elements featuring each of these three scenarios;
but I find this somewhat simplified vision quite useful for operational
purposes.
4. The first – scary – scenario is a “dangerous and broken cyberspace”,
where, among others, unprecedented private data collection and government
mass surveillance destroy users’ privacy, sovereign-driven restrictions
fragment the internet and violate human rights, malicious actions
of cyber-criminals multiply undermining users security and the risk
of cyberwarfare increases, including threats to the operation of
civilian infrastructure such as the power grid or water systems.
5. The second scenario is one leading to “uneven and unequal
gains”, where some users capture a disproportionate share of “digital
dividends” while others are permanently locked out. Governments
do not preserve the internet’s openness, do not enable competition
and do not encourage the private sector to expand high-speed access.
They choose to assert sovereign control through trade barriers,
data localisation and censorship and by adopting other techniques
that fragment the network in ways that limit the free flow of goods, services,
capital and data.
6. The third, more optimistic, scenario is that of a healthy
internet triggering “broad, unprecedented progress” and providing
opportunities for social justice, human rights, access to information
and knowledge, growth, development and innovation.
7. In this respect, our task as policy makers seems clear: to
ensure that internet governance is able to deliver the best scenario,
avoiding unwise, self-centred attitudes and behaviours which would
divert the process towards alternative worrying developments.
1.2. What “internet governance” means
8. The Tunis Agenda, adopted at
the second phase of the World Summit on the Information Society
in November 2005, provides a “working definition” of internet governance
as the development and application by governments, the private sector
and civil society, in their respective roles, of shared principles,
norms, rules, decision-making procedures and programmes that shape
the evolution and use of the internet.
9. This definition (that the Committee of Ministers of the Council
of Europe takes up in its
Recommendation CM/Rec(2007)16 on measures to promote the public service value of the
Internet) is not necessarily perfect and it is not uncontested.
However, I believe it offers a good starting point for our analysis:
- it points to the plurality of
actors, with different (somewhat interconnected) roles, who are
– and should remain – involved in internet governance, although
in this respect I would certainly add to the list the international
organisations (both at global and regional levels);
- it highlights the need to build the internet and regulate
its use based on foundations which should be “shared”, starting
by agreeing on a core set of principles;
- in a less explicit way, it recognises that “internet governance
is concerned not only with the internet’s design and administration,
but also with its evolution and use, so internet governance is inherently oriented
towards the future and the impact on society”.
10. The Tunis Agenda definition seems to reflect the view of internet
governance as a kind of monolithic system, thus masking an extremely
complex reality, including the fact that governance arrangements
may eventually vary in different domains.
To
deal with this complexity, the report on One Internet by the Global Commission
on Internet Governance has suggested that “[i]t can be helpful to
think about the internet in layers. There are many possible taxonomies
for these layers, but one simple framework … disaggregates components of
the internet into four layers: infrastructure; logical; application;
and content”.
The same report also stresses that
significant policy questions permeate all of these layers.
11. In this report, I will mainly refer to policy issues that
are more closely linked with the “application layer” (including,
for example, mobile apps, search engines, social media platforms
and platforms for sharing user-generated content) and with the “content
layer” (including text, audio, pictures, video and multimedia of
all kinds). The policy issues in question could possibly be captured
by the following sentence: There is a compelling need to ensure
more effective protection of human rights on the internet. Though,
I will use the term “internet governance”, I wish to note here that
the term “digital governance” is becoming more and more frequently
used to encompass all governance aspects that go along with the
digital transformation of our economic, social and political lives
based on the spread of digital services and applications that use
the internet and other digital technologies and infrastructure.
1.3. Key issues and focus of the report
12. From different texts of the
Council of Europe
and of other
stakeholders,
it appears very clearly
that human rights, democracy and the rule of law are – and must
remain – key goals of internet governance. Here, I will limit myself
to quoting the
Declaration
on Internet governance principles, which was adopted by the Committee of Ministers of
the Council of Europe on 21 September 2011. The first principle
is on “Human rights, democracy and the rule of law”:
“Internet governance arrangements
must ensure the protection of all fundamental rights and freedoms and
affirm their universality, indivisibility, interdependence and interrelation
in accordance with international human rights law. They must also
ensure full respect for democracy and the rule of law and should
promote sustainable development. All public and private actors should
recognise and uphold human rights and fundamental freedoms in their
operations and activities, as well as in the design of new technologies,
services and applications. They should be aware of developments
leading to the enhancement of, as well as threats to, fundamental
rights and freedoms, and fully participate in efforts aimed at recognising
newly emerging rights.”
13. In the subsequent sections, I will first focus on a shortlist
of fundamental rights which we must preserve together, taking account
of specific threats that endanger them. In this analysis, I will
build on the work of the Council of Europe intergovernmental sector
and on our own very rich, previous work.
14. It is not enough to reaffirm that human rights must be at
the core of internet governance; indeed this seems to be fairly
consensual. Therefore, I will consider how we could enhance decision
making on internet governance issues, and to what extent it is possible
for the Council of Europe and for its member States to operate more
effectively within the existing internet governance ecosystem to
uphold these rights and secure their concrete implementation.
15. The compass of this report intercepts issues which have already
been examined or are being discussed by our committee, as well as
by the intergovernmental sector of the Council of Europe. Therefore,
while seeking to provide a comprehensive overview and some updating,
I do not intend to redo analyses that we have already performed
and I will not discuss key questions which are covered by ongoing
targeted committee work.
2. Human rights at stake
16. When we speak of the internet,
the first right that comes to mind is the right to freedom of expression and
information, which is inextricably linked to the internet today:
it is essential to guarantee the freedom to express oneself and
access content disseminated by others on the web. Other rights in
this connection are freedom of thought, conscience and religion
and freedom of assembly and association. However, essentially, the
exercise of these freedoms in cyberspace is intertwined with that
of freedom of expression and information.
17. In order for everyone to be able to fully enjoy these rights,
there must first of all be a guarantee of access to the internet.
