Global Internet Governance - Actors, Regulations, Transactions and Strategies

2018 Abstracts of Presentations

Session 1 - Inequalities in Internet Governance

Global Informal Governance, Non-State Actors, and Models of National Policy-Making: Explaining Standard Developing Organisation (SDO) Decisions Through Multiple Streams
Alison Harcourt (Exeter University)
Standard developing organisations (SDOs) such have long been dominated by private actors.
However, external actors have been able to steer agendas by constraining problem
recognition and exploiting temporal events which determine the direction of SDO policy
formation. External lobbying has enabled policy entrepreneurs to push their solutions to
policy problems within SDO fora. Key external actors are civil society and states which often have opposing views and neither of which have formal involvement with SDO decisionmaking.
The paper will investigate streams, policy windows and policy entrepreneurs in this
context examining the conditions under which external actors were able to press for policy direction in internet governance standard-setting with case studies on the W3C, IETF and IEEE. In this respect, the panel investigates the processes under which SDO rules of interaction are established at the international level and whose interests are represented under this context.

Lost in (IANA) Transition: Inequalities and Discursive Struggles Within The “Global Multistakeholder Community”
Mauro Santaniello, Francesco Amoretti and Nicola Palladino (University of Salerno)
In Internet Governance (IG), multistakeholderism has been serving as a constitutive idea
around which a global institutional process has developed during the last two decades. This
idea concerns the institutionalized participation of different actors – conceptualized as
stakeholders – in decision-making processes related to the Internet. Multistakeholdersim has
over time produced a specific discourse, with its own meanings, legitimating frames and
vocabularies. It has also informed different processes of global institution-building, which
have produced a constellation of venues of Internet policy-making: the World Summit on
Information Society (WSIS), the Working Group on Internet Governance (WGIS), the Internet
Governance Forum (IGF), the NetMundial Initiative. The multistakeholderist policy discourse
has also set the ground for the most recent case of policy change in the global IG: the socalled
IANA transition. Indeed, the decision of the U.S. Commerce Department's National
Telecommunications and Information Administration (NTIA) to end its oversight on Internet
names and addresses has been framed since the very beginning as a “transition to the global
multistakeholder community”. The paper aims to clarify what this community is, who are its
members, and which narratives and rhetorics have been used in the decision-making
process. Our hypothesis is that relevant exclusionary mechanisms and inequalities among
stakeholders have characterized the transition process, producing empirically appreciable
effects on both the policy discourse and the policy outcome.
In order to verify this hypothesis, the study presents a twofold analysis. The first part is
focused on the design of the transition process; it is based on the methods of policy tracing
and policy network analysis; and it is aimed at clarifying the performative dimension of the
process, i.e. who decided what, and which power relations prevailed in the decision-making
process. In the second part, comments and posts submitted to the Internet Corporation for
Assigned Names and Numbers (ICANN) during the process will be investigated through a
combination of qualitative and quantitative methods for content analysis, in order to identify
definitional struggles, discourse coalitions and the semantic dimensions structuring the
debate. By combining these two analyses, authors seek to understand how “the global
multistakeholder community” has been conceptualized by different actors involved into the
transition, and how conceptualizations have impacted on the whole policy process.

Participation Matters: Potential Effects of the IGF on Internet Governance Capacity Building
Dmitry Epstein (University of Illinois) and Brandie Nonnecke (UC Berkeley)
Now over a decade in existence, the Internet Governance Forum (IGF) continues to attract
thousands from around the world and across stakeholder groups, while producing no
binding outcomes. Over the years, the IGF established a set of engagement principles,
practices, and non-binding outputs that contributed to the growing number of regional and
national IGF initiatives, which treat the IGF as a blueprint. Yet lack of more conventional,
“tangible” results continues to attract a wide range of criticism claiming that the IGF is merely
a “talk shop” potentially detrimental to substantive debates about internet governance. This
paper is an attempt to empirically explore this critique by examining a broader range of
possible effects of participation in the IGF.
This explorative study draws on survey data collected in two phases: before and after 2016
IGF held in Guadalajara, Mexico. The survey measured potential effects of participation on
knowledge of internet governance issues, perceived self-efficacy in influencing internet
governance issues, and perceptions of trustworthiness of different institutions related to
internet governance. The data collection and the preliminary analysis are now complete, but
we are still working on teasing out the more nuanced relationships between the variables.
A total of 150 individuals completed the survey, with 50 individuals completing both the preand
post-survey, 64 completing only the pre-survey, and 36 completing only the postsurvey.
To capture changes in knowledge, we asked participants to both assess their own
expertise in a series of internet governance topics and asked them a series of factual
knowledge questions. We measured changes in trust by capturing three different dimensions:
general trust in internet-governance-related institutions, trust in explicit institutions of
internet governance, and trust in institutions making structural decisions about the IGF itself.
We also adapted a series of established self-efficacy scale to focus specifically on internet
governance.
Our preliminary analysis suggests that there are interesting dynamics in the data that require
additional analysis. Thus, for example, we observed statistically significant and consistent
differences in all three dimensions of trust that we measured. We also observed consistent
marginal shifts in averages that suggest potential avenues for future research (e.g. average
general trust in the UN and multinational corporations went up in the post-survey). Most
interesting, however, we observed a statistically significant increase in self-efficacy between
the pre- and post-IGF surveys. Still lacking, however is a more nuanced analysis that
compares those metrics across stakeholder groups, tenure and engagement in internet
governance, levels of economic development, etc. – analysis that we plan to complete for the
conference.
This study sheds new, empirically-based light on the power inequalities and capacity building
in internet governance, which are at the heart of this year’s GIG-ARTS. Our initial findings are
promising in pointing towards the need for a deeper and more comprehensive look into
potential impacts of the IGF as a venue for internet governance engagement and a capacity
building mechanism.

