Digital Watch newsletter – Issue 32 – June 2018
MID-YEAR REVIEW: WHERE TECHNOLOGY MEETS HUMANITY
Six months into 2018, technology continues to meet humanity around data protection, ethics and artificial intelligence (AI), online gaming addiction as a health condition, the security of Internet users, and many other digital issues.
In the digital field, six months is a long time, given that most of it was dominated by the Facebook and Cambridge Analytica scandal, and the political scrutiny that followed, and the preparations for the entry into effect of the EU’s General Data Protection Regulation (GDPR).
This mid-year review helps us take a step back and look at the wider picture of digital policy developments. For each of the 10 major trends in digital policy, the number in brackets indicates their ranking in January 2018.
1. (1) GDPR: Data at the centre of digital politics
Anticipation of the GDPR’s entry into effect on 25 May marked the first half of the year, as businesses and organisations updated their data policies and procedures to comply with the new rules. One of the open issues relates to the collection of domain name registration data through ICANN’s WHOIS system.
The GDPR is also affecting the tech industry’s current Internet business model based on monetising data for advertising, and the emerging AI-driven business model which uses data for the development of new algorithms.
2. (5) Artificial intelligence: Between philosophical considerations and practical applications
AI was, as predicted, a prominent topic. The technological developments that continued to push the boundaries, and the increasing debate on philosophical, ethical, legal, and economic aspects has placed AI prominently higher on our list.
On the policy side, countries have continued to pay increasing attention to developments in the field of AI, and to develop strategies and plans. Theimpact of AI on the workforce and the need to adapt the education and formation systemsis another prominent issue.
3. (3) Digital trade and the Internet economy
Early this year, trade diplomats were looking at ways to overcome disagreements that formed at the World Trade Organization (WTO) Ministerial Meeting in December. The first half of 2018 also brought into the sharper focus the risks from trade protectionist trends and potential trade wars.
In areas such as competition, taxation, and privacy, governments are increasingly moving towards regulating the activities of Internet companies, a stark change when compared to the previously dominant laissez-faire approach. Taxation issues in the EU will, however, be harder to agree on, due to the deep divisions between member states.
4. (2) Cybersecurity geopolitics: The search for new governance mechanisms
In 2017, cybersecurity featured high in the public space. So far this year, we have seen a continuation of the search for new governance mechanisms, albeit at a slower pace.
The search for a cybersecurity arrangement will continue. On the high political level, we will know if any compromise is reached on the future of the UN Group of Governmental Experts (GGE). In parallel, many other initiatives will further develop. The Global Commission on Cyber Stability is likely to develop new norms. The Geneva Dialogue on Responsible Behaviour will start mapping the role of governments, business, and civil society. The tech sector will flesh out proposals from the Tech Accord.
5. (6) Bitcoin and cryptocurrencies: Between boom and bust
After 2017, the year of the cryptocurrency revolution, 2018 started as the year of consolidation. Countries started to regulate initial coin offerings (ICOs) and the security of cryptocurrencies among other regulatory issues. The constant rise in crypto-jacking and the weak security of crypto-exchanges also meant that cryptocurrencies were the news quite often.
On a collaborative note, the EU established the European Blockchain Partnership. A total of 22 EU countries will share their expertise in this regulatory field. They will also prepare for the launch of a EU-wide blockchain application.
6. (4) Courts: Active makers of digital rules
So far, we have not seen landmark court decisions on the same scale as we have seen in the past few years. However, courts worldwide are getting busier. The GDPR has already triggered a few court proceedings.
The role of the courts should not be underestimated as a last resort to defend the Internet as such, as is demonstrated in the US lawsuit by tech companies against the Federal Communications Commission (FCC) over the repeal of US net neutrality rules.
7. (7) Content policy: Fake news and violent extremism online
The same prediction as the beginning of the year still holds: Governments will continue to increase pressure on Internet platforms to take responsibility for the content they host. While companies have advanced the fight against the spread of illegal content, governments have started passing new rules that will push companies to take more action.
As expected, Germany’s new regulation against illegal content, and France’s announcement that it would develop legislation against fake news at the start of the year,[link] were followed by policy developments elsewhere.
