The Panel on Global Internet Cooperation and Governance Mechanisms

The Internet is at a crossroads. And while high-profile events like the introduction of new gTLDs and revelations about governments and online surveillance may be a catalyst for recent Internet governance reform initiatives, their necessity isn’t exactly new. After all, the current structures and processes in place were set up a decade and a half ago, an eternity in Internet years.

A key step in reviewing and renewing these structures is the Panel on Global Internet Cooperation and Governance Mechanisms, announced at the recent ICANN meeting in Buenos Aires. Last week I was in London for the first meeting of this panel to chart a path forward for the ongoing successful development of the Internet.

While the current Internet governance institutions were in large part responsible for getting the first two+ billion – mostly citizens of the developed world – online, they’re likely not the right ones to get the next two billion – the citizens of the developing world – online. Those new users reside in parts of the world that have political structures that are based in philosophical underpinnings that differ greatly from ours in the west.

That’s why I think the diversity of the panel members is noteworthy – not only are many sectors and industries represented, but geographic regions as well – panelists are all corners of the earth (you can view the panel’s membership here. With that said, it must be made clear that this panel is not meant to be representative. Rather, we are group of knowledgeable individuals who are committed to the success of the Internet, and as such have come together to identify significant, potential solutions for administrating the Internet.

The variety of industries represented is also noteworthy. From current and former world leaders to senior bureaucrats, the tech community and the private sector, the diversity of voices at the table is striking. As an ‘on-the-ground’ operator present at the table, I believe that I bring a unique and important perspective. Given the diversity of viewpoints on the panel, I am confident our collective insights will ensure whatever recommendations we make as a panel will work in the real world.

The first meeting was spent identifying the desirable traits for the future administration of the Internet. Within the current governance mechanisms, what do we need to keep? What’s missing? We all agreed that some enhanced role for governments is important to ensure the future success of the Internet. How do we accomplish this? And, since we’ve moved from a place where the Internet governance discussions are ‘how it’s used’ instead of ‘how it works,’ how do we address the inherent jurisdictional issues?

When we do engage voices like governments in more discussions, a funny thing happens; you start to realize that some of the issues dividing you are sometimes just a question of semantics. As a panel, we had a discussion about the term ‘governance’ that was demonstrative of the different worlds we are trying to bridge. In the political world, the term ‘governance’ is loaded, and carries with it ideas of power and authority, certainly not the same meaning that we in the Internet world have given it. Are the terms coordination and administration more helpful moving forward?

The task is lofty – to come up with possible mechanisms and arrangements to ensure the Internet delivers on its promise of prosperity to the whole world, not just the developed one. And for someone with a business background, I’m used to having an end goal in mind, and working backwards from there. These discussions work in the opposite way – we know our starting place but we need to work our way to the end goal. I find this approach somewhat freeing – it is a much more open process – and I believe more likely to succeed without an end goal in mind.

We will meet as a panel three times – the recent December meeting, once in February and once in May. At the end of February 2014 we’ll be releasing a high level report, and our ideas will be posted for comment and input. The much anticipated Brazil Internet summit will take place after our high-level report is released but before our work as a panel wraps up, so I’m sure our recommendations will form at least a part of the discussions there.

We are at a critical point in the ongoing development of the Internet. I believe it’s healthy to review an entity’s governance processes from time to time, and most certainly when we’re at an inflection point of sorts, as we currently are.

Much in the same way the National Hockey League has had to adapt the rules of hockey to accommodate faster, stronger, more technical players, we will have to adapt the mechanisms of the Internet governance world in the face of upcoming new players – new gTLDs, the addition of two billion new users and the effect of the NSA revelations. However, there are certain characteristics that can never change – the game of hockey is still played with 12 players on the ice and three periods. Any and all changes have to be for the benefit of the game, or in this case, the good of the Internet.

Multistakeholderism and the coalition of the willing

I was part of a group of about 200 people who attended and update yesterday on the Montevideo statement at the Internet Governance Forum in Bali. I’d like to share a few of my observations, and offer some unsolicited advice.

First, the de facto leader and champion of the multi-stakeholder model, the United States, has been sent to the penalty box in light of the NSA surveillance revelations. I made this point when the Snowden affair first came to light, and it’s tremendously apparent at the IGF that much of the credibility the Americans had in defending the multi-stakeholder model has dissipated (at least for the time being).

