Internet Governance in a Post-Snowden Brazil

Internet Governance in a Post-Snowden Brazil Diego R. Canabarro – diego.canabarro [at] nic.br Thiago Borne – thiago.borne [at] ufrgs.br Paper to be presented at the 56th ISA Annual Conference February 18th-21st, 2015 – New Orleans, USA Session: Concepts for Security and Governance in Cyberspace (WA53) February 18, 2015, 8:15 AM - 10:00 AM WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION Internet Governance in a Post-Snowden Brazil1 2 Dr. Diego Canabarro 3 Thiago Borne Abstract: Despite of the central role the Internet plays in cyberspace-related matters, it was only when Edward Snowden brought light to American-led digital espionage programs that Internet governance and cybersecurity agendas definitely converged. The Snowden Affairs increased the entropy within the broader Internet ecosystem and reignited political tensions that revolve around the US prominence within the narrower arena of critical Internet resources. In this context, many countries have shown great concern regarding the governance of the Internet, and Brazil has gained a prominent role in the debate. This paper (a) summarizes the concerns arisen from Snowden's leaks and their general impacts over the Internet governance ecosystem; (b) details the Brazilian domestic and international approaches to Internet governance focusing on landmark documents and events; and (c) connects the Brazilian efforts to the institutional development of global Internet governance. In the end, the paper reflects upon the implications of alternative thinking for Internet governance pointing towards possible shifts within it. Key-Words: Internet, Governance, Brazil, Cybersecurity, Intelligence, Edward Snowden. 1) Introduction Despite of the central role the Internet plays in cyberspace-related matters, it was only when Edward Snowden brought light to American-led digital espionage programs that Internet governance and cybersecurity agendas definitely converged. 4 Prior to that, the institutional development of Internet governance has been scarcely dealt with by Security Studies.5 In a similar fashion, the political and strategic aspects of power struggles within the international system have been greatly disregarded, and sometimes expressly avoided, as topics worth studying within the scholarship on Internet governance.6 1 The title and abstract were slightly modified after acceptance. The authors are greatly indebted to Lídia Lage, who kindly reviewed and offered insightful comments to the first draft of this paper. 2 Expert Advisor to the Board of the Brazilian Internet Steering Committee (CGI.br) and Associate Researcher at CEGOV/UFRGS. 3 PhD candidate in Strategic Studies at UFRGS and Research Assistant at CEGOV/UFRGS. 4 Cybersecurity has become a prolific subfield of international relations in the past few years. The growing interest of academics, the press, the military, and other actors reflects the ongoing securitization of cyberspace. Despite the current debate on the field - marked by the lack of clear definitions, conceptual frameworks, etc. -, cybersecurity has become a major concern in many countries. While different threats like cybercrime, cyberespionage and cyberwar have been equally treated by many governments, the securitization of cyberspace has been grounded to the notion that States must face them systematically. 5 YANNAKOGEORGOS, P. (2012). A. Internet Governance and National Security. Strategic Studies Quarterly, v. 6, n. 3, p. 102–125. 6 MUELLER, M. (2010) Networks and States: The Global Politics of Internet Governance. London: The MIT Press. 2 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION On the one hand, this scenario results from the lack of appropriate treatment of technical, conceptual and structural aspects of cyberspace in Security Studies. 7 On the other hand, the largest part of the production on Internet governance in the last two decades is either normative in nature - proposing that Internet governance skew power politics - or - when analytical - concerned with technical aspects related to the technology itself and to the societal outcomes produced by its popularization. The evaluation of the latter for international relations has only recently gotten more space in the agenda.8 In this context, many countries have shown great concern regarding the future of cyberspace governance. Specifically in relation to Internet governance, the Snowden Affairs increased the entropy within the broader Internet ecosystem and reignited political tensions that revolve around US prominence within the narrower arena of critical Internet resources. This paper (a) summarizes the concerns arisen from Snowden's leaks and their general impacts over the Internet governance ecosystem; (b) details the Brazilian domestic and international approaches to Internet governance focusing on landmark documents and events; and (c) connects the Brazilian efforts to the institutional development of global Internet governance. It delves into the immediate answer to the leaks and their implications to Internet governance within Brazil, and furthers the analysis by looking at the Brazilian efforts to promote its agenda internationally, fostering a more democratic and pluralistic Internet governance worldwide. In the end, the paper reflects upon the implications of alternative thinking for Internet governance pointing towards possible shifts within it. 2) Responses to the Snowden Affairs: Internet Governance meets Cyber Security 7 CANABARRO, D. R.; BORNE, T. (2014). The Case of Brazil Reloaded: Interconnectivity and Customization as Key Variables for Cyber Security. Paper presented at the 55th International Studies Association Annual Meeting, March 27, 2014, Toronto, Canada. CANABARRO, D. R.; BORNE, T. (2013). Reflections on the Fog of (Cyber) War. National Center for Digital Government Working Papers, v. 13, n. 001, p. 01–18. CANABARRO, D. R.; BORNE, T.; CEPIK, M. (2013). Three Controversies on Cyberwar: a Critical Perspective. Paper presented at the Midwest Political Science Association Annual Meeting, April 12, 2013, Chicago, USA. 8 ERIKSSON, J.; GIACOMELLO, G. (2007). International Relations and Security in the Digital Age. New York: Routledge. KARATZOGIANNI, A. (2009). Cyber Conflict and Global Politics. London: Routledge. DEIBERT, R. et al. (2012) Access Contested: Security, Identity, and Resistance in Asian Cyberspace. Cambridge: The MIT Press. DEIBERT, R. J. (2013). Black Code: Censorship, Surveillance, and the Militarisation of Cyberspace. Millennium - Journal of International Studies, v. 32, p. 501–530. DENARDIS, L. (2014). The Global War for Internet Governance. New Haven: Yale University Press. 