8. (10) ICANN: Online identities, jurisdiction, and governance
As anticipated in January, ICANN has been busy trying to determine whether and how to adapt its policies to the GDPR. This issue, and other debates related to generic top-level domains (gTLDs), has increased ICANN’s prominence in public debates.
With regard to new gTLDs, the ICANN community has continued its work on reviewing the programme, but another round of new gTLDs is not envisioned before 2021.
9. (9) Encryption: Pressure on backdoor access
The 2018 prediction that governments would likely increase pressure on Internet companies to provide backdoor access has not had widespread fulfillment, although the situation in Russia has brought the possibility into sharp focus. The Russian Supreme Court ruled that Telegram must share its private encryption keys with Russian authorities.
Encryption will remain high on the digital policy agenda. So far, there are no policy solutions for the often opposing interests of the tech industry to protect the privacy of its traffic, and governments’ interest to access traffic for (un)justified reasons, including criminal investigations.
10. (8) Net neutrality: Global impact of FCC’s new order
As predicted in January, the discussion on technical network neutrality did not gain new focus. Much of the attention so far this year has been on the regulatory situation in the USA. With the FCC’s new order coming into effect, several states across the USA have decided to take matters into their own hands.
This article is an excerpt from Prof. Jovan Kurbalija’s mid-year review. Read the full text.
Digital policy developments
The monthly Internet Governance Barometer of Trends tracks specific Internet governance issues in the public policy debate, and reveals focal trends by comparing the issues every month. The barometer determines the presence of specific IG issues in comparison to the previous month. Learn more about each update.
Global IG architecture
At the G7 Summit in Charlevoix, Canada, G7 leaders endorsed a Common vision for the future of artificial intelligence (AI), that will, among others, endeavour to promote the human-centric and commercial adoption of AI.
The European Commission hosted a high-level meeting with representatives of European philosophical and non-confessional organisations, to discuss ethical and social challenges related to AI. The Commission’s ethical guidelines for the development of AI will be finalised by the end of 2018.
The US National Telecommunications and Information Administration (NTIA) invited stakeholders to comment on four broad issues to inform its international Internet policy priorities, including (a) responses to restrictions to the free flow of information and freedom of expression online; (b) US priorities within ICANN, DNS policy, and improvements to the IGF; (c) international venues to address cybersecurity threats and online privacy issues; and (d) emerging technologies that international policy discussions should focus on.
Malaysia is considering the possibility of amending its constitution to include Internet access as a fundamental right, as it looks to bridge the digital divide between urban and rural areas. The status of constitutional right is likely to give additional incentives for the government, both at state and federal level, to boost efforts to provide the service to all Malaysians.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) unveiled a new round on sanctions on five Russian entities and three Russian individuals, charged with directly contributing to building Russia’s offensive cyber and underwater capabilities through their work with the Russian Federal Security Service.
Cyber-attacks on Singapore increased during the Kim-Trump summit. Some 40,000 attacks were launched on Singapore from June 11 to June 12, cybersecurity researchers reported. Singapore received 4.5 times more attacks than the USA or Canada in that time, and this anomaly is being linked d to the meeting of US President Donald Trump and North Korean President Kim Jong-un in Singapore. The Cyber Security Agency of Singapore has refuted these findings.
E-commerce and Internet economy
Uganda has imposed a tax on social media to raise money for the country. Social media users will need to pay 200 Ugandan shillings ($0.05) a day to use popular platforms like Twitter, Facebook, and WhatsApp. The law comes into effect on 1 July.
Members of the Shanghai Cooperation Organisation (SCO) – China, Russia, Kyrgyzstan, Kazakhstan, Tajikistan, Uzbekistan, India, and Pakistan – adopted a joint communiqué stating that the countries will aim to simplify trade procedures, specifically on trade in goods. Member states also touched on governance aspects, and referred to ‘the importance of joint efforts needed to support and strengthen the multilateral trade system based on the standards and principles of the World Trade Organization’.
A court in London, has granted Uber a 15-month 'probationary' licence to operate in the UK capital.
ICANN’s court battle against Germany-based domain name registrar EPAG continues.
