Strasbourg, 7 October 2010

Ad-hoc Advisory Group on Cross-border Internet
(MC-S-CI)

Draft elements for a framework of general principles of internet governance and duties of States with respect to the protection of critical internet resources in a cross-border context

Discussion paper prepared by the MC-S-CI for the IGF
(Vilnius 14-17 September 2010)

Part I1

Internet Governance principles

(Aware that) The Internet has a public service value understood as people’s significant reliance on the Internet as an essential tool for their everyday activities (communication, information, knowledge, commercial transactions) and the resulting legitimate expectation that Internet services be accessible and affordable, secure, reliable and ongoing;

(Noting that) The Internet infrastructure is exposed to vulnerabilities and threats of technical failure and accidents which ultimately affect citizens’ effective exercise of freedom of expression and access to information;

(Mindful of the fact that) Policy decisions concerning the transnational management of Internet resources also affect the exercise of human rights and fundamental freedoms;

(Recognising that) There is a need to prevent and to cope adequately with the consequences of cross-border acts of interference with and damage to critical Internet infrastructure;

(Recognising that) There is a need to preserve the openness of the global Internet and cross-border flow of content and that network neutrality must be understood as an expression of users’ freedom to have access to Internet resources and as an expression of beliefs in innovation;

(Recognising that) There is a need to step up efforts to deal with criminal offenses committed through the use of Internet and other computer networks in accordance with the Cybercrime Convention;

(Noting that) States have mutual expectations that action taken within their respective jurisdictions which cause transboundary harm to Internet connectivity and stability shall be prevented and minimised and those concerning the management of Internet resources will be consistent with the public interest;

(Affirming that) States are responsible for the fulfilment of their international obligations concerning the protection of human rights and fundamental freedoms and are liable in accordance with international law;

(Noting that) According to the codification of customary international law by the International Law Commission a "state of origin" is under an obligation to exercise due diligence to prevent harm in other states by taking necessary legislative, administrative or other action;

(Convinced that) International co-operation should adhere to the principles of the Geneva Declaration of Principles and should promote the goals of the Tunis Agenda for the Information Society.

(Convinced that) Human rights and fundamental freedoms guaranteed by international law are core values of Internet governance and in that framework the security of person, privacy, freedom of expression and access to information, freedom of association, protection of property, the right to education and cultural diversity should be guaranteed in all processes;

This part may be moved at the explanatory report. For the moment it appears here for the purpose of having a broad picture of the legal construction.

Security of person: Certain acts on the Internet may have negative impact on the right to security of person as provided by Article 3 of the UDHR and Article 5 of the ECHR. The goal of security of information systems should be to protect individuals and society and they should be compatible with the conditions and safeguards of the Council of Europe Cybercrime Convention and the legitimate use and flow of data and information in a democratic society as provided by the 1992 OECD Guidelines for the Security of Information Systems.

Privacy: Personally identifiable information is constantly under threat of misuse in the context of development of services, technologies and protocols. Personal data should be treated in a transparent way and its control of by the citizens should be preserved. Respect for privacy should be ensured in accordance with Article 12 of the UDHR, Article 8 of the ECHR, the 1981 Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data and the 1980 OECD Guidelines for the Protection of Privacy and Transborder Flows of Personal Data.

Freedom of expression and information: Access to Internet content, infrastructure and resources is challenged in the context of management of its infrastructure and traffic flow as well as law enforcement. Freedom of expression and information as guaranteed by Article 19 of the UDHR and Article 10 of the ECHR should be secured to all Internet users.

Freedom of association: Interaction of individuals within religious, political and other communities in cyberspace is closely related to the management of critical resources. Surveillance and locational technologies may have a chilling effect for freedom of association in cyberspace. Freedom of association should be secured in compliance with Article 20 of the UDHR and Article 11 of the ECHR.

Protection of property: Access to technology and information is closely linked to protection of creativity and innovation. Intellectual property protection should be guaranteed in compliance with Article 27 of the UDHR and Article 1 of the first amending protocol of the ECHR, while ensuring that benefits accrue to the general public, inter alia, access to knowledge, development, growth and all types of innovation. The copyright protection under the regime of the WIPO Copyright Treaty and the WIPO performances and phonograms Treaty are relevant in this respect.

Right to education: The Internet and ICTs increase the need for literacy for participation in the job market as well as for literacy and critical thinking to navigate information while on the other provide the means to ensure education, reduce poverty, fully participate in the political, social and cultural life and economy. The right to education as guaranteed by Article 26 of the UDHR and Article 2 of the first amending protocol of the ECHR should be secured as the Internet both requires and facilitates the education of the people of the world.

