Should cyberspace be governed? If so, how and by whom? What entities wield the power to do this? What are the stakes for personal privacy and freedom? What steps can be taken in order to ensure the positive evolution of cyberspace? These questions and more were considered at the Global Commission on Internet Governance (GCIG), which just finished a three-day summit at The Hague, Netherlands.
At the end of the summit, the commission published a document, entitled Toward a Social Compact for Digital Privacy and Security, which is a culmination of work since the commission was launched in 2014 by two independent global think tanks, the Centre for International Governance Innovation (CIGI) and Chatham House. The goal of the commission was to “help educate the wider public on the most effective ways to promote Internet access, while simultaneously championing the principles of freedom of expression and the free flow of ideas over the Internet.”
The Commission and its report are very much a response to the Edward Snowden affair and the effects of the revelations on government surveillance had on the internet users. “For the Internet to remain a global engine of social and economic progress that reflects the world’s cultural diversity,” states the report, “confidence must be restored in the Internet because trust is eroding. The Internet should be open, freely available to all, secure and safe.”
Here are the core elements of the report:
Privacy and Personal Data Protection as a Fundamental Human Right:
Fundamental human rights, including privacy and personal data protection, must be protected online. Threats to these core human rights should be addressed by governments and other stakeholders acting both within their own jurisdiction and in cooperation.
The Necessity and Proportionality of Surveillance:
Interception of communications, collection, analysis and use of data over the Internet by law enforcement and government intelligence agencies should be for purposes that are openly specified in advance, authorized by law (including international human rights law) and consistent with the principles of necessity and proportionality. Purposes such as gaining political advantage or exercising repression are not legitimate.
Legal Transparency and Redress for Unlawful Surveillance:
In particular, laws should be publicly accessible, clear, precise, comprehensive and nondiscriminatory, openly arrived at and transparent to individuals and businesses. Robust, independent mechanisms should be in place to ensure accountability and respect for rights. Abuses should be amenable to appropriate redress, with access to an effective remedy provided to individuals whose right to privacy has been violated by unlawful or arbitrary surveillance.
Safeguarding Online Data and Consumer Awareness:
Businesses or other organizations that transmit and store data using the Internet must assume greater responsibility to safeguard that data from illegal intrusion, damage or destruction. Users of paid or so-called “free services” provided on the Internet should know about, and have some choice over, the full range of commercial use on how their data will be deployed, without being excluded from the use of software or services customary for participation in the information age. Such businesses should also demonstrate accountability and provide redress in the case of a security breach.
Big Data and Trust:
There is a need to reverse the erosion of trust in the Internet brought about by the nontransparent market in collecting, centralizing, integrating and analyzing enormous quantities of private information about individuals and enterprises — a kind of private surveillance in the service of “big data,” often under the guise of offering a free service.
Strengthening Private Communications:
Consistent with the United Nations Universal Declaration of Human Rights, communications should be inherently considered private between the intended parties, regardless of communications technology. The role of government should be to strengthen the technology upon which the Internet depends and its use, not to weaken it.
No Back Doors to Private Data:
Governments should not create or require third parties to create “back doors” to access data that would have the effect of weakening the security of the Internet. Efforts by the Internet technical community to incorporate privacy-enhancing solutions in the standards and protocols of the Internet, including end-to-end encryption of data in transit and at rest, should be encouraged.
Public Awareness of Good Cyber-Security Practices:
Governments, working in collaboration with technologists, businesses and civil society, must help educate their publics in good cyber-security practices. They must also collaborate to enhance the training and development of the software workforce globally, to encourage creation of more secure and stable networks around the world.
Mutual Assistance to Curtail Transborder Cyber Threats:
The transborder nature of many significant forms of cyber intrusion curtails the ability of the target state to interdict, investigate and prosecute the individuals or organizations responsible for that intrusion. States should coordinate responses and provide mutual assistance in order to curtail threats, to limit damage and to deter future attacks.
The real question is whether or not the entities that desire these changes will have ability to implement them. The entire document can be read here. A panel discussion from the conference is also worth a watch: