Home / Blogs

Lessons for the Internet Governance Forum from the IETF

Jeremy Malcolm

As Antonios Broumas has correctly observed, the Internet Governance Forum (IGF) begins life in Athens next week without the means for its participants to agree upon any substantive documents such as resolutions or declarations. Indeed, according to Nitin Desai, the Chairman of its Advisory Group, it is impossible for the IGF to make any decisions, as it "is not a decision-making body. We have no members so we have no power to make decision."

Instead, the only agenda for action that the IGF's Web site suggests may follow from the first meeting is the emergence of "dynamic coalitions", which are described as "a group of institutions or people who agree to pursue an initiative started at the inaugural IGF meeting".

However for the IGF to abdicate responsibility for the substantive work of Internet governance in favour of amorphous external coalitions is to reduce the breadth of its mandate. Whilst the closest thing to a constitutional document for the IGF, the Tunis Agenda, does state in paragraph 77 that the IGF is to be a non-binding process, there is a considerable difference between making decisions, and making binding decisions.

"Soft-law" documents such as codes, resolutions, declarations, and even model laws, are by nature non-binding. There is therefore nothing to prevent a body that lacks legal authority from developing such documents; if they are well considered and reflect a broad consensus, that body's stakeholders will tend to adopt them into their own practice, policy or law. If they are not, they will not be. Not only is this commonplace in the development of international (public) and transnational (private) law, it also reflects the way in which Internet standards are developed within the Internet Engineering Task Force (IETF).

The Internet Standards Process set out in RFC 2026 provides that an Internet standard is a "specification for which significant implementation and successful operational experience has been obtained" and which "is characterized by a high degree of technical maturity and by a generally held belief that the specified protocol or service provides significant benefit to the Internet community". Yet it has no binding force; its only force lies in the consensus that has been built up surrounding its suitability as a standard.

Although this addresses the objection that the IGF cannot make decisions because its process is required to be non-binding, Nitin Desai in the passage quoted above isolated a second problem in the fact that the IGF "has no members". This is a question of semantics though, as it could equally be said that the IGF has as many members as wish to participate in it. There are estimated to be over 1000, from government, the private sector, civil society and intergovernmental organisations, attending its first meeting in Athens. But however the IGF's membership (or lack thereof) is characterised, is Desai correct in identifying it as a problem?

If it were a problem, it would be one that equally affected the IETF, as it is structured in the same way. The closest thing to "membership" of the IETF is participation on its mailing lists. And yet the IETF's experience shows that the lack of a definite membership does not preclude it from making decisions. What it does do is to determine the manner in which those decisions are made. Specifically, it precludes the use of voting, in favour of the use of consensus ("rough consensus", in the IETF's case). There is no reason why the IGF could not reach decisions by the same principle.

But this raises the final of three problems with the IGF's capacity to make decisions, and the most valid. As observed by Antonios Broumas in the article mentioned at the beginning of this story, it is simply not structured in such a way as to allow it to do so. There is an Advisory Council, yes (chosen by the UN-appointed Secretariat), but the IGF is otherwise just a series of meetings; four main plenary sessions on the themes of openness, security, diversity and access, and a number of smaller workshops.

In comparison, the IETF is divided into eight technical Areas: Applications, General, Internet, Operations and Management, Real-time Applications and Infrastructure, Routing, Security, and Transport. Within each of the Areas are numerous Working Groups established to work on specific projects, usually the development of specifications for a proposed Internet standard. Each Working Group has a Chair, and may have a number of subcommittees known as "design teams" which often perform the bulk of the work in drawing up the specification. Other bodies involved in Internet governance such as the W3C and the ITU, are structured in a similar manner.

To facilitate its ability to make decisions, there is no reason (except political) why Working Groups of the IGF could not also be established to focus on particular issue areas, such as for example spam, privacy and interconnection costs. Much as occurs within the IETF, the conclusion of a successful workshop should be a precondition to the formation of such a Working Group, and its formation could be subject to approval of the Advisory Council and ratification of the IGF as a whole.

Compare this again to the IGF Secretariat's conception of the most likely venue for substantive action arising out of the IGF's first meeting: "dynamic coalitions". Whilst the IGF may not have a defined membership capable of making decisions by vote, the composition of a dynamic coalition carries far less guarantee of being representative. Additionally, whereas a formal Working Group can be made accountable to the IGF and be required to conduct its affairs with transparency, an informal dynamic coalition is subject to no such safeguards.

So of three reasons why it might have been said that the IGF cannot make decisions, only one has been found to be compelling; the lack of a Working Group structure within which for decisions to be made. And that is not so much a reason, as a choice. If there is sufficient will amongst the stakeholders of the IGF that it should have the power to draft soft-law instruments such as resolutions and declarations by consensus, then there is nothing in its mandate that prevents it from doing so.