It is also necessary to ensure that the internet remains an open
ecosystem. In this connection, “Net neutrality” is based on two
pillars: the obligation for internet access providers (IAPs) to
treat all content transmitted on the web equally and the possibility
for internet users to view and freely disseminate content on the
web. At the same time, it is necessary to ensure users’ right to
security and to respect for their privacy, especially from the point
of view of the protection of personal data.
2.1. The right to internet access, with
no discrimination
18. I would like to clarify, straightaway,
that when I refer to a “right to internet access”, I do not mean
an entitlement for everyone to have access to the internet free
of charge, but rather a right to an affordable access to the free
internet. In its
Resolution
1987 (2014) on the right to Internet access, the Assembly holds
that internet access as such should be recognised as a fundamental
right. The report of the Committee on Culture, Science, Education
and Media
stressed
that actions and views by several governments, international actors –
including the Council of Europe – and internet stakeholders pointed
in this direction, and it referred to a wide recognition of the
importance of the internet for freedom of expression
(but also of other rights), the
promotion of the public service value of internet and case law from
national and international courts. In this respect, the Committee
of Ministers, in its Declaration on Internet governance principles,
stated that “Internet-related policies should recognise the global
nature of the Internet and the objective of universal access”.
19. In some States, the legislation recognises (affordable) internet
access as a right. For example, since 2000, internet access is a
right under the Estonian legislation.
Since
2007 in Switzerland, the Telecommunications Act
has guaranteed the right to quality
internet access at an affordable price to all inhabitants irrespective
of where they live. Since 2009, in Finland, all individuals and
businesses are considered to have the right to high-speed internet
access in their place of residence.
More generally,
at European Union level,
Directive
2002/22/EC of the European Parliament and of the Council of 7 March
2002 on universal service and users’ rights relating to electronic
communications networks and services (Universal Service Directive)
seeks to ensure the availability of a minimum set of good-quality
electronic communications services accessible to all users at an
affordable price.
20. It might be difficult for a number of countries, including
in Europe, to formally proclaim internet access as a right per se,
given the implication this would have in terms of infrastructure
development (and related costs for the public budget) to ensure
this right effectively. I believe however that not only should we
ask that universal access to the internet be recognised as a key
internet governance principle, but that we should encourage in Europe
national public investment policies coherent with this objective,
as its attainment seems to me an essential factor of sustainable
democratic and socio-economic development.
21. The right to internet access certainly implies offsetting
geographical imbalances (e.g. between urban and rural or remote
areas); but it requires – and implies – much more. There is a clear
digital divide between generations,
as well as
socio-economic and cultural gaps. There are disabilities which require
specific consideration and targeted action in order to ensure that
certain categories of users could have proper access to internet
facilities. There are also gender inequalities which impact significantly
on internet access.
In
this respect, the proportion of women using the internet is 12%
lower than the proportion of men using it worldwide; and even in
Europe the internet user gender gap between men and women is still
close to 8%.
It
is encouraging, however, that this gap has decreased since previous
measurements and in some countries the penetration rate is equal.
22. In other terms, the right to internet access is an essential
component of any sound policy designed to fight against discrimination,
promote inclusion and support social cohesion. Here we are at the
core of State responsibilities and this cannot just be handed over
to the private sector.
23. There are good arguments also to convince those of us that
are more focused on the economic dimension of (and budgetary constraints
to) public policies. Just as an interesting example concerning gender discrimination,
a 2015 McKinsey Global Institute report
holds that gender
inequality is not only a pressing moral and social issue, but also
a critical economic challenge and considers that, in a “full potential”
scenario in which women and men play an identical role in labour
markets, up to 28 trillion dollars could be added to global gross
domestic product (GDP) by 2025. Of course, we cannot envisage closing
gender gaps in work and society without closing the internet gap.
24. The One Internet report
suggests that governments need not only to encourage the continuing improvement
of internet infrastructure, use competition as a tool to expand
internet access facilities and invest to ensure availability when
market forces prove insufficient, but they should also: develop
public investment at locations such as schools and libraries to
provide wider access to communities that would otherwise have limited
opportunities due to factors such as income or geography; develop
digital literacy; create incentives for the adoption of web standards
intended to ensure that everyone, regardless of their physical capacities,
can use the internet.
2.2. The right to an open internet: building
an ecosystem which safeguards Net neutrality
25. The Declaration on Internet
governance principles, when establishing the
Architectural
principles, asks that “[t]he open standards and the interoperability
of the Internet as well as its end-to-end nature” be preserved and
states that “[t]here should be no unreasonable barriers to entry
for new users or legitimate uses of the Internet, or unnecessary
burdens which could affect the potential for innovation in respect
of technologies and services”. In this respect, the phenomenon of
innovative tools bought at their early stages by powerful internet platforms
raises concerns about the real possibility for new competitors to
emerge on a global scale through purely free-market mechanisms.
26. Next, this declaration insists on the principle of Open network: “Users should have
the greatest possible access to Internet-based content, applications
and services of their choice, whether or not they are offered free of
charge, using suitable devices of their choice.” And then it continues:
“Traffic management measures which have an impact on the enjoyment
of fundamental rights and freedoms, in particular the right to freedom
of expression and to impart and receive information regardless of
frontiers, … must meet the requirements of international law on
the protection of freedom of expression and access to information.”
27. More recently, the Committee of Ministers, in its Recommendation
CM/Rec(2015)6 on the free, transboundary flow of information on the
internet (adopted on 1 April 2015), after recalling that “[t]he
provisions on rights and freedoms set out in the European Convention
on Human Rights … and Article 19 of the International Covenant on
Civil and Political Rights apply equally online and offline”, notes
that “Article 10 of the [European Convention on Human Rights] applies
not only to the content of information, but also to the means of
dissemination or hosting, since any restriction imposed on the means
of dissemination necessarily interferes with the right to receive
and impart information”. The Committee of Ministers then adds: “The unimpeded,
transboundary flow of information on the Internet is critical for
the full realisation of these rights and freedoms, safeguarding
pluralism and diversity of information, the development of culture,
education and innovation, and economic growth.”
28. Here, I would also mention Committee of Ministers Recommendation
CM/Rec(2016)1 on protecting and promoting the right to freedom of
expression and the right to private life with regard to network
neutrality (adopted on 13 January 2016). This recommendation contains
a set of guidelines on network neutrality in terms of equal treatment
of internet traffic, pluralism and diversity of information, privacy,
transparency and accountability; it calls on European States to
safeguard the principle of network neutrality in the development of
national legal frameworks in order to ensure the protection of the
right to freedom of expression and to access to information, and
the right to privacy.
29. Regulation
(EU) 2015/2120 enshrines the principle
of Net neutrality and guarantees an open internet access. It provides
for the individual and enforceable right for end-users in the European
Union to access and distribute internet content and services of
their choice and for equal and non-discriminatory treatment of traffic in
the provision of internet access services.
The
Regulation also imposes obligations on internet access providers
to ensure transparency (Article 4), especially as regards the content
of any contract that includes internet access services, and requires
national regulatory authorities to ensure Net neutrality and respect
for users’ rights (Article 5).
30. However, the principle of Net neutrality has been challenged
by the United States Federal Communications Commission (FCC) which
repealed federal rules (with effect from 11 June 2018) intended
to ensure Net neutrality. Thus, in the United States, cable and
phone giants can now establish “fast lanes” for specific preferred
sites and services (their own and/or those of their clients that
are ready to pay more to get preferential treatment), everyone else
being assigned slower lanes. They could also decide (in theory)
to block access to some services, those of competitors for example.
31. European users are protected by the EU legislation and the
European Commissionaire, Andrus Ansip, publicly declared that the
repeal of the US net neutrality rules will produce no effect in
Europe. However, we are not “isolated” from what happens in other
areas of the world – and especially in the United States – and I can
hardly believe that there will be no impact whatsoever, including
in terms of advantages or disadvantages for European businesses
which operate at global level. Europe has a number of controversial
files to deal with with the Trump Administration, which could appear
more important; but internet governance should not be neglected
and we should be active in all possible international fora to uphold
Net neutrality.
32. In addition, Net neutrality is under threat, in Europe too,
from both different forms of “State censorship” – which some regimes
employ to silence their critics – and certain operator practices.
I will briefly discuss issues concerning freedom of expression and
freedom of information on the Net, including State censorship, in
the following section.
33. As far as operator practices contrary to Net neutrality are
concerned, I would like to mention here the report published in
February 2018 by the French Regulatory Authority for Postal and
Electronic Communications (ARCEP) entitled “
Smartphones,
tablets, voice assistants: devices, the weak link in achieving an
open internet”. This very instructive report points out very clearly
that the internet access chain does not stop at access networks
and that users’ ability to access the desired content and services
online can be (and indeed is) hampered by other intermediaries.
In this connection, ARCEP points the finger at devices (smartphones,
tablet, PCs, etc.), their operating systems and their app stores,
which are controlled by a small number of economic players. It notes
that “users’ freedom of choice is being reduced by the restrictions
this equipment imposes. Some of these restrictions may be warranted
for reasons of design, security or innovation. Others artificially
restrict internet access and the array of content and services available
to users. The transition towards ever smarter devices – smart speakers
at home, on-board computers in cars, connected products – raises
concerns of ever increasing restrictions, within environments that
are not always compatible with each other”.
34. To counter this risk, ARCEP identifies avenues for action
(to be found on page 61 of its report), which should be brought
to the attention of all our member States:
- clarifying what constitutes internet openness, by establishing
a principle of freedom of choice in content and services, regardless
of the device;
- “data-driven” regulation (gathering information from device
manufacturers, gathering reports from end-users, promoting comparison
tools, imposing transparency on the indexing and ranking criteria employed
by app stores);
- increasing fluidity;
- lifting certain restrictions artificially imposed by key
device market players and, in this connection, among other things,
enabling users to delete pre-installed apps and easily access applications
offered by alternative app stores, once they have been deemed reliable;
- establishing a rapid procedure for supporting businesses,
especially small and medium-sized enterprises (SMEs) and start-ups,
when they encounter questionable practices.
2.3. The right to freedom of expression
and freedom of information
35. I have lost count of the number
of times our committee and our Parliamentary Assembly have stressed the
fundamental importance of the right to freedom of expression and
information – enshrined in Article 10 of the European Convention
on Human Rights and Article 19 of the United Nations Covenant on
Civil and Political Rights – as a pillar of every democratic society.
We have emphasised the obligation incumbent on Council of Europe
member States to ensure that this right is not threatened by either
public authorities or private-sector or non-governmental operators.
36. We have repeatedly stressed in our reports the role played
by the internet and the social media in the new media context by
putting an end to the concentration of the power to disseminate
information, changing the communication paradigm, and radically
modifying institutional communication and the relationship between the
electorate and political parties, and between citizens, elected
representatives and government departments.
37. We have also pointed out the new dangers brought about by
abuses of the right to freedom of expression and information on
the internet: incitement to discrimination, hatred and violence
against ethnic, religious or other minorities; incitement to terrorism;
child pornography; online bullying and violence against women; and the
manipulation of information and propaganda for the purposes of political
or other forms of destabilisation. This report will not revisit
those issues, especially as they are regularly dealt with in more
specific reports, including those prepared or currently being prepared
by our committee.
We have carried out a full
analysis but are still seeking effective solutions as it is hard
to combat abuses without jeopardising the right to freedom of expression
and information itself.
38. According to the Declaration on Internet governance principles,
“[a]ny national decision or action amounting to a restriction of
fundamental rights should comply with international obligations
and in particular be based on law, be necessary in a democratic
society and fully respect the principles of proportionality and the
right of independent appeal, surrounded by appropriate legal and
due process safeguards”. While the declaration uses the conditional
“should”, this principle is clearly linked with Article 10 of the
European Convention on Human Rights; thus, it is not negotiable.
However, its proper implementation is far from being ensured.