Towards a New Tech Meritocracy? World Society, Technological Capacity and Participation in Global Internet Governance
Thomas Winzen and David Weyrauch (Mannheim University)
What explains cross-national variation in participation in global Internet governance? The
participants in Internet governance arenas such as the Internet Governance Forum (IGF) or the
Internet Engineering Task Force (IETF) are predominantly private organizations. They have
crucially influenced the Internet’s evolution and contribute to standards and norms in the
emerging Internet of Things (Maple 2017; Mueller 2010). These private actors make a crucial
contribution to the constitution-like architecture of cyberspace (Lessig 2006).
Our focus on cross-national variation may surprise in an area thought to be run by a
transnational technology elite. Yet, with growing recognition of the importance of global
Internet governance, it has become clear that governments care deeply about the
participation of domestic private actors for reasons of economic benefit and regulatory
leverage (e.g. Drezner 2004). Given beliefs in the overrepresentation of United States and
European Union private actors, scholars are not surprised that the US and the EU support
transnational governance mechanisms (e.g. Carr 2015). Brazil, China, Iran or Russia have in
turn advocated more multilateral Internet governance with equal votes per states (Drissel
2006; Glen 2014). To make sense of these tensions, we need to understand variation in
Internet governance participation, and what difference, if any, governments make.
Relevant scholarship is not ideally placed to address this issue. Internet practitioners have
popularized a tech-emancipatory narrative but say less on who can and wants to participate
in Internet governance (Clark 1992; Russell 2006). Transnational governance scholarship
highlights the importance of domestic institutions, wealth, and sectoral organizations for
participation (e.g. Andonova et al. 2017; Mattli & Büthe 2003). With world society theory,
scholars offer theoretical foundations for the tech-emancipatory narrative of Internet
governance practitioners (Meyer et al. 1997). Yet, this perspective remains silent on the
sources of cross-nationally uneven participation in the world society (Beckfield 2003).
Building on world society theory, we highlight the technological foundations of transnational
Internet governance. Government policies from Internet suppression to indigenous standards
development foster small or inward looking technology sectors. In contrast, large and export
oriented technology sectors supply a country’s reservoir of technology experts, interested
and capable of participation in transnational governance. We explain why technological
capacity outweighs explanations based on US and European early mover advantages and the
democracy-autocracy divide. Our arguments suggest a gradual re-distribution of
institutional power in global Internet governance in favor of a new “tech meritocracy” of
technologically capable countries and their domestic private actors.
We provide evidence based on a systematic analysis, in a Bayesian and multilevel framework,
of cross-national variation in participation in the meetings of the IETF and the IGF from
2006-2016. At this point, we have collected all relevant data, written up the theoretical
argument, and conducted the most important empirical analyses. Until the conference, we
will refine the arguments and analysis.

Session 2 – Cyber Capacity Building: Security

Cyber Security Capacity Building: Strengthening Policy Advice
Madeline Carr and Alex Chung (University College London), Atif Hussain and Siraj Shaikh (Coventry University)
The quality of a state’s capacity to respond to the challenges of cyber security is rapidly
coming to be recognised as an important element of global competitiveness. Policy makers,
sometimes with little relevant expertise and often in time-critical scenarios, are asked to
assess evidence from a mix of sources including official threat intelligence, academic
sources, and industry threat reports. Such a diverse evidence base is then used to make
judgments on threat, risk, mitigation and consequences, and to offer advice shaping the
national regulatory landscape, foreign and domestic security policy, and a range of public
and private sector initiatives. Assessment of evidence is a particular problem for policy
making in this context for a number of reasons. First, evidence can be contradictory and/or
potentially carries within it particular agendas or goals that may impede upon its rigour and
reliability. The ‘politicisation’ of cyber security evidence is increasingly problematic as states
sometimes privilege threat intelligence from sources located within their sovereign borders
rather than based on the quality of the research they produce. Secondly, the challenge of
attribution means that there is a limit to which evidence can support policy makers’ decisions
and evaluation of cyber security risks, threats and consequences. Finally, the landscape of
cyber security is developing rapidly and spans many issue areas including national security,
human rights, commercial concerns, and related infrastructure vulnerabilities. Consequently,
policy makers must work to balance a range of sometimes conflicting interests that compete
for attention and they must do so in a field with little precedent to draw upon.
Through this paper, we introduce a two-year, EPSRC-funded project, titled: ‘Evaluating Cyber
Security Evidence for Policy Advice’ (ECSEPA). Preliminary findings from ECSEPA’s phase one
data gathering process is presented: interviews with 20 UK policymakers in HMG on the
sources of cyber security evidence they typically consult. The discussion and analysis section
address gaps in digital policy developments by framing it within the broader context of UK’s
digital policy capacity building strategies. In particular, the paper explores the challenges
faced by policymakers with a view to understanding how support could be better provided. It
also provides insight into how this learning can be leveraged for delivering global
cybersecurity capacity building. Our paper aims to make a policy-oriented contribution
towards digital policymaking in cybersecurity capacity building.

