jueves, noviembre 15, 2018

Internet Core Principles under threat in the IGF

Discussion and position paper prepared for the Dynamic Coalition on Internet Core Values of the Internet Governance Forum, 2018
Presented (through a friendly reader) at the session in Paris, November 14, 2018.

Alejandro Pisanty – Dynamic Coalition on Internet Core Values, Internet Governance Forum (IGF) 2018

Internet Core Principles or Internet Core Values ?
We will discuss this difference in a few seconds. Let us first answer what they both mean to us: the principles and values which, if you take them away from a network, make it stop being the Internet.
Some of us prefer to concentrate on Internet Core Principles, starting from the technical design principles of the Internet. These are more stable over time, more fundamental, and less susceptible to interpretation differences among cultures.
Internet Core Principles are well known in the technical community and more heterogeneously outside it. They include:
Packet switching
Layered architecture
Best Effort
It may be said that some of these characteristics are principles and others are design goals; and one may wish to add others like universality (preferably in its most constrained definition, “universal reach”) and resilience.
The definitions of Best Effort and End-to-End are rather refined.
Best Effort is a fundamental principle from the early stages of design of the Internet, in order to let the network function over a wide and growing variety of physical supports like radio, copper wire, and optical fiber (optical fiber communications came into existence some 20 years after the Internet was conceived; the same applies for cellular telephony and other wireless technologies, whereas radio communications of more general types had been available since the end of the 19th century.)
End-to-End is often described as “having communications go from one end to another” or “having communications go from one end of another, regardless of where on the network both ends are” but it actually means something more sophisticated, “having communications’ characteristics defined mostly at the end points, leaving the network to do only the job of carrying them.”
Layered architectures and packet switching are not unique to the Internet but have become almost synonymous with it because other instances have faded away.
Another principle that has become part of the core set is Permissionless Innovation. Understood in this context it means something quite simple: there is no owner of the whole network, no authority that has to grant permission for an application or technology to be used on the Internet. Of course other permissions may be needed, such as legality in a given jurisdiction, or those derived from requirements of security, privacy, or the management of intellectual property. They are not permissions intrinsic to the Internet; they apply to the actors (individuals or organizations) that develop, operate, or use the innovations.
As a result, most human conduct can now take place on the Internet or through it. The effects of the Internet on human conduct are:
1. Massification.
2. Identity effects – anonymization is possible, as is the formation and following of precise, detailed digital identities.
3. Transjurisdictional effects – actions on the Internet can take place across many borders, often for each single act.
4. Barrier lowering – cost, legal registration, company size, capital investment, etc. for activities on the Internet are much lower, often negligible, for executing them over the Internet as compared to offline.
5. Friction reduction – obstacles and time such as purchasing authorization, money transfer, customer or seller decisions, participation in discussions, etc. can take place instantly and without intermediation.
6. Memory effects – often paradoxical, memory effects include the pervasiveness of memory in the form of files that eternally and pervasively propagate, and the loss, often massive, of memory in the form of websites, publications, archives, accounts and identities, which are lost through deletion, erasing, physical destruction, company breakdowns, website renewals, or loss of compatibility, media and devices to read and execute information and software which are not regularly transferred to new supports.
Contemporary questions about the Internet rest on the key issues of expanding access and the benefits of the Internet, and of trust on the Internet, on individuals and organizations on and through the Net, and on operations of all kinds held through the Internet. Understanding how the core principles can support trust is indispensable for the development of strategies in all fields.
The Internet is a general purpose interconnection of networks. Standards are defined in an open process and applied voluntarily. Being connected is its own prize, so most actors will comply with the Internet standards developed by the Internet Engineering Task Force and other applicable entities. The decentralization of the Internet also requires an extensive cooperation among all parties, yet allows each of them great freedom on how they choose to operate their part of the Net.
The governance model that has emerged for the Internet is consequent with the above. It is decentralized, multistakeholder, cross-sectional, centered on specific issues and the solution of problems in them, participatory, decentralized and robust. It is generally oriented to specific layers (for example, standards for the Internet layer are developed in the IETF; issues concerning the DNS standards are dealt with in the IETF while the policy for the global coordination of resources is developed within ICANN)
Shifting to Core Values terminology, we find a current of thought which considers the above but tends to focus more on some of the principles and goals already stated, like universal reach or openness, and adds to the list values like freedom – “a free and open Internet accessible to all” would be a fair summary of this view and aspiration. A creative tension within the Dynamic Coalition allows us to make progress based on the contrast between both views.
The flags of access, openness and freedom understood as human rights are also carried by other IGF Dynamic Coalitions, such as those on Internet Rights and Principles (IRP), Open Access and others related to libraries, Network Neutrality (an extension and application of the End-to-End principle), and on Publicness.