3 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION Since its beginning in the early 1960s Internet has been considered some sort of unlawful environment. John Perry Barlow’s famous A Declaration of the Independence of Cyberspace (1996) marked the epitome of this idea: “you have no sovereignty where we gather”, says the manifest.9 Internet development has therefore been strongly influenced by libertarian thinking and the debate over its governance has been marked by the "more State vs. less State" dichotomy. In this sense, a significant portion of the libertarian community has opposed shifts towards stronger State regulation over cyberspace, for the potential loss of individual freedoms that might result from intrusive norms and State control.10 Nonetheless, States have been gradually more interested on the regulation of Internet assets and usage worldwide. On the one hand, their growing interest might be attributed to the securitization of cyberspace and the challenges arising from that process. On the other hand, their interest may also be attributed to the ever-growing need and dependence they and their respective societies face in regard to these resources. Whatever the reason, Internet governance has become an important arena for both national and international policymaking. Despite its importance, there is no consensual definition for Internet governance. In general terms, it refers both to the governance of Internet itself and to the governance of everything that surrounds it.11 However, this general definition is often questionable. The dispute is usually marked by political tension and different actors tend to adopt different definitions according to their own needs. Nonetheless it is possible to set at least two different views. A narrow definition - often referred to as Internet microcosm12 - comprises the management of critical resources for Internet functioning as a unified global space: the centralized management of the DNS root system; the distributed allocation and management of addressing resources (IP numbers and domain names); and the development of protocol parameters, carried on mostly by technical communities. Under the contractual supervision of the National Telecommunications Infrastructure Agency of 9 BARLOW, J. (1996). A Declaration of the Independence of Cyberspace. Electronic Frontier Foundation. https://projects.eff.org/~barlow/Declaration-Final.html (accessed January 20, 2015). 10 WINNER, L. (1997). Cyberlibertarian Myths and the Prospects for Community. SIGCAS Comput. Soc., v. 27, n. 3, p. 14-19. 11 KURBALIJA, J.; GELBSTEIN, E. (2005). Gobernanza de Internet: Asuntos, Actores y Brechas. Geneva: Diplo Foundation. DRAKE, W. J.; WILSON III, E. J. (2008). Governing Global Electronic Networks: International Perspective on Policy and Power. Cambridge: The MIT Press. DENARDIS, L.; RAYMOND, M. (2013). Thinking Clearly About Multistakeholder Internet Governance. Paper presented at the 8th Annual GigaNet Symposium, October 21, 2013, Bali, Indonesia. http://ssrn.com/abstract=2354377 (accessed January 20, 2015). 12 According to KLEINWÄCHTER, W. (2015). Internet Governance Outlook 2015: Two Processes, Many Venues, Four Baskets. CircleID. http://www.circleid.com/posts/20150103_internet_governance_outlook_2015_2_processes_many_venue s_4_baskets/ (accessed January 20, 2015). 4 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION the Department of Commerce (NTIA/DoC) the Internet Corporation for Assigned Names and Numbers (ICANN) manages the network root by performing the so-called IANA functions: the administration of the central registries for protocol parameters, IP addresses and the Domain Name System (DNS). Together, these are known as Critical Internet Resources.13 These central registries are the central inventory that guarantees the uniform development and operation of the network as a unified space. ICANN also serves as a policy-forum for critical resources related issues. The stewardship position of the NTIA/DoC in relation to the IANA functions has always been perceived by many Internet stakeholders as unfair and dangerous for the Internet, for it concentrated excessive power in the hands of a single country - the final say (in abstract terms) over which networks would be "visible" in the authoritative files that organize Internet flows across the globe. Nonetheless Internet governance might also be seen as a much wider concept than the solely management of the root. In a broader sense - also referred to as Internet macrocosm -, it refers to an infinite number of elements within a complex ecosystem that result from the spread of Internet technologies in contemporary societies and the circular relation between technological and societal variables, e.g.: privacy concerns, telecommunications regulation; freedom of speech; civil and criminal liability of users; intellectual property and other types of rights enforcement; access and capacitybuilding; etc.14 Together, these elements are related to a distributed governance ecosystem whose individual components are basically run by technical and private entities located in different jurisdictions across the planet: task forces that formulate Internet protocols and standards, the Regional Internet Registries that operate IP address allocation, companies that operate in the domain name market, content and applications providers, backbone operators, etc. All these entities are able to determine policies applicable to 13 MUELLER, M. (2002). Ruling the Root: Internet Governance and the Taming of Cyberspace. Cambridge: The MIT Press. DENARDIS, L. (2009). Protocol Politics - The Globalization of Internet Governance. Cambridge: The MIT Press, 2009. MUELLER, M. Property and Commons in Internet Governance. In: BROUSSEAU, E.; MARZOUKI, M.; ADEL, C. (2012). Governance, Powers and Regulation on the Internet. Cambridge: Cambridge University Press, p. 39–62. COLEMAN, L. (2013). 