Cyber Security a Shared Responsibility? The Role and Likelihood of Public Private Partnerships in National Cyber-Security Strategies as a Capacity Building Tool of Power Politics
Madeleine Myatt and Detlef Sack (University of Bielefeld)
An open, free and secure cyberspace is mainly seen as a key driver for the promotion of
political and social inclusion, the diffusion of fundamental rights, economic growth and
international competitiveness. In this sense, interconnectivity and the pervasion of digital
technologies in the social, political and economic sphere leads to a constantly growing
reliance on the internet and information and communication technologies (ICTs). As
technology has always been a key driver for change, the rapid advances in development of
ICTs offer new opportunities but also challenges and risks. Particularly regarding the
latter, the shift of more public services online, reported hacking-attacks, cyberespionage
and a growing public awareness since the Snowden-revelations lead to critical voices
emphasizing on the integrity of data and technology and data sovereignty. In this sense,
cyberspace comes to the fore as a security relevant area in a dual perspective: firstly, as a
domain of homeland security in the light of providing a secure digital infrastructure.
Secondly, it can be viewed as a matter of concern, via the use of digital surveillance items
and data-mining tools. In this context, the influence of digital technology as a
distinguishing feature of law enforcement and the strategic value of data is visible and
technological innovation and cyber security capacity building, function increasingly as a
competitive advantage in power relations.
As various states take up the challenges by developing a national cyber security strategy
which define their strategic goals, priorities and implementation measures, a comparative
analysis of
the current NCSS- landscape reveals not only country and/or regional differences, but also
similarities. These include a categorization of cybersecurity as “shared responsibility” with
a direct or indirect emphasis on the concept of public private partnerships (PPP) (e.g. Carr
2016) and a strategic promotion of the cybersecurity industry. The latter is often
underlined with an intention of becoming a “leading nation” or “forerunner” in cyber
security, as a strategic signal for preparedness and competitive advantage in economic
terms. Considering these developments, we stay abreast of changes and put a special
emphasize on a comparative analytical view on launched partnerships arrangements
between the public sector, the cyber security industry and science, based on a combined
content-analysis of NCSS and corresponding strategies on the regional and international
level. It does so, by considering that cyber security appears as an umbrella concept which
links different policy fields. Hence, our paper is focussing on hybrid organisational
arrangements and the contextualisation of different implementations in cyber security.
Our analysis is guided by the question which inducing factors explain in particular
“collaborative governance” (Ansell/Gash 2007; O‘Leary/Vij 2012) and the diffusion of the
shared responsibility attempt. Therefore, we address the debate on “varieties of
capitalism” (Hall/Soskice 2001) to elaborate on the state-market relations in a country, the
tradition of law and order politics and security cultures. Our argumentation contributes to
the characterisation of cyberrelations by highlighting a specific mode of organisation
which aims to expose the (reputed) role of PPPs as strategic tool of capacity building
strategies and power politics in cyberspace.

Cyber Security Strategies: a Comparative Analysis
Domenico Fracchiolla (LUISS University) and Mara Morini (University of Genova)
After the illusion of the End of History (Fukuyama 1992) and the challenge of the clash of
civilization (Huntington 1996), the international community is struggling to find a new
international governance that can bring stability to the emerging multipolar system. The
national cyber security strategies add a new chapter in this research of a new international
order, producing the contrasts and the settlements among the principle players, starting
from the USA, the China, the Russian Federation and the EU. In an era of massive expansion
of cyber attacks, power inequalities in Cyber Security capacity building at all levels -
governments, national infrastructure, businesses, the third sector and individuals- are one of
the main challenges of the international community, depending on different reasons at global
as well as at regional level. On a global level, the main differences of Cyber Security Policies
express the degree of power inequalities and the persistence of gaps in digital policy
developments. They qualify the military and technological differences among countries and
thus the differences in power politics. However, there are some significant exceptions to the
mainstream geography of power politics represented by some countries, like Israel, Dubai,
Australia, Taiwan or Singapore, that developed effective Cyber Policies starting from strategic
investment in this area before other countries in the design and the implementation of Cyber
Strategies.
To better understand the transformations undergoing, this paper explores the capacity of
governments to design and implement Cyber Security strategies and it reviews the level of
coordination among international actors in response to Cyber attacks on strategic
information systems and critical national infrastructures.
An essential mapping of actors and the issues of the national Cyber Security strategies of the
main players will be conducted, evidencing the main features of each strategy and linking
them with national risks. A qualitative analysis of the main official documentation available
will be conducted in order to individuate the fundamental variables to control the hypothesis.
Moreover, the investigation will include also an analysis of the documentations of
International conferences and the international negotiations trying to established common
rules. In this case, the hypothesis is that the structural nature of the international community,
characterized by the principle of the anarchy and the actors playing as primus inter pares
superiorem non recognoscentes, imply excluding strategies of the main players. These
strategies are the result of power politics and they led powerful countries to impose their
policy line to other players or to exclude themselves from binding agreements, as it happens
for other strategic international issue like the climate change or the International Criminal
Court.

