In 2018, Internet Governance will be one of the top priorities in the geo-strategic battles among big powers. In today’s world, every global conflict has an Internet-related component. There is no international security without cybersecurity. The world economy is a digital economy. And human rights are relevant offline as well as online. It is impossible to decouple cyberspace from the conflicts of the real world.

20 years ago, Internet governance was a technical issue with political implications. Today, it is a political issue with a technical component. This shift is challenging the institutional balance within the global Internet Governance ecosystem. Intergovernmental networks like G20, G7 and BRICS or organizations like WTO, ILO and NATO, which in the past had only little to do with Internet Governance, are now becoming key players. This does not mean that technical organizations like ICANN, IETF, ISOC, RIRs, W3C, IEEE, 3GPP, etc. will lose their roles—on the contrary, the whole process gets more complex. And the re-balancing of power within the Internet Governance Ecosystem leads to a growing need for enhanced cooperation among governmental and non-governmental stakeholders, among code-makers and law-makers, both nationally and globally.

2018 will see more political, economic and cultural conflicts in cyberspace than ever before. Whether those conflicts will escalate into something like a global cyberwar or whether the Internet community will be strong enough to stop such an escalation and to turn the confrontational trends into a cyber detente, is undecided. Probably, 2018 will become another year in transition.

Big Cyberpowers Relationships

The relationship between the two cyber-superpowers—China and US—is complicated. On the one hand, both sides have declared to cooperate to enhance cybersecurity. They have reaffirmed their 2015 commitment to stop economic espionage online. And during the two 2017 meetings between president Trump and president Xi (in Florida and Bejing), cyber was defined as a space for dialogue. In October 2017, the first “US-China Law Enforcement and Cybersecurity Dialogue” took place in Washington.

On the other hand, both sides see themselves more as adversaries and competitors in cyberspace. State-to-State cyberespionage continues. There are fundamental differences if it comes to issues like attribution, hacking back, human rights and international institutional mechanisms. And we will see probably an extension of the US-Chinese cyberconflicts into the digital economy. So far the Silicon Valley-based AMAFAGs (Apple, Microsoft, Amazon, Facebook and Alphabet’s Google) dominated the digital western world. Their Chinese competitors—the BATs (Baidu, Alibaba and Tencent)—became international giants thanks to a huge domestic market with 800 million Internet users. But now, Chinese corporations are going beyond the great firewall (see Alibaba’s opening of a European Hub in Belgrad) and the US companies want to have more from the Chinese markets (see Apple’s Tim Cooks speech in Wuzhen in December 2017). And there will be a growing battle for the next billion Internet users, which will come from the developing world. Recently, the New York Times reported about a clash between Alibaba and Amazon in Singapore. Will Google clash with Baidu in Africa? Or Facebook with Tencent in Latin America?

Russia does not have such a strong digital economy, but it has advanced capacities to organize hidden cyberattacks with global impacts. It is a little bit like in the 1960s, when the Soviet economy was lacking behind, but its military was equal with the West.

Europe, another big cyberpower, has lost the battle for search engines and social networks already twenty years ago when projects like Quero or StudiVZ died. Europe is now trying to leapfrog into the digital platform economy via pushing industry 4.0, Internet of Things (IoT) and Artificial Intelligence (AI). The Europeans are also playing the card of the “rule of law” within the global internet battlefields. Decisions made by the European Council on data protection (GDPR) or the European Court of Justice on the right to be forgotten made clear, that if somebody wants to turn cyberspace into a lawless zone, a strong European reaction is for sure. And don’t forget, the European market has around 500 million Internet users.

For many years, Brazil was emerging as the cyberpower, representing developing countries. With a fast-growing domestic digital economy, Net Mundial in 2014 and the “Marco Civil,” Brazil moved into a global leadership position. But the political turmoil in this Latin American country has reduced its role and India, another BRICS country, is now the strongest voice, fighting for the rights of the disconnected. India hosted the Global Conference on Cyberspace (GCCS) in 2017 and India’s Prime minister Modi was very convinced that the “Digital India” project will push the South Asian country into the club of the global cyber-superpowers.