39. Measures to close down websites may prove necessary to ensure
the protection of users. However, if the actual aim is, for example,
to prevent dissidence and undermine the activities of the democratic
opposition, then this is a serious breach of freedom of expression
in general and of freedom of the media in particular. Apart from
serious and systemic breaches of the right to freedom of expression
and information by regimes with little or no democracy, the extent
of this right (i.e. its limits laid down by national legislation)
may vary from one (democratic) country to another. This is not necessarily
an anomaly as it is also a question of striking a balance between
this right and other rights worthy of protection, and each national
community expresses its own preferences in this regard. However,
when it comes to the internet, these differences may become an obstacle
to a sufficiently harmonised regulation of the legality (or otherwise)
of content.
40. In addition, the progressive transformation of some search
engines and social media into organised and active selectors of
news and information for their users could trigger a serious impact
on access to a variety of media and of opinions.
41. Finally, I want to stress at this point the link between the
right to freedom of expression and information and the possibility
of enhancing cultural diversity and specific local characteristics
without ending up with a kind of internet community isolationism.
In this respect, according to the Declaration on Internet governance principles,
“[p]reserving cultural and linguistic diversity and fostering the
development of local content, regardless of language or script,
should be key objectives of Internet-related policy and international
co-operation, as well as in the development of new technologies”.
2.4. Internet governance and security
42. Security is a fundamental right.
We all aspire to live in a secure environment in which we are protected from
arbitrary action, threats, attacks on our physical and mental integrity
and violations of our rights. As the title of Article 5 of the European
Convention on Human Rights reminds us, “liberty and security” go
together. This also applies to the internet, as an integral part
of our living environment. We speak of the “virtual” world, but
it should be clearly understood that what happens on the web is
part of our real life, and we need much more internet security.
The speech of the French President Emmanuel Macron at the Paris
Internet Governance Forum (12 to 14 November 2018)
was a cry of alarm that we should
not ignore.
43. There are various aspects to this question, including:
- the security of the databases
managed by public or private institutions which must be protected
against malicious hacking aimed at stealing, manipulating, rendering
inaccessible or destroying the data in question;
- the security of internet communications and transactions
and combating computer fraud;
- the personal security of vulnerable users – children,
young people, women and others – victims of racist and hate speech,
of psychological violence, of infringements of their dignity and
of online bullying;
- the security of the strategic infrastructures and key
services that rely on the internet to operate, such as communication
networks, energy networks (including the security of nuclear power
stations), transport systems, the banking system and the stock exchange,
and the health or justice services, the malfunctioning of which
may have extremely serious or even dramatic consequences;
- more generally, the security of our democratic societies
against all types of attack, including on our democratic institutions,
linked to what is referred to as cyberterrorism and cyberwarfare.
44. This issue has, in its various aspects, been the subject of
several documents produced by the Assembly (and our committee).
Guided
both by the Assembly’s recommendations and by the proposals made
by many experts, I would like to emphasise at this point the importance
of focusing our political action (at all levels) on a number of
key outcomes.
45. Firstly, there is a need to incorporate security as an essential
design feature. The “security by design” principle is crucial for
the main internet architecture and computer infrastructure of essential
services, in order to reinforce the resilience vis-à-vis various
forms of criminal or terroristic assaults, but also to reduce the
risk and potential consequences of breakdowns. In this respect,
I would commend the approach which is promoted within the European
Union by Directive (EU) 2016/1148 on security of network and information
systems (
NIS Directive) which is aimed at achieving a high level of security
of network and information systems across the European Union, through:
improved cybersecurity capabilities at national level; increased
EU-level co-operation; and risk management and incident reporting
obligations for operators of essential services and digital service
providers.
This approach should be encouraged
in all Council of Europe member States and, possibly, expertise
acquired by the European Union and its members could be shared within
the wider European framework and beyond.
46. The “security by design” principle is also crucial for the
network of physical devices, home appliances and other items which
we call “the internet of things” (IoT) which is progressively entering
into our everyday lives. The commercial interest of business companies
to maximise economic benefits (and maybe the interest of governments
to grasp the immediate benefit in terms of job opportunities and
fiscal revenues that this business entails) cannot prevail over
users’ security. It is a responsibility for developers and vendors
to deliver the safest products and this responsibility should also
be clearly embedded in national regulations when it comes to the
IoT. For these regulations to be effective, they should be harmonised;
therefore there is a need to develop harmonised international security
standards; certification should become mandatory and a certification
mechanism should be agreed upon. It is equally the responsibility
for both private businesses and public authorities to ensure that
damage is covered; here, compulsory insurance schemes (to be entirely financed
by the business sector) similar to what exists for car accidents
should be introduced to mutualise risks.
47. Secondly, the struggle for security (and namely the fear of
terrorist attacks and cyberwarfare and the attempt to counter these
threats) is closely linked with the trend towards balkanisation
of the cyberspace. While we shall reinforce domestic protection,
we shall also avoid splitting the internet and establishing pervasive State
control on the information flow therein. Not only will this significantly
reduce internet potential, but it would also be a major threat to
citizens’ fundamental rights. However, what are the alternatives
to balkanisation and State control which could preserve a free internet
and a high level of security? I do not have a fully-fledged reply to
this question, but what I would suggest is exploring the possibility
to reinforce international co-operation, at least at regional level,
instead of dividing ourselves, also bearing in mind that, in a global
internet world, measures that are only national are very often useless.
48. There are, I believe, two main interconnected reasons that
hamper stronger collaboration at international level (and even a
discussion on what would be the required structures and mechanisms):
the wish to remain or become predominant or at least sufficiently
influential (in terms of political, military and economic powers); and
the lack of trust in each other’s good will and intentions. Thus,
the challenge is to find the pathway that will strengthen solidarity
and mutual confidence, including the will to mutualise (at least
to a certain extent) domestic technology developed to enhance security.
I would like to add that the aim of any attempt to reinforce international
co-operation cannot be the establishment of a superstructure which
will have full control instead of individual States: I fear this
would be the start of an Orwellian world. I will return to this
when discussing internet governance decision-making processes.
49. Thirdly, internet security is certainly a responsibility for
the business sector and of public authorities; but users also have
a crucial role to play. The internet community is not only the potential
victim, but also the potential army against threats to individual
and collective security. Therefore, their awareness of various risks, understanding
on what they should do to reduce them and ability to react when
they become targets of attacks or detect attacks to others are pivotal
to any effective defensive strategy. Both public authorities and
social media should be active in educating and training this army.
