In November 2010, I had just arrived in Brussels. I attended the Paradiso conference - the ending ceremony of a project about online cultures and opportunities, developed within a European Commission research programme called Seventh Framework Programme for Research (FP7). There was an award ceremony for kids aged 9-12 who had contributed their visions of what the internet could bring the world. The kid that won the first prize was shipped on to the stage where a helpful European Commission conferencier helped them conclude that ”world peace” was the greatest benefit of the internet, and the kid's most desired future.

Back in the days when no one on the internet knew you were a dog, there was a terrible fear that politicians would destroy any peace of liberal democratic freedoms that could spontaneously arise on a global network of communication. In the wake of 1989, when the cold war was no more and Germany reunited, there seems indeed to have been a brief, but glorious, moment of hope for world peace.

There were some setbacks

International organisations in the United Nations, like the World Intellectual Property Organization (WIPO), expanded corporate protection mechanisms speedily in the mid-1990s. The TRIPs Agreement and the World Trade Organization (WTO) stirred up much emotion in many parts of the world.

As it slowly turned out people do in fact mostly use communication to share culture with each other – share with friends, share with foes – powerful vested interests reacted sharply to the new digital infrastructure.

There were some more setbacks

Most of the values we've incorporated in our legislative systems are more compatible with Minitel than with the internet. The legal systems in both the United States and in the European Union member states are simply not cut out for citizen-driven, peer-to-peer communication. What is called “Next-Generation” is often a cover for adapting internet technology to its Minitel roots - we’re re-adapting technology to fit better with our norms.

Political forces in Brussels and the member states have an ambivalent relationship to the internet and to internet governance. On the one hand, we hope to improve efficiency of industrial robots and of the public sector. On the other hand, the internet happens to be an adequate tool for private persons to empower themselves. Unfortunately, individuals empower themselves for bad: bad copyright infringement, bad cyberbullying, bad cyberhygiene, bad any-number-of-things which have caused legislative outrage. And private persons are not learning how to be productive programmers the way the computer and the economy intended them to.

I try to remember this kid who wanted the internet to bring him world peace in 2010. I don't think he'd be invited to any European Commission ceremonies again, and even if he were, his 16-year old self would probably look back with scorn at how grown-up Commission officials tricked his younger self into expressing such naive aspirations.

Internet governance under influence

While many initiated internet governance people are excited about the ICANN reform and IANA documents, NetMundial, the Internet Governance Forum, and the Centre for International Governance Innovation (CIGI) group, there’s little reason to be. They are talk-shops set up to delay or criticise the shifting internet standards to the International Telecommunications Union (ITU), an old and corrupt UN organisation no one actually likes.

”Deciding about protocols and IP addresses, it's not something I think politicians should do,” an ISOC-SE member confidently explained to me on a panel in 2013. Yet, intermediary liability provisions in the European E-commerce directive already ensure political influence over IP addresses. Political unwillingness to address net neutrality effectively renders unusable protocols that do not conform to telco desires. There is a multi-layered problem which has nothing to do with the myriad of paper tigers arising globally, and conferences organised by enthused cyber-government officials. The technical community is ignoring or denying the political influence it is having. The political community is, counter-intuitively, ignoring and denying its political influence as well.

European internet governance needs to develop dreams

Where internet governance needs to develop is in its formulation of dreams and ambitions. We laugh, haha, at this kid shoved on to the Paradiso conference stage to express endearing ambitions, but isn't it exactly the ambition that also the European Union was founded upon?

The strength of Europe and of the European Union is that it accepts the equality between participating peers in its processes. The EU emphasises collaboration on equal terms, and the preservation of unique cultural features. Europe is historically prominent in political and natural philosophy, innovation and culture. This has to do with its great cultural diversity, its many languages and the ensuing need to develop mechanisms for conflict resolution, mutual understanding and trade. Europe pioneered the liberal world order. Consumer rights and competition have been high on the agenda since the founding of the European Union.

Decentralisation, key to the success of Europe and of the internet

The common factor between all of Europe’s successes is decentralisation. Mutual respect and equal terms between different interacting parties is the true strength of Europe. Whether the European Parliament or the Council of Ministers or in the Commission. Whether in human rights law, consumer rights law or competition law. The European project carries with it the hope that when people come together from different cultural backgrounds, they will mostly be nice to each other and do productive things.

Decentralisation is also the defining aspect of the internet and similarly networked technologies. It is what made the internet fundamentally different from Minitel: the internet dared assert that people who get to choose the terms of their interactions with others will usually be nice to one another and do productive things.

Taking the large similarities between the technical architecture of the internet and the political architecture of the European Union into account, it is strange that the European Union doesn't embrace, but rather seeks to reform, the normative framework of the internet. It doesn't matter how technical you say the internet governance is, the current lack of individual empowerment in the online world is a direct consequence of individual empowerment not having been politically prioritised.

Modern democracies have been characterised by the attribution of the decision-making and law-making monopoly to the executive and legislative organs of the state, where citizens’ representatives are supposed to operate in the public interest, thus promoting the well-being of the general public. Indeed, within representative democracies, elected officials remain accountable to the electorate for their decisions and policies while the executive and legislative organs are entitled to define rules precisely because they have secured legitimacy by means of free and fair elections.

Legitimacy is essential to define policies within a democratic system and representation is the main vector of democratic legitimacy. However, the growing complexity and technical sophistication of various sectors of economic and social life have increasingly highlighted the need for experts’ advice, stakeholder-inclusion and democratic participation in order to support policymakers with diverse expertise and empirical data. Indeed, when considering complex and multifaceted issues, such as Information and Communications Technologies (ICTs) or environmental matters, policymakers are not only required to act legitimately and in the public interest but also to carefully analyse the economic, social and juridical consequences that their decisions may deploy on the society at large.

On the one hand, all individuals and entities potentially affected by specific policies should have the right to provide their inputs and manifest their potential concerns. Individuals’ participation may be considered as the normative core of democracy, allowing all interested[1] persons to freely express themselves, providing contributions aimed at shaping those policies that have a bearing on their everyday lives. Such participatory governance has the potential to legitimise policymaking efforts, allowing all interested stakeholders to discuss policy proposals and convey diverse information to policymakers,^[2] in order to elaborate sustainable and evidence-based policies. Hence, it may be argued that, in order to foster a sustainable approach, policymaking should be grounded on the possibility for all interested stakeholders to express their concerns and provide their expertise through transparent and participatory processes. Such openness and inclusiveness would allow decision-makers to consider the entire spectrum of externalities that their choices may determine and consequently elaborate legitimate and effective policies. (Belli, 2014)

On the other hand, the increasing complexification of policy subjects makes laws and policies increasingly technical and, therefore, less and less the expression of political ideals and more and more justified on the basis of scientific – and, particularly, economic – arguments. As a consequence, the need to scientifically justify policies and to accurately assess and manage their potential risks triggers the necessity of “experts’ advice.” (European Commission, 2001) Such advice is generally gathered in the context of collaborative governance processes (Hardy & Phillips, 1998; Supiot, 2005; Belli, 2014) where participation is justified by discursive legitimacy and resource-based power.^[3] These sources of legitimacy become therefore instrumental to support policymakers in “preparing and monitoring decisions”. (European Commission, 2001)

Expert assistance and stakeholder inputs may be particularly beneficial to enhance the quality of policies pertaining to complex and transnational issues that require particular expertise in order to be properly analysed. The participation of a wide number of stakeholders may be useful to identify the various facets of a common problem and the different interests at stake, thus diversifying the range of potential solutions and ultimately increasing “the practical likelihood that the proposed actions and plans will be accepted, implemented and effective.” (UNDP, 2012) For this reason, (inter)governmental and legislative bodies have lowered their institutional barriers, opening their processes to the contributions of non-state actors. Simultaneously, the growing interest for stakeholders’ opinions has triggered the multiplication of think-tanks, Non-Governmental Organisations (NGOs) and advisory organs that concur to the formation of public opinion and have the potential to orientate policymakers’ decisions, through the elaboration of studies and policy suggestions. (Stone, 2000) However, it seems important to note that stakeholder participation should be seen as a way of supplementing and enhancing democratic processes rather than substituting them. Indeed, the potential paradox of stakeholder involvement is that “the claims of expertise, seniority, experience, and special talents may override the claims of democracy as a way of constituting authority”^[4] and stakeholderism may become a shortcut to avoid the “excess of democracy [which] means a deficit in governability.”^[5]

Both benefits and risks linked to multistakeholder processes seem particularly tangible with regard to internet governance. (Kleinwächter, 2007; Hill, 2015) This paper will provide an overview of the rise of the “multi-stakeholder philosophy”^[6] as regards internet policymaking (Section I). Subsequently, a selection of multistakeholder internet governance mechanisms will be briefly analysed, providing concrete examples of stakeholder inclusion within traditional policymaking processes (Section II). Lastly, it will be argued that the focus on the diversity of interests of the involved stakeholders, rather than solely considering their affiliation to different stakeholder categories, may provide a more suitable conceptual framework for the elaboration of sustainable policies. As a conclusion, an embryonic model of heterostakeholder approach will be put forward (Section III). Such approach may be used to assess the diversity of interests represented within existing internet governance processes as well as to strengthen pluralism within future ones.

The emergence of multistakeholder internet policymaking

At the international level, the benefits of a multistakeholder participation have been stressed starting from the United Nations Conference on Environment and Development (so-called Earth Summit, 1992) and multistakeholder approaches have been put in place by a number of UN-related initiatives and summits. (Hemmati, 2002; Vallejo & Hauselmann, 2004; UNDP 2012) Particularly, the advantages triggered by multistakeholder cooperation have been highlighted by the Cardoso Report^[7] whilst the ennoblement of the “multi-stakeholder approach”^[8] to internet policymaking has been consecrated by the World Summit on the Information Society (WSIS), the biphasic conference held in 2003 and 2005 and meant to be a ‘constitutional moment’ for the Information Society.

The main contribution of WSIS to the rise of multistakeholderism with regard to internet policymaking will be briefly analysed in subsection A. Successively, subsection B will highlight the evolution of the multistakeholder approach that may be remarked in the NETmundial Multistakeholder Statement, main outcome of the Global Multistakeholder Meeting on the Future of Internet Governance, hosted by Brazil in April 2014.

The Tunis Consensus

It is reasonable to argue that the ICT environment, in general, and the internet ecosystem,^[9] in particular, quintessentially exemplifies both the need and the importance of non-state actors’ contributions to policymaking processes. On the one hand, both the internet technology and the internet standards that allow the Network of networks to globally operate have been developed – and keep on being developed – by non-state actors. On the other hand, it is increasingly evident that the internet is a highly intermediated environment in which private entities have gained the role of cyberspace regulators, due to their capability to unilaterally define private orderings in order to frame the portion of cyberspace under their direct control.^[10] Hence, governments cannot afford the luxury of disregarding these actors in order to understand and – if needed – regulate specific sectors, such as data protection, copyright or internet traffic management. These are some of the reasons why WSIS participants explicitly advocated for the adoption of a “multi-stakeholder approach” in order to ensure the “legitimacy of [Internet] governance” and to “improve the coordination of the activities of international and intergovernmental organizations and other institutions concerned with Internet governance […] at all levels.” (Tunis Agenda, 2005, paras. 31 and 37)

The Tunis Agenda for the Information Society was the main outcome document of the second phase of WSIS. After having been consensually adopted by the WSIS plenary, this statement was subsequently endorsed by the UN General Assembly though its resolution 60/252, adopted in April 2006. It is important to note that, in spite of the intergovernmental nature of UN Summits, the Tunis Agenda resulted from the inputs of a variety of stakeholders. Indeed, despite having been convened by the International Telecommunications Union (ITU) – which is a UN intergovernmental agency – WSIS opened its doors to multistakeholderism, allowing the participation of civil society, private sector representatives and other international organizations.^[11] In addition, although the Tunis Agenda was formally adopted by the WSIS voting participants, i.e. government delegations, it reflects the joint efforts of a variety of stakeholders that cooperated within the Working Group on Internet Governance in order to provide the background material to set the stage of the Tunis meeting. (WGIG, 2005a; WGIG 2005b)

Hence, WSIS should be considered in the context of an “accelerating increase in cross-border flows and global integration” (Heintz, 2007) triggering the necessity for global governance mechanisms involving ‘traditional’ international actors as well as non-state actors. As highlighted by several scholars, global governance relies on the participation of non-state actors, particularly from business and civil society; the re-distribution of spaces and policy layers between local and global; the need to establish new synergies and cooperation between ‘traditional’ and new actors in order to “govern without a government.”^[12] (Heintz, 2007; Jacquet, 2002) Indeed, the Tunis Agenda considered the meaningful participation of different stakeholders as “essential to the successful building of a people-centred, inclusive and development-oriented Information Society” (para. 97), whilst internet governance was famously defined as the “development and application by governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.” (para. 34)

WSIS may therefore be seen as a turning-point for international policymaking, consensually recognising the value of multistakeholder participation as instrumental to the delineation of new international regimes, i.e. sets of “principles, norms, rules, and decision-making procedures around which actors’ expectations converge in a given area.” (Krasner 1983) Furthermore, the Tunis Agenda explicitly considered as “essential” for WSIS implementation activities the utilisation of “a multi-stakeholder approach” implying the participation of “the private sector, civil society, and the United Nations and other international organizations.” (Tunis Agenda, 2005, para 101) Lastly, one of the main outcomes of WSIS has been the establishment of the UN-convened Internet Governance Forum (IGF) whose goal is to foster multistakeholder policy dialogue (para. 72) and whose “working and function, [are] multilateral, multi-stakeholder, democratic and transparent”. (para. 73) Although the IGF cannot be analysed in detail here, it is important to note that this “ecumenical forge of ideas” (Belli, 2013) has been instrumental to promote multistakeholderism through multistakeholderism, providing a venue for all interested stakeholders to meet and speak their minds freely, debating some of the most relevant internet-related policy issues, over the past ten years.

From WSIS to NETmundial

Since the Tunis phase of WSIS the idea of bringing together governments, private sector, civil society and international organisations to jointly analyse and shape internet policies has gained significant momentum. Over the past decade, a growing number of policymaking entities have started considering the inclusion of non-state actors as beneficial to the definition and implementation of internet governance processes. (Council of Europe, 2005; G8, 2011; OECD, 2011) Importantly, multistakeholder processes have offered civil society, the private sector and the academic and technical community the possibility to provide their expertise, contribute to the development of scalable solutions^[13] and express their critiques regarding various policy issues, thus increasing the openness of policymaking and the accountability of policymakers.

However, although the multistakeholder formula and the need for “unremitting multistakeholder efforts” (Tunis Agenda, para 83; ITU 2014) have been increasingly debated since the agenda’s adoption, it is important to note that “multistakeholderism” has not found a clear and consensual definition, so far. Moreover, in spite of the fact that such multistakeholder participatory governance has been officially endorsed by several intergovernmental organisations (e.g. Council of Europe, 2005 & 2011; ITU, 2010 & 2014; OECD, 2008 & 2011), it should be stressed that WSIS failed to forge an comprehensive internet governance regime based on the participation of different stakeholders. Indeed, although WSIS fostered the establishment of the IGF, which has played a pivotal role in fostering multistakeholder policy-debate, it must be noted that, to date, the question of how multistakeholder cooperation should be structured in order to produce concrete outcomes has found no definitive answer. To this extent, several authors have stressed that every entity concretely implementing multistakeholderism seems to utilise different models. (Gasser et al., 2015; Souter, 2009)

What seems to be universally agreed is that multistakeholderism relies on the participation of a broad range of entities to multi-player and multi-layer governance processes. With particular regard to internet governance, stakeholder involvement does not necessary mean that every stakeholder-group should have the same role in the development of policies, the preparation of decisions, the actual decisions and then the implementation of decisions. (WGIG, 2005a) In this respect the Tunis Agenda affirms that “all stakeholders” should be involved while stressing, for instance, that “[p]olicy authority for internet-related public policy issues is the sovereign right of States”. (para. 35) Thus, different entities have been developing different approaches to stakeholder participation and while (inter)governmental entities are keener on a stricter interpretation of para 35 – in order to limit non-state actors’ influence on policy-decisions – non-state organisations, such as the Internet Corporation for Assigned Names and Numbers (ICANN), are eager to involve stakeholders into their policy development processes,^[14] because stakeholder participation represents their main source of legitimacy. (Mueller et al., 2009)

A noteworthy step towards further consensus on multistakeholderism has been marked by the NETmundial meeting, convened by the Brazilian president, Dilma Rousseff, and ICANN, in October 2013,^[15] as a reaction to the computer analyst and whistleblower Edward Snowden’s revelations on the U.S. National Security Agency’s surveillance practices, which were labelled by the Brazilian President as “grave violation of human rights and civil liberties.”^[16] The NETmundial meeting was a multistakeholder summit that produced a nonbinding “Multistakeholder Statement,” specifying principles and a roadmap for the future of multistakeholder internet governance.^[17] This quintessentially multistakeholder gathering produced a statement stressing that internet governance “processes, including decision making, should be bottom-up, enabling the full involvement of all stakeholders, in a way that does not disadvantage any category of stakeholder.” (NETmundial, 2014)

It should be noted that, despite the importance of NETmundial’s call for “democratic, multistakeholder processes, ensuring the meaningful and accountable participation of all stakeholders, including governments, the private sector, civil society, the technical community, the academic community and users,” (NETmundial 2014) doubts can emerge with regard to the usefulness of listing categories of stakeholders without mentioning the necessity to scrutinise the interests that such stakeholders may have in the outcomes of a given process. To be clearer, stakeholder taxonomies may be very useful to identify the source of legitimacy to participate to a governance process where policies are negotiated. (Hardy & Phillips, 1998) However, excessive focus on stakeholder categorisation rather than on the interests that those stakeholders actually have in the process’ outcomes risks being counterproductive or even misrepresentative. The ultimate goal of a multistakeholder approach should be indeed to support and strengthen policy-preparation and decision-making processes, by supplying a wide range of pluralistic information and expertise. Hence, to achieve such pluralism it seems essential that inputs be provided by individuals and entities having different standpoints and interests. This is further corroborated by the use of the term “democratic” to qualify multistakeholder process. In fact, some of the essential conditions that are inherent to any truly democratic structure are freedom of expression and freedom to form one’s own opinion having access to pluralistic information. The participation of individuals and entities belonging to the aforementioned stakeholder groups may foster diversity of standpoints but does not guarantee diversity of interests and does not impede double representation of the same interest.