Unilateralism vs. Multilateral/Multistakholderism

For years the global Internet Governance discussion was overshadowed by the “Multilateralism vs. Multistakeholderism” syndrome. Some groups presented this as an ideological conflict of “governmental control vs. private sector domination”, while others (including this author) argued, that there is no contradiction between the two concepts. The intergovernmental, multilateral treaty system will not disappear in the years ahead, but more and more embedded into a multistakeholder environment where non-governmental stakeholders with their resources, knowledge, and engagement make additional contributions to develop and stabilize cyberspace. The challenge is how to share policy development as well as decision making among state and non-state actors.

But in 2018 we see now a new conceptual conflict: “Unilateralism vs. Multilateral/Multistakholderism”. There is a lot of lip service for enhanced multistakeholder and intergovernmental cooperation in cyberspace. But as soon as concrete proposals are on the table, the political will of the cyber-superpowers to enter into multilateral or multistakeholder arrangements, is going down. The US “America First” or the Chinese “Cybersovereignty” see the cyberworld through national and unilateral lenses. They are not based on the philosophy of “sharing” as laid down in the WSIS definition of Internet Governance. This reduces options for global arrangements and fair compromises among different partners with different interests.

The failure of the Group of Governmental Experts (GGE) in the field of cybersecurity in June 2017 as well as the inability of the World Trade Organisation (WTO) to draft an universal framework for global digital trade in December 2017 indicated, that the road back to constructive multilateral negotiations on Internet-related public policy issues, based on the outcome of the 2005 UN World Summit on the Information Society (WSIS), will be a long one.

The US government prefers now “bilaterals” or some regional arrangements with “like-minded countries,” which do not have a problem with “America First.” The Chinese invitation to participate in the “digital one belt and one road” project is based on the acceptance of the “Chinese Dream” as the starting point. And there is nearly zero political will to build bridges over the troubled cyberwar.

However, regardless of this confrontational big-power re-positioning, the dynamics inside the Internet Governance Ecosystem will push for a further deepening of multistakeholder procedures. One interesting observation in 2017 was, that governments, which previously did not like the multistakeholder approach, recognized, that the involvement of non-governmental stakeholders in Internet-related policy making is not such a bad thing. Even the five BRICS countries stated in their Xiamen-Declaration (September 2017): “We advocate also for an open, non-fragmented and secure Internet, and reaffirm that the Internet is a global resource and that States should participate on an equal footing in its evolution and functioning, taking into account the need to involve relevant stakeholders in their respective roles and responsibilities.”

This statement is interesting because it could mark the end of the senseless “Governments vs. Private Sector” debate. The issue is not anymore who should sit on the policy development and decision-making tables, but how the various stakeholders are “seated” in those processes.

There is no agreed definition on “multistakeholderism.” We have the WSIS definition from 2005 which introduced the concept of the “respective roles and responsibilities” for the various stakeholders and the philosophy of “sharing principles, norms, and decision-making procedures.” We have the NetMundial Declaration from 2014 which defines key elements of multistakeholder processes as bottom up, openness, transparency, inclusiveness and human rights-based. In other words, we have some general guidelines for a “multi-stakeholder approach,” but we do not have a pre-defined single “multistakeholder model.”

So far, we have seen the emergence of two different multistakeholder models: The “consultative model” and the “collaborative model.”

In the “consultative model,” governments “consult” with non-governmental stakeholders, but the final decision making remains in their hands. The WSIS+10 process from 2015 is a good illustration that such an approach can produce meaningful results. The risk is that governments just pay “lip service” to multistakeholderism when they invite non-governmental players to consultation, but ignore their advice if it comes to decisions. There is no mechanism on how non-governmental advice is handled in intergovernmental processes.

The “collaborative model” goes one step further. In this model, state and non-state actors are operating on an equal footing. The process of policy development is bottom-up, open and transparent. The outcome is rough consensus, where accountability is integrated into the checks and balances of the created mechanisms. Such a model is based on mutual trust. It is based on an understanding, that in an interdependent and interconnected world every player knows what she/he has to do. It is based on the “do not harm” principle and the philosophy of “sharing.” The adoption of the Universal Declaration of Internet Governance principles by the Net Mundial conference in 2014 and the completion of ICANN’s IANA transition from 2016 are two good examples that such a model works. It is complex and not easy to explain to outsiders. But it can produce sustainable outcomes.

