Privacy Advisor

Privacy worries surround UN Internet regulations

September 1, 2012

By Mathew J. Schwartz

What would online privacy look like if the United Nations regulated the Internet?

That's one question on the minds of privacy advocates as the International Telecommunication Union (ITU)—a UN agency based in Geneva, Switzerland, that regulates telecommunications and IT issues—approaches the task of helping the UN decide if it should exert more control over Internet governance.

Such discussions are occurring as the ITU seeks to update the current international telecommunications regulations, which were agreed upon 25 years ago, before the rise of widespread Internet or smartphone use—never mind voice over IP (VoIP) networks, net neutrality  or international roaming charges. Already, representatives from numerous UN member states have been submitting proposals that will be debated this December in Dubai at the World Conference on International Telecommunications (WCIT-12) as the ITU rethinks the International Telecommunications Regulations (ITRs) that—according to an agency overview—"serve as the binding global treaty outlining the principles which govern the way international voice, data and video traffic is handled, and which lay the foundation for ongoing innovation and market growth."

But some of the submitted proposals have technologists and—at least in the United States—legislators up in arms, leading to allegations that the renegotiated treaty could allow countries such as China and Russia to more easily censor the Internet. With that in mind, the U.S. House of Representatives has unanimously backed an "Internet freedom" resolution from Rep. Mary Bono Mack (R-CA).

"Today’s unanimous vote sends a clear and unmistakable message: The American people want to keep the Internet free from government control and prevent Russia, China and other nations from succeeding in giving the UN unprecedented power over web content and infrastructure," said Mack in a statement.

Google, for one, applauded the House resolution. "Traditionally, international discussions of Internet policy have flourished in a 'multistakeholder' system that involves the input of lawmakers, academics, civil society and users," said Vint Cerf, Google's "chief Internet evangelist," in a blog post. "If certain member states are successful in Dubai, they could change the Internet governance process as we know it, increasing state control over networks and substantially limiting the role of users and other vital, nongovernmental actors in important Internet policy debates."

Countdown to Dubai

Just what will happen in Dubai this December? Writing earlier this year in Vanity Fair, Michael Joseph Gross noted that Dubai will likely feature three big discussions: Internet taxation—"a 'per-click levy' on international Internet traffic"—meant to build up the Internet in developing countries but which could eat into revenues of companies such as Google; attempts by authoritarian governments to eliminate online anonymity by tying people's online actions to their real identities, which is technically difficult to enforce, and an overhaul of Internet management, as Russia and China lead a charge to dismantle the organization known as the Internet Committee for Assigned Names and Numbers (ICANN), which manages domain names and was created in part by Cerf.

But, there are numerous other proposals on the table, ranging from "communications as a human right" and critical infrastructure protection to price-capping international mobile roaming charges and improving cross-border cybercrime investigation cooperation. On the privacy front, meanwhile, one proposal states, “Member states shall ensure that intercept and monitoring of international telecommunications be subject to due process authorized in accordance with national law.” In other words, phone calls couldn't be wiretapped without going through the correct legal channels, which in most countries would involve a court order.

That proposal would seem to provide reasonable protection against unwarranted state intrusion into people's lives. But according to a well-informed source who spoke on condition of anonymity and who has knowledge of the treaty negotiations—which are largely being conducted in secret—the legal-intercept proposal has so far been vigorously protested not by authoritarian Middle Eastern or African regimes but Western democracies.

Telecommunications goals on the table

As that suggests, the supposed fight for Internet freedoms—with China, Russia and their allies making a naked bid to seize control of the Internet, abetted by the UN—doesn't seem to add up.

"Many of the reports have been overblown. The ITU won't be making any changes to its regulations that impact the Internet without a consensus of states, and therefore, the 'fringe' proposals that have been causing so much concern have no real prospect of adoption," said Jeremy Malcolm, an Australian scholar and lawyer who specializes in Internet governance.

Many people, however, would like to see the UN take a tougher stance on promoting people's online privacy rights.

"The lack of a global standard for online privacy is something that is currently broken … so a more globalized approach would not be a bad thing," said Malcolm. On a related note, he's helping to organize a November gathering called Best Bits—sponsored in part by Google—in Azerbaijan, which aims to emphasize these types of issues and inject more of a civil society voice to the WCIT and telecommunications treaty discussions.

But efforts are already well underway to scuttle Dubai. According to the aforementioned source, the U.S. State Department has begun a concerted lobbying effort to get all of the WCIT participants to agree with the United States position, which is to leave the international telecommunications treaty unchanged. A State Department spokeswoman did not respond to a request for comment on that assertion.

ITU emphasizes Internet expansion

Rounding out the debate, ITU Secretary-General Hamadoun I. Touré has vigorously dismissed all claims that his agency is attempting an Internet governance power grab and emphasized that the ITU's treaty negotiation goals are to help the Internet evolve farther, faster.

"We all want to see greater Internet usage in developing countries. And I presume that we all want consumers to feel that they are getting good value for money when they roam," said Touré in a speech delivered this past June to the WCIT-12 working group. "So it would seem fully appropriate to discuss these matters in Dubai—so that we can find ways to bring down the cost of Internet connectivity in developing countries while ensuring sufficient revenues for operators to deploy broadband infrastructure."

Touré also told the BBC that the ITU has no intention of trying to seize control of the responsibilities currently handled by ICANN, stating, "Has anybody suggested to take responsibility from ICANN? No, it's never been done. I truly believe there is a complementarity involved between our work. We can work together."

Seeking international privacy standards

Dubai aside, from a big-picture online privacy standpoint, would it ever be practical to pursue a global standard—in the UN or elsewhere—given the range of diverging opinions and approaches as exemplified by the classic U.S. "opt-out" versus Europe "opt-in" approach to personal data collection?

Even countries inside Europe can't agree on many privacy principles, to say nothing of how related laws should be updated for the Internet age. As Peter Fleischer, Google's global privacy counsel, recently asked on his personal blog when discussing privacy in Europe, "Does one size fit all?"

Those difficulties multiply in the context of the UN, given countries' vastly differing approaches to privacy, blasphemy, freedom of expression, surveillance and state control. Accordingly, even if the ITU was to put the concept of a global set of privacy regulations on the table, it's unclear whether they'd end up in any treaty.

“I think it will be very hard to resolve this in a way that’s globally acceptable,” Google's Cerf told Vanity Fair.

On the other hand, some privacy watchers still want related discussions to occur.

"It would not be possible to create global rules—and there will always be a place for national regulation," said Malcolm, the Internet governance expert. "But we can still deliberate upon ways to make those rules work together and common baseline standards that can underlie the different approaches."

Mathew Schwartz reports on information security and privacy issues for InformationWeek, The Privacy Advisor and Inside 1 to 1: Privacy.

Read more by Mathew Schwartz:
Online piracy eradication efforts spark privacy concerns
Social networks seek workplace privacy protections
Facing the privacy implications of IPv6
How 9/11 changed privacy