'We Reject: Kings, Presidents, and Voting': Internet Community Autonomy in Managing the Growth of the Internet. Journal of Information Technology & Politics v. 10, n. 2. 14 DENARDIS, L. The Emerging Field of Internet Governance. In: DUTTON, W.H. (2013). Oxford Handbook of Internet Studies. Oxford: Oxford University Press, p. 555-576. POST, D. G. (2009). In Search of Jefferson’s Moose - Notes on the State of Cyberspace. New York: Oxford University Press. KLEINWÄCHTER, W. The History of Internet Governance. In: OSCE (2007). Governing the Internet: Freedom and Regulation in the OSCE Region. Vienna: OSCE, p. 41-64. http://www.osce.org/fom/26169 (accessed January 20, 2015). 5 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION their clients through contractual relations, terms of use, etc., and according to this broader view should be considered active parts of Internet governance.15 In June 9, 2013, the computer analyst Edward Snowden revealed himself in a video interview as the source of the NSA revelations published that week in the Guardian and Washington Post. The leak exposed a number of mass-surveillance programs undertaken by NSA and allied nations that would soon be known as the "Snowden Files".16 The Files revealed the agencies capacity (either through law enforcement or through collaboration with private business) of accessing information stored in major US technology companies; mass-intercepting data from fibre-optic cables which make up the backbone of global phone and Internet networks; employing social engineering and hacking techniques against hardware and software to gain unauthorized access to thirdparty ICT systems; etc. In sum, the Snowden Files revealed a complex surveillance framework in service of the national interest of the US and a small group of allies that explored the whole structure of cyberspace.17 Snowden’s revelations not only brought light to the NSA programs, but also demonstrated that the US-centered Internet administration might be in check together with the "multistakeholder model" that has been grounding Internet’s global regulation since the 1990s. Right after the leak a major shift in the Internet governance ecosystem was expected to happen. The reports of US spying caused a major uproar among the group of countries in favor of updating the current order. The group is mainly composed by the BRICS (Brazil, Russia, India, China and South Africa) and some European and Middle Eastern nations that regard the Internet as an instrument of power wielded by Western States. According to these countries, the multistakeholder model is unable to represent the interests of developing nations alike and thus needs to be reviewed in order to encompass the ever-growing Internet usage and dependence they face. Even though it is possible to identify discrepancies among the larger reformist group whose positions vary according to different degrees of radicalism, ranging from "radical" (Iran, Cuba, China, Syria, Egypt, Russia) to "moderate" (Brazil, India, Mexico and South Africa and others) -, the US and its allies remains categorically opposed to the reforms. Since the Snowden Files surfaced the "Five Eyes" - a group composed by the US, the 15 th DENARDIS, L. (2010). The Privatization of Internet Governance. Paper presented at the 5 Annual GigaNet Symposium, September 2010, Vilnius, Lithuania. http://api.ning.com/files/8q30Xud1XrmD6Sd5rOiSolcw3agdQi5NNoWZrQGmOIpKc0fdqfKN0Ax5Z8ZypNe xdCwBicqDKcADrRU5hs4ZQjBy0RPTgBmK/DENARDISThePrivitizationofInternetGovernance.pdf (accessed January 20, 2015). 16 GUARDIAN (2013). The NSA Files. The Guardian. http://www.theguardian.com/us-news/the-nsa-files (accessed January 20, 2015). 17 Hard and soft infrastructure, logical protocols, applications, users, and governance. 6 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION UK, Australia, Canada and New Zealand18 - have been nobbling international efforts to curb Internet surveillance. In November 2014, the group managed to remove language classifying metadata collection as "highly intrusive" from a UN Third Committee resolution addressing digital espionage. The document was drafted by Brazil and Germany and called on governments to honor international obligations to respect individuals’ right to privacy when requiring private companies or third parties to disclose personal data. Despite most countries19 evident concern at digital spying and said unlawful or arbitrary mass surveillance, interception and collection of online data, the document was softened in order to address the Five Eyes’ invoked need for effective intelligence gathering to combat terrorism. The group also called for broader participation in the discussions. According to a Canadian representative quoted by Reuters, "if our muddled discussions on metadata are any indication, these conversations cannot take place between diplomats alone. They require the collective expertise of all stakeholders: governments, industry, civil society and the technical community."20 In fact, the Five Eyes have been sticking to their multistakeholder approach for the past few years, but the aftermath of Snowden’s revelations has highlighted their position even more. 2014 held a great number of conferences about the management of core Internet resources and the development of common rules to govern more general aspects of global net communication, and the US and its allies have stressed their positions in every opportunity, despite the growing opposition to their role in global Internet governance. Brazil has become an exponent voice within the larger moderate reformist group, promoting its national model of Internet governance to different countries and advancing its principles in different fora. In the last year, the country was able to directly oppose to some taken-for-granted assumptions within the Internet governance community, sometimes even facing longstanding US and Five Eyes postulates. The following sections detail the Brazilian response to the Snowden Affairs. 