This is particularly important with regard to decision-making procedures, where stakeholders should be represented without being unduly “disadvantaged” but, obviously, also without being unduly advantaged. The use of the NETmundial stakeholder taxonomy,^[18] as an instance, may not guarantee the highest level of diversity of interests amongst the involved stakeholders. As a preliminary remark it is important to highlight that the NETmundial Statement adopts two slightly different stakeholder taxonomies. Initially, the preamble affirms that the Statement “is the non-binding outcome of a bottom-up, open, and participatory process involving thousands of people from governments, private sector, civil society, technical community, and academia from around the world” and the introduction confirms that “contributions have been received from all stakeholders around the globe.” (emphasis added) Hence the reading of the preamble in conjunction with introduction would lead the reader to assume that the abovementioned stakeholder-list is exhaustive, for it encompasses “all stakeholders around the globe.” However, while defining the “Multistakeholder” principle, the Statement evokes “all stakeholders, including governments, the private sector, civil society, the technical community, the academic community and users” (emphasis added), leading the reader to assume that multistakeholder processes should be based on an open taxonomy, including “users,” rather than on an exhaustive list.

An open taxonomy seems indeed more inclusive. However, two considerations may spontaneously emerge as regards the stakeholder groups specified by the Statements. First, who represents the stakeholder category of “users”? Aren’t civil society advocates supposed to represent users’ interests? If the answer is positive, should users be represented twice? If the answer is negative – and such an answer would be plausible, assuming that civil society advocates may speak on behalf of specific values and ideals rather than represent internet users – the question is who represents internet users’ interests in general? One may also argue that internet users are represented by their elected governments. However, should one argue that both civil society advocates and elected governments represent internet users’ interests, then the NETmundial taxonomy would suggest that users are represented not only twice, but thrice i.e. by ‘governments,’ by ‘civil society’ and, obviously, by ‘users.’ Au contraire, should one decide to adopt the opposite interpretation, suggesting that neither governments nor civil society are necessarily representative of internet users, than the question is – again – who are the users’ representatives within internet governance processes?

Second, a similar overlapping situation and consequent risk of double/triple representation, emerges with regard to the “technical community” stakeholder group. A quick look to the list of participants of one of the meetings of the Internet Engineering Task Force (IETF), which is one of the most relevant technical community gatherings, reveals that it is far from uncommon to encounter “techies”, who work for private sector entities or for academic institutes. At the IETF 91 meeting, as an instance, 80.8% of participants were affiliated to private sector entities; 6.4% affiliated to the academic community; 12.4 did not provide affiliation; and less than 1% declared to be affiliated to a (inter)governmental entities.^[19] Hence, although the technical community plays an indubitably pivotal role as regards internet governance and internet well-functioning, it seems palpable that this category frequently overlaps with private sector and academia, thus generating the possibility of double – or triple – representation of the same interest. Indeed, with the exception of the so called “I* organisations”^[20] and few independent professionals, it is hard to imagine a member of the technical community who is not employed by a private corporation or an academic institute. Indeed, IETF participants have usually a high degree of technical knowledge, which is dear to academic institutions and even dearer to the private corporations that are the direct beneficiaries and users of efficient internet standards.    

It stands to reason that, while the discussion and elaboration of policy-proposals should be open to the widest number of contributions, decision-making demands to avoid the aforementioned duplications in order to adequately represent the entire spectrum of interests at stake. Furthermore, different fora may utilise different stakeholder categorisations, thus producing additional complexity.^[21] Lastly, it is important to remark that different stakeholder groups, as well as member of the same stakeholder group, may rely on very dissimilar financial capabilities, thus highlighting the need to consider other parameters than the sole stakeholder affiliation to a predefined category in order to guarantee that different interests are not “unduly disadvantaged.”

Perhaps, the qualifying “heterostakeholder” would have been more appropriate than the “multistakeholder” one, in order to imply the essential need for diversity of opinions, interests – which should be transparently declared – as well as geographical origin, rather than merely rely on a “quantitative approach” based on potentially ambiguous super-categories. Indeed, the added value of a multi/hetero-stakeholder approach should be to nurture discussion with the widest number of diverse standpoints and possible sustainable solutions to common problems, rather than merely multiply the heads around the table. The next section will briefly scrutinise a selection of internet-related multistakeholder processes. The elements of a “heterostakeholder approach” will be explored by way of conclusion, in Section III.

Stakeholder inclusion within internet governance processes

Over the past 20 years, multistakeholder participation has been exported from the technical environment to the policymaking arena. (Belli, 2014) Some key features of various multistakeholder internet governance models are briefly discussed below. Subsection A will briefly analyse how multistakeholderism is implemented by technical organisations. Subsection B will remark the migration of the “multistakeholder philosophy” towards traditional (inter)governmental policymaking organisations.

A technical genesis

Internet technical coordination is based on a decentralised voluntary implementation of soft-law instruments (i.e. standards and protocols) whose consensus-based development-process aims at achieving technical efficacy.^[22] Such voluntary and consensus based mechanism characterises the elaboration of internet standards^[23] as well as Web standards^[24] that are forged through essentially participatory processes, within multistakeholder bodies, such as the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C). Conspicuously, the IETF standardisation process reflects a truly Habermassian approach, according to which all the individuals that might be affected by the future norm can freely contribute, on an equal-footing, to the elaboration process through a “cooperative search for truth, where nothing coerces anyone except the force of the [most persuasive] argument.” (Habermas, 1998)

The IETF goal is to achieve the best technical standards, though a collaborative process orchestrated by customary procedures and rules of engagement. Internet standardisation is traditionally based on “rough consensus and running code.” (Hoffman, 2012) This means that an internet standard may be issued – and eventually adopted – only when it is demonstrated that it can empirically “run” whilst the standard’s content is defined through a "rough consensus" process. As the IETF describes, rough consensus