The Necessity and Pitfalls of Cybersecurity Capacity Building for Norm Development in Cyberspace
Zine Homburger (Leiden University)
Cyber capacity building including digitalization of the economy is an ever-increasing topic in
the sector of development cooperation due to the expected economic benefits. However, the
focus shifts increasingly from the economic benefits to the risks such developments imply.
While the topic of cyber capacity building is therefore of interest to development as well as
security studies, this paper positions the topic into the discussion of norm development for
state behavior in cyberspace (i.e. within the UNGGE).
Taking into account the architecture of cyberspace and the activities it facilitates, every state
with increasing cyber power also needs to have capacity to secure its networks and systems.
This is a precondition to meet recommended international norms in this field which demand
that a state’s territory is not used for harmful ICT practices. This paper argues that the
effectiveness of norms on state behavior in cyberspace presupposes the capacity of states to
implement such norms. Therefore, capacity building arises as a necessary tool for the
implementation of those norms.
Furthermore, the debate on norms on state behavior in cyberspace is far from consensus.
The positions of China, Russia and the US are often pointed out as a major divide in the
discussion. As capacity building also implies a transfer of values and world views from donor
countries to recipient countries, it can also be seen as a tool for expanding donor’s interests.
Therefore, this paper argues that despite the need for capacity building for norm
effectiveness on an international level, capacity building may lead to a fragmentation of the
norm’s content.
These considerations lead to the following research questions, which will be addressed in
this paper: What role does cyber security capacity building play with regard to international
norm development in cyberspace? To what extent do international norms on state behavior in
cyberspace presuppose capacity of states in the field of cyber security? How can capacity
building further the divide with regard to the content of norms at an international level?
The paper will begin with a brief overview of the process of norm development for
responsible state behavior on an international level. This process will be embedded into the
broader notion of the necessity of norms and the applicability of international law in this
field.
Secondly, the paper will showcase the need of capacity building through the analysis of a due
diligence norm in cyberspace. It will be focused on the requirement of the norm with regard
to knowledge and ability to act.
Thirdly, the different interests of the main players in the field, namely the European Union
states, China and Russia will be analyzed. This will be done using a comparative analysis of
efforts of the Shanghai Cooperation Organization and the Council of Europe in cooperation
with the European Union.
Finally, the paper will conclude with recapitulating on the important role of capacity building
for norm development in cyberspace.

Session 3 – Cyber Capacity Building: Human Rights

The Repressive Potentials of Social Media Regulation: a Warning From Turkey To the World
Sefa Ozalp, Chiara Poletti and Daniel Gray (Cardiff University)
Since the early 2010’s social media (SM) governance has been driven by different state and
non-state actors. Despite their monopoly over infrastructure, SM companies are
increasingly compelled to comply with take-down requests (TDRs) from states and
develop more effective methods of regulation. Several European states, such as France, the
UK, and Germany have passed legislation aimed at increasing SM companies’
responsibility for content regulation, focusing on terrorism and hate speech. Globally, the
amount of TDRs issued by judicial and administrative state bodies is increasing.
Any regulation of content potentially restricts freedom of expression. For this reason, the
United Nations and the Council of Europe insist that any limitation has to be based on law,
seek legitimate objectives, and be necessary (Article 19 (3) of the International Covenant
on Civil and Political Rights and Article 10 (2) of the European Convention on Human
Rights), suggesting a preference for judicial control over administrative control. However,
reliance on judicial control in content regulation still leaves room for significant abuse of
TDRs when a country’s judicial system is compromised by government pressure.
Our research question investigates whether the reliance on judicial control in content
regulation is contributing to increase inequalities. Focusing on Turkey, we present a
critical study of the use of TDRs by governments and their courts, arguing that these
actors may abuse these requests for political reasons, creating inequalities between users
in authoritarian countries and users in states who are more tolerant of political dissent.
Drawing on data from Twitter transparency reports published between 2012 and 2017, we
aggregate and analyse account information requests, judicial and administrative TDRs,
and content withhold requests from Turkey. To date, Turkey has submitted more judicial
and administrative TDRs than any other country, indicating abuse of TDRs for repressive
political purposes. We present evidence that judicial controls can rapidly become as
oppressive as administrative controls if the principle of separation of powers is violated:
following the October 2014 election of Supreme Board of Judges and Prosecutors, which
resulted in extensive executive control over the judiciary (ICJ, 2016), Turkey has
tremendously increased its authoritarian attempts to restrict freedom of speech online.
This increase is reflected in both administrative and judicial TDR counts from Turkey. As
available data are not suitable for pre-post comparison tests, we illustrate our findings by
reporting descriptive statistics and time series line graphs with fitted linear trendlines. We
report correlation between TDR counts issued by judicial and administrative bodies,
indicating similarity between these regulatory bodies.
This study argues that relying on judicial control in content regulation is not the ‘silverbullet’
solution in content regulation, as courts can also be instrumental in curbing
freedom of speech, as illustrated in the case of Turkey. We also suggest two possibilities
to help guarantee equality in the governance system, even in the absence of democratic
presumptions: greater and more transparent self-regulation for SM companies, provided
they respect human rights (i.e. UN Guiding Principles on Business and Human Rights), and
the emergence of decentralised and federated social networks.