18 FARREL, P. (2013). History of 5-Eyes. The Guardian. http://www.theguardian.com/world/2013/dec/02/history-of-5-eyes-explainer (accessed January 20, 2015). 19 The text was later approved by consensus by the 193-member committee as a follow-up to a similar text adopted in 2013. VALLONE, G. (2014). Onu Aprova Resolução Proposta por Brasil e Alemanha Contra Espionagem. Folha de São Paulo. http://www1.folha.uol.com.br/mundo/2014/11/1553381-onuaprova-resolucao-proposta-por-brasil-e-alemanha-contra-espionagem.shtml (accessed January 22, 2015). 20 NICHOLS, M. (2014). U.N. Committee Spotlights 'Highly Intrusive' Digital Spying. Reuters. http://www.reuters.com/article/2014/11/25/us-spying-un-idUSKCN0J92I120141125 (accessed January 20, 2015). 7 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION 3) Contestation and Reformation Within the Internet Governance Regime: The Role of Brazil Out of all reactions to the Snowden Affairs, the Brazilian was one of the most intense. The reports of US spying caused a great buzz in Brazil. While broader debates over Internet infrastructure and legislation had been happening in the country since the early 2000s, the leaks somehow catalyzed the process, bringing cybersecurity and Internet governance closer. NSA targets in the country included the personal e-mail account of President Dilma Rousseff and internal computer networks of oil-giant Petrobras.21 Government’s immediate response to the leak was the cancellation of a Presidential visit to Washington scheduled for October.22 Following the cancellation, President Roussef used her opening speech at the 2013 UN General Assembly to publicly condemn the NSA espionage.23 According to President Roussef, NSA activities shaped "a situation of grave violation of human rights and of civil liberties; of invasion and capture of confidential information concerning corporate activities, and especially of disrespect to national sovereignty." Mrs. Rousseff also reiterated Brazil's longstanding concerns about the asymmetrical development of the Information Society. She criticized the current privileged US position in cyberspace - indirectly referring to the country's prominent role in the historical development of the network and the construction of its governance ecosystem centered at ICANN. Mrs. Roussef also stressed that Brazil would "redouble its efforts to adopt legislation, technologies and mechanisms to protect [the country] from the illegal interception of communications and data." In this sense, the Brazilian answer to the leak also fostered a series of domestic changes over the national cyberspace, including the build of new Internet exchange points (IXPs),24 the launch of a state-owned e-mail service,25 and the 21 WATTS, J. (2013). NSA Accused of Spying on Brazilian Oil Company Petrobras. The Guardian. http://www.theguardian.com/world/2013/sep/09/nsa-spying-brazil-oil-petrobras (accessed January 20, 2015). 22 REUTERS (2013). Dilma Rousseff Cancels U.S. Trips Over Claims Of NSA Spying On Brazil's President. The Huffington Post. http://www.huffingtonpost.com/2013/09/17/rouseff-cancels-ustrip_n_3941973.html (accessed January 20, 2015). 23 BRAZIL (2013). Statement by H. E. Dilma Rousseff, President of the Federative Republic of Brazil, at the Opening of the General Debate of the 68th Session of the United Nations General Assembly. http://gadebate.un.org/sites/default/files/gastatements/68/BR_en.pdf (accessed January 20, 2015). 24 For a general overview of the situation of those IXPs in the country, check www.ptt.br. 25 SOLON, O. (2013). Brazilian Government Plans National 'Anti-Snooping' Email System. Wired. http://www.wired.co.uk/news/archive/2013-09/03/brazil-anti-snooping-email (accessed January 20, 2015). 8 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION build of a new underwater cable to Europe.26 While many of these measures aimed at enhancing Brazil's independence in the field of international interconnectivity, the President also announced her commitment for the democratization of Internet governance by advancing the topic in the international agenda. Her first measure on that matter was the announcement of the Brazilian intention to foster debates on changes necessary to achieve a more pluralistic and democratic Internet governance. According to the Brazilian view, Internet governance should be based on a set of fundamental principles such as the protection and promotion of human rights, freedom of expression and privacy. Network neutrality should become a general rule for data flows on the Internet to curb any discrimination, limitation or blockage of Internet use based on political, commercial, cultural or any other purposes other than technical criteria. Mrs. Roussef's propositions to the UN General Assembly mirror the institutional development of Internet governance in Brazil and it is fair to say that the Brazilian President seized the opportunity to promote it in the international level. Today, Internet governance in Brazil is mounted over three pillars. The first pillar is the Brazilian Internet Steering Committee: a pluralistic assembly of Internet stakeholders (government, business, non-profit and non-commercial entities, academics and technicians) responsible for coordinating and integrating all Internet service initiatives in Brazil, as well as promoting technical quality, innovation and the dissemination of available services.27 The second pillar is normative in character: a Decalogue of Principles that informs the practices of the Steering Committee and all stakeholders in relation to the technical and political aspects of Internet governance in the country. 