Cybersecurity, Digital Trade, and Human Rights: The three baskets of cyberspace

As mentioned above, for many years, the Internet Governance agenda was dominated by the controversy how to manage critical technical Internet resources. It culminated in the battle around the IANA transition, which started in 2013 and was completed in 2016. Not everybody was happy with the outcome. But so far, the new mechanisms with the “empowered community” are working quite well.

One consequence of this “cooling down” of an overheated politicization of the management of technical resources is that ICANN is not anymore in the headlines. Headlines are made now by Internet-related public policy issues. But this shift in public awareness does not change the fact that Internet-related public policy issues are connected to the underlying technology. Without a functioning public core of the Internet, which includes a functioning DNS, IP address, and server system, as well as Internet protocols, no policy in the field of cybersecurity, digital economy or human rights, will work.

So what are the main issue in the three cyberbaskets in 2018?

Basket 1: Cybersecurity

Will we see more cyberattacks in 2018? Probably yes. Will we have a cyberwar in 2018? Probably not. One reason being that nobody has a definition of what a cyberwar is.

It is meanwhile recognized that a military cyberattack against the critical infrastructure of a country could have disastrous consequences, ruin a national economy and put a democratic society into total chaos. The window of vulnerability of a network society is growing with the level of connectivity in a country. However international lawyers in the GGE could not agree what a cyberattack is and whether such an attack would trigger Article 51 of the UN Charter—the right to self-defense. Some argue that “if it walks like a duck, talks like a duck, it is a duck” and so if a cyberattack creates dramatic damages, it is a cyberwar.

But it is not so easy. A cyberwar could be a hybrid process, very decentralized and with different layers executed not only by military troops but also by non-state proxies or “patriotic citizens.” And its target would not be primarily “death and destruction,” as we know it from conventional wars, but “chaos and collapse” of institutions and processes. Problematic is also the huge imbalance between offense and defense in cyber. It is cheap to attack, but expensive to defend. This also makes the difference to a nuclear war scenario. In the nuclear age, there was a balance of power among the big players with a “perverse safeguard,” called “Mutual Assured Destruction” (MAD). Such a MAD does not exist in cyberspace.

Nevertheless, what we will see in 2018 is ongoing to be military preparation for worst-case scenarios. We will see more “cybertroops” in national armies, more cyberwar exercises, more “tests” of military hard- and software and probably a hidden cyber arms race—in particular with “Lethal Autonomous Weapon Systems” (LAWS) and incalculable consequences for all sides. And we will probably see smaller attacks designed as “tests,” something like a “cold proxy cyberwar.” Undersea cables could be the first target. None of the big powers have the interest to start a process which could go out of control. But testing the capacities of adversaries is imaginable, even if this will have a high-risk factor.

On the other hand, we will see growing political efforts to reduce the risks of a cyberwar, to introduce confidence-building measures and norms for good state behavior in cyberspace and to get the hidden cyberarms race under control. The UN General Assembly will discuss how to continue with the work, done so far by the GGE. There will be discussions for a moratorium to stop the further development of LAWS. And there will be growing pressure by non-state stakeholders, to stabilize and demilitarize cyberspace.

Microsoft’s proposal for a Digital Geneva Convention is now on the table. It has provoked controversial discussions, and it remains to be seen how such an idea can be turned into a concrete political project. Elon Musk’s proposal to ban killer robots goes in the same direction. Both initiatives signal that the private sector has no interest to be pulled into political power games, which could lead to a cyberwar.

Another concrete project open for discussion is the proposed norm to protect the public core of the Internet made by the Global Commission on Stability in Cyberspace (GCSC). Today’s Internet is so important for the daily life that an attack on its basic functioning could damage a society. The GCSC proposal says: “State and non-state actors should not conduct or knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet.” By giving the “public core of the Internet” a special status, the proposed norm would allow treating attacks against the basic functioning of the Internet as something like a “crime against humanity.”