Content Control Contestations: Why Authoritarian States Challenge the Internet Freedom Norm
Daniëlle Flonk (Hertie School of Governance)
The focus of this research is how content control norms are contested by coalitions of
states internationally. Content control entails the extent to which national governments try
to control content on the internet, for instance via censorship, counter-information
campaigns, datamining and surveillance. With regard to content control norms, two loose
coalitions of like-minded countries are identifiable. On the one hand, there is a group of
countries – consisting of countries such as the US, the UK, Europe and some Asian
democracies – that prefers more internet freedom, an open internet and a limited role of
the state. On the other hand, another group of countries – consisting of authoritarian
countries as Iran and Saudi Arabia, but mainly led by China and Russia – prefers a more
state-led form of internet governance and cybersovereignty, the protection of traditional
values and state security.
This latter country coalition tries to challenge the internet freedom norm and it does so at
mainly one forum: the UN. At the UN, there is an overlap in membership between the two
coalitions of states that prefer either a more open internet or a state-led form of internet
governance and, as a consequence, conflicts with regard to content control norms occur.
However, it remains puzzling why this cybersovereignty coalition would be concerned with
internationalizing a content control norm that is a domestic affair in its essence. It is not
concerned with legitimacy in the international arena (as the internet freedom coalition is),
so other explanations for this behavior must be explored.
In order to answer the question “With regard to content control, why does a coalition of
authoritarian states contest an internet freedom norm in favor of an international
cybersovereignty norm?”, several theoretical approaches are explored. Existing
international relations theories might argue that states try to promote an international
norm in order to justify their content control behavior. However, since authoritarian states
control (to a certain extent) the borders of the internet, they have no need for this
legitimization. Alternatively, as a more neorealist theory would argue, shaping content
control norms would be the only way of certain regimes to preserve themselves in an
internet landscape (e.g. via the protection of traditional values and suppressing opposition
groups). Moreover, both the internet freedom and the cybersovereignty coalition
cooperate in different regional organizations in order to exchange knowledge about
strategies and policies, in line with a neoliberal argument.
Based on this theoretical framework, the motives will be analyzed for initiating (1) a United
Nations International Code of Conduct for Information Security and (2) a Draft UN
Convention on International Information Security. In the empirical analysis, different
sources are used and triangulated, namely publications by international and national
governments, speech acts during conferences and high-level meetings, and interviews.
The expected outcome is that the motives for authoritarian countries is based on selfpreservation
of their national regimes and therefore based on a different logic than the
motives for democratic countries, that rely more on national justification of policies.

Two Generations of Online Speech Controls in Russia: from Filtering and Blocking to Creating a Copy of the National Internet Infrastructure?
Liudmila Sivetc (University of Turku)
After Russia’s attempt to change the global internet governance model failed at meeting of
the International Telecommunication Union in Dubai in 2012, the Russian government, as
researchers predicted, turned to tightening control over the national internet segment,
known as RuNet. In 2012, blacklisting laws introduced filtering and blocking of websites
which contain unlawful speech. This practice was criticized by scholars and internet
companies as censorship. Since the blacklisting affects online speech platforms, it remains
the most visible and discussed control technique on RuNet. Yet this paper looks for other,
not so noticeable controls. To reveal them, the paper relies on internet infrastructure-centric
theories developed both in legal scholarship by Lessing and Balkin, among others, and in
internet governance literature by DeNardis and Musiani. According to the common point of
these theories, governments can regulate online content by governing internet infrastructure.
At first, the paper answers what control practices based on governing the national DNS apply
and what implications for online free expression they bring. Besides the blacklisting, the
paper discusses the practice of domain name blocking. The paper finds out that, while the
blacklisting allows the Russian government to prevent RuNet users from accessing websites
residing in any jurisdiction, the blocking of domain names allows it to prevent every user
from accessing a website registered in RuNet. Although, in the last case, the control is
limited to domestic websites, this practice is especially precarious for online speech because
this type of blocking, in contrast to the blacklisting, is not introduced by law and cannot be
circumvented.
Moreover, the paper argues that the blacklisting and domain name blocking form only the
first generation of controls. In 2016, the strategy of controlling RuNet by national DNS
infrastructure was replaced by a new one – creating an additional national infrastructure in
which critical internet resources and traffic will be copied. This copy may function not only as
a reserve in case of disconnecting from the global net, but also, in view of this paper, as a
parallel, national cyber-space or RuNet2. The paper answers what controls apply in these
new conditions and what implications for online free expression they invoke. It discusses
data localization law and Yarovaya law requirements. In accordance with the first
requirement, foreign companies are obliged to place data bases with personal data of
Russian citizens within the territory of Russia. Those who not complied with this will be
blocked as LinkedIn was in November 2016. The second requirement obliges internet service
providers to register in a special list of information disseminators. These disseminators
under the threat of blocking have to channel traffic into the copy and give up to Russian
public authorities encryption keys. The paper presents these control techniques as a second
generation of online speech controls which may divide internet users in Russia between two
parallel cyber-realities, one still quite free and the other totally controlled.