28 The third pillar is popularly known as "Marco Civil", a Bill of Internet Rights applicable in the country, crafted over a long-term process of public drafting and very intense political participation from all sectors of society in Brazil.29 The Internet Steering Committee in Brazil (CGI.br) was created in 1995 by the Ministry of Science and Technology and the Ministry of Communications to serve as a 26 WATSON, B. (2013). BRICS Countries Build New Internet to Avoid NSA Spying. Info Wars. http://www.infowars.com/brics-countries-build-new-internet-to-avoid-nsa-spying/. (accessed January 20, 2015). ESTES, A. (2014). Brazil is Keeping its Promise to Avoid the US Internet. Gizmodo. http://gizmodo.com/brazils-keeping-its-promise-to-disconnect-from-the-u-s-1652771021 (accessed January 22, 2015). BRICS POST (2014). Brazil-Europe Internet Cable to Cost $185 Million. The BRICS Post. http://thebricspost.com/brazil-europe-internet-cable-to-cost-185-million/#.VL2NQS7F_Ak (accessed January 20, 2015). 27 Presidential Decree 4,829 of September 3rd, 2003. 28 CGI.BR (2009). Resolução CGI.br/RES/2009/003/P. http://cgi.br/en_us/resolucoes/documento/2009/003 (accessed January 20, 2015). 29 CGI.BR (2014). Marco Civil Law of the Internet in Brazil. http://cgi.br/pagina/marco-civil-law-of-theinternet-in-brazil/180 (accessed January 20, 2015). 9 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION multistakeholder advisory board for Internet-related matters in Brazil.30 Until 2002, CGI.br was formed by representatives appointed by the Federal Government, which held the majority of the chairs. President Lula da Silva - Roussef's predecessor reformed the Committee in 2003 and increased its level of civil society's participation. CGI.br is currently composed of 21 representatives (9 from governmental agencies; 12 from the Brazilian society at-large).31 The seats are taken by 8 representatives of the Federal Government; 1 representative of state-level governments; 4 representatives of the business sector (ICT goods and service providers; content and access providers; telecom infrastructure providers; business users); 4 representatives of non-profit and non-commercial entities; 3 representatives of technical and academic communities; and 1 Internet highly renowned expert. Other than government representatives are elected for three-year terms by the communities they represent in an open and transparent process. CGI.br is a consensus-driven forum established by a Presidential Decree and funded by the revenues collected by NIC.br, the private non-profit organization behind <.br> in the domain name system.32 The Committee is in charge of: (a) proposing policies and procedures regarding the regulation of Internet activities; (b) recommending standards for technical and operational procedures for Internet in Brazil; (c) establishing strategic directives related to the use and development of Internet in Brazil; (d) promoting studies and technical standards for network and service security in the country; (e) coordinating the allocation of Internet addresses (IPs) and registrations in the <.br> domain; and (f) collecting, organizing and disseminating information on Internet services, including indicators and statistics. Resolutions adopted by the Committee on these matters do not have a binding character. However, because the Committee congregates a pluralistic set of representatives, the resolutions are highly valued as the authoritative path to follow in the integration and harmonization of Internet service initiatives in Brazil. 33 In 2009, after two years of fiercely deliberations, CGI.br adopted Resolution CGI.br/RES/2009/003/P, which introduced a list of ten principles to be followed in the governance and use of Internet in Brazil. The list - popularly known as "The Decalogue" - represents a commitment surrounding the following values: (1) freedom, privacy and human rights; (2) democratic and collaborative governance; (3) universality; (4) diversity; (5) innovation; (6) network neutrality; (7) non-liability of network intermediaries 30 Interministerial Ordinance 147 of May 31st, 1995. More information available at: http://cgi.br/membros/ (accessed January 20, 2015). 32 More information available at: http://nic.br (accessed January 20, 2015). 33 LEMOS, R.; SOUZA, C.A.; STEIBEL, F.; NOLASCO, J. (2015). Fighting Spam the Multistakeholder Way – A Case Study on the Port 25/TCP Management in the Brazilian Internet. https://publixphere.net/i/noc/page/IG_Case_Study_Fighting_Spam_the_Multistakeholder_Way (accessed January 20, 2015). 31 10 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION for actions performed by end-users; (8) functionality, security and stability; (9) standardization and interoperability; (10) proper legal and regulatory environments.34 The Decalogue inspired the elaboration of a Bill of Internet Rights in Brazil (Marco Civil). Marco Civil was a response to the growing trend of punishing conducts taken by Internet users and Internet intermediaries. For instance, in 2007 a Brazilian celebrity had a sex tape leaked on YouTube. Following the leak, a Brazilian Court ordered YouTube to shut down its online video streaming platform. The disproportional measure rendered YouTube unavailable for all Internet users in the country - most of them with no relation whatsoever to the case. Several Bills of Law popped up in the Congress, aiming at regulating content and defining civil and criminal liabilities of all those involved with Internet in the country. In general, the Bills reproduced the action of the Brazilian Court: lacking solid technical foundations, they generally mistargeted the true authors of unlawful online activities, imposed unreasonable duties over network intermediaries, and did not strike the proper balance between costs and benefits of judicial orders. 