MEPs in the European Parliament’s Civil Liberties Committee (LIBE) have voted in favour of a resolution that asks the European Commission to suspend its Privacy Shield agreement with the USA unless data protection safeguards are introduced by 1 September.
In her statement to the 38th session of the Human Rights Council, the UN Special Rapporteur on Violence against Women, Dubravka Šimonović, spoke about combating online/ICT-facilitated violence against women and girls, calling for new laws and stronger regulatory frameworks.
Jurisdiction and legal issues
The Legal Affairs Committee of the European Parliament (JURI) adopted the proposed version of new copyright rules, sparking debate. The directive’s controversial Article 13 requires Internet platforms hosting a large amount of user-generated content to take measures to monitor and identify copyright infringements. Another disputed provision is Article 11, which could impose a ‘snippet tax’ for companies when they use short extracts from other news publications. More on page 7.
In a preliminary decision, the Vienna Commercial Court ruled that YouTube is not a pure intermediary and that it should prevent third parties from uploading material that violates copyright rules. Since YouTube is sorting, filtering, and linking content on its platform, it cannot be considered a pure intermediary and rely on Safe Harbour provisions.
Solomon Islands has dropped its contract with Chinese company Huawei to build an undersea cable to the small island state. Instead, it will receive funds from Australia, which is refocusing its foreign aid programmes on the Pacific.
Facebook has scrapped its plan to develop Internet drones. The decision was prompted by growing interest of the aerospace industry to start investing in this technology.
In the USA, the Federal Communications Commission’s (FCC’s) Restoring Internet Freedom Order took effect in June, repealing the 2015 Open Internet Order and restoring the classification of broadband Internet access service as a lightly regulated information service.
The Body of European Regulators for Electronic Communications (BEREC) and the Telecom Regulatory Authority of India (TRAI) have adopted a Joint Statement for an Open Internet that outlines the common scope and grounds of net neutrality frameworks in Europe and India and shows the parties’ commitment to supervising and enforcing rules and guidelines for an open Internet in their regions.
New technologies (IoT, AI, etc.)
Researchers continued to achieve several breakthroughs in AI. Among them is IBM, which launched an AI system that can engage in reasoned arguments with humans on complex topics. Project Debater, trained in advance on debating methods but not on the details of the debates,'digests massive texts, constructs a well-structured speech on a given topic, delivers it with clarity and purpose, and rebuts its opponent'.
Researchers at MIT’s Computer Science and AI Laboratory have developed an AI system that uses wireless signals to 'see' through walls. Called RF-Pose, the system uses a deep neural network to spot human motion using radio frequency signals reflected by people's bodies. The system could be used in search-and-rescue operations after natural disasters, and for medical purposes.
In a blog post, Google’s CEO described a series of principles which are to guide the company's work on AI. These include developing systems that are accountable to people, and that do not create or reinforce unfair biases.
Several Amazon shareholders wrote to the company's CEO expressing concerns over the selling of facial recognition software to US law enforcement agencies. They are concerned with the potential use of Rekognition to ‘violate civil and human rights' and 'to unfairly and disproportionately target and surveil people of color, immigrants, and civil society organizations'. In May 2018, more than 30 US-based civil society organisations sent a public letter to Amazon, asking the company to stop providing the software to the US government.
Many policy discussions take place in Geneva every month. The following updates cover the main events of the month. For event reports, visit the Past Events section on the GIP Digital Watch observatory.
The workshop, organised by Switzerland Global Enterprise (S-GE), looked at the opportunities for Switzerland as a strong and innovative cybersecurity location. The event took place at the Geneva Internet Platform (GIP) on 5 June, and addressed two goals. First, it linked the cybersecurity industry with the investment promotion community; second, the discussion developed ideas and possible strategies for promoting Switzerland in the field of cybersecurity.
Held on 8 June at the World Intellectual Property Organization (WIPO) headquarters, the public lecture delivered by Dr Peter Singer marked the first in a series of lectures on technology and ethics. Given the fast pace of technological change, institutions are currently under strain and are limited in their response to the challenges arising. Against this backdrop Singer affirmed the importance of considering both the social and ethical impact of new technologies. Referring to different schools of thought, he explained that human rights should serve the human purpose, and that limitations to property rights are generally sought in the name of necessity (albeit to different extents). Singer also discussed bioethical issues, and the automation of work driven by artificial intelligence (AI).