Who Owns the Internet, and Why Does it Matter? An Analysis of ISP Ownership in Africa
Tina Freyburg, Lisa Garbe and Veronique Wavre (University of St. Gallen)
For many, the Internet looks like a place where anyone can create and share information, and
where these data make their way seamlessly from one user to another. Yet, access to the
Internet is structured by a number of choke points, notably Internet Service Providers (ISPs)
that are often in the hands of private companies, such as MTN, Orange, or Vodafone. The
existence of these central servers may make it trivial for authoritarian leaders to censor, spy
on, or shut down the Internet – provided that whoever owns them is willing to comply with
their request. We are interested in determining what impact the ownership of
telecommunications companies has on a state’s capacity to control the Internet. In this paper,
we zoom into this question of ownership and provide a systematic investigation of who can
control the Internet through providing access to it. Based on our dataset covering all African
ISPs between 2000 and 2016, we examine ownership patterns across Africa. Our results
illustrate that ISP ownership varies greatly with different political effects in the respective
countries.

Session 4 – Cyber Capacity Building: Economy and Trade

WTO Digital Trade Discussions: Identifying the Way Forward
Marilia Maciel, Jovan Kurbalija and Roxana Radu (DiploFoundation)
The importance of digital flows to the world economy is paramount. Data flows annually
account for an average of 15-20% GDP growth. While the flows of international trade and
finance have flattened since 2008, economic growth has been supported by soaring digital
flows. This scenario creates opportunities for digital trade and for the inclusion of developing
regions and of micro, medium and small-sized enterprises (MSMEs) in global value chains.
As a consequence, digital commerce has gained importance in the multilateral trade system.
For the past two years, member states of the World Trade Organization engaged in an
intensive debate on the regulatory and policy issues that should be tackled by the WTO to
support the growth of e-commerce. These discussions show an interplay with key issues that
are part of the Internet governance agenda, making an explicit connection between trade
issues and topics of a more technical nature, such as data localisation, interoperability,
network neutrality, and access to the source code.
In spite of these efforts, the 2017 WTO Ministerial Conference (MC11) in Buenos Aires failed
to agree on an update to its 19-year-old Work Program on Electronic Commerce. There are
persistent differences of viewpoints between developed and developing countries,
highlighting not only existing power differentials at the negotiation table, but also new types
of inequality introduced by digital technologies. On the one side, many developing countries
argue that negotiations on e-commerce should not be initiated before the developmentrelated
goals of the Doha Round are further advanced; on the other side, a rather diverse
group of more than 70 countries argues for adoption of more robust rules on e-commerce at
the WTO. These countries, including the USA, China, Russia, and the EU, agreed in Buenos
Aires to ‘initiate exploratory work toward future WTO negotiations on trade-related aspects
of e-commerce', which could indicate the start of plurilateral negotiations on digital trade.
Against this background, this paper will map the spectrum of positions espoused by WTO
member states on the issue of e-commerce. The paper aims to identify if there is a zone of
possible agreement among WTO member states, and what it encompasses.
The assessment will focus on analysing: a) non-papers on e-commerce tabled by member
states at the WTO from 2016 to 2018; b) publicly available declarations by state officials and
WTO staff; c) reports from the discussions at MC11 produced by reputed organisations in the
field; and d) post-MC 11 policy positions advanced by member states. The analysis will also
include insights from digital commerce-related provisions in regional trade agreements,
emphasising the plethora of options explored at the moment.
In 2018, the main issue under discussion among the countries that have started working
towards e-commerce negotiations will be how to set parameters between core commercial
issues and wider digital policy issues, and how to bring other countries on board. This paper
will contribute to ongoing policy discussions by shedding light on some of these questions in
order to strengthen the ability of smaller countries to participate in the talks.

Data Flows & National Security: a Conceptual Framework to Assess Restrictions on Data Flows Under GATS Security Exception
Martina Francesca Ferracane (University of Hamburg)
Under the General Agreement on Trade in Services (GATS), the members of the World Trade
Organisation (WTO) have made commitments to liberalise trade in services. They have also
agreed on several exceptions based on which they can deviate from these commitments. The
most extensive of these exceptions is enshrined in Article XIV-bis and it allows WTO
members to deviate from their trade commitments for national security reasons.
While this exception has been used only rarely, questions on the ability of countries to invoke
it (and its possible abuse to impose unnecessary restrictions to trade) are recently reviving as
a new wave of restrictive measures on digital trade is imposed. Restrictions on data flows
across borders are among the most controversial measures been imposed in recent years,
which countries have justified on several occasions under national security concerns.
This paper takes a potential WTO dispute against measures restricting data flows as an
occasion to provide a basic conceptual framework to assess these restrictions under the
existing WTO language. In doing so, the paper intends to fill a gap in the literature as there is
not yet a comprehensive assessment of restrictions on data flows and national security. This
paper intends to demystify the issue by providing a legal and technical analysis on how
restrictions on data flows influence the capacity of a country to protect its national security.
This paper looks first at the current thinking around restrictions on data flows as a trade
restriction (Section I). This section looks both at the interpretation of current GATS language
to assess restrictions on data flows as well as at the new language available in certain trade
agreements that explicitly address the issue of data flows. Assuming that these measures can
be considered a trade restriction, then it remains to be seen how they would be assessed in a
potential WTO dispute if the defendant invokes the national security exception.
In order to answer this question, the paper looks first at the debate on the interpretation of
GATS security exception (Section II), before presenting in detail legal and technical
considerations on how restrictions on data flows can be assessed in a national security
context (Section III). In particular, Section III looks at three cases: cyber espionage, attack on
critical infrastructure and access to data to prevent terrorist attacks. These are considered
the most relevant cases when it comes to data flows and national security, although the
arguments presented can be applied to other scenarios. The final section concludes with
suggestions and some food for thought for future discussions (Section IV).

