Today at the OECD Ministerial Meeting on the Digital Economy in Mexico, the Global Commission on Internet Governance released its final report, One Internet. Despite its important-sounding name, the Commission is not an official body, but a think tank convened in 2014 by the Center for International Governance Innovation (CIGI) and Chatham House, composed of a diverse panel of 29 invited experts from industry, government, academia, and civil society (including EFF Pioneer Award recipient Anriette Esterhuysen).

The Commission had a broad and open mandate to articulate and advance a strategic vision for the future of Internet governance in light of some of its most hotly-disputed global political challenges. Foremost among these challenges are the betrayal of Internet users' trust by states engaged in mass online surveillance, and moves by authoritarian states to control and restrict the open Internet. In light of these challenges, the Commission's report suggests a series of recommendations, many of which EFF supports, towards creating a more open, secure, trustworthy, and inclusive Internet.

Policy Recommendations

The recommendations are wide-ranging, so here we highlight the ones that touch on the areas in which EFF works:

Net neutrality. Recognizing net neutrality as a key principle to help preserve the Internet's accessibility, the Commission makes a number of relevant recommendations to further this principle by promoting competition and access to network infrastructure, and sanctioning non-neutral practices such as blocking, filtering, and zero-rating. On this last point, its recommendation that "In the absence of sufficient competition to enable consumer choice, there should be no exclusive agreements to provide zero-rated content" broadly aligns with EFF's view.

Recognizing net neutrality as a key principle to help preserve the Internet's accessibility, the Commission makes a number of relevant recommendations to further this principle by promoting competition and access to network infrastructure, and sanctioning non-neutral practices such as blocking, filtering, and zero-rating. On this last point, its recommendation that "In the absence of sufficient competition to enable consumer choice, there should be no exclusive agreements to provide zero-rated content" broadly aligns with EFF's view. Mass surveillance. Echoing the Necessary and Proportionate principles, the Commission recommends that "Interception of communications and collection and analysis of data over the Internet by law enforcement and government intelligence agencies should be for legitimate purposes, openly specified in advance, authorized by law and requiring the application of the principles of necessity and proportionality." The report also recommends that "International data-sharing agreements between governments should not be used to circumvent the national laws of a country and should respect human rights."

Echoing the Necessary and Proportionate principles, the Commission recommends that "Interception of communications and collection and analysis of data over the Internet by law enforcement and government intelligence agencies should be for legitimate purposes, openly specified in advance, authorized by law and requiring the application of the principles of necessity and proportionality." The report also recommends that "International data-sharing agreements between governments should not be used to circumvent the national laws of a country and should respect human rights." Privacy and data protection. Since users' privacy is threatened not only by official surveillance but also by commercial data collection, the Commission recommends that users of online services " should know about and have some choice over the full range of ways in which their data will be deployed, " and that "To assure the public that their data is being appropriately protected, states that do not already have comprehensive personal data protection legislation and a privacy enforcement authority with legal enforcement powers should take steps to create such regimes."

Since users' privacy is threatened not only by official surveillance but also by commercial data collection, the Commission recommends that users of online services " " and that "To assure the public that their data is being appropriately protected, states that do not already have comprehensive personal data protection legislation and a privacy enforcement authority with legal enforcement powers should take steps to create such regimes." Intermediary liability. The Commission cites the Manila Principles on Intermediary Liability and affirms that it "fully supports" the legal principles of "shielding intermediaries from liability for third-party content; the requirement of judicial authority for content takedowns; necessity and proportionality; clarity and due process; and transparency and accountability. The Commission also believes that actors in the digital ecosystem—whether technology companies or intermediaries such as content hosts or ISPs—should not be required to perform the functions of law enforcement, except as required by appropriate judicial order."

The Commission cites the Manila Principles on Intermediary Liability and affirms that it "fully supports" the legal principles of "shielding intermediaries from liability for third-party content; the requirement of judicial authority for content takedowns; necessity and proportionality; clarity and due process; and transparency and accountability. The Commission also believes that actors in the digital ecosystem—whether technology companies or intermediaries such as content hosts or ISPs—should not be required to perform the functions of law enforcement, except as required by appropriate judicial order." Encryption. The Commission recognizes that " Governments should not create or require third parties to create “back doors” to access data that would have the effect of weakening the security of the Internet," and further notes that " States should not rely upon the weaker data collection rules that govern private companies to get access to information that they could not obtain themselves through legal channels."