Theevent, organised by the United Nations Interregional Crime and Justice Research Institute (UNICRI) on 14 June, discussed the opportunities technological advances bring to counter and prevent criminal phenomena. The discussions focused on technology, security, and development and put emphasis on the SIRIO Project (Security Improvements through Research, Technology, and Innovation) which aims to identify emerging risks and their possible technological solutions.
The summer school, organised by the University of Geneva on 18‒29 June, gave students the experience of an Internet law clinic to discuss Internet law and policy issues with academics, practitioners, representatives of global policymakers, and international organisations. The topics addressed by the summer school included cybersecurity, digital privacy and online surveillance, free speech, consumer protection, legal issues of social media, dangers of cloud computing, Internet and telecom infrastructure, data protection, and intellectual property.
The 38th session of the United Nations Human Rights Council (UNHRC) is being held from June 18 to July 6 at the Palais des Nations in Geneva. Two draft resolutions include a resolution on ‘Violence against Women’, and another on ‘The promotion, protection and enjoyment of human rights on the Internet’. The GIP reported from selected side events; more updates in our next newsletter.
The Geneva Cybersecurity Law & Policy Conference, organised on 21 June by the University of Geneva and the Hebrew University of Jerusalem, tackled civil liability in the context of cyber-attacks. Discussions featured legal and policy aspects of cybersecurity, and addressed data protection and cybersecurity breaches, risk management and standards of care for victims of cyber-attacks, and the future of cybersecurity.
The research colloquium, organised by the Faculty of Law at the University of Geneva in collaboration with the Berkman Center for Internet & Society at Harvard University, the CRIDES Center for Economic Law and Society at the Catholic University of Louvain, the GIP, and the Institute for Technology and Society of Rio, provided participants with the opportunity to share their research findings, exchange with experts in the field, and receive important feedback.
Copyright law: the pros and cons of Article 13
On 19 June, the European Parliament’s Legal Affairs Committee (JURI) adopted its report on the proposed Copyright Directive reform. One of the most controversial articles of the text is Article 13. Here is a recap of the pros and cons on this new provision.
The ‘snippet tax’
Along with this article, there is also a proposal to adopt Article 11 concerning the imposition of a ‘snippet tax’. This article would give publishers of news the right to remuneration if parts/snippets of their news are further made available by another entity. The arguments for this proposal emphasise the necessity to protect investments in the publishing industry by means of neighbouring rights. Such measures requiring search engines to pay publishers for the use of snippets have already been adopted in Germany and Spain.
Opponents believe that even though the targets of this proposal are big tech companies, such as search engines, this solution would severely affect everyone. This provision would represent a threat for freedom of expression, since bloggers and the online community, when debating issues of public importance and referring to current news, would also be subjected to this regime. ake news and misinformation would also be encouraged by the rephrasing of news instead of linking to reliable content. This new right would also significantly disadvantage news-related startups and small publishers, and is very likely to fail in the light of past experiences.
Article 13 of the proposed Copyright Directive introduces the obligation for online service providers hosting large amounts of work or uploads by their users to take measures, such as content recognition techniques, to protect copyright holders. Such measures need to be appropriate and proportionate. Online service providers will also need to provide copyright holders with information about these measures and report on their implementation.
Arguments in favour
The creative industry has long been arguing that it is facing significant losses due to its inability to protect intellectual property (IP) rights. Even though the E-commerce Directive requires intermediaries to react when notified of a copyright infringement (or any other illegal content), the industry believes this does not happen as much as it should. One of the main criticisms is that the current rules do not have enough teeth to ensure implementation. Rights holders could still rely on the courts, yet the process is slow.
If there is no efficient protection of IP, rights holders do not see any purpose in investing time and money to create new, creative, and original solutions. Ultimately, fewer people will be able to live off revenues from their creativity and innovation.