All that stands in the way of an IGF that is effective in developing public policy for the Internet, rather than just discussing it, is the political will needed amongst its stakeholders to create the appropriate Working Group structures needed for it to do so. It follows that the IGF should not be too quick to abdicate its responsibility to unrepresentative and unaccountable "dynamic coalitions". Instead, it would do well to consider some of the lessons that it could learn from the most successful body that has been engaged in Internet governance over the past twenty years; the IETF.

By Jeremy Malcolm, Co-coordinator, Civil Society Internet Governance Caucus. More blog posts from Jeremy Malcolm can also be read here.

Related topics: Internet Governance, Privacy, Security, Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: Lessons for the Internet Governance Forum from the IETF Paul Hoffman  –  Oct 23, 2006 12:39 PM PDT

It is a gross overstatement to say that the IETF has any governance over the Internet. The IETF makes suggestions that the vast majority of the Internet accepts, sometimes grudgingly. The IETF also makes suggestions that nearly no one accepts. The two sets of suggestions have the same level of enforcement: none.

Saying the IETF has any governance over the Internet reduces the definition of "governance" well below what most people in the discussion would want. The IETF has been wildly successful in creating standards and, to a large extent, creating the Internet. That doesn't mean that it has performed any significant governance.

People who want a not-brief-enough overview of what the IETF is and is not should see The Tao of the IETF.

Re: Lessons for the Internet Governance Forum from the IETF Jeremy Malcolm  –  Oct 23, 2006 7:16 PM PDT

I explain better in my thesis on the IGF (of which I have written a very brief summary), why governance is not the same as government, and by no means needs to have binding force.  Governance can occur through norms, market forces, code and networks, as well as through binding rules.  The IETF focuses on technical rather than public policy questions (though the two often overlap), but it is no less a form of governance as the IGF is, or has the potential to be.

Re: Lessons for the Internet Governance Forum from the IETF JFC Morfin  –  Oct 24, 2006 3:50 PM PDT

Governance decisions are not decided by votes and enforced by Kings or Presidents, they are freely adhered to by consensus, or imposed by influence. RFC 3935 says that the role of the IETF is to publish documents to "influence the way people design, use, and manage the internet" along the IETF core values, rough consensus and the decisions taken by its leaders. As long as the IETF was the Network Users own Group the rough consensus was the definition of a dominant position imposed by the need to interoperate with the others.

Today, the IETF takes decisions for others who are not participating to its standardisation process. It has therefore no more a monopoly position to force anything. So, iether it switches to pure consensus among infaillible gurus, either from influencing to advising, or to an happy compromise of both which would permit to marry its expertise and the needed response diversity.

The IGF is exactly what the IETF was in 1986: The hope to discuss common problems towards solution(s) we could all adopt. However, the IETF wanted single common solution while the IGF understands that intergovernance relations within the world's multigovernance, call for multiple interoperable solutions.

I just spent four days at a UNESCO WSIS meeting. I see no difference with IETF, except that Engineers deliberately ignore what was discussed there, and that people there do not realise yet that what Engineers may decide will determine far more their own life that what they may discuss.

The problem is therefore to make the IETF and the IGF to talk together; and the IETF able to to survive IGF "visitors" (my own experience shown that they are not ready to do that :-)), when IGF Members starts understanding the importance for them of what is decided at the IETF, in particulare what is published by the Internet common referent (IANA) and the resulting need to replace it if it was already controlled by non-universal non-common interests.

Otherwise the IGF will identify the need for a group to be formed to document in a simple, structured, and maintained manner, the way their decisions should be technically implemented in the diversity of the Multi(-lingual, -technology, -modal, -lateral, -governance, etc) Internet. It will then structure this Multi-Network Working Group in its own way, for the needs of the users of the current digital ecosystem (and not only of the extensino of the US academic 1983 datanetwork). In so doing they will probably benefit from the experience of ITU, IEEE, ETSI, ISO, etc. and of the Internet community grassroots efforts.

As a user of the resulting deliverable, I would like they also benefit from the IETF experience.

Anyway, I have set-up the DETF mailing list to try to help discussing how to bridge the Internet multigovernance divide, between the Internet users and the Internet builders. I hope many others similar efforts will be engaged. And will eventually succeed!

Re: Lessons for the Internet Governance Forum from the IETF Ronaldo Cardonetti  –  Feb 22, 2007 8:05 AM PDT

During the past 12 years the Internet in Brazil is being controlled by a fairly small group of people calling themselves CGI.br “Comite Gestor da Internet do Brasil” which main goal is profiting and getting benefits for themselves. ICANN charges about US$0.25 to process a registration for each domain meanwhile in Brazil CGI charges US$ 45.00 back in 1999, US$37.00 in 2002 and today this fee is about US$14.00 a year for each ccTLD domain registration. Some high ranking legislators declared CGI.br group as nonexistent and unconstitutional in fact they are considered to be just like a fake company which does not have a federal tax id # therefore can not operate legally.