The International Political Economy of Digital Catching-Up: New Trade Agreements and Digital Latecomers
Shamel Azmeh (University of Bath), Christopher Foster and Jaime Echávarri Valdez (University of Sheffield)
The global economy is experiencing rapid growth in digital trade and cross-border data
flows reflecting the digitalization of the economy. Contrary to trade in traditional products
and services, cross-border digital trade and data flows are less regulated by clear rules. This
increased “policy space” has resulted in growing conflicts between regions and/or nations
who seek to engage in policies in the digital arena. In this paper, we examine contrasting
positions in terms of digital trade, and discuss the international political economy of “digital
catching up”. We do this by drawing on a set of 34 semi-structured interviews undertaken in
2017 with digital policy makers and senior policy managers in the digital sector.
Drawing on a political economy perspective, we describe three contrasting positions currently
influencing the global debate around digital policy. The US, supported by Silicon Valley
lobbying, is strongly pushing for free flows of data. In contrast, the extra-territorial nature of
the EU general data protection regulations (GDPR) might be seen as the basis of a regime
whereby digital activity is mainly shaped through articulations around data protection.
Finally, China has looked to follow more active strategies, where active management of
digital policy is used to nurture digital sectors and protect digitising industries from the
power of international platforms.
The ways in which these positions are exerted is diverse. Trade rules at a global level (i.e.
WTO), or at a multilateral level (i.e. TPP, NAFTA) are becoming a key site to spread free digital
trade regimes. Thus we see growing tech lobbying power looking to support free digital trade
rules, even within smaller bilateral trade deals, as a way to signal a new normal in digital
trade. However, given the reticence of the Trump administration towards global trade, data
protection may become a potential key source of political power. In the EU, the GDPR (and
particularly the vaguely defined notion of “adequacy”) gives the EU some political power to
potentially shape future digital trade.
In these contexts, developing and emerging nations are under pressure to eradicate any
semblance of “digital protectionism”. We argue, however, that this on-going pressure and
push for enforceable rules is taking place before the future implications are clear to policy
makers (or indeed to experts in the digital sector). Policy restrictions may have major
implications on the ability of some of those countries to achieve structural transformation
and upward mobility in the future when digital technology and data become central aspects
of industrial and economic development.

Session 5 – Identifying the gaps: Actors, Diplomacy, and Regulation

Big Data – Big Capacity Gaps? Towards Capacity Building for Big Data in Diplomacy and Development Cooperation in the Context of Small and Developing Countries
Katharina Höne (DiploFoundation)
Modern society is marked by data. Data is continuously-generated, from electronic
devices; from messages, images and videos uploaded online; from drones scanning the
ground and satellites orbiting the earth. It is now put to use in the private sector, where
businesses grow in efficiency and effectiveness by using insights generated by big data.
In the area of foreign policy and diplomacy, many actors have begun to be aware of this
trend. Beyond the hype surrounding big data, questions of how to be ready for the datadriven
era are being raised. In a development context, data and big data are heralded as
ways to better deliver development cooperation and to achieving the Sustainable
Development Goals (UN Global Pulse, 2017).
It is clear that Ministries of Foreign Affairs (MFAs) and ministries responsible for
development cooperation as well as other organisations and individuals engaged in
diplomacy and development need to be aware of these changes related to the use of data.
While some actors and institutions have begun to develop policies and build (internal)
capacities, actors and institutions in small and developing countries often lack the
capacity to follow suit.
Worries have arisen that this will lead to a deepening of existing the capacity divide. UN
Global Pulse (2017), the UN’s initiative focusing on monitoring and prediction in
development and aid programmes, for example warns that ‘major gaps are already
opening up between the data haves and have-nots. Without action, a whole new inequality
frontier will split the world between those who know, and those who do not’.
This concerns not only the ability to draw on all available resources for conducting foreign
policy and managing international relations. Rather, it also touches on the ability of
developing countries to fully participate in development cooperation efforts while keeping
a critical eye on the capabilities as well as pitfalls of the big data trend.
Building on existing research on how to update the practice of diplomacy to the data
driven-era (Rosen Jacobson and Höne, forthcoming), the paper will focus on capacity
building for developing countries in the area of big data for development and diplomacy.
Following the UNDP (2009) definition, capacity building is understood as ‘the ability of
individuals, institutions and societies to perform functions, solve problems, and set and
achieve objectives1 in a sustainable manner’. Based on a mapping of the role of big data
in achieving the SDGs and the future data capacity needs outlined by, for example, the
High-Level Political Forum on Sustainable Development (Rosen Jacobson, 2017), the paper
aims to develop concrete suggestions for capacity building in the area of big data for
development and diplomacy.