Next, to the protection of the public core of the Internet, there is need to enhance special protection for the electric power systems, for transportation and financial services as well as electoral procedures. There are a lot of common interests even among adversaries. What is missing at the moment is the political will to translate those common interests into arrangements which will benefit all sides.

Furthermore, we can also expect a continuing growth and sophistication of organized and individual cybercrime and cyberterrorism. Also here, it is in the interest of all states to unite their capacities to fight against the “bad guys”—the criminals, vandals, hate preachers, pedophiles, terrorists—on the Internet.

In 2017 we have seen new forms of multistakeholder cooperation between governments, Interpol, Europol, the private sector, technical experts and others to combat cybercrime. This will continue. And we will see also more national legislation.

Whether we will also see progress with a universal international legal instrument against cybercrime, remains to be seen. The Budapest Convention has now nearly 70 signatories. Russia, which does not like Article 32 of the Budapest Convention, is proposing another treaty based on the “Minsk Convention.” In other words, even in an area where we have common interests of nearly all players, it is difficult to find a global consensus.

Basket 2: Digital Economy

The digital economy is now on nearly every national political agenda. During the German G20 presidency there was a special meeting of the ministers for the digital economy, linked to a multistakeholder conference with high-level representatives from the private sector, the technical community and civil society (Düsseldorf, April 2017). A similar twin-meeting was arranged under the Italian G7 presidency (Torino, September 2017). Both meetings adopted documents which underlined the interests of governments to broaden and deepen collaboration on nearly all aspects of the digital economy. Interestingly, both the G7 and the G20 documents underlined also the importance of the multistakeholder approach to Internet Governance.

The G20 adopted already under the Chinese presidency in 2016 a “G20 Digital Economy Development and Cooperation Initiative” which was reconfirmed under the German G20 presidency. But so far, only a little concrete projects came out. It is now in the hands of the Argentinian G20 presidency to push for the next steps. Another special meeting of the G20 ministers for the digital economy is scheduled for Salta, in August 2018.

But also the G7 has produced more words than facts. It remains to be seen how the proposed “G7 multistakeholder dialogue on artificial intelligence” will be organized under the Canadian G7 presidency.

Certainly, every country will benefit from broadband deployment, digital skills, and eCommerce. But like in the field of cybersecurity, the political will to connect the world and to bridge the digital divide reaches its limits, if the protection of national interests is seen as more important that contributions to the common good.

The recent 11th WTO Ministerial meeting in Buenos Aires in December 2017 was a good illustration, what paper commitments mean if it comes to concrete projects. In the G20 meeting in Düsseldorf (April 2017) the G20 ministers agreed to “engage constructively in WTO discussions relating to E-commerce.” But the “constructive engagement” was not strong enough to avoid a split of the WTO. Efforts to set up a central e-commerce negotiating forum within the WTO failed. 70 of the 164 WTO members have now agreed to start separate negotiations in the first quarter of 2018. Nearly 100 WTO members, including G20 members China, India, and Indonesia, disagreed. They want to include eCommerce into the existing multilateral talks of the Doha-Round. But this was rejected by the new WTO “coalition among like-minded countries.” What does this mean? A fragmentation of digital trade, which will trigger a fragmentation of the Internet?

By the way, there are a lot of concerns whether the WTO is the right forum to discuss digital trade. Many NGOs reject fundamentally a WTO role for Internet Governance. They fear that WTO Internet rules could undermine existing arrangements for privacy, consumer protection and freedom of expression on the Internet. Internet and trade negotiators represent two totally different political cultures. Trade is negotiated behind closed doors among governments. The Internet is negotiated in a bottom-up, open and transparent process among all involved stakeholders. How to bridge such a fundamental gap?