35 A first draft for Marco Civil was crowdsourced in an open online platform, as well as on face-to-face open audiences organized by the Ministry of Justice, CGI.br and the School of Law at the Getúlio Vargas Foundation (FGV) from 2009 to 2011.36 The idea of having a "Bill of Internet Rights" departed from the assumption that there can be no punishment unless there is a clear definition of what are the fundamental rights and duties of individuals and corporations vis-a-vis the Internet. In 2011, the draft was sent to the Congress, where it was fiercely debated with an overwhelming public participation until 2014. The Bill became Law (Federal Law 12.965/2014) in April 2014.37 President Dilma symbolically signed the final text adopted in the Congress during the opening ceremony of the Global Multi-Stakeholder Meeting on the Future of Internet Governance (NETmundial) to which we turn below, the most concrete result arising from her speech at the UN General Assembly six months before. In sum, Law 12.965 reiterates the content of CGI.br's Decalogue of Principles. It lists the fundamental rights and duties of Internet users, as well as access and service providers 34 CGI.BR (2009). Resolução CGI.br/RES/2009/003/P. http://cgi.br/en_us/resolucoes/documento/2009/003 (accessed January 20, 2015). 35 LEMOS, R.; SOUZA, C.A.; STEIBEL, F.; NOLASCO, J. (2015). A Bill of Rights for the Brazilian Internet (“Marco Civil”) – A Multistakeholder Policymaking Case. https://publixphere.net/i/noc/page/IG_Case_Study_A_Bill_of_Rights_for_the_Brazilian_Internet. (accessed January 20, 2015). 36 More information available at: http://culturadigital.br/marcocivil (accessed January 20, 2015). 37 The Law is available at: http://www.camara.gov.br/proposicoesWeb/fichadetramitacao?idProposicao=517255 (accessed January 20, 2015). 11 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION that operate in Brazil. Freedom of expression and the protection of privacy became the major tenets for Internet governance in the country. The access by third parties (including governmental agencies) to personal data and metadata for any purpose is only allowed after they are duly considered by a state or federal judge, following due process rules established by Brazilian Constitution. The same applies to content takedown (except in cases of unauthorized display of nude/sex scenes in which there is enough evidence of the victim's identity). The Law expressly forbids the liability of access providers by actions undertaken by their clients. Application providers can be held liable for unlawful acts only if they fail to follow a Court order - and to the extent of the damages, they cause for their inertia. In operational terms, the network neutrality principle was fully embraced by Brazil. With some technical exceptions related to Internet security and stability, for instance, it is now illegal to discriminate in packet transmission and routing within the core of the network based on content, the origin and destination of data flows, as well as the services, terminals and applications employed. Not only Marco Civil, but also the overall Internet governance framework in Brazil are considered models for Internet governance: they have been carefully debated in specialized fora; they have been thoroughly studied by renowned scholars; and, more importantly, and they have been adapted to the contexts of countries as diverse as Italy and the Philippines.38 4) The NETmundial Meeting and the Future of Internet Governance Soon after President Dilma delivered her speech at the UN General Assembly, a group of technical organizations in charge of coordinating the Internet technical infrastructure in the global level (known as the I* Organizations) issued a public statement in Montevideo on "the Future of Internet Cooperation."39 In the statement, the leaders of these organizations "reinforced the importance of globally coherent Internet operations, and warned against Internet fragmentation at a national level." They also "expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance." The leaders "called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing" and "agreed to catalyze communitywide efforts towards the evolution of global multi-stakeholder Internet cooperation." 38 More information available at: http://camera.civi.ci/discussion/proposals/partecipa_alla_consultazione_pubblica_bill_of_rights, and http://democracy.net.ph/full-text/ (accessed January 20, 2015). 39 Available at: https://www.icann.org/news/announcement-2013-10-07-en (accessed January 20, 2015). 12 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION In the same week, one of these leaders, Mr. Fadi Chehadé - CEO of ICANN - met President Roussef in Brasilia.40 He conveyed the message that the I* organizations recognized the country's leadership role in putting Internet governance high in the international agenda. They both agreed to convene a global meeting to discuss the reformation of Internet governance worldwide based on the principles she raised in her speech.41 Immediately, Mrs. Roussef commissioned the Minister of Communications (Mr. Paulo Bernardo da Silva), the Federal Secretary for ICT Policies (Mr. Virgílio Almeida, who in the occasion held the Chair of CGI.br), one of the Special Advisors to the President's Cabinet (Mr. Valdir Simão) and the Executive Secretary of CGI.br (Mr. Hartmut Glaser) to be in charge of the organization of the event on behalf of the government. Soon after, the Ministry of Foreign Relations of Brazil appointed Ambassador Benedicto da Fonseca to join the group.42 A very intense debate on the format and the agenda of the event ensued. The Brazilian organizing committee was sided by an "international dialogue" broader in scope than the I* group, known as 1Net. 1Net served as a coordination and cooperation online platform for all stakeholders (government, business, academia, technical communities and individual users) involved in discussions related to "the future of Internet governance."43 Brazil and CGI.br kept open conversation with different groups of stakeholders to take a decision on the matter in a bottom-up and participatory manner, and 1Net served as a focal point for those conversations. As a result, CGI.br and 1Net became the effective organizers of the Global Multi-Stakeholder Meeting on the Future of Internet Governance (NETmundial).44 NETmundial took place between April 23rd and 24th 2014, in São Paulo. It had two major topics in its agenda: principles for Internet governance and the evolution of the governance ecosystem, which clearly reflects President Rousseff's speech combined with the I* Montevideo Statement. The event was run by four different organizing committees, all of them composed by representatives from relevant stakeholders selected by their respective communities. The High Level Multi-stakeholder Committee 40 An interview with Mr. Fadi Chehadé is available at: https://www.youtube.com/watch?v=nJmFAMJNx94 (accessed January 20, 2015). 