That’s left us – the advocates of the multi-stakeholder model – in a bit of a leadership vacuum at critical time in the Internet’s history. We are, after all, staring down the ITU’s Plenipotentiary meeting in November 2014. We well remember the ITU’s World Conference on International Telecommunications in Dubai last December. The last thing the Internet community wants or needs is a repeat of the discussions at the WCIT – the division between the supporters of the multi-stakeholder model and its detractors became both deeper and wider. There were times when many of us were genuinely concerned about the fate of the free and open Internet during the WCIT – the multi-stakeholder model was stood poised to sustain some serious damage, however we fortunately came back from the brink.

The telecommunications world is about to head into similar discussions at the Plenipot – this is not a time where you want to be without your strongest champion and de facto (like it or not) leader.

But here we are.

Fortunately, the I* group (ICANN, the RIRs, IETF, IAB, W3C and ISOC) were able to pick up the ball that had been fumbled by the U.S. government and are attempting to fill that vacuum. While I applaud their resourcefulness, I do see a number of challenges they will have to overcome to be successful.

WARNING: as a Canadian, non-hockey sports metaphors are tough. If I mangle this one, I can’t be held responsible.

The I* ( I-star) group, and Fadi Chehadé in particular, have picked up and carried that metaphorical ball down the field. A tight group of CEOs has been leading the charge so far, without much in the way of broader consultation. I get it. That’s what we as CEOs are paid to do, and they were right to do what they did. When presented with an opportunity like this, we have to analyze the situation make an informed decision, and and keep moving.

However, their challenge will be engaging the broader community before it’s too late. If the I* group misses that opportunity, they risk jeopardizing their credibility to lead the community going forward. It would be akin to advocating for the multi-stakeholder model in a non-multi-stakeholder manner. I can already hear the Internet governance conspiracy theorists and their refrain of ICANN overreach.

Simply put, the I* folks need to pass the ball off to the broader community before it’s too late. It’s not going to be easy, but multi-stakeholderism is a messy game. The sheer number and diversity of voices that come to the table – from the technical community to civil society to end users, governments, and many more – means that we will always be dealing with competing interests and challenges with meaningful engagement.

But it is exactly that messy, at times turbulent chaos that makes the multi-stakeholder model work. At one time or another, all of those voices are critical to the success of the Internet. Don’t get me wrong. I’m not saying that everybody needs to be a full participant in these discussions. That’s not what multi-stakeholderism is about. Yes, all of those voices have a role to play, but not necessarily on every issue, all the time. Where and when appropriate, different voices come up to the surface and are included, but it is a very rare thing that all voices would be relevant on a particular issue. Those who aren’t involved need to have trust in the processes and people if we are going to be successful.

The right voices for this discussion need to be identified and included in pretty short order if we are to be successful. Finally, while it’s great we are discussing these issues, but we also need to be very pragmatic in our approach. The fact is there isn’t a lot of time between now and the Plenipot in 2014, and we’ve got a lot of work to do. If we are going to re-examine the arrangements, processes, or frameworks that have been governing the Internet for more than a decade, we need to be nothing short of strategic. And maybe it’s my business background speaking, but I’d like to know what our end game is. That’s the I* group’s other challenge – to identify and articulate what we, as the Internet community, need to accomplish.

We need answers to some fundamental questions before we get too far down this path: What problem is the ‘coalition of the willing’ solving? How do we know when we’ve been successful? How are we going to get there?

My advice to the group is to move reasonably quickly from ‘thinking’ to ‘doing”, from strategy to execution. Yes, the thinking is a critical part of the process, but lets not forget how little time we have for the doing. The first step, in my opinion, will be to develop a crisp, realistic goal. Start with the end in mind.

At yesterday’s briefing, Chris Disspain articulated what I believe is a good first step towards articulating an objective for this emerging group:

“Working together in a coalition to offer the world a multi-stakeholder-based mechanism for dealing with Internet governance issues as a viable alternative to governments or government-centric mechanisms.”

With some massaging, I think his statement could guide the group’s work. We’re off to a good start – I’m hearing a lot of positive things about this process from the people at the IGF, as well as the grumbling. I believe that the people who are leading this process have the best interest of the broader community at heart, but they need to get the broad community involved asap, and we, the community, need to pick up the ball.

Farewell to Paul Andersen

Canada, Dot CA2 Comments

We are about to bid farewell to a special board member at CIRA. Paul Andersen is both our longest-serving director and the longest-serving chair of our Board of Directors in the organization’s history.