(Considering that) The principles of Internet design, including openness, interoperability, decentralised responsibility for network operation and policies, end-to-end interoperability, which have stood the test of time and reflect the shared beliefs and commitment of the Internet community are also important values which must be respected and preserved and should be guiding principles for policy making;

This part may be moved to the explanatory report. For the moment it appears here for the purpose of having a broad picture of the legal construction.

Openness: Global, open and non-proprietary core Internet standards and protocols are key features of the Internet design. They allow for the development of applications, content and technological innovations independently. Protocols and standards should continue to be developed in the framework of pluralistic, transparent collaborative processes and with multiple public and private stakeholders according to the principle of subsidiarity (decisions should be made at the most appropriate, efficient level). The open entry into Internet- related markets, transparent multi-stakeholder processes, wide Internet access at equitable costs, human capacity building and efficient global co-ordination should be ensured and open society concepts underlying them, such as freedom of speech, should be preserved.

Interoperability: International open standards should apply to all layers of the Internet architecture to guarantee the interoperability of networks in terms of infrastructures, services and contents. Internet is based on a stable, secure and efficient operation of core architecture. Sustaining integrity and performance of core architecture and ensuring interoperability of the Internet with the support of the Internet community is an important normative goal.

Decentralised responsibility: Infrastructure, software or services are owned and administered by autonomous organisations, which in turn leads to decentralised network operation and policies. Further, by facilitating publicly available and interoperable standards, the Internet leads to decentralisation of software applications and information content. This model which has a record of success in facilitating communication, public access to information, adaptation to changing conditions and making efficient use of available infrastructure should be preserved. Users’ autonomy as well as creative, cultural, linguistic and applications diversity should be supported and promoted.

End-to-end interoperability: The inter-networking layer which provides global connectivity over diverse hardware is best exploited by preserving the end-to-end architectural principle according to which the network provides basic and unrestricted data transport while leaving content, applications and other forms of user-specific information processing to the devices attached to the endpoints of the network. This principle has generated value for the society as it has been the driving force behind technological innovations and network growth and market competition and has encouraged the diversification of information available online by lowering the thresholds for the dissemination of knowledge. The end-to-end principle should be protected globally.

Innovation: Internet architecture and its governance evolve as technological innovation continues to emerge, the number of mobile Internet uses increases, more diverse terminals are connected and the peer-to-peer system develops. The development of knowledge of these critical technologies should be promoted in order to allow for the progress of Internet uses in the society.

(Recalling that) The Tunis Agenda working definition of Internet Governance is the development and application by governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet. This definition applies equally to the current and future public-sector, private-sector and multi-stakeholder governance mechanisms.

(Recalling that) The Geneva Declaration of Principles underlines the need to ensure a multi-stakeholder approach in Internet governance processes the “[i]nternational management of the Internet should be multilateral, transparent and democratic, with the full involvement of governments, the private sector, civil society and international organizations” (para.48).

(Convinced that) The decentralised nature of the roles and responsibilities for the management of the Internet should be preserved and that the private sector should retain its leading role;

(Convinced that) International co-operation should build on this understanding as well as on the existing mechanisms or arrangements on Internet governance in a spirit of complementarity and co-operation according to proper roles and recalling in this regard the WGIG conclusion, “the full involvement of all stakeholders does not necessarily mean that every stakeholder group should have the same role in the development of policies, the preparation of decisions, the actual decisions and then the implementation of decisions” (WGIG Background Report, para.20);

(Considering that) The IGF provides the right setting and impetus for multi-stakeholder interaction in Internet governance;

(Desiring by this Convention to develop the principles embodied in the Tunis Agenda concerning the role of governments) The Tunis Agenda recognised that policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues. The governments are ultimately responsible for the development of public policy in consultation with all stakeholders.
Further, the Tunis Agenda recognised the need for enhanced cooperation in the future, to enable governments, on an equal footing, to carry out their roles and responsibilities, in international public policy issues pertaining to the Internet, but not in the day-to-day technical and operational matters, that do not impact on international public policy issues (para.69).
Using relevant international organisations, such cooperation should include the development of globally-applicable principles on public policy issues associated with the coordination and management of critical Internet resources. In this regard, the organisations responsible for essential tasks associated with the Internet should contribute to creating an environment that facilitates this development of public policy principles (para.70).