This is the subject of the ongoing committee work on “Media education
in the new media environment”, to which I refer. However, I wish
to stress here that children need to be educated about how to steer
clear of danger and to get maximum benefit from the internet. The
member States of the Council of Europe, together with all relevant
stakeholders, must make full benefit of Committee of Ministers Recommendation
CM/Rec(2018)7 on Guidelines to respect, protect and fulfil the rights of
the child in the digital environment.
50. Fourthly, I believe that the Council of Europe Convention
on Cybercrime (
ETS
No. 185, “Budapest Convention”) should be better used to enhance
interstate collaboration aimed at strengthening cybersecurity. In
this respect, we should call Council of Europe member States to:
- ratify the Budapest Convention,
if they have not yet done so, and ensure its full implementation,
taking due account of the Guidance Notes on critical information
infrastructure attacks, distributed denial of service attacks, terrorism
and other issues;
- support the completion of the negotiation of the second
additional protocol to the Budapest Convention on enhanced international
co-operation and access to evidence of criminal activities in the
cloud;
- strengthen synergies between the Budapest Convention,
the Council of Europe Convention on the Protection of Children against
Sexual Exploitation and Sexual Abuse (CETS No. 201, “Lanzarote Convention”)
and the Council of Europe Convention on Preventing and Combating
Violence against Women and Domestic Violence (CETS No. 210, “Istanbul
Convention”), following the recommendations in the “Mapping study
on cyberviolence” adopted by the Cybercrime Convention Committee
(T-CY) on 9 July 2018;
- support, and make best use of, the capacity-building programmes
implemented by the Cybercrime Programme Office of the Council of
Europe (C-PROC).
51. Last but not least, Artificial Intelligence (AI) is already
in the battlefield. Progress in the development of AI and of “deep
learning” capacity could provide us with new robust defensive tools;
but at the same time this will provide potential offenders with
new powerful weapons. In addition, the possibility that in some
years there could be forms of AI capable of a kind of “self-determination”
raises – among others – a new kind of security issue. Our future
in co-habitation with AI is a sensitive and very complex question,
which I believe would deserve a new specific report.
2.5. Protection of privacy and personal
data in the cyberspace
52. The technologies that are now
so much part of our daily lives that they have become indispensable,
and which we also use to build our interpersonal relations and to
which, without giving it too much thought, little by little we entrust
the most intimate aspects of our identity, are becoming a means
of manipulating opinions and enabling insidious checks on our private
lives.
This
question has also been the subject of previous reports produced
by the Assembly,
which has expressed its concern
at the mass collection of personal data by private companies and
has highlighted the problems associated with the creation of internet
user profiles, and at the risks resulting from the actions of hackers
who penetrate computer systems to obtain data held by businesses,
financial institutions, research institutes and government agencies.
The Assembly has also underlined the threat to human rights posed
by the large-scale systems set up by intelligence services for the mass
collection, preservation and analysis of communications data.
54. The foreword of the new
Handbook
on European data protection law states that “Europe is at the forefront
of data protection worldwide”. However, as a matter of fact, the
present business model of the biggest internet operators is based
on data, the new “oil” of the digital society; and (consistent with
their real interest) they are all acting to get the required “user
consent” for them to collect and use as they deem fit the widest possible
number of (personal) data. This question is also examined in the
framework of the report of our committee on “Social media: social
threads or threats to fundamental freedoms?”, to which I refer the
reader.
3. Enhancing decision-making on internet
issues
55. The question of the internet
decision-making process arises at both multilateral (global or regional)
level and national level, in terms of the domestic legal system.
The key principles referred to over and over again in the statements
of Council of Europe bodies and of other partners are applicable
at all levels of decision-making, although their implementation
must be context-specific. I would add that, as pointed out in the
introduction, the aim is not to establish a universal model because
internet governance is not monolithic but complex, with different
roles and responsibilities for different stakeholders in different
areas.
My
remarks must therefore be seen as an attempt to chart the way forward
for governance aimed at the actual protection of the rights identified
above.
56. The Declaration by the Committee of Ministers on Internet
governance principles enshrines three principles concerning decision-making
which should be underlined: “multi-stakeholder governance”; “empowerment
of internet users”; and “decentralised management”.
57. The final NETmundial Multistakeholder Statement of 2014 identifies
a number of “internet governance process principles”, which cover
decision-making processes and the structure of decision-making bodies. Some
of these principles either overlap or complement one another, while
others focus more on the aims of the decision-making process than
on the process itself, but essentially the three principles mentioned
above are confirmed.
58. According to this Statement, internet governance should be:
- “multi-stakeholder”, “open,
participative and consensus driven”, “inclusive and equitable”;
- “distributed”, i.e. “carried out through a distributed,
decentralised and multi-stakeholder ecosystem;
- “enabling meaningful participation” (which requires support
capacity building for the less experienced or underrepresented stakeholders).
59. The NETmundial Statement underlines that internet governance
should also be “transparent”, “accountable” and “collaborative”.
Transparency and responsibility are key words that appear both in
the Declaration on Internet governance principles and in the texts
explaining the principles of multi-stakeholder governance and decentralised
management. However, I think it is worth giving them greater emphasis.
60. Good internet governance should therefore be (among other
things) multi-stakeholder and decentralised, transparent and responsible,
collaborative and participatory. To some extent, these principles are
interconnected and support one another. For instance: in order to
have an inclusive process that is also open to users, it is necessary
to promote their empowerment; for all stakeholders to be able to
fully play their role in multi-stakeholder governance, there is
also a need to retain decentralised management. However, in order
to guarantee fundamental rights, this form of management must be
transparent and responsible. Accordingly, although these principles
must be analysed separately, it is important not to lose sight of
the links that hold them together.
3.1. Multi-stakeholder and decentralised
governance, and multi-stakeholder policy dialogue on internet governance
61. There is no common definition
of what a multi-stakeholder approach to internet governance could
or should be.