In some cases, given the complexity of the areas tackled and the diversity of the panel, no recommendation is given by the Commission, or its recommendations are fudged or tentative. For example, the panel covers both sides of the arguments around improving the transparency of the algorithms behind online services that we all use, but fails to reach much of a conclusion other than that more discussion and study is needed.

Similarly, the Commission fails to make much headway in reconciling its support for encryption with the demands of law enforcement, and rolls out some unhelpful stereotypes about encrypted services as the "shadowy underbelly of the Internet." It does, however, recommend that in seeking to reconcile law enforcement demands with users' rights, "any solutions should be derived through a multi-stakeholder process, broadly agreed, and must be subject to legal oversight, governed by principles of necessity, proportionality and avoidance of unintended consequences."

Meaningful Stakeholder Inclusion in Internet Governance

A problem here is that the supposed multi-stakeholder processes through which such solutions to highly contested policy issues could be rolled out don't really exist yet, outside of the very narrow area of Internet names and numbers, handled by ICANN. Although the OECD, which meets this week in Mexico, makes claims to following a multi-stakeholder model of policy development, by taking advice from a Civil Society Information Society Advisory Council (CSISAC, in which EFF is a participant), this is a rather shallow form of consultation that invites community input only once governments have already set the agenda, and provides little assurance that this input will actually be taken into account by policy makers.

The Commission report hits the nail on the head by noting the hypocrisy of governments' claims to uphold a multi-stakeholder model of Internet policy development, while actually pursuing their policy objectives in closed fora:

In practice, the principle of multi-stakeholder governance may be honoured as much in the breach as in the observance. In terms of real-world impact, bilateral and multilateral free trade agreements can significantly affect Internet governance issues. Many, such as the Trans Pacific Partnership Agreement, specifically address important issues such as data localization, encryption, censorship and transparency, all of which are generally regarded as forming part of the Internet governance landscape; However, they are negotiated exclusively by governments and usually in secret.

As EFF and its partners have also observed, this is clearly not sustainable. The Commission's own research affirms this, finding that in answer to the question "how much do you trust each of the following to play an important role in running the Internet," the fewest people (36%) would trust the United States, whereas the most (57%) would trust a combined body of technology companies, engineers, non-governmental organizations and institutions that represent the interests and will of ordinary citizens and governments. No such body yet exists, and the Commission does not recommend creating one afresh.

Short of creating a new body, is it possible to utilize a more meaningfully inclusive multi-stakeholder environment for the development of recommendations on global Internet policy? Some have held out hope that the Internet Governance Forum (IGF) could provide a forum for the development of such recommendations, but it has not lived up to this promise, hampered by accountability problems and a chronic lack of funding. The Commission accordingly recommends, "The United Nations should take practical steps to implement the decision of member states to extend the mandate of the IGF, including providing the necessary funding for its base budget."

Social Compact for a Digital Society

Meanwhile, the Commission sets its sights a little lower than wholesale reform of global governance arrangements, suggesting instead the need for a new collaboratively-developed "Social Compact for a Digital Society," containing some basic principles to secure the Internet's future. It even suggests some elements around which such a compact might be based, beginning with the statement that "Fundamental human rights, including privacy and personal data protection, must be protected online. Threats to these core human rights should be addressed by governments and other stakeholders acting both within their own jurisdiction and in cooperation."

As welcome as this sounds, we don't know whether such a compact is really a realistic prospect. The Commission itself acknowledges the difficulty and perhaps impossibility of developing such a compact that would be truly universal, given the likely antipathy of those states that are "erecting borders in cyberspace and asserting the government’s right to impose significant constraints on the free flow of information on the Internet."

That said, there is an undoubted need to help all stakeholders find areas of agreement in addressing current challenges in Internet governance, and the Commission's One Internet report is a worthy contribution to that ongoing endeavor. EFF doesn't agree with everything in the report, but commends it as worthy reading for policymakers and stakeholders who share the vision of an more accessible, inclusive, secure, and trustworthy Internet, even if that utopian end state may never be fully realized.