“does not require that all participants agree although this is, of course, preferred.  In general, the dominant view of the working group shall prevail. (However, it must be noted that "dominance" is not to be determined on the basis of volume or persistence, but rather a more general sense of agreement.) Consensus can be determined by a show of hands, humming, or any other means on which the WG agrees (by rough consensus, of course). Note that 51% of the working group does not qualify as "rough consensus" and 99% is better than rough.  It is up to the Chair to determine if rough consensus has been reached.” (Bradner, 1998)

The IETF approach may be deemed as essentially democratic, as long as one understands the particular composition of the IETF “demos,” i.e. a rather homogeneous technical community which, although been open to anyone, is made up primarily of people who are concerned with – and able to understand – the technical structure of the internet. In practice, anyone can be heard as long as he – or, rarely, she – is able to demonstrate that is knowledgeable person. Hence, in spite of the Habermassian features of the internet standardisation process, it is important to stress that the members of this technical community are generally well-educated and essentially affiliated to private corporations and academic institutes. Hence, the IETF demos is fundamentally “bi-stakeholder” and private-sector driven. Indeed, as noted above, IETF participants are principally employed by private corporations that have a direct benefit from the elaboration of efficient internet standards.    

A similar participatory process is supposed to drive the elaboration of the private-ordering mechanism defined by the Internet Corporation for Assigned Names and Numbers (ICANN), whose original aim is to set a “contractually based self-regulatory regime that deals with potential conflicts between domain name usage and trademark laws on a global basis.” (Clinton & Gore, 1997) ICANN’s structure and policymaking role are particularly complex and cannot be analysed in detail here.^[25] Yet, it seems important to mention some key aspects of the ICANN multistakeholder process, in order to stress the possibility to build non-technical policies thanks to the joint efforts of a variety of stakeholders.

The ICANN approach essentially relies on the participation of the widest number of entities and individuals to its policy formation, through a bottom-up and consensus-driven process. Such inclusive approach is indeed essential for ICANN’s very legitimacy, which is based on the maximisation of “public participation and the degree to which the participants are “representative” of the general population.” (Mueller et al. 2009) Notably, the generic Top Level Domains (gTLDs) Policy Development Process (PDP), taking place within ICANN’s Generic Names Supporting Organisation (GNSO)^[26] is a telling example of how multistakeholder participation is organised in order to convey the maximum number of stakeholder^[27] inputs into the policies that define ICANN’s private ordering. Such policies are directly shaped by a variety of ICANN stakeholders^[28] amongst which the so-called contracted parties i.e. the gTLD registries and registrars that are contractually linked to ICANN and that voluntarily adopt ICANN policies in order to be admitted within the ICANN system. Indeed, if registries want their data bases to be linked to the authoritative Domain Name System (DNS) root zoneand if registrars want to be accredited by ICANN in order to do business, they have to adopt ICANN policies.

Although the ICANN model may be criticised, is it surely one of the most perfected multi-stakeholder policymaking mechanisms, allowing an ample range of stakeholders to actively contribute to the elaboration of the rules to which they will be subject.^[29] It is not incongruous to think that a similar multistakeholder process may be transposed to national or international policymaking. However, in the lack of a global internet governance regime prescribing the inclusion of the various stakeholders – at least within the policy-preparation phase – the participation of non-state-actors to policymaking and harmonisation efforts is left to the openness and adaptability of the (inter)governmental actors. In this respect, it should be noted that some governments and intergovernmental organisations have been pioneering the inclusion of non-state actors with the aim of nurturing their internet-related policymaking. Subsection B will explore some example in this regard, highlighting how stakeholder inputs may be exploited to enrich traditional policymaking processes.

And an (inter)governmental implementation

At the international level, the utilisation of multistakeholder approaches is finding increasing application with the aim of nurturing harmonisation efforts. Harmonisation allows to foster coherence amongst national juridical system, by adopting common policies or setting common standards, but this exercise is usually undertaken through multilateral (i.e. merely involving state-actors) negotiations. However, several international actors have already revealed growing appetite for non-state actors’ contributions. Particular attentiveness regarding the benefits of stakeholder inclusion has been demonstrated by the OECD, with the institution of its Internet Technical Advisory Committee and Civil Society Information Society Advisory Council, or by the Council of Europe, explicitly foreseeing a multistakeholder composition for its Steering Committee on Media and Information Society (CDMSI).

The choice of creating advisory organs dedicated to specific stakeholder categories or to admit some non-state stakeholders to traditionally intergovernmental bodies is instrumental to provide advice and information to existing intergovernmental institutions. To this extent, stakeholder inclusion aims at reinforcing policy-preparation processes with scientific argumentation that might be corroborated with empirical evidence. Although no intergovernmental organisation allows non-state actors to participate into decision-making procedures, it is nonetheless commendable that policy-preparation processes are increasingly opened to stakeholder inputs and international organisations even “invite” to increase “multi-stakeholder co-operation.” (OECD, 2008)

Such cooperation has the potential to be beneficial for traditional international organisations that may strengthen their policy-development processes exploiting the inputs conveyed by permanent advisory bodies or through ad hoc synergies with multistakeholder bodies. This latter case may be remarked in respect of the elaboration of a Model Framework on Network Neutrality,^[30] originally suggested by the Council of Europe (CoE)^[31] and, subsequently, developed by the IGF Dynamic Coalition on Network Neutrality (DCNN).^[32] The elaboration of the Model Framework aimed at reproducing the participatory process utilised by the IETF working groups, in order to craft a net-neutrality regulatory standards. After having been presented at the DCNN meeting held at the 8^th Internet Governance Forum,^[33] this open “net neutrality policy-blueprint” (Belli & De Filippi, 2013) has been offered to the CoE CDMSI,^[34] in order to be used as a working document for the elaboration of a draft recommendation on protecting and promoting the right to freedom of expression and the right to private life with regard to network neutrality.^[35] Such an experiment has shown that multistakeholder cooperation through an open and transparent process can be exploited not only to elaborate open technical-standards but also to craft open policy-standards that may provide guidance to policymakers.