62. To explain the “multi-stakeholder governance”, the Declaration
by the Committee of Ministers of the Council of Europe on Internet
governance principles speaks about the full participation of governments,
the private sector, civil society, the technical community and users,
taking into account their specific roles and responsibilities, and
it adds that the development of international internet-related public
policies and internet governance arrangements should enable full
and equal participation of all stakeholders from all countries.
63. The NETmundial Statement advocates for a governance open to
all stakeholders wishing to participate and ensuring their meaningful
and accountable participation; it explains that the respective roles
and responsibilities of stakeholders should be interpreted in a
flexible manner with reference to the issue under discussion, then
it adds that the development of international internet-related public
policies and internet governance arrangements should enable the
full and balanced participation of all stakeholders, and be made by
consensus, to the fullest extent possible.
64. On this basis, multi-stakeholder governance initially involves:
- the tendentially open nature
of the decision-making process, so as to be able to include all
interested parties, whether governments (or, more generally, public
authorities), the private sector, civil society, the technical community
or users;
- participation of these parties in varying ways depending
on their specific role in relation to the issues being addressed;
- in the multilateral context, the balanced, if not equal,
access for stakeholders from all countries and, as far as possible,
an attempt to find consensual solutions.
65. Nonetheless, several problems remain. One is the fact that,
in many areas of internet governance, there is no agreement about
what the respective roles and responsibilities of the different
stakeholders should be. Another open question is how to ensure the
qualitatively satisfactory and quantitatively fair representation
of the various categories of stakeholder, given the number of potential
partners and the fact that it is in practice impossible to involve
everybody (for example, all users), and how to avoid deadlock while
at the same time seeking the broadest consensus, in view of the
conflicting interests that may exist between, or even within, these
categories of stakeholder. I have no magic solution in this connection.
66. The NETmundial Statement highlights some issues that deserve
attention in the future evolution of internet governance. Two of
them sound particularly relevant to me:
- stakeholder representatives appointed to a multi-stakeholder
internet governance process should be selected through open, democratic
and transparent procedures; different stakeholder groups should self-manage
their processes based on inclusive, publicly known, well defined
and accountable mechanisms;
- multi-stakeholder mechanisms should be developed at the
national level, as a good portion of internet governance issues
should be tackled at this level; those mechanisms should serve as
a link between local discussions and regional and global instances
and a fluent co-ordination and dialogue across those different dimensions
is essential.
67. With regard to the first point, we could encourage an approach
involving the re-composition of interests within various groups
of stakeholders, for example through associations or federations
that have to meet internal democracy criteria. As far as the second
point is concerned, the aim is to foster both a bottom-up approach
(from the local to the multilateral level) and a top-down approach
(from the multilateral to the local level).
68. In this respect, I would like to welcome the development of
National and Regional Internet Governance Forum Initiatives (NRIs)
as an integral part of the United Nations Internet Governance Forum
(IGF) process.
The IGF and the
NRIs have the potential to uphold multi-stakeholder, inclusive and
collaborative approaches to internet policy design and effective
implementation. They do not take decisions; they are platforms for
open and inclusive multi-stakeholder dialogue. This dialogue helps
in identifying opportunities and challenges that new digital technologies
and internet applications bring about; it is also fundamental to
building a shared understanding of stakeholders’ respective roles
and responsibilities. The IGF and NRIs can serve as a catalyst to
identify practical solutions and foster partnerships; through setting
the agenda of the discussion about public policy issues, they can
influence the decision-making in other fora and institutions. Taking
a closer look at the European experience, the European Dialogue
on Internet Governance (EuroDIG)
is
considered to be one of the most innovative models of democratic,
bottom-up, multi-stakeholder processes among the NRIs. The Council
of Europe, the European Commission and other institutions support
the pan-European dialogue through their participation in the bottom-up
programme planning process, without “taking over” or undermining the
EuroDIG multi-stakeholder character. However, the potential of the
EuroDIG, as well as of the IGF and other NRIs, is not yet fully
exploited.
69. A key issue is weak funding of these fora. Like the IGF and
many NRIs, EuroDIG is a fragile process, dependent on voluntary
funding and on mainly voluntary resources to drive the process.
A stronger presence of, and support by, the Council of Europe would
help stabilise the process and guarantee a minimum level of geographical
representation in EuroDIG. Another challenge is the somewhat contradictory
attitude of some governments and many business representatives that
insist on the IGF and NRIs remaining dialogue platforms, with no
negotiations or no decisions taken, but at the same time refuse
high-level participation or financial support precisely because
these fora are not taking decisions and are thus not producing a
“tangible outcome”. Therefore, the link between the discussions
in these fora and these decision-making bodies is still not strong enough.
70. At the global level, the hosts of the IGF 2017 (Switzerland),
2018 (France) and 2019 (Germany) have engaged in joint efforts to
create a more tangible outcome by taking over the example of EuroDIG
that since 2008 is producing a set of easy-to-read political but
non-negotiated “Messages” mirroring the key findings of the debates.
Furthermore, Switzerland and France have raised the political profile
of the IGF with the presence of their presidents at the IGF. Another
way to strengthen the political impact of the IGF, EuroDIG and the
other NRIs, would be to involve more parliamentarians in the dialogue.
While the number of members of the European Parliament participating
at the IGF has increased over the last years, only a few members
of national parliaments participate. I hope that our Assembly can
encourage the participation of parliamentarians in national and
regional IGF to help link the discussions therein with decisions
to be taken at national level. With a stronger parliamentary dimension,
EuroDIG could foster inter-sessional work, seeking to enhance the
results of the annual event and continue the debate throughout the
year, and could help strengthen the national initiatives that exist
in almost every European country.
71. The Council of Europe and other stakeholders are considering
how to increase effectiveness of the EuroDIG process; therefore,
it might be premature to put forward concrete proposals in this
respect. However, the IGF, the EuroDIG and the other NRIs are important
catalysts for the implementation of recommendations adopted by the
Committee of Ministers in the field of internet governance.
