“Splinternet”, “bureaucratic stalemate”: is Internet governance under threat?

Should we cut Russia from the Internet as a sanction for the Russia-Ukraine war? Are the big tech companies a threat to the right of a free access of all to the Web? What means and protocols should be used? Is the Internet threatened by “sovereign Internet” initiatives?

And most importantly, who should have the power to answer those questions?

The Internet governance issue is not challenged enough, though it may shape the whole digital world we live in. Executive Director of the Lodz Cyber Hub and Tenured Professor of International Law at the University of Lodz, Poland, Joanna Kulesza is a member of numerous international bodies and has a long track record of publications. She offers inCyber an overview of the Internet governance.

During the Geopolitics of Internet Routes symposium organised by Geode on the 16^th of December 2022, Joanna Kulesza advocated for a balanced Internet governance between tech and business pros, civil society and States.

Did you mean that for the governance of technical bodies such as ISOC, ICANN, IETF, the international bodies such as IGF and ITU or regarding the cooperation between those bodies and other stakeholders?

The current paradigm that you will see reflected both in the ITU with his 2005 agenda and the WSIS+20 conversations that are happening right now refers to this latter broader meaning.

This is also where the EU stands when we talk about norms-based order. The EU, European states, France particularly, strongly stands for Internet governance, meaning three groups of stakeholders, business, civil society, and governments in their respective roles as those authorised to shape the future of the Internet.

What are the actual dangers that the Internet governance faces?

“Splinternet”, splitting up Internet scenarios, would be my first concern. The DNS for EU initiative that is being drafted by the European Commission is an interesting example of this. Putting it very briefly and controversially, the EU is looking at building Europe’s own Internet. Some compare it to the Runet initiative that Russia has started a few years back, or the setup that China has had for their Internet infrastructure from the very beginning. We’re thinking about having a European public resolver that the European Internet providers would be obliged to use.

Whether this is going to work is one issue, but whether it would be advisable as a policy objective is the issue that I’m most concerned with. Do we want to build a European resolver? Meaning that if you connect to the Internet in France or Poland using that public resolver, some content, let’s imagine hate speech, would not be allowed because that would be the setting of the resolver.

Isn’t it a way for Europe to regain sovereignty over the United States? After all, DNS resolvers are dominated by the Americans.

Absolutely. This is the politic objective that you have nailed on the head. But to me, as a public international lawyer and to some extent an Internet governance policy person, I would argue that the overarching value would be to keep the Internet as a whole. So, if Europe, one of the leaders of thought on the multistakeholder model, all of a sudden grabs into the DNS and pulls a bit of it towards itself, we can no longer speak of a one, universal Internet. And this proposal will not solve the business challenge we’re facing both in the infrastructure and the business services.

How does the governance within technical and international bodies such as IGF and ITU should evolve, according to you?

Comparing the IGF and the ITU is interesting because the IGF has absolutely no deciding power. It’s more of a pleasant conversation about what different groups of interests might think would be appropriate. When the Tunis agenda sets up the IGF, it gave it as little authority as possible. The ITU, on the other hand, is an intergovernmental organisation.

We’ve had this “war of the Internet” a while back, where the ITU was allegedly trying to reach into Internet protocols and grab it for themselves.

But this never happened: the ITU refrained or was refrained from infringing upon the multistakeholder model. ICANN, the IGF and the IETF are still setting the protocols. I would still argue, and that is the official position of like-minded countries in Europe and in the US, this is good news, because ITU regulating the Internet would end up in a bureaucratic stalemate.

States may still wish to interfere with the Internet governance…

Of course, and they are reaching out with regulation. The EU is trying to do that with DNS for the EU. China has been doing that with regards to routing for a long time. But more significantly, the EU is doing that with the GDPR, which does impact the way that registries and registrars operate. Indeed, it forced ICANN’s hands to recognise privacy as one of the guiding paradigms. Moreover, the EU is trying to do that on the content with the DSA, the Digital Services Act package. We will have very large platforms obliged to commit to human rights’ European understanding.

So, the governments are not willing to put in as much effort into the multistakeholder model as to develop policies, regulate, including infrastructure, with the potential threat of us ending up with different Internet in different areas of the world. I would recommend instead that the governments should support the multistakeholder model as it stands, because otherwise, we risk it becoming a UN manner. And you can see how slow and challenging UN processes are.

Let’s talk about the infrastructure. In December, you mentioned Starlink providing Internet access to Ukraine and offering that service to Iran. It worked in one case and not the other. Why?

There is a simple answer: it’s called landing rights. To be able to provide satellite access, you need a ground station, which clearly needs to be within a jurisdiction of a state. If it is at war like Ukraine, or if it is torn by internal turmoil like Iran, it is challenging to put a ground station that is safe and operational. Instead, you ask a neighbouring country to provide landing rights for the satellites to offer the service to the country you want to help.

In the first case, it was Poland who happily agreed to grant landing rights to Starlink to offer their service in Ukraine, who asked for it. And the exact opposite happened in Iran. Teheran would have never agreed for Starlink to offer that service to a society that they were trying to keep in the dark, so to speak. The closest ground stations outside of Iran were in Turkey. And Ankara had no reason to endanger its international position by offering that service to a rebellious society, as the Iranian authorities would view it.

In terms of deployment of low-orbit satellites, China is leading the race. What would be the dangers of this leadership?

It’s basically a supply chain security matter, very similar to the one about 5G. We wanted to have faster Internet, and majority of the infrastructure that was available was Chinese. We wanted to know what the infrastructure we buy holds or entails. We’ve learned our lessons from the Snowden revelations: US equipment would have a backdoor for the NSA to sneak into Chancellor Merkel’s text messages, for example. Would it be the same with Chinese equipment, run by Chinese protocols? And we have to take the same precautions regarding Starlink or other services.

So, learning from the lessons from Mr Snowden, learning from the lessons from 5G, where we didn’t really have an alternative, Europe is investing billions of euros into our own satellite infrastructure, the Iris2 program that was announced last year. This will mitigate the potential threats for privacy and national security we’re facing right now.

Is the unified the Internet you advocate for challenged by the steadily growing share of infrastructure deployed by the GAFAM?

It may be a concern, but the code layer, the protocol layer for these still remains in the hands of the multistakeholders, and they’re still subject to national laws. The infrastructure merely provides a highway for the protocols, which then define what content is available and where.

Take the example of the request coming from Ukraine to take Russia offline as retaliation for the Russian invasion. If it had been directed at the ITU, this intergovernmental organisation might have taken the political decision to answer, “yes, that’s the part of the sanctions pocket. We will just switch it off.”

And that would have completely deprived us of any trust to the Internet. The Internet as we know it would have been gone. But because it is the multistakeholder model, the guardians of the Internet, as we like to call them, declined that request, basically answering: “well, sorry, as much as we really don’t like what Russia is doing in Ukraine, we will keep the service running”.

That’s the difference we’re discussing here. Property of infrastructure is one thing. But then luckily for us, we have the protocol layer that is managed through the multistakeholder processes for better or worse, and that’s what keeps us afloat. If governments wish to dive into the protocols layer, we might be in for an ITU scenario that will be very political.