Lastly, it should be mentioned that several national experiences with regard to stakeholder inclusion may be remarked. A notable example of stakeholder organisation and inclusion at the domestic level is provided by Brazil with its nearly 20-year-old multistakeholder Brazilian Internet Steering Committee (CGI)^[36], which plays an essential role in stimulating effective participation of the Brazilian society in decisions involving network implementation, management and use. Particularly, CGI played a pivotal role in the elaboration of the Marco Civil da Internet (CGI, 2013), the Civil Rights Framework for the Internet in Brazil that was approved by the Brazilian National Congress, in April 2014. The development of the Marco Civil has clearly demonstrated that a participatory process, open to the contributions of all interested stakeholders may be successfully used to enrich national law-making. The Marco Civil project was jointly launched by the Brazilian Ministry of Justice and the Center for Technology and Society at the Fundação Getulio Vargas Law School and its development was incessantly nurtured by CGI, which ensured the involvement of the greatest number of stakeholders through several consultations. (CGI, 2013) This participatory process is currently considered as a worldwide example, allowing individuals to be active citizens, having a real impact on their democratic life, while strengthening the legitimacy of the resulting legislation.

At the EU level, several attempts of stakeholder involvement with national internet-related policy making already exist. Some examples of EU multistakeholderism are worth mentioning. Firstly, France has been increasingly exploring multistakeholderism through the creation – and progressive enlargement of the composition of – its French Digital Council,^[37] which provides inputs and policy recommendations to the national government with regard to internet-related matters. The French Digital Council offers an interesting example of stakeholder inclusion, not only because of the multistakeholder configuration but also because of the incisive use of the open consultation^[38] instruments, in order to enlarge the spectrum of opinions and expertise to be included in its policy recommendations. Secondly, the Italian Chamber of Deputies has also manifested an increasing interest for the experimentation of stakeholder inclusion, establishing a multistakeholder Commission on the Rights and Duties Related to the Internet, whose main task was to elaborate a draft Internet Bill of Rights, which every interested stakeholder had the possibility to comment through an open consultation.^[39] It is interesting to note that this Commission associates members of Chamber of Deputies with a variety of other stakeholders in an effort to merge multistakeholderism and democratic representation.^[40] Lastly, a sectorial effort to implement stakeholder inclusion may be remarked at the UK level, where the government enjoys advice from the Broadband Stakeholder Group (BSG), with regard to broadband policy, regulatory and commercial issues. Yet, it is important to stress that the BSG aims at exclusively gathering inputs form ICT, telecommunications and electronics industry stakeholders. These stakeholders may be all included within the “private sector” category, thus making the BSG a mono-stakeholder body, rather than a multistakeholder one, according to both NETmundial and Tunis-Agenda stakeholder taxonomies.

Conclusion: Towards a Heterostakeholder policymaking?

As noted in the previous section, several examples of multistakeholder inclusion within policy-development efforts already exist at both national and international level. Although it does not seem likely that governmental decision-making processes will open themselves to non-state actors’ participation, it is important to stress that stakeholder participation is already a reality as regards policy-development. Indeed, the aforementioned examples highlight that multistakeholder cooperation is not a mere slogan and can be utilised to propose concrete solutions, which can be adopted or exploited by national policymakers as well as international organisations.

However, it is interesting to note that the existing examples of multistakeholderism primarily focus on the participation of stakeholders that may be associated to predefined categories and often neglect to analyse the interests[41] that may push such stakeholders to participate in a given process. The underlying assumption seems to be that the participation of predefined stakeholder-groups to a given internet governance process may not only provide inputs from different standpoints but also guarantee the representation of heterogeneous interests. Such an assumption may be overconfident for two main reasons. First of all, it is possible that members of different stakeholder groups may have almost-identical interests or may even financially support each other. Hence, an internet governance process may be deemed as multistakeholder by reason of the participation of different stakeholders, in spite of the fact that the involved stakeholders may have intimately-related interests and may fail to consider a potentially wide range of interests. Indeed, differently from representative systems where individuals elect other individuals to represent their interests, multistakeholder processes are based on voluntary participation rather than representation. This leads to the second type of concern, according to which entities affiliated to the same stakeholder group may have very different – and, frequently, divergent – interests but only few members of a given stakeholder group may have the resources necessary to participate to a multistakeholder process. Barriers to participation are primarily financial and do not only concern the ability to take part to physical meetings in various geographical locations. A financial effort is indeed also required to invest at least part of one’s working-time to provide contributions to time-consuming interactions through online consultations as well as to regularly processing information and updates regarding ongoing initiatives. It is indeed important to highlight that few participants to voluntary multistakeholder efforts do actually participate to such processes on a pure voluntary basis, for such participation may often be part of their work duties.

The above consideration does not imply that stakeholders whose working activity encompasses the participation to internet governance process should be limited in their contributions. On the contrary, the central concern is rather to highlight that an ample spectrum of individuals and entities may be de facto excluded and unable to contribute to multistakeholder processes solely because of their lack of economic resources that are necessary to physically or remotely participate to such processes or because of their unawareness of the very existence of such processes. This is indeed the reason why participatory democracy and representative democracy are complementary. It would be unreasonable to assume that all individuals or entities having a stake in the decision-making process of a given social organisation may have at their disposal the information and knowledge as well as the economic and time resources necessary to contribute to such process. This is why liberal democracies combine citizen representation and direct participation – e.g. through open consultations and referenda – in order to guarantee the full enjoyment of the individuals’ fundamental right “to take part in the conduct of public affairs, directly or through freely chosen representatives.” (ICCPR, art 25.a)