Some platforms have already been applying filtering techniques. For example, Facebook and YouTube’s content management systems are able to efficiently flag and remove material that infringe copyright. These examples demonstrate that there are solutions which are not only non-intrusive but also on a path to being fully efficient in protecting IP.
Bearing in mind the inefficacy of the current regulatory regime to address these challenges, and some of the positive examples of voluntary implementation of measures that protect rights holders, the creative industry believes that the proposal to hold intermediaries more accountable is the next logical step.
Many organisations have already expressed concerns over Article 13., explaining that it could lead to ‘destroying the Internet as we know it’. The main concern is that content filtering could serve as a tool for surveillance and could therefore endanger freedom of expression. This kind of measure would impose certain forms of moderation which would give rise to abuse, and to arbitrary decisions over which content to allow or remove.
Article 13 is also said to be in contradiction with the principle that forbids the prior monitoring of content ‒ a cornerstone of intermediary regulation. The draft rule would therefore present a significant shift in the regulatory regime of one of the key principles of Internet regulation.
From a technical perspective, filters cannot recognise in every case the difference between content that infringes someone's copyright and other types of content such as parodies or similar legal variations. Filters are not flawless, and this approach would therefore place freedom of expression and the openness of Internet at high risk.
Implementing such measures would mean an added compliance cost for companies, affecting mostly small and medium enterprises (SMEs), which would either need to develop their own solution for content recognition (a less likely scenario) or acquire a not-so-affordable ready-made solution.
The European Parliament will vote on 5 July on whether to rubber-stamp the lead committee’s position. Although there is pressure for negotiations on the copyright reform to be concluded swiftly, a vote against would mean that MEPs could open new negotiations. The European Parliament will then be expected to enter in negotiations with member states, as part of the trilogue phase, in order to agree on the final outcome of this reform.
WHOIS and the GDPR: The question of personal data
The General Data Protection Regulation (GDPR), which has introduced stricter rules for the protection of the personal data of EU residents, is also affecting the domain name industry. Questions have been raised as to whether and how ICANN’s policies need to be brought in line. One particular area of concern has been the WHOIS system and the handling of personal data of domain name registrants.
The broader picture
ICANN, the entity which ensures the global coordination of the Domain Name System (DNS), has agreements with generic top-level domains (gTLDs) registries and registrars. One of the provisions of these agreements relates to the collection and publication – via the WHOIS system – of domain name registration data. Traditionally, such data has also included personal data, such as, the name, phone number, postal address, and e-mail address of the domain name registrant and the administrative and technical contacts associated with the domain name.
Several years ago, the ICANN community started raising concerns about the adequacy of the WHOIS system and the privacy of domain name registrants. An Expert Group (EG) was formed in 2012 to develop a potential alternative model for WHOIS. This was followed, in 2015, by a working group (WG)tasked with determining ‘if and why a next-generation Registration Directory Service (RDS) is needed to replace WHOIS, and creating policies [...] to meet those needs’. The group worked for more than two years, but faced difficulties in reaching common positions.
In 2017, ICANN started paying closer attention to the GDPR’s potential impact on the WHOIS system, and initiated work on possible solutions to ensure compliance with the regulation. In this context, the WG suspended its work indefinitely.
In March 2018, ICANN published an Interim GDPR Compliance Model, followed by a Temporary Specification (TS) for gTLD Registration Data, adopted by the Board in May. The TS introduced several requirements for gTLD registries and registrars:
- When a domain name is registered, the personal details of the registrant and the administrative/technical contacts continue to be collected.
- Personal data is no longer made available via WHOIS. But registries and registrars may give registrants the opportunity to consent to such data being published.
- Registries and registrars now ensure that users can contact the registrant/administrative/technical contact of a domain name via an anonymised e-mail or a web form.
- Registries and registrars must provide access to non-public registration data to users with a ‘legitimate and proportional purpose’ (such as law enforcement agencies (LEAs), IP rights holders, and security researchers), unless the request for access is overridden by the the rights of the data subjects.
Registries and registrars have to apply these rules ‘where required by the GDPR’, but can also choose to apply them globally. Because the TS can only be in force for up to one year, an expedited policy development process has been initiated to develop a consensus policy for a revised WHOIS system.