72. I would like to add here that inclusion at national but also
European and global levels must be understood not only in terms
of stakeholder groups, but also in terms of demographic diversity
– i.e. a balanced representation of gender, age and also ethnicity,
as appropriate. In this respect, it seems that there is still quite a
long way to go. Therefore, when encouraging the establishment of
multi-stakeholder platforms to discuss internet governance at State
level, I would suggest paying more attention to this dimension of
their inclusiveness.
73. As far as decentralisation is concerned, the idea resulting
from the Declaration on Internet governance principles is to maintain
the current situation, in which organisations tasked with technical
aspects and aspects of internet management,
as well as the private sector, have a
key technical and operational role to play. The aim, therefore,
is not to concentrate powers exclusively in the hands of States
(and intergovernmental organisations).
74. However, I believe that the decentralisation principle involves
something else too and that it should be understood as being inextricably
linked to the idea of (context-specific) “subsidiarity”: internet
governance (like any governance of social networks) requires us
to identify the decision-making centres that are most appropriate
in terms of effectiveness, in the light of their knowledge of the
problems to be dealt with and their ability to adapt solutions to
the specific features of the communities responsible for ensuring
their implementation.
75. Understood in this way, the idea of decentralised internet
governance not only calls for the vertical distribution of powers
(by highlighting the existence of decision-making centres at various
levels) but also their horizontal distribution among players of
different kinds. In this sense, decentralised and multi-stakeholder governance
go hand in hand.
3.2. Transparent and accountable governance
76. The Declaration on Internet
governance principles, when encouraging decentralised management
of the internet, also states that “[t]he bodies responsible for
the technical and management aspects of the Internet, as well as
the private sector should retain their leading role in technical
and operational matters while ensuring transparency and being accountable
to the global community for those actions which have an impact on
public policy”. We could say, more generally, that all those participating
in internet governance should ensure transparency of their actions
and should be accountable.
77. According to the NETmundial Statement, transparent internet
governance requires that decisions made must be easy to understand,
and processes must be clearly documented and procedures followed
which have been developed and agreed upon through multi-stakeholder
processes.
78. Transparency first and foremost requires us to have a precise
understanding of who decides what. This aspect does not appear directly
in the definition contained in the NETmundial Statement, perhaps
because the problem typical of the actual concept of governance
in general lies in the difficulty in establishing the exact location
of a “decision-making centre”, on account of the fragmentation of
decision-making power. This is not the place to discuss this problem
in any depth. To simplify matters, I believe that it must be possible
even in a complex multi-stakeholder decision-making process to identify
each stakeholder’s responsibility with regard to the final decision
(and its implementation). It is not possible to abandon this principle
without at the same time abandoning every thought of the legitimacy
of decision makers and of democratic oversight, and thereby paving
the way for behind-the-scenes players and survival of the fittest.
79. To some extent, the question can be covered by the requirement
that the decision-making process (and therefore the intervention
of each party) should follow a clearly established procedure. The
NETmundial Statement adds that the procedures in question should
be built on multi-stakeholder processes. It may be impossible in
practice to follow this through to its logical conclusion as it
will then be necessary to legitimise these multi-stakeholder processes
and establish the corresponding procedures which must then be agreed; and
so on and so forth. I therefore think that the community of States
(and, in the domestic context, the legislature) should be given
a leading role here. This approach is no doubt justified in the
case of decision-making processes that have an (actual or potential)
impact on human rights.
80. Internet governance requires clearer procedures, which must
be laid down by the community of States in consultation with other
stakeholders in accordance with a multi-stakeholder approach. At
European level, the Council of Europe and the European Union are
the bodies that should act together and take up this challenge.
81. Finally, transparency presupposes that the meaning of decisions
taken should be comprehensible for those affected by them and that
these decisions are made public – and are therefore documented,
categorised and published in such a way as to be easily available
to everyone. In this connection, the dispersal of decision-making
centres makes a form of “centralisation” necessary, and consideration
should be given to a common system of information on internet governance.
82. Transparency is the best antidote we have to curb arbitrary
action and the insidious predominance of vested interests (including
State interests) over the public good. It is also the essential
precondition of responsible governance.
83. Concerning “accountability”, the NETmundial Statement advocates
the setting up of mechanisms for independent checks and balances
as well as for review and redress; and it states that, “in this
respect, governments have primary, legal and political accountability
for the protection of human rights”.
84. We are fully aware of the strengths and weaknesses of independent
oversight, review and redress mechanisms to ensure respect for human
rights at both international and European level. An analysis of
their effectiveness in the case of violations of the rights discussed
in section 2 (and other rights that may be called into question
on and through the internet) is outside the scope of this report.
Similarly, it is not possible to consider here the question of the
effectiveness of the protection provided at national level, given
the cross-border dimension of the internet (with all its many problems
associated with the jurisdiction of the domestic courts, the law
that is applicable and the enforcement of judgments).
85. I would nonetheless like to draw attention to the difficulty
in ensuring genuine transparency and the effective oversight of
the actions of the major private internet operators and also point
out that it is sometimes governments themselves that are responsible
for human rights violations, as in the case of mass surveillance operations
or cyberwarfare.
86. With regard to the latter, I wonder whether it would be possible
to strengthen the existing forms of co-operation and, perhaps, create
a specific monitoring mechanism and establish crisis management
and post-crisis analysis by sharing resources that already exist
in various countries. In the case of the European Union, the European
Commission has suggested reinforcing the European Union Agency for
Network and Information Security (ENISA),
which
could become a full-blown European cybersecurity agency. As far
as the Council of Europe is concerned, a possible model could be
the EUR-OPA Major Hazards Agreement.
I am aware that such co-operation
calls for a high level of mutual trust and that it is sometimes
precisely that trust that is lacking. However, I am also aware that
gradually building forms of co-operation on sensitive matters is
probably the most effective means of increasing the mutual trust
we need so much.
3.3. Collaborative and participatory governance
87. The NETmundial Statement calls
for a collaborative internet governance, based on co-operative approaches
that reflect the inputs and interests of stakeholders. The Declaration
on Internet governance principles underlines that “[i]n order to
preserve the integrity and ongoing functioning of the Internet infrastructure,
as well as users’ trust and reliance on the Internet, it is necessary
to promote national and international multi-stakeholder co-operation”.