As noted in the previous sections, several bodies already encourage stakeholder inclusion and multistakeholder cooperation and the outcomes of the existing efforts look promising. However, in order to foster “democratic multistakeholder processes” (NETmundial, 2014), the focus should not merely be on the affiliation of the involved stakeholders to predefined categories but also – and most importantly – on heterogeneity of interests that are in concreto represented within a given process. Indeed, the participation of stakeholders that may be representative of different voices, perspectives and values seems instrumental in order to elaborate sustainable policies that may be both efficient and accepted. As highlighted in the introduction, the double rationale that underpins stakeholder involvement is to widen the range of scientific arguments that should be taken into consideration in order to properly frame specific policy issues, while letting potentially-affected individuals and entities provide their inputs and manifest their concerns with regard to such policy issues. However, such rational may be severely jeopardised when stakeholders involved in a given process represent only a narrow set of economic and political interests or, even more compromised, when some of the stakeholders involved in a specific process are directly or indirectly financed by other participants. To this extent, it is not anodyne that the NETmundial Statement explicitly adds the qualification “democratic” to characterise the “multistakeholder processes,” stressing that “[s]takeholder representatives appointed to multistakeholder Internet governance processes should be selected through open, democratic, and transparent processes.” (NETmundial, 2014) In fact, the mere affiliation to different (stakeholder) groups may be instrumental to highlight the various facets of a common problem but seems insufficient to guarantee pluralism, which underpins any democratic processes – be them multistakeholder or not – fostering the competition of heterogeneous ideas, values and interests. This is the reason why democratic processes usually rely on institutional arrangements aimed at guaranteeing the representation of the widest range of views, interests and values, as well as ensuring that members of the demos enjoy equal conditions under which freely express and associate themselves. 

However, in light of the abovementioned financial barriers the suggested heterostakeholder approach would require that funding opportunities be made available in order to guarantee the representation of heterogeneous interests under equal conditions, thus avoiding that non-wealthy stakeholders be de facto filtered out due to their lack of resources. Furthermore, such an approach would demand that all stakeholders transparently state their source of funding and the nature of their interests with regard to the policy process to which they decide to participate, as well as the type of legitimacy by virtue of which their participation is justified.

The transparent indication of these elements would allow any interested individual to assess the effective heterogeneity of the involved interests and, ultimately, the degree of democracy of a given process. Indeed, it might be overoptimistic to assume that stakeholders’ participation to policy processes can be entirely justified by their benevolent desire to collaboratively elaborate common (technical or regulatory) solutions. In this regard, it should be considered that stakeholder participation to policy-development processes might be motivated by the perspective of achieving an outcome that may maximise its own utility, i.e. by self-interest, or by the intention to lobby for an outcome that may maximise its funder’s interest. As eminently stated by Adam Smith, “it is not from the benevolence of the butcher, the brewer, or the baker, that we expect our dinner, but from their regard to their own interest.” (Smith, 1776)

The participation of a variety of stakeholders may cater policymakers with valuable inputs, but stakeholder inclusion must be guided by openness, transparency and accountability in order to avoid that policy-development might be captured by particular interests. The publicity of basic elements pertaining to one’s funding and interests seems therefore instrumental to guarantee the transparency of the policymaking process and the accountability of the involved stakeholders. Indeed, although the interests of some stakeholders might be manifest – for instance, business entities’ natural inclination to maximise their own profit – it is important to highlight that the interests of civil society, technical or academic stakeholders may not be apparent. For instance, in the context of a network neutrality policymaking process, a think-thank may want to lobby for non-regulation of internet traffic management or may suggest the adoption of net-neutrality legislation whilst, in the context of copyright-related policy making, an academic may want to advocate for the efficiency of Digital Rights Management systems or criticise them. Think-tanks and academics may well enjoy discursive legitimacy but their simple affiliation to “civil society” or “academia” does not allow an observer to identify what interests are truly stimulating them to contribute to a given process. On the contrary, the transparent statement of stakeholders’ interests in conjunction with the source of their funding would be instrumental to appreciate the degree of benevolence of such stakeholders’ participation to policy processes and assess the spectrum of ideas and interests effectively represented in the process’ outcome.

The transparent declaration of the aforementioned elements is already mandatory in several policymaking bodies^[42] and there is no reason why a basic declaration of interest may not be filled by stakeholders willing to participate to a heterostakeholder internet governance process. The table below may be considered as a model “stakeholder sheet” to be filled by any individuals willing to participate in an internet governance process, fostering transparency and allowing external assessment of the effective interests represented within the process.

Table: Stakeholder Sheet

Firstly, stakeholders should declare their affiliation to one of seven stakeholder groups encompassing the NETmundial taxonomy to which the “legislative body” category has been added.^[43] It seems indeed incorrect to categorise elected representatives within legislative bodies as “government” while it seems beneficial to include such elected representatives into any internet governance process in order to enhance the transparency and accountability of the process, while increasing the likelihood that the process outcomes will be known, debated and concretely utilised by policymakers. Moreover, it should be noted that heterostakeholder internet policymaking, based on the effective representation of the widest spectrum of interests, would greatly benefit from the inclusion of internet users’ associations and platform users’ unions. Such entities would complement individuals’ representation through national governments by representing individuals in their quality of users that, in spite of their nationality, are affected by private policies, which unilaterally regulate specific services. Secondly, the stakeholder sheet would require stakeholders to state the interest that they have in a specific process i.e. the reason(s) why they are taking part to the process and, possibly, their desired outcomes. Thirdly, stakeholders should state their source of funding, for instance providing a pointer to a funding-disclosure web page. Particularly, such statement should specify whether a stakeholder is financed by another entity involved within the process. Lastly, some stakeholders may need to clarify the source of legitimacy by reason of which they participate to the process^[44]. This may be the case of (inter)governmental stakeholders that may either be elected as members of a government or enjoy institutional legitimacy, such as independent regulators or international civil servants. 

A transparent and participatory process based on the inclusion and representation of heterogeneous interests and diverse opinions is more likely to be democratic, thus allowing the development of sustainable internet policies. A heterostakeholder approach based on the aforementioned elements seems therefore instrumental to foster the elaboration of sustainable solutions, by clearly recognising – and ideally widening – the spectrum of interests effectively considered within policy discussions and policy-development processes. Indeed, in order to preserve the internet’s world-wide dimension and maximise its socio-economic potential it is essential not only to ensure technical interoperability but, equally, to guarantee policy sustainability.