Access to non-public registration data
While access to non-public registration data is still permitted for users with legitimate interests, there is no uniform system to govern such access. This is why several sections of the ICANN community have been working on uniform accreditation and access models, and, in June, ICANN put forward its own proposal for a possible ‘unified access model’.[link]
The document outlines a unified approach for registries and registrars to provide access to non-public WHOIS data to LEAs, other governmental bodies, and certain categories of private third parties. It also reveals important roles for governments. For example, governments would be involved in the identification of user groups eligible for access to non-public data. They would also determine which LEAs from their jurisdictions should be granted access to full WHOIS data, and would be consulted on identifying relevant bodies to authenticate eligible private users.
During the ICANN62 meeting,[link] these issues were discussed extensively. There were divergent views, but also calls for the community to show willingness to compromise while working on a revised WHOIS system (given the need to have this in place by May 2019, when the TS expires). The proposed unified access model remains subject to discussion, but it is not yet clear whether these discussions should be part of an expedited policy development process, or a different framework. However, most of the community seems to agree that an access model needs to be in place as soon as possible, one that ensures consistency, uniformity, and predictability of access.
For updates, follow the DNS page on the Digital Watch observatory.
Seeking clarity in court
On 25 May, ICANN filed a legal action against Germany-based registrar EPAG, over its decision to stop collecting administrative and technical contact information when domain names are registered. While EPAG claimed that collecting such data was against the GDPR, ICANN argued that the registrar was breaching its contract.
The Regional Court in Bonn ruled against ICANN, stating thatthe collection of personal data of the domain name registrant was sufficient for purposes related to safeguarding against misuse of domain names.ICANN appealed the decision, considering that the court was not clear about the scope of the GDPR and it did not indicate that the collection of administrative and technical contact data would violate the regulation. On 21 June, the Bonn court announced its decision to revisit the initial ruling.
The arrival of 'tech'
If you have followed our coverage of the Internet Governance Forum (IGF) discussions over the years, you would know how closely we follow follow the use of prefixes in digital parlance. We have taken our analysis beyond transcripts, and discovered a new prefix in digital discussions.
The use of prefixes in policy discussions is more than just a study of the evolution of language. Prefixes tell us in which direction discussions are going, and how certain issues are framed and nuanced.
Traditionally, ‘e-’, ‘cyber’, ‘net’, ‘digital’, ‘online’, and ‘virtual’ were the most dominant. The prefixes were (and are) used in specific domains. For example, ‘e-‘ is now typically used in the context of e-commerce; ‘cyber’ is mostly used in security issues; ‘virtual’ is now used mainly for the emerging technology of virtual reality.
This year, we cast our attention on The Economist and its coverage of digital issues. The language has certainly been evolving, as the prefix or descriptor ‘tech’ is establishing dominance in describing digital-related issues. Our analysis of The Economist’s texts on digital issues published between 1 January and 28 June 2018 shows that the adjective ‘tech’ is now used more often than previously dominant prefixes.
Tech, short for technology, is being used as a prefix, such as techplomacy, or as a descriptor, such as with the phrases tech industry, tech policy, etc. It is also used as a suffix in the term ‘fintech’.
Of all the descriptors, ‘tech firm/s’ is the most popular, followed by ‘tech giant/s’, ‘tech company/ies’, ‘tech industry’, and ‘tech titan’. These five phrases make up more than 65% of ‘tech’ usage. The domain which this prefix or descriptor has carved for itself is in reference to the technology industry, which is generally understood to be broader than the Internet industry, but narrower than the technical industry.
The terms ‘tech giants’ and ‘tech titans’ describe those companies which have a large market share, typically concentrated in the Silicon Valley area. It is in this context that ‘techplomacy’ was born: The term describes diplomatic links with the companies mainly in the San Francisco region. The term is likely to get wider recognition and usage.
Lastly, ‘fintech’ ‒ as the name suggests ‒ is used predominantly in the financial technology sector, which describes the use of technology to support, offer, or carry out financial services. In line with our predictions for the next six months (read pages 1 and 3), the increasing prominence of inclusive finance and cryptocurrencies will place the fintech sector in the limelight, and expand the usage of the term ‘tech’.