Interestingly, as a side event during the WTO Ministerial in Buenos Aires, another public-private partnership project under the title “Enabling eCommerce” emerged. Alibaba’s Jack Ma, who has been pushing for two years for an “Electronic World Trade Forum” (eWTF), entered into an arrangement with the World Economic Forum (WEF) and the WTO to establish a platform which will bring together leading voices from governments, business and other stakeholders to begin a high-level conversation on e-commerce policies and practices that can benefit micro, small and medium-sized enterprises (MSMEs). Jack Ma argued that intergovernmental processes, as with the WTO negotiations, are too slow to react to a fast-changing trade environment and give big business priority by ignoring small businesses, young people, and developing countries. “The problem with globalization is that its benefits have not been made available to all,” said Jack Ma in Buenos Aires. “We cannot stop globalization; we must improve it.”

The first round of discussion for the “Enabling eCommerce” project will take place in January 2018 in Davos. Is this a door-opener for a multistakeholder approach to digital trade? How NGOs, consumer protection, and civil society organizations will become involved? And how governments, including the Chinese government, will react if this new project bypasses intergovernmental trade negotiations?

The digital economy is full of potential conflicts. One key issue is taxation. Another is anti-trust legislation. And new problems will emerge with IoT and AI. At its “Digital Summit” in Tallin in September 2017, the EU has indicated that it will have a closer look into those issues. The risk is high that a new wave of protectionism will overshadow the development of the digital economy.

This is related also to the future of work. Nobody knows how many jobs will be replaced by robots and algorithms in the coming years. In Cancun in June 2016, the OECD adopted an eSkills and eJobs program. Now the International Labour Organisation (ILO) in Geneva has established another “Global Commission on the Future of Work.” This commission is chaired by Ameenah Gurib-Fakim, President of the Republic of Mauritius, and by the Swedish Prime Minister Stefan Löfven. The Commission will produce an independent report on how to achieve a future of work that provides decent and sustainable work opportunities for all. This report will be submitted to the centenary session of the International Labour Conference in 2019. 2018 will be a year of discussion.

Basket 3: Human Rights

As the New Mundial Declaration from 2014 has reaffirmed, Internet Governance has to be based on the respect of human rights. There is no need to invent “new human rights.” But there is a need to analyze the implications of new technological development for the existing human rights. This is relevant in particular for the right to freedom of expression and the right to privacy.

The good thing is that for both rights, the UN Human Rights Council has appointed Special Rapporteurs, who are functioning as watchdogs, produce critical reports to the UN General Assembly and make own proposal, how to strengthen the protection of human rights in cyberspace.

David Kaye, the special rapporteur for freedom of expression, is warning for a growing censorship on the Internet. In 2017 there were more than 70 countries where the Internet was censored or totally blocked. But it is not only governmental censorship which is growing. Some governments have started to adopt legislation which delegates duties to remove illegal and harmful content from social networks to private sector corporations. This has consequences for freedom of expression and can undermine established legal procedures, where independent courts make final decisions which content is legal or illegal. Germany has already adopted such a law, the “Netzdurchsetzungsgesetz (NetzDG)”. The European Commission will consider, whether there should be a legally binding directive for all its 27 member states. On the other side, opponents of such an approach have announced, that they will bring the adopted laws to the European Court of Justice.

A similar controversial discussion was started by the Special Rapporteur on Privacy in the Digital Age, Joseph Cannataci, on Surveillance. In his report to the 72nd UN General Assembly from November 2017, he has identified “a vacuum in international law” about surveillance in cyberspace. His proposal includes the option of a legally binding instrument. He does not deny the need for surveillance as a tool to fight against cybercrime and to protect national security. However, such measures have to include checks and balances. “Prior authorization of surveillance and the subsequent oversight of surveillance activities is a key part of the rules, safeguards, and remedies needed by a democratic society in order to preserve its defining freedoms.” Cannataci will table the first draft before spring 2018. He has the support of many stakeholders, in particular from civil society. But there is also a substantial number of governments, which are not amused about the activities of the special rapporteur.

Basket 4: Technology

As said above, the big debate about the IANA transition is over. But this does not mean, that there are no controversies anymore at the technical layer of the Internet. And it is not only IoT and AI which raises new problems with political implications. One can not exclude that some groups have the interest to politicize the technical debate, to challenge the “rough consensus and running code” philosophy and to use technology to push for national political or economic interests.