Part II

Duties and Responsibilities of States in Internet Governance

A – General principles

1. (No-harm duty) The state of origin should, in co-operation with stakeholders, take all reasonable measures to prevent transboundary harm to Internet resources, connectivity and stability or at any event minimise the risk thereof.

2. (Duty to co-operate) States shall cooperate in good faith and, as necessary, seek the assistance of concerned stakeholders in preventing significant transboundary harm to Internet stability, security and connectivity or at any event in minimising the risk thereof.

3. (Implementation) States shall take the necessary legislative, administrative or other action, including the establishment of suitable monitoring mechanisms to implement the provisions of the present articles.

B – International co-operation

Protection of critical Internet resources

1. States should take all reasonable measures and co-operate to preserve the ongoing functioning of the physical infrastructures of the Internet.

2. States should in co-operation with the private sector partners develop and implement policies and strategies for reducing the risks of technical accidents of the Internet and improving preventive and preparedness measures, in an adequate manner.

3. States should take all reasonable measures to establish and maintain emergency preparedness systems to respond to large scale network security technical incidents. States should inform and consult each other on these measures.

4. If a state needs assistance in the event of an technical accident or failure, it may ask for assistance from other states, indicating the scope and type of assistance required. A state to whom a request for assistance is directed shall promptly decide and inform the requesting Party whether it is in a position to render the assistance required and indicate the scope and terms of the assistance that might be rendered.

5. States should promote respect for public interest of the Internet community in the operation of root servers located within their jurisdictions. With a view to develop confidence building measures in the root server system, states should promote enhanced interaction and co-operation among of stakeholders through formal and informal meetings, exchange of information, consultations and other forms of co-operation.

6. Measures on routing security? – promote the security and interoperability of the Internet in order to increase the confidence of citizens in high-speed broadband networks.

Transnational management of resources in the public interest

1. States should take all appropriate measures to ensure that the development and application of standards, policies, procedures, or practices in the framework of the management of the domain name space and IP address space incorporate protections for human rights and fundamental freedoms of Internet users in compliance with the standards recognised in international human rights law.

2. States should take all appropriate measures to promote the principle that policymaking in relation to the allocation and management of critical Internet resources should articulate the public policy interest that it seeks to advance and formulate the policy in such a way that it restricts in proportion to the advancement of this interest/Restrictions to these rights must be made only in the public interest and in compliance with the principle of proportionality.

3. States should promote the GAC principles for domain name system.

4. States should take all necessary measures to ensure IPv6 timely deployment.

Prevention of cyber attacks

1. States should take appropriate measures, particularly in the fields of education, culture, information, media and public awareness raising, with a view to preventing Internet users’ involvement in cyber attacks and other forms of malicious use of the Internet and its resources which originate from their jurisdictions which have transboundary effects.

2. States should cooperate to prevent in their respective territories, inter alia, by adapting their domestic legislation to the needs of countering preparations for cyber attacks, engaging in joint programmes and actions for preparedness and resilience, entering into mutual assistance agreements and co-ordinated network recovery and stability strategies.

3. States should, as appropriate and with due regard to their capabilities, assist and support each other with a view to enhancing their capacity to prevent cyber-attacks, including through exchange of information and best practices, consultation, development of joint contingency plans as well as through training and other joint efforts of a preventive character.

4. States should afford one another the greatest measure of assistance in connection with criminal investigations or proceedings in respect of cyber attacks, including assistance in obtaining evidence in their possession necessary for the proceedings.

Internet protection in case of interstate conflict

1. States should not cause harm in regard of the critical Internet infrastructures and cross-border flow of the Internet and maintain their viability in cases of interstate conflict.

2. In case of violation of the first paragraph the responsible state shall make promptly full reparation for the injury caused. Injury includes all material damage that would block or significantly impede Internet access.

Protection of cross-border flow of the Internet

    1. States should promote the preservation of openness and network neutrality as key goals of Internet governance policy.

    2. States should take all appropriate measures to ensure that restrictions on the use of Internet connection within their jurisdiction do not affect the rights of Internet users in others to have access to content, services and applications of their choice.

    3. States should co-operate with each other to ensure that Internet users receive information about restrictions and are granted effective remedies.

1 This part has been constructed in a way that can be used both as the preamble of a legal instrument (underlining IG principles and values as constraints for the assertion of primary obligations of prevention and mitigation for states) and a statement in the form of resolution on IG principles.