41 RT (2013). Brazil to Host Global Internet Summit in Ongoing Fight Against NSA Surveillance. http://rt.com/news/brazil-internet-summit-fight-nsa-006/ (accessed January 20, 2015). 42 The official announcement is available at: https://www.youtube.com/watch?v=n6B64WIeY9k (accessed January 20, 2015). 43 More information available at: http://1net.org/ (accessed January 20, 2015). 44 More information available at: http://netmundial.br (accessed January 20, 2015). A full account of the conference is provided by MACIEL, M.; ZINGALES, N; FINK, D. (2015). The Global Multistakeholder Meeting on the Future of Internet Governance (NETmundial). https://publixphere.net/i/noc/page/IG_Case_Study_NETMundial (accessed January 20, 2015). 13 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION was in charge of raising international awareness and support for the meeting; the Executive Multi-stakeholder Committee was in charge of practical aspects of the event, such as putting together the agenda and conducting the process for collecting public inputs on the topics under discussion; the Logistics and Organizational Committee was in charge of the operational aspects of the conference; and, finally, the Council of Governmental Advisors was in charge of collecting inputs from governments willing to participate. Before the event, more than 187 written contributions from governmental and nongovernmental entities, businesses, researchers, and individuals were submitted through an online platform to inform discussions on the proposed agenda. The Executive Committee compiled all those contributions and put together a draft statement to be issued in the end of the meeting, which was later opened to a public comments phase. The document received more than 1.300 comments. During the event, around 1.000 people from more than 90 countries took part in the meeting. Remote hubs allowed the online participation of people from all over the planet without the need to be present in São Paulo. Governments, business representatives, civil society activists, researchers, individuals, etc., all shared the same speakers' list on equal footing, with no precedence or privilege whatsoever, which resulted in a very rich and diverse set of opinions, agreements and controversies on the myriad of technical and political, economic, cultural and societal aspects that are involved in Internet discussions. Based on the comments submitted online, as well as the debates that occurred in the plenary of the event, the Executive Committee elaborated a second version of the statement, documenting the aspects around which rough consensus was reached by the participants. The "NETmundial Multi-Stakeholder Statement" was presented in the end of the meeting.45 Among an extensive list of things, it details the overall consensus on: (a) the promotion and protection of human rights and associated values as a fundamental principle; (b) the need to properly balance between rights and duties of intermediaries consistently with economic growth, innovation, creativity and free flow of information; (c) the relevance of multi-stakeholderism as the basis for sound Internet governance; (d) the importance of the distributed nature of the Internet governance ecosystem as the foundation of a single, diverse unified global network; (e) the need for the globalization of ICANN and the timely release of the IANA functions from the supervision of the US government, which, by its turn, should be carried on in full transparency and in order to satisfy not only US national interests, but the global community; and (f) the relevance of the UN Internet Governance Forum for discussions and deliberations on Internet 45 The document is available at: http://netmundial.br/wp-content/uploads/2014/04/NETmundialMultistakeholder-Document.pdf (accessed January 20, 2015). 14 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION governance by the international community. The drafting team opted for not putting together strong messages in favor of network neutrality and against mass surveillance online, for both topics involve a great deal of economic and political controversy. The document however makes reference to "free flow of data packets/information, end-toend" and to "the right to privacy includes the not being subject to arbitrary or unlawful surveillance, collection, treatment and use of personal data." An overarching document such as the NETmundial Statement can hardly ever contemplate all interests and bear gather full consensus among such a diverse group of participants. A small number of stakeholders criticize the document based on their individual self-interest: some activist groups criticize it for not having sent a strong message against the NSA scandal; others wanted it to have a more clear stand on Internet access as a fundamental human right; some governments, specially autarchic ones, criticize it because it does not give the UN a central role in the governance ecosystem. Nonetheless, the majority of the stakeholders in the event and afterwards praise the document as a watershed for Internet governance: it conveys the prospect of a more democratic, more pluralistic and less US-centric governance regime. The basis for that assertion lies in the announcement made by the US government ten days before the meeting in São Paulo of its unequivocal intention to release its prominent role over the root of the Internet in favor of the "global multi-stakeholder Internet community."46 For that, the NTIA/DoC commissioned ICANN to set up a transition process through which the different communities involved with numbers, names, and protocols - as well as any other interested stakeholder - will craft a proposition to be presented to the US government with an alternative to the current unilateral supervision system - something that was promised to progressively fade away from its inception in favor of the global community.47 This solution is expected to be placed by September 2015, when the current edition of the ICANN-DoC contract expires. 