Paul was elected to the Board during the very first Board of Directors election in 2000, and has served almost continuously since then. For the past five years, Paul has been the Chair of the Board.

It’s a rare thing for an organization – especially one in high tech – to have a consistent voice and vision on its board, but that’s exactly what Paul has provided. His fingerprints are all over .CA. During his tenure as Chair, we undertook some of the most complex and forward-looking projects in the history of .CA:

  • In 2008, CIRA undertook a wholesale redesign of the entire .CA registry system. Not a single aspect of the registration process was left untouched, from technological processes to policies and business practices. The result? A streamlined registration process from start to finish. As Chair (and as an experienced .CA Registrar), Paul helped guide this project – the largest one in the history of .CA – from inception right through to its implementation.
  • Paul was instrumental in championing the implementation of DNSSEC, a set of extensions that provide an extra layer of security to the domain name system (DNS). This past January, Paul was on-hand as  we took a major step forward in making .CA more safe and secure when we published a signed .CA zone file.
  • While I’m on the technological front, anyone who knows Paul knows he is an outspoken advocate for IPv6, the next generation Internet Protocol. CIRA’s website was made permanently IPv6-ready in 2011 as part of World IPv6 Day, in part at Paul’s behest .
  • At the recently held Canadian Internet Forum and CIRA AGM, Paul announced a major new funding initiative by CIRA aimed at strengthening the Internet in Canada. Once it is officially launched, CIRA will distribute up to one million dollars in total through its Community Investment Program (CIP) over the next year to community groups, academics and not-for-profits for projects that makes the Internet even better for all Canadians.

Of all of his accomplishments over his time with CIRA, I think this is the one he is most proud of. He has always championed CIRA’s social mandate, encouraging us to ensure .CA performed well as a top-level domain in order that we may give back to the Internet community, either through strategic investments or expertise. This is definitely evident in our work in facilitating Internet Exchange Points in Canada.

Paul played a role in each of these projects, from advocating for CIRA to implement DNSSEC and to adopt IPv6 to championing CIRA’s social role with the CIP. Under his leadership, CIRA became a forward-looking, world class registry.

While Paul’s tenure with CIRA may have come to an end, he’s a common sight at a myriad of tables where the future of the Internet is discussed. As a true champion for the Internet in Canada, I’m sure he will continue to shape its development for years to come.

Paul: from all of us at CIRA, thank you.


The 2014 Internet Governance Forum

I’m at the Internet Governance Forum in Bali this week. With the recent revelations that the NSA are monitoring global Internet traffic and the subsequent fall out in both the Internet governance and the diplomatic worlds, this is the place to be.

Last week I posted the Montevideo Statement, an output of a meeting of a number of high-level organizations responsible for the coordination of the Internet’s technical infrastructure (a group known as the “I* organizations”, ICANN, the RIRs, IETF, IAB, W3C, and ISOC). In essence, this Statement is recognition of the need to address emerging issues facing the Internet governance world.

It must be noted that while it is safe to assume that while the NSA revelations were likely a catalyst for these organizations to come together and state the need to re-examine and update the multi-stakeholder model, these issues have been brewing for years. I’ve blogged in the past about how the challenges the Governmental Advisory Committee (GAC) has had in getting its voice heard and understood. And, if you’re a regular reader of my blog, you know that the bulk of the real estate here has been dedicated to my support of the multi-stakeholder model as the governance model that can ensure the future growth of the free and open Internet.

While my support for the multi-stakeholder model is unwavering, that does not mean I believe it is perfect. I also don’t believe it is unchangeable. It has its flaws, and I believe it’s high time we discuss them. I believe the Montevideo Statement is the proverbial icebreaker in that discussion.

Last night I attended a meeting in Bali of the I* organizations called with a number of other stakeholders. What I witnessed was promising. A relatively diverse mix of people were at the table discussing the key issues.

The governance structures that are in place today were set up for a different era. To say that the Internet is a ubiquitous part of all aspects of the social and economic fabric of the globe is not an exaggeration, but this wasn’t the case even a decade ago.

The Internet was primarily set up by the technical community so they governance structures followed suit – they were tech-heavy. As the Internet grew, so did the stakeholders involved, thus we’ve seen the inclusion of the private sector, academics, governments, and so on. And, while this organic growth has shown the flexible and fast-moving nature of the multi-stakeholder model, it has exposed some of the challenges in integrated the myriad of voices at the governance table.