Over the years of its existence the Dynamic Coalition on Internet Core Values has examined, in a yearly fashion, developments that enhance or endanger the values and principles that make the Internet be the Internet. While these in turn may vary over time, they have been remarkably stable at the core, and fora such as the IETF serve well in discussing, planning, and executing their evolution. We have looked each year at the effect of major trends on the layered architecture, interoperability, best effort, openness, end-to-end (in this case especially through the lens of Network Neutrality, and leaving the brunt of this task to the excellent work of the DC NN), decentralization, robustness, and scalability.
For 2018 the most notable developments we observe are as follows:
1. National or regional regulations such as the European Union’s GDPR (General Data Protection Regulation) which intending to protect privacy (in the specific form of personal data protection) force Internet operators and intermediaries to establish rules for packet traffic based on geographical boundaries which are not well defined on the Internet, not even well represented by IP addresses. One of many undesirable consequences of this type of ruling has been the denial of service by some providers to users whose IP addresses are identified as related to the EU territories, as the providers are neither obliged under the applicable laws in their location nor equipped to comply with the GDPR (and may even actually break laws, contracts, policies, and accepted practices if they do comply.)
2. The EU’s Copyright Directive establishes obligations for Internet operators and intermediaries that can only be complied with by breaking the layered architecture’s derived obligation of avoiding cross-layer operations. The transit of packets between certain pairs of points has to be interrupted to intercept them and inspect their contents in the higher layers, then make a human (or human proxy through automated, algorithmic decision processes) decision on whether to let the packets arrive at their destination, or else start a notification process to parties such as sender, destination, operator, intermediaries, and authorities.
3. Some countries are establishing and putting in operation surveillance systems that violate the end-to-end principle and that force layer crossings in order to, in turn, affect the openness and decentralization process.
4. These type of systems also affect the scalability of the Internet and through it, the goal of universality.
5. We are generally concerned that the layered architecture is not well understood globally. “The Internet” has acquired too many meanings, ranging from the narrowest referring to the infrastructure of physical networks, IP-protocol packet transmission, routing, and TCP traffic control, to a broad one that encompasses all human activity that uses the networks. In this broader view, people and organizations attribute to the Internet problems that are entirely of human and organizational nature, such as cybercrime, harassment, “fake news” and other forms of disinformation, and tend therefore to seek solutions through intervention in the technology instead of focusing on human activity (as modified by the Internet, if needed.) The motivations of fraudsters or of disinformation campaigns are the same whether fraud be committed on the street or by phishing, whether disinformation be propagated by mouth or in online social media; their impact equally depends on the gullibility of victims and of their susceptibility to framing, or on the weaknesses of education and of political systems. This in turn leads to ill-advised legislation and other norms, such as treaties, standards, regulations, and policies which focus on the medium instead of on the actions and actors that are the actual viable subjects of such norms. An intense and extensive effort to educate legislators, policy makers and all stakeholders who can influence them is needed in order to focus on the right actions at the right layers and the right nodes.
6. We occupied ourselves with “Freedom from Harm” in our recent sessions. Better definitions of harms have been forthcoming, and actions have been started in different fora, such as standards and architectures that enclose IoT devices in distributed but not flat architectures, or laws demanding higher levels of security for devices. We cannot consider the issue closed and will revisit it in the upcoming year within our agenda.
7. The work of the International Telecommunications Union (ITU) leading to and during its Plenipotentiary Conference 2018 is also of serious concern from the point of view of regress on the Core Principles of the Internet. The stakeholders of the Internet are largely excluded from the conference and its preparation through a funnel process that ends up in exclusively intergovernmental decision making, with a humiliating, token presence of a few “sector members” deprived of voice. Decentralization is violated by trying to introduce a framework of decision-making that is concentrated in a highly vertical, controlled process, removed from the effective operation of the Net and interfering with the decentralized, issue-focused processes of the Internet community. The relevance of standards like “DOA”, forcibly reintroduced after almost being discarded in the preparatory processes, the abuse of cybersecurity terminology as a pretext, the imposition of national-boundary delimited norms and the support for their further entrenchment are but a few examples of how deleterious this process is for the Internet.
8. Recent calls made in preparation for and during the Internet Governance Forum’s session in Paris 2018 are also cause of concern from the standpoint of Core Principles and Values. They focus narrowly on some aspects of cybersecurity, imply measures that have already been tested and decried by the technical community for layer crossings, reductions in interoperability and openness, and other side effects. They disregard the best-effort nature of the Internet and the open, multistakeholder participatory processes of its governance. In a probably well-meaning attempt to increase the involvement of governments, with their unique roles and capabilities, they sideline what a broad, global community has been able to build over at least two decades. We call on the community to absorb the productive aspects of these proposals while increasing and consolidating the governance model’s best features.