5) Conclusion The US delayed the IANA transition for 15 years. The American position sustains that any change in the current governance ecosystem could endanger the correct functioning of the network. They also claim that political struggles surrounding the 46 NTIA (2014). NTIA Announces Intent to Transition Key Internet Domain Name Functions. http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-namefunctions. (accessed January 20, 2015). 47 https://www.icann.org/resources/pages/transition-2014-03-23-en. (accessed January 20, 2015). 15 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION control of the root could even lead to the fragmentation of the Internet as we know it. 48 NETmundial inaugurated a new era in Internet governance for it reopened the stalled World Summit on the Information Society discussion on the symbolic meaning of US stewardship in the most relevant portion of the larger ecosystem.49 In practical terms, the US role has been of attesting the correctness of the processes performed by the entities commissioned to operate the root through contracts with DoC and then authorize the distribution of the root-zone file that feeds the whole DNS system. As the Internet - once a project owned by some agencies of the US government - matured and spread all over the world, the American unilateral action lost any plausible justification. The American shift may be interpreted in two ways. The first one - a more optimistic account - sees it as a result of the pressure that ensued from the Snowden revelations onwards. The second one is more pragmatic. As NETmundial would inevitably happen, the US government prior announced its intention to release its formal control over the root as means to set the event’s agenda. Had the meeting been focused on the root management transition plan, cyber espionage and other security topics would probably be considered secondary topics. Both interpretations are plausible - cybersecurity was indeed regarded as secondary - and only future research will be able to determine precisely the rationales for the decision. An important caveat might be raised at this point. The US imposed conditionalities for their acceptance of the transition solution to be presented in 2015. The solution, for instance, cannot replace the US supervision by an intergovernmental agency. 50 The risk of vertical unilateralist action by the American government in 2015 is still hovering over the field. The decision is not entirely on the hands of the Executive branch. The Congress might block the Executive's handing over its stewardship position vis-a-vis the IANA functions. Some Bills on the subject have already been presented, determining that the government presents an assessment of the potential economic and strategic losses involved in any plan submitted by the ICANN community.51 It seems that no matter the final immediate results of IANA transition, the creation of a new track within the Internet governance ecosystem is a direct consequence of Brazil's 48 KLEINWÄCHTER, W. (2015). Internet Governance Outlook 2015: Two Processes, Many Venues, Four Baskets. CircleID. http://www.circleid.com/posts/20150103_internet_governance_outlook_2015_2_processes_many_venue s_4_baskets/ (accessed January 20, 2015). 49 CHAKRAVARTY, P. (2007). Governance Without Politics: Civil Society, Development and the Postcolonial State. International Journal of Communication, n. 1, p. 297-317. 50 https://www.icann.org/en/system/files/files/iana-transition-scoping-08apr14-en.pdf. (accessed January 20, 2015). 51 KRUGER, L. G. (2014). Internet Governance and the Domain Name System: Issues for Congress. CRS Report. https://www.fas.org/sgp/crs/misc/R42351.pdf. (accessed January 20, 2015). 16 WORKING DRAFT: PLEASE DO NOT CITE, DISTRIBUTE OR QUOTE WITHOUT PERMISSION recognition that the democratization of Internet governance is a necessary condition for the democratization of global governance as a whole. Brazil is bound in its foreign affairs by a commitment to the construction of a more democratic, inclusive and socially just order that contributes to human development in all of its aspects. It is not a sufficient condition though. The larger part of the true transformation of the playing field (either in relation to Internet governance or in relation to the governance of other transnational topics) demands investment in infrastructure, research and development, capacity building and other measures that can bridge the digital gap between the developed and the developing Worlds. The NETmundial legacy can go a lot further than the mere democratization of the technical governance of the network. If the São Paulo declaration stands, it might provide a solid new foundation for the long-term institutional development of Internet governance. It enshrined a list of principles that shall guide Internet-related public policies in the national, the regional, and the global levels. Among them, the notion that such policies shall be developed with the participation of multiple stakeholders is closely related to discussions about the nature of political participation and democracy in the 21st century. In a context in which the network affects all sectors of life in society and is deeply affected by them in a circular relation, one can expect that multi-stakeholder processes become recognized as the cornerstone of an interconnected World. It seems that from 2014 onwards, Brazil has convened a lot of political capital and allies to uphold those values in the future of international relations. 17