It reminds me of Geoffrey Moore’ Crossing the Chasm, the book about marketing high tech products during the early start-up period. We – the early adopters: registries, registrars, academics, engineers, and so on – have brought the Internet to this point. There are two billion people online. It operates in a 100 per cent uptime environment. Internet technology has come a very long way – a technology like Skype was unthinkable 10 years ago.

The Internet’s been built and it works, but now it’s time to take it to the next level. To do that, some things have to change. Fundamentally, we’ve moved from a place where the Internet governance discussions have moved from ‘how it works’ to ‘how it’s used.’ The issues that are most important now are about online surveillance and cyber-safety and a number of other issues that may only tangentially involve technology.

I think we’ve reached the tipping point where the old guard that have led the agenda – the tech people, the academics – are no longer the only voices needed at the table. The old guard, so to speak, of the Internet governance world typically don’t have the organizational mandate to talk about ‘how’ the Internet is used. We’re from organizations like CIRA who have to be content agnostic. Our mandate covers how the Internet works, not what it’s used for.

The Internet’s success has mandated that end user concerns – and the concerns of governments who represent the end users – now need to be addressed at governance tables with more urgency than ever before. Here’s the challenge: these new voices are going to be some of the strongest ones at the table. They’ve been under-represented for a long time and they’ve got a lot to say and lots to add.

I’m happy to say that I heard some of this last night at the Montevideo Statement follow-up meeting.

Let’s be frank, it’s still VERY early days yet and there is plenty of work yet to do before we even get started. What’s next? We need some real objectives. We need an unbiased analysis, and by that I mean free of any ideological political baggage, of the current system to identify what is working and what needs to evolve.



The Montevideo Statement

A number of leading organizations responsible for the coordination of the Internet’s technical infrastructure recently met in Montevideo, Uruguay. One of the outputs of this meeting is the following Statement on the Future of Internet Cooperation (pasted unedited and in its entirety):

Uruguay, 7 October 2013
The leaders of organizations responsible for coordination of the Internet technical infrastructure globally have met in Montevideo, Uruguay, to consider current issues affecting the future of the Internet.

The Internet and World Wide Web have brought major benefits in social and economic development worldwide. Both have been built and governed in the public interest through unique mechanisms for global multistakeholder Internet cooperation, which have been intrinsic to their success. The leaders discussed the clear need to continually strengthen and evolve these mechanisms, in truly substantial ways, to be able to address emerging issues faced by stakeholders in the Internet.

In this sense:
They reinforced the importance of globally coherent Internet operations, and warned against Internet fragmentation at a national level. They expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance.

They identified the need for ongoing effort to address Internet Governance challenges, and agreed to catalyze community-wide efforts towards the evolution of global multistakeholder Internet cooperation.

They called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing.

They also called for the transition to IPv6 to remain a top priority globally. In particular Internet content providers must serve content with both IPv4 and IPv6 services, in order to be fully reachable on the global Internet.

Adiel A. Akplogan, CEO
African Network Information Center (AFRINIC)

John Curran, CEO
American Registry for Internet Numbers (ARIN)

Paul Wilson, Director General
Asia-Pacific Network Information Centre (APNIC)

Russ Housley, Chair
Internet Architecture Board (IAB)

Fadi Chehadé, President and CEO
Internet Corporation for Assigned Names and Numbers (ICANN)

Jari Arkko, Chair
Internet Engineering Task Force (IETF)

Lynn St. Amour, President and CEO
Internet Society (ISOC)

Raúl Echeberría, CEO
Latin America and Caribbean Internet Addresses Registry (LACNIC)

Axel Pawlik, Managing Director
Réseaux IP Européens Network Coordination Centre (RIPE NCC)

Jeff Jaffe, CEO
World Wide Web Consortium (W3C)

Update on our work on Internet Exchange Points

It’s been a little more than a year since we launched our Internet Exchange Point (IXP) initiative at CIRA, and we’ve made significant progress in that time.

A couple of weeks ago, the community celebrated the launch of Canada’s newest Internet Exchange Point, the Manitoba Internet Exchange (MBIX), in Winnipeg. In April the Montreal Internet Exchange (QIX) was launched in Montreal. These IXPs, along with TorIX in Toronto, OttIX in Ottawa, and BCNet in Vancouver are part of an evolving Canadian Internet infrastructure that is higher performing, more secure, resilient, and affordable. And, there are some productive discussions among the Internet community in Calgary about establishing an IXP in that city.