This raises questions such as how the next generation of Internet protocols will be defined? How code makers in the IETF or the IEEE will make sure new generation of services and applications will remain technically neutral? What about new Internet identifier system which would complement (or substitute?) existing systems like the DNS?

What does the Russian announcement mean that it will have its own root server system until August 2018? What are the consequences of the FCC decision to terminate network neutrality within the United States? Will 2018 strengthen the “One world and one Internet” concept based on global interoperability? Will we move into a scenario of a “federated Internet” as Eli Noam from Columbia University has proposed already years ago? Or will 2018 see the first steps towards Internet fragmentation?

Calendar of events

This long list of issues will be discussed by dozens of meetings and conferences in 2018. It is meanwhile extremely difficult to keep an overview of the Internet Governance “Calendar of Events.”

On the intergovernmental level, there will be the ministerial and summit meetings of the G20 (in Argentina), the G7 (in Canada) and the BRICS (in South Africa). In fall of 2018, the 73rd UN General Assembly will discuss cybersecurity, Internet for development and human rights. It will also discuss the report of the UNCSTD Working Group on Enhanced Cooperation (WGEC) and controversial proposals as new legal instruments or new institutional mechanisms. The ITU will have its next Plenipotentiary Conference in Dubai in November 2018. Internet-related public policy issues are high on the agenda of other UN Specialized Agencies like UNESCO, WTO, ILO, WIPO, UNCTAD, and others. The intergovernmental Freedom Online Coalition (FOC) under its new German presidency will draft a number of statements for human rights based cyberpolicy with a high-level conference in Berlin in Fall 2018. And the Chinese government will organize another “World Internet Conference” (WIC) in Wuzhen in November 2018.

On the non-governmental level, we will see more engagement from the World Economic Forum (Davos, January 2018) and the Munich Security Conference (Munich, February 2018). End of February 2018 there will be the big “Internet & Jurisdiction” conference in Ottawa. Meetings of the Global Commission for Stability in Cyberspace are scheduled for Lille (January 2018) and Bratislava (May 2018). There will be nearly 100 national and regional Internet Governance Fora, including EURODIG in Tbilisi in June 2018. ICANN and IETF will have their three annual meetings (ICANN in Puerto Rico, Panama & Barcelona and IETF in London, Montreal, and Asia) and there are numerous academic, technical or business meetings every month in nearly every corner of the globe. It is “Internet Governance around the clock.”

To have such an extended dialogue on Internet issues is a good thing. The problem is that the majority of the meetings listed above are very specialized meetings for narrowly defined constituencies. Those constituencies have been sitting for years in their own silos, and they do not look beyond the horizon of their narrowly defined agenda. And this is the problem.

Like on the Internet, where every computer is connected to every computer, in Internet policy, every Internet problem is connected to any other Internet problem. Measures to strengthen cybersecurity as the adoption of new laws have economic implications, will affect digital trade, and touch individual human rights as freedom of expression or privacy. And it also goes the other way around: measures to strengthen human rights will affect the digital economy and cybersecurity. What is needed here is a holistic approach which takes into consideration all aspects, including unintended side effects. But unfortunately, the existing Internet negotiations mechanisms—with the exception of Internet Governance Forum (IGF)—does not provide such a broad and inclusive approach.

As long as the constituencies will remain in their silos, progress will be limited. And if this “silo approach” is mixed with political unwillingness to enter into multistakeholder arrangements, not much can be expected from 2018.

Stabilize the Canoe

Last year I finished my Internet Governance Outlook for 2017 with a reference to a lecture that I had the privilege of listening to when I was a student. The professor spoke about “Seven Jumps in the History of Mankind”. He said that the “7th jump” will bring mankind into the information age. He had no clue, what this meant in detail, but he gave us a good recommendation. “Look,” he said, “one can compare our situation with a small group which is sitting in a canoe and moving towards a big waterfall. What should they do?” And with a smile on his face, he finished his lecture with a good conclusion: “Don’t leave the boat! Don’t fight the waterfall. Stabilize the canoe.” Nothing to add in 2018.