By charging these high fees for domain registration their income already passed the 120 million dollars figure. CGI passed a resolution to appoint FAPESP (a foundation which is sponsored by the state of São Paulo) to be the government body responsible to collect the payment however the terms of the payment are quite confusing since FAPESP cannot receive money from the public the payment is disguised as an anonymous donation since FAPESP is not obligated by Brazilian law to identify each company paying for this so called public service therefore no state or federal taxes are collected and no receipt is given. Many Internet users in Brazil are calling this practice “extortion” because there are more than 1 million domains registered unless you DONATE to FAPESP you loose your domain registration.

Members of ICANN involved in these schemes;

1- With the help of CGI members Mr. Demi Getschko (an official ICANN elected member) opened a non-profit organization named NIC.BR where Mr. Getschko is the owner/director replacing FAPESP and acting as the ONLY official register without the local or federal government offering public bidding for this transferring process to companies and organizations with the same goals to compete of becoming a registrar. In fact these individuals define the rules and fees as CGI and collect the money as NIC.BR. To give you an example just picture members of ICANN in the United States opening a non-profit organization and this same organization would act as a company like Network Solutions defining the rules and fees however these same members collects US$14.000.000.00 a year for domain registration as a non-profit organization.

2- In 1998 Mr. Ivan Moura Campos coordinator of CGI declared many times that CGI paid US$ 30.000.00 to FAPESP monthly for Internet services at the same time CGI collected US$ 1.200.000.00 monthly for domain registration. At the same time Mr. Campos was the president of NIC.BR administrative board in addition Mr. Campos was founder/partner of Akwan/todobr a Internet search engine which was sold to Google for an estimated US$ 25.000.000.00. We all know the secret of a search engine is having access to all domains in the Brazilian registry system to have the most complete content. Hundreds of Brazilians tried without succeeding creating a search engine service like Yahoo/Cade/Google. 280 search engines are still functioning however AKWAN was the ONLY company acquired by a high price in this market. There is almost impossible this things happen in the United States however in Brazil it’s happening right now with ICANN members involved in the schemes. Some strange statements like the one made by CGI’s president Mr. Raphael Mandarino who said; “The Brazilian ccTLD registry system is one of the best in the world and it’s being copied by many countries around the globe, the American model is stupidity as in the US the companies want only to make a profit”. As the most democratic country in the world the US has more than 500 accredited domain registers. In Brazil there’s only ONE accredited name registro.br acting 10 years as FAPESP and now as NIC.BR

CGI was trying to encourage companies to become accredited registrars by offering them a piece of the action something like 10% meaning US$1.40 (The completely opposite from USA) however only 5 companies decided of becoming accredited registrars and now they are liable for all fees related to eventual legal proceedings pertaining to a dispute of any domain registered by these accredited registrars. In addition Mr. Demi Getschko is updating all information in USA on ICANN contact site from CGI.BR to NIC.BR to trying to make official the private organization NIC.BR which is NOT repeating, is NOT an official public representative. In the 2003 Tunisian ICANN forum CGI.BR performed a survey with a very strange question; Are you in favor of United States controlling the Internet in the world? The answer was obviously NOT.

Unfortunately ICANN is sponsoring Mr. Getschko activities in Brazil by allowing its members under his leadership to practice these kind of wrongdoings creating a negative environment in the Brazilian registry system and penalizing thousands of companies by his anti-democratic practices.

Some legal proceedings in the Brazilian courts;

1- TCU - Tribunal de Contas da Uniao (Brazilian Federal Comptroller) - www.tcu.gov.br lawsuit under file # 012.048/2001-5 TCU against CGI.BR/FAPESP to investigate possible fraud related to undeclared funds collected by registering domains between 2001 and 2005. Because of the delay in investigating possible fraud against public interest almost US$ 175.000.000.00 entered FAPESP as donation collected from domain owners, an illegal practice according to TCU.

2- Federal Police Revenue Division investigating the disappearance of more than US$ 60.000.000.00 of FAPESP funds after probing people’s statement about this issue. Police Inquire - Inquerito 147206 Processo 050060353642-0000. Abusando.org welcome any information about CGI.BR/FAPESP/NIC.BR lawsuits and legal disputes filed in Brazil or any other country. Please contact jorgemodesto@abusando.org if you have any question, comment or concern regarding these issues.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

DotConnectAfrica's Expert Selected to Attend the Hague Institute of Global Justice

DotConnectAfrica Delegates Attend the KHRC Internet & Human Rights Breakfast Roundtable in Nairobi

Smokescreening: Data Theft Makes DDoS More Dangerous

Internet Business Council for Africa Participates at the EU-Africa 2014 Business Forum, Brussels

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Sponsored Topics