Through our research (.PDF) and our work with communities both global and domestic, we’ve learned a few things about what makes an IXP successful, and what doesn’t. Most importantly, I think, is the fact that there is no ‘one size fits all model’. Rather, while there key ingredients common in successful IXPs, each one takes on a local flavour.

What I have found to be critical is what I call ‘good governance’ – being open to understanding the local Internet community’s needs and being able to evolve as that community changes. It’s about operating the IXP in a transparent and responsive manner. We have also found that most often the IXs that work are not-for-profits and operate for the benefit of the local Internet community. They are located in facilities that are open for any organizations to peer with, and have the capacity to grow to meet local needs. They are also open to input and support from the broader community.

Let me give you a couple of examples.

QIX, the ‘new’ IXP in Montreal, came out of an already existing one managed by the Réseau d’informations scientifiques du Québec (RISQ), an arm of the Quebec provincial government. It was not open for any organizations to peer with, and was managed by RISQ. Once the need for an open IXP became apparent in Montreal, RISQ worked with the local community to enhance and open QIX, and establish a new governance structure. RISQ still manages the day-to-day operations of QIX, but this not-for-profit is now governed by an independent board of directors.

In contrast, MBIX was started from nothing more than an idea and a committed group of volunteers. Everything – from the technical infrastructure to the governance structure – had to be built from scratch.  The result is an open, not-for-profit IXP conceived of and built by the local community and run by a group of volunteers.

These two IXPs had very different beginnings and their current governance and operations have differences as well. However, they do have those ‘key ingredients’ I mentioned above in common: they are open and responsive to their local community, they are not-for-profit and are both located in a facility that is accessible and that can allow for growth.

When we started this initiative, our interest in establishing IXPs in Canada was driven by their key benefits: to improve the performance of the Internet in Canada through improved security, speed of data and network resilience. While we were also aware that IXPs can reduce the chance that national Internet traffic will travel to the U.S. Since then, the topic of IXPs has gotten a lot of traction in Canada. In light of the revelations that the National Security Agency (NSA) was monitoring Internet traffic crossing the U.S. border, the topic of IXPs has garnered significant media attention.

That discussion continues on Canadian Internet Forum, a national discussion on Internet-related issues hosted by CIRA.

I want to make two points clear. First, Internet traffic from all nations around the world destined for, or transiting, the U.S. can be subject to surveillance activity there. However, due to our geography and the configuration of North American networks, a large proportion – some say up to 40 per cent of Canadian domestic traffic that is traffic originating and terminating in Canada – transits the U.S., and is therefore affected by the NSA’s activities. This makes our IXP initiative more important than ever.

Second, while IXPs can reduce the chance that Canadian Internet traffic will flow to the U.S., that risk can NOT be eliminated. That’s not the way the Internet works. The Internet operates on the premise that bits of data travel through the fastest and most available route, regardless of national borders. Building more IXPs in Canada will build capacity, speed and resiliency in this country, creating opportunities for Canadian data to remain in this country. There is no way, however, to prevent all data to remain entirely in this country.

We have made significant progress and have continued to advance our understanding about establishing successful IXPs. I believe it is a good time to pause, reflect and celebrate our achievements. As a nation, we do have a long way to go before we can put Canada on the map as a digital leader with a robust network of Internet exchange points across the country. In the meantime, please find out more about your local IXP, or if your community doesn’t have one yet, get involved – contact us to help establish one!

Why are Canadians complacent about government surveillance online?

Canada, Internet, Legislation4 Comments

As someone who works at the very heart of the Internet, I am concerned by the lack of outrage among Canadians about the National Security Agency’s (NSA) PRISM program which is monitoring the activities of Internet users around the globe and in our own backyard. I made my feelings about it clear in this opinion piece I wrote for the National Post, but even more information has been revealed about what information is collected since it was published last week.

On Wednesday, the Guardian reported that the surveillance activities of the NSA in the U.S. and the Government Communications Headquarters in the United Kingdom go far beyond what we previously thought. Both agencies are apparently able to crack into encrypted communications. This means that online encryption – something most of us rely on to keep our personal information like banking records such as HTTPS and Secure Sockets Layer (SSL) – is not private. What I find most disturbing in the Guardian’s report is that the NSA has been working with technology companies and Internet service providers to insert “secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.”