88. Co-operation calls for stakeholders to have a positive attitude
in two areas: firstly, the recognition of the role of the other
parties and of the added value that the contribution of each of
them provides; and secondly a commitment to place one’s own expertise,
skills and resources at the service of the common good. Multi-stakeholder
internet governance makes sense only if the parties are driven by
this collaborative spirit. The danger to be avoided is that a willingness
to participate is expressed with the sole aim of protecting one’s
own interests without caring too much about those of other stakeholders.
89. I am not so naive as to believe that stakeholders will cease
to defend their own particular interests. To a certain extent, it
is quite normal for them to do so. In a multi-stakeholder context,
it is natural for there to be some conflict between the interests
of the various bodies, so it is also necessary to focus on how representative they
are. Co-operation does not mean abandoning one’s own interests,
but involves accepting that common goals take precedence and that
it is not always possible to fully reconcile co-operation with gains
sought individually.
90. Concerning participation, the Declaration on Internet governance
principles speaks about the “empowerment of internet users” and
states that “[u]sers should be fully empowered to exercise their fundamental
rights and freedoms, make informed decisions and participate in
Internet governance arrangements, in particular in governance mechanisms
and in the development of Internet-related public policy, in full
confidence and freedom”. The NETmundial Statement calls for a meaningful
participation of different stakeholders. To this aim “internet governance
institutions and processes should support capacity building for
newcomers, especially stakeholders from developing countries and
underrepresented groups”.
91. Participation complements both the collaborative and the multi-stakeholder
aspects: it presupposes not only openness to the partners concerned
– and in particular to users – but also a proactive attitude and
a commitment to provide them with the means of participating to
enable them to be meaningfully involved.
92. The subject of empowering users so that they can in practice
participate in internet governance falls within the scope of two
reports currently being drafted by our committee, on the role of
education in the digital era and on media education in the new media
environment. I will therefore simply make the point here that one of
the shortcomings of current internet governance is that, de facto, it involves only “insiders”.
The challenge is therefore to move beyond the circle of professionals
in this field and ensure that experts in other fields can contribute
to the development of the internet. This is all the more essential
given that the internet (as we have emphasised) has an impact on
all aspects of our societies (political, legal, economic, social,
cultural and ethical).
4. Conclusions
93. The internet has profoundly
changed our society and continues to do so. It has enormous potential
and is a key instrument for enabling individuals to exercise their
rights to freedom of opinion and expression, as well as other fundamental
rights, and for promoting progress. However, it can also be used
to destroy the values we hold dear, so we need to manage its development
more effectively in order to avoid this.
94. Indeed, shaping the internet is also shaping a global society
and setting the path of its development, and, to a significant extent,
of the progress of our national societies. Therefore, internet governance
should be a priority for policy makers. Our aim should be to ensure
that public policy for internet is people-centred and respects the
core values of democracy, human rights and the rule of law.
95. The concern for human rights must inform the definition of
key objectives of internet governance and the role and responsibilities
of different stakeholders. Institutional arrangements and decision-making
processes, as well as the regulatory framework of the internet and
the mechanisms established to monitor compliance with the norms
and rules therein, must be designed to ensure that human rights
are truly recognised and effectively guaranteed.
96. My analysis points to some challenges that internet governance
has to face concerning human rights. We need to reach a common understanding
of the scope of the human rights in question, which, notwithstanding
their proclaimed “universality”, are not perceived and implemented
uniformly. We need to enhance protection of these rights against
threats from States and from private actors. We also need to reduce gaps
in enjoyment of these rights and, to begin with, elaborate concrete
policies and action plans to fill in the “digital gap”. Finally,
we need to solve potential tensions between different rights.
97. Similarly, I have identified some challenges concerning internet
governance processes, such as: avoiding the danger that the internet
and the global internet community itself become splintered; enhancing
the effectiveness of multi-stakeholder and multilevel decision-making;
better co-ordinating top-down and bottom-up governance processes,
by balancing and possibly reconciling the diverse interests of various
key stake-holders.
98. With regard to the protection in the practice of fundamental
rights, public authorities have a key role to play and have non-transferable
responsibilities. Therefore, although I advocate a multi-stakeholder
internet governance model, in my view it would not be desirable
to opt for a multi-stakeholder governance model that would water
down States’ responsibilities in the field of promoting and safeguarding
fundamental rights.
99. Governments and national parliaments remain the decision makers
with regard to citizens’ rights (and duties) and are responsible
for ensuring their effectiveness. In the area of internet governance,
while being open to dialogue and respecting the role of other stakeholders,
public authorities have a duty to launch the appropriate initiatives
to establish standards, oversight mechanisms and measures required
when violations occur. It is not enough to simply reassert this
role and responsibility; we need to work together to ensure that this
is properly carried out. For this reason, I believe it is essential
to intensify international co-operation.
100. In this respect, internet governance is a domain where the
Council of Europe can bring quite significant “added value”; thus
I hope that short-sighted financial considerations can be overcome
by a wiser approach, maybe in the form of a specific programme founded
by earmarked voluntary contributions, or even the launching of a
new enlarged partial agreement on “internet governance”.
101. Last but not least, we parliamentarians should become more
aware of the actual and potential huge impact that decision-making
in the field of internet and cyberspace has on our lives as individuals
and as societies, including in the effectiveness and resilience
of our democratic system. We should also be more proactive both
within the domestic sphere, as legislature, in the definition of
comprehensive internet strategies, and in encouraging our governments
to act collectively through the intergovernmental organisations
in internet governance multilateral decision-making processes.
102. To this end, we have at our disposal the many well-thought-out
recommendations adopted by the Committee of Ministers, of which
we should make better use. We now also have the UNESCO “Internet Universality
Indicators” (released on 17 October 2018)
through which we could assess levels
of achievement in our countries by the four ROAM fundamental principles
included in the concept of “Internet Universality”, which means
that the internet should be: based on human rights (R), open (O),
accessible to all (A) and nurtured by multi-stakeholder participation
(M)