Artificial Limitations and Meaningful Access: How Artificial Limitations on the Internet Affect Digital Inequalities
Massimo Ragnedda and Hanna Kreitem (Northumbria University)
The report "Policy Options for Connecting and Enabling the Next Billion – Phase II", an
output of a two-year Internet Governance Forum activity on the subject, focused on
Meaningful Internet Access as a shared goal at the core of Internet governance. The report
expanded on what constitutes meaningful access from availability of quality affordable
access to skills related to accessing and producing content, with trust and no fear of
threats resultant from Internet use or surveillance. However, the report barely mentioned
limitations set artificially on the Internet. This submission looks at some of these
limitations, trying to answer the question how does Internet artificial limitations effect
meaningful access and Internet use, based on preliminary research results from a sample
in Bahrain.
Our research uses tangible outcomes of Internet use, the so-called Third level of digital
divide, as a measurement for digital inequality, and outlines information controls and
artificial Internet limitations as a possible cause of difference in opportunities available to
people, arguing that imposing artificial limitations on the Internet hinders meaningful
Internet access and uses. The limitations studied include content and service blocking,
censorship, and Internet shutdowns, as well as soft limitations perceived by users, such as
monitoring, and persecution as a result online activity. Internet limitations is measured
based on data collected from network measurements using Open Observatory of Network
Interference (OONI) probe, a software that runs on customised probes, computers, and
mobile devices to test for blocking of websites, blocking of some of the most common
instant messaging applications, blocking of circumvention tools, and detection of systems
that could be responsible for censorship and/or surveillance
For Internet uses, the research relies on data collected on tangible outcomes of Internet
use from a non-representative sample in Bahrain, using a modified version by the
instrument developed for the Digital Skills to Tangible Outcomes (DiSTO) project. The
instrument measures activity influenced by Internet use, from economic (labour and
commerce), social, political, institutional (governmental and health), and educational
activities.
We cross the results from the measurements on Internet limitations and outcomes of
Internet uses to outline the relation between limited Internet access, and outcomes of
Internet use, arguing that artificial Internet limitations should be taken into consideration
when deciding on meaningful Internet access in Internet Governance activities, in addition
to suggesting a method for research on Internet artificial limitations

Who direct Social Media governance? An empirical study of actors performing the controversy around Social Media and content regulation
Chiara Poletti (Cardiff University)
The usage and structure of Social Media (SM) platforms have become a controversial
global policy issue. Since the recent wave of terrorist attacks in Europe, newspapers and
political institutions have associated SM platforms to hateful and abusive speech, fake
news, extremism and terrorism. Contents published on platforms have been increasingly
subject to regulation, either as the result of legislation and takedown requests from
governments, or SM companies' automatic and human moderation systems. Nonetheless,
a definitive solution to the problem has not been found. The controversy deepens, with
representatives of civil society, NGOs and International organisations stressing the
implications for human rights of public and private measures of content regulation (CoE
2016, Edri 2016, UN and Kaye 2016).
The actors mobilised by the issue have different agendas and perform different
interpretations of threats and freedoms. In the lack of established governance system
clarifying roles and responsibilities, the order arising will be directed by those actors
capable of engaging the others in their interpretation of reality, with massive
repercussions on the reproduction of power inequality and the safeguard of human rights.
It is thus of crucial importance to understand who is taking part in this process, whether
the new ordering benefits of a wide-ranging representation of interests and whether it is
contributing to reducing (or reinforcing) inequalities.
Drawing on Actor-Network Theory perspective, this study proposes to investigate
governance of SM platforms as a controversy around content moderation/freedom of
speech, focusing on the controversy developed in the UK. This perspective focuses on
forms of governance as the emerging outcome of the associations of different
heterogeneous elements (e.g. private companies, users, governments, but also code,
algorithms, regulations, specific forms of communication), mobilised around a matter of
concern. It considers how different actors are actively engaging others in a process of
translation, enrolling and assigning specific roles, and managing to impose a certain
interpretation of the issue (e.g. black box).
Using traditional and innovative digital methodology, the study empirically considers who
is taking part in the debate about content regulation and SM governance, whose positions
are represented, and who is excluded from the debate.
The analysis shows the actors mobilised around the topic of social media and freedom of
expression/hate speech in three different public spaces: google.co.uk, academia and UK
newspapers. It indicates the presence of competing forms of ordering: state ordering
promoted by national policymakers, the "private ordering" produced by social media
companies, and the alternative forms of ordering presented by academic scholars and
NGOs. It confirms that the definition of threats changes according to the different
categories of actors (e.g. terrorism and children safety for the government, algorithms for
academia). It also reveals a relatively scarce representation of ethnic minorities and LGBT
perspective on the issue, and the massive presence of state and giant companies (e.g.
Facebook and Twitter), which can reinforce existing divisions and inequalities. Given the
specific theoretical approach, the results present also an interesting reflection on the role
of technology (e.g. algorithms, bots) as disruptive element challenging predictable
outcomes.