It appears nothing online is safe from prying eyes, even encrypted information. And with these revelations that the NSA has been inserting weaknesses into Internet security standards, any trust end users had in Internet transactions is certainly eroding.

National security is important – protecting its citizens is both a government’s right and responsibility, and surveillance is a necessary tool in that regard. But, as I discussed in my last post, we’re talking about a government monitoring its citizens without judicial oversight. This isn’t surveillance like we’ve had in the past with phone taps and opening mail (both requiring a warrant). This is surveillance and storage of emails and Internet histories without a warrant – the government does not need to show any cause to monitor any citizen online.

Most of us in the western world have a long history of rejecting that level of state control over an individual’s freedom. As I stated in my last post, in Canada we only have to look at the Royal Commission into Certain Activities of the Royal Canadian Mounted Police (the MacDonald Commission), or to the Cold War for examples.

The truth is Canadians are concerned about privacy. A recent study by the Office of the Privacy Commissioner of Canada (OPC) found that two thirds of Canadians are concerned with protecting their privacy (PDF).

So then why do Canadians seem apathetic about their online privacy?  What is it about the Internet that changes our perceptions and values concerning this important right?

We worked with Ipsos Reid, the international opinion research company, to understand what Canadians think about online surveillance. On our behalf, Ipsos Reid conducted a survey of Canadians between July 24 and 28, 2013.

Let’s be clear about one thing upfront – while Canada does have an online surveillance program, we do not have a program with the depth and breadth of activity like PRISM. What we do have, however, is an opportunity to have the important discussion about what is and isn’t acceptable in terms of surveillance in the digital age before it has a chance to become what was revealed south of the border.

I was surprised to find out that half of Canadians (49 per cent) believe it is acceptable for the government to monitor email and other online activities of Canadians in some circumstances. When those circumstances include preventing “future terrorist attacks,” that number rises to 77 per cent.

That means that more than three quarters of Canadians are fine with the government monitoring our online activity, as long as it is in the interest of national security.


Our apathy may be in part due to the fact that only 18 per cent of us believe our Internet activity is confidential. In fact, our research shows that four in 10 of us believe the federal (Canadian) government is tracking their Internet activity. Sixty-three per cent believe that the government is monitoring who visit certain websites.

If most of us aren’t expecting privacy on the Internet, it would follow that we would be ambivalent about government’s watching us there. And, nearly 60 per cent of Canadians agree that they would be willing to give up their privacy on the Internet if it ‘would help the government foil terrorist plots’ – when it comes to national security, we’re much more forgiving.

Again, yes, I believe surveillance is a necessary tool for a government to use in the protection of its citizens. However, it must have appropriate and transparent judicial oversight.

And if you were going to use the ‘I have nothing to hide argument’, I encourage you to read this. The author points out that with the absurd number of laws there are (in the U.S., for example, there are 27,000 pages of federal statutes); the likelihood that you’ve violated at least one and don’t even know it is highly likely. Besides, even if you have nothing to hide, I bet you still close your curtains at night. We all need parts of our lives to be kept private.

He also makes a strong argument that we should have something to hide. The fact is social progress is often preceded by illegal activity. Last week we celebrated the 50th anniversary of Martin Luther King’s “I have a dream” speech. We now know that the FBI was spying on King and his counterparts in an effort to discredit him and the movement as a whole. It makes me wonder how far the civil rights movement would have come if the FBI had the technology to monitor communications that we have now.

If that doesn’t convince you, then I’d point out that for decades we in the west have vilified authoritarian regimes that would use these tactics, like the Stasi in East Germany, the KGB in the USSR or the Communist Party of China. The fact is that less than a generation ago we were willing to go to war – at least in part – over the degree of control a state should have over its citizens. Has our moral compass shifted that much in the years since the Berlin Wall fell?

I’m not a lawyer, but am I wrong in thinking that in Canada NSA-like surveillance would be a violation of our Charter rights? After all, under the Charter of Rights and Freedoms, Canadians have the right to be free from unreasonable searches and seizures of their property and their personal information. The determination of what is reasonable is up to a judge to make – it is not something to be carried out with a lack of judicial oversight.

Two quick side notes.

Interestingly, Canadians are a lot less forgiving when it comes to the private sector tracking us online. Only 20 per cent of Canadians are willing to give up their Internet privacy if it would help business they deal with provide them with information about new products or sales they might be interested in.

When it comes to online surveillance, we’re not that different from our neighbours to the south. A similar survey conducted in the United States found that 45 per cent of Americans think it’s acceptable for their government to monitor emails to prevent terrorist attacks.

To read the entire results of the survey and the survey methodology, visit our website (PDF).

I believe we need a national dialogue about online surveillance in Canada. While I believe offline surveillance – like wiretaps – provide a precedent for online surveillance, the sheer size and ubiquity of Internet communications is a bit of a game changer, so to speak. Never before has the government had the ability to monitor so much activity of so many people. Technology may have given governments the means to monitor us online, but that doesn’t mean we have given governments the right to do so.

I’m repeating the questions I asked in my last post:

Is it that we don’t care, or that we don’t understand, or has our moral compass shifted enough in the past two decades that we’re now okay with governments tracking our every move?

I’d like to hear your thoughts – why do Canadians seem so complacent with government surveillance?


NSA Internet surveillance: where is the outrage?

In my last post I discussed how, with the NSA’s PRISM surveillance program, the United States has likely unilaterally killed the Internet as we know it.

It didn’t have to happen. There were a series of events that led to us getting to a point where a democratic government – the self-professed leader of the free world – feels it can carry out activities like this with impunity.

The Internet is a new entity. From a public policy and legislative perspective, we’re just figuring it out. In Canada, we’re struggling with how to deal with cyber-bullying and globally we’re redefining copyright in light of the Internet. In terms of a disruptive technology, the Internet is about as big as it gets. That said, there are some activities for which there is offline precedence, and I think most of us would argue that surveillance is one of those activities.

Governments – even transparent, democratic ones – have always engaged in surveillance activities. They are sometimes an unfortunate necessity to maintain law and order. However, wiretaps have had a high degree of judicial oversight. In Canada, police need to meet a higher standard to obtain a wiretap warrant than a regular warrant. It’s the same for opening a private citizen’s mail, and for a host of other surveillance techniques.

And as a society, we have long recognized the seriousness of these activities.

In fact, outrage at RCMP activities in the 1970s, including unauthorized mail openings and electronic surveillance without warrants, resulted in the Royal Commission into Certain Activities of the Royal Canadian Mounted Police (the MacDonald Commission), and ultimately the creation of the Canadian Security Intelligence Service (CSIS).

It’s not long ago that, in the west at least, we found this type of activity so repugnant that we were willing to go to war over it. Stasi-like surveillance, and what it meant for personal freedom, was at the core of the Cold War. It was, in essence, a conflict fought over the level of state control over an individual’s freedom.

Now, we seem complacent in government monitoring of our activities, even if it is Stasi-like.

The fact is we know that the NSA is copying virtually every message sent from the U.S. to anywhere overseas. Cell phone data, Facebook updates, Google searches, emails – pretty much all communications – are tracked and stored by the U.S. government. And in case you thought you were safe because you’re Canadian, if you use any of these services your data is tracked and stored even if you reside in Canada. Social networking sites like Facebook store users’ data on servers in the U.S., and much of Canada’s Internet traffic transits through the U.S. even if the final destination is elsewhere (this is something CIRA has been actively working to change – see this).

Let me be clear about one thing. It’s not that governments should not have the power to monitor citizens under certain circumstances and with the appropriate oversight – it’s an unfortunate necessity to maintain law and order. But we’re not talking about surveillance with appropriate oversight. We’re talking about an opaque and deliberate system to gather and monitor the activities and communications of potentially everyone who is online.

Why should a government feel it is above judicial oversight to monitor its citizens’ activities, just because they’re online?

Because apparently, we’re fine with it. At the very least, we’re complacent with it.

I could write an entire post about why we should care, but others have already done so, and the reasons are both many and compelling.

Not only should we care, in my opinion we should be outraged.

Is it that we don’t care, or that we don’t understand, or has our moral compass shifted enough in the past two decades that we’re now okay with governments tracking our every move?

I’d like to hear your thoughts – why do we seem so complacent with government surveillance?

In my next post, I’ll discuss the research we carried out with Ipsos Reid to better understand what Canadians think about the PRISM program, and governments monitoring their online activities.

The Internet as we know it is dead.

The Internet as we know it is dead.

Not long ago, I would have argued the opposite to be true.

The free and open Internet was in what I felt to be a strong position just last month. The open democratic nations of the world had just come off the success of defending the multi-stakeholder model at the International Telecommunication Union (ITU) coordinated World Conference on International Communications (WCIT-12). And, as I discussed in a previous post, I was cautiously optimistic about the future of ICANN, the organization at the centre of the Internet governance ecosystem.

These were both signs that the Internet – and in particular the Internet governance ecosystem – was reaching a strong and healthy point. Now we are faced with the fact that the world’s most powerful democracy, the United States, has been systematically monitoring the Internet activity of both its own citizens and those of other nations.

The implications of the NSA’s PRISM surveillance program on the Internet governance world can best be explained by revisiting the events at WCIT-12.

WCIT-12 was a landmark meeting in the history of the Internet. A new version of the regulations that govern telecommunications activities globally was proposed and soundly rejected by many of the world’s democratic nations for provisions that would have extended the reach of the ITU over the Internet. This rejection was widely heralded as an endorsement for the current governance model applied to the Internet – the multi-stakeholder model – over a multi-lateral, United Nations model of governance.

I have articulated my reasons for supporting the multi-stakeholder model over a multi-lateral one many times, but my argument boils down to this: no other governance model puts the people and organizations that directly benefit from the Internet’s success in charge of it. The multi-stakeholder model is the only governance model that can support the development of a free and open Internet that has the potential to provide the world with all of the benefits it has to offer. Other models, including the multi-lateral model, are too open-to-influence by issues and actors that exist outside of the Internet ecosystem. Full stop.

WCIT-12 is just one example in a decade-long struggle for control of the Internet between – and, yes, this is an over-simplification but it works – open and transparent democratic nations and more authoritarian nations.

One of the main concerns at WCIT-12 – and voiced by the U.S. – was that new regulations could enable a system where (as I blogged at the time) “countries which do not have a strong commitment to human rights and democracy” would be able to put much of the global Internet traffic under significant surveillance.

Fast forward eight months, and we’re dealing with the news about the PRISM surveillance program. The irony of the fact that the country that led the charge against the new regulations for fear that it would give nations the authority to monitor Internet activity (among other reasons) is, of course, palpable.

Beyond the irony, the implications of the PRISM program run deep. The fact is the United States government has unilaterally invalidated the argument that the Internet must remain free and open for the good of the global community. While the U.S. has been doing its best to ensure nations are unable to monitor Internet activity, it has been working with the private sector in an effort to gather and monitor targeted Internet activity.

At the very least, this is a nail in the coffin of the multi-stakeholder model. They have effectively paved the way for the next attack on the multi-stakeholder model. The result?

Eventually a Balkanized Internet. An Internet that no longer provides access to global markets for business in the developing world. A global Internet that excludes people fighting authoritative regimes for basic human rights. An Internet that is no longer the incredible driver of positive economic and social change.

This is the first blog in a series of three I will be posting on this subject. In my next post, I will be discussing the apparent apathy among the citizens of open and democratic nations (Canada included) with regard to online surveillance.

The Canadian Internet Forum and CIRA’s AGM

On September 16, CIRA will host an important event in Montréal and I hope you can join us. For the first time, we are combining the Canadian Internet Forum (CIF) and CIRA’s Annual General Meeting (AGM). This is also the first time we will hold the CIF outside of Ottawa. By combining these two events, we are able to bring the important discussions the CIF has become known for to a new audience.

We have an exciting line-up, including panels on cyber-security policy in Canada and domestic Internet governance. We have also added a second, business-related stream that includes sessions on getting your business online and web analytics for your online business. Confirmed panellists include leading Canadian legal, security, policy and business experts. You can view the full list here.

In addition, Paul Brigner, the Regional Bureau Director, North America at the Internet Society will deliver an overview of the international Internet governance ecosystem. 

I’m pleased to say that we have confirmed a couple of very good keynote speakers, including:

–  Avinash Kaushik, a “Digital Marketing Evangelist, Google, Co-founder, Market Motive, and Bestselling Author.”

–  Virginia Heffernan, Former New York Times’ columnist, and Author.

More speakers may be announced as we get closer to the event. And, of course we will also be taking care of CIRA-related business at our AGM.

As always, the event is free and open for all to attend. Registration is now open. More details are available here.

I’d also like to remind you that our Board of Directors election process is underway. The Member nomination period wraps up today (August 12) 12 at 6 p.m. ET to nominate either yourself or someone else to serve on our Board. For more information, please visit our elections website. Some changes to our elections rules are highlighted on our elections website – I encourage you to review them.

I hope to see you in Montréal