Democratic processes are the “primary vehicle for the fulfilment of individual aspirations, the articulation of interests and the nurturing of civil society.”^[45] Internet policymaking and policy-development processes should reflect the widest and most diversified range of individual aspirations and interests, in order to be truly democratic and produce sustainable solutions. To this end, it seems essential to consider that stakeholderism may be seen as an “essentially contested concept” (Gallie, 1956 & 1968) that needs to be further specified in order to be properly implemented. Indeed, although general consensus may be crystallising with regard to the benefits of stakeholder inclusion and cooperation within internet governance processes, the implementation of such processes is the true Gordian knot. Just like political systems may not be deemed as democratic exclusively by reason of the existence of multiple political parties, multistakeholder processes cannot be considered as democratic exclusively by reason of the involvement of multiple stakeholder groups. The hope of the proposed framework is therefore to foster democratic processes able to produce sustainable policies thanks to the adoption of a heterostakeholder approach.

Disclaimer

The author of this paper has been directly involved in the elaboration the Model Framework on Network Neutrality and has proposed the establishment of the IGF Dynamic Coalition on Network Neutrality during the Council of Europe Multi-Stakeholder Dialogue on Network Neutrality and Human Rights, held in Strasbourg on 29-30 May 2013. Funding for the elaboration of the model framework and the participation to various net-neutrality-related conferences has been provided to the author by the Council of Europe as well as by the Centre d’Etudes et de Recherches de Sciences Administrative et Politiques at Panthéon-Assas University, Paris 2, at that moment part of PRES Sorbonne University. 

Introduction

At the beginning of 2015 the Electronic Frontier Foundation (EFF), an advocacy group that defends civil liberties in the digital world, wrote in one of its reports that “Turkey has been a bastion of Internet censorship for so long that EFF could write a regular feature called This Week in Turkish Internet Censorship and never run out of content” (Galperin, 2015).

The Turkish Republic was founded in 1923 after the collapse of the Ottoman Empire and it has since adopted a Western-oriented and secular strategy as the main pillars of social policy. In the 2002 elections, the AKP (Justice and Development Party) rose to power and its leader, Recep Tayyip Erdoğan, became the Prime Minister (he further became President on 10 August 2014). Although the AKP officially promised to adhere to secular policy, the ever-increasing role of religion under its rule led to widespread concern among the secular parts of society. Increased intervention in the secular lifestyle such as partial alcohol ban and conversion of the secular education system to a religious one were some of the factors that led to the Gezi uprising in mid-2013 - where millions of demonstrators took to the streets in 79 of Turkey’s 81 provinces. The Gezi events started to prevent the construction of a shopping centre in Gezi Park - one of the last few remaining green areas in Istanbul’s city centre. Although the Gezi uprising was the fiercest environmental struggle to date, discontent and anxiety over the government's policies constituted the backdrop.

Internet blocking in the country accelerated after the Gezi events. Social media venues like Twitter had proven to be effective in organising demonstrations and disseminating news about the events. Website blocking gained a new momentum after corruption revelations about the highest echelons of the government surfaced between 17 and 25 December 2013. Explicit recordings of corruption transactions were broadcast online. As a result, four cabinet ministers had to resign. During that period, the partial blackout of the mass media, directly or indirectly controlled by the government – sometimes through lucrative bids or unexpected tax fines, was mainly bypassed via Twitter. Hence, the perception of the increased importance of the internet became a leading factor in the acceleration of internet censorship in Turkey.

This article attempts to give an account of internet censorship in Turkey. It provides an exploratory analysis of the nature of censorship and tries to analyse the relationship between censorship and the social conditions at play. Details about the legal issues in blocking decisions can be found in Akdeniz (2010) and Akdeniz and Altıparmak (2008). Due to the fact that censorship in the country became more intense and technically more sophisticated in the last few years, we mainly focus on the 2010s. This article also compares the motivations and methods of other countries' censorship practices, such as those in place in Iran and China.

Previous writings about internet censorship

Censorship stems from the word “censor,” the government officer who had a wide range of responsibilities in the Roman Empire, such as overlooking the population census, public morale and government finances. Hence, the word is closely associated with inspection and auditing. In today's world, censorship is one of the most commonly used concepts in political and social science. Censorship can take many forms such as political censorship, which aims to prevent dissemination of political and social news or, military censorship, which is usually implemented during war or under martial law. Self-censorship is a subtle form of censorship which implies indirect, rather than direct imposition of censorship on one self (Arsan, 2013). This imposition may either stem from avoiding a possible harm from authorities or assuring the continuation of some form of benefit.

While in the last century censorship was often implemented in print or electronic mass media, the ubiquity of the internet in the last few years resulted in the widespread implementation of internet censorship in many countries. Censorship is usually regarded as an indicator of the position of a country in the authoritarian-democratic continuum and it applies to all sorts of media where news and ideas can be disseminated. Although countries like China, Iran and Turkey are criticised for implementing widespread censorship practices on the internet and other media (Arsan, 2013; Wojcieszak and Smith, 2014; Taneja and Wu, 2014), there are also convincing voices which elaborate the subtle censorship practiced in “democratic” countries (Wright and Breindl, 2013). This kind of censorship may either be practiced by corporate mass media (Herman and Chomsky, 2002) or the state (ACLU, 2005). However, the Snowden revelations showed that surveillance intensifies the problem of censorship, particularly in Western countries, to the extent that self-censorship among US writers has increased after the revelations (PEN America, 2014).

Road to extensive internet censorship in Turkey

Turkey has taken a bold step in 2007 in order to regulate, and to ‘clean’ the internet from undesirable content, which resulted in the censorship of websites. The censored sites ranged from child and adult pornography websites to commonly used platforms such as YouTube, Blogger or Alibaba.com.

Before 2007, sporadic censorship of websites did take place, the first well known one being yolsuzluk.com (Turkish for corruption), which was banned by a decision of the Military Court due to the publication of claims of corruption within the military. Then came the banning of websites related to music files due to complaints by the Turkish Phonographic Industry Society. The ban hit those websites that contained a link to other websites hosting audio files or software for downloading audio files (Seçen, 2006).

Turkey joined the internet in April 1993. As early as 1991, drawing on French legislation, Turkey enacted rudimentary computer related criminal law provisions (Yazıcıoğlu, 2011). In 2000-2001 the then government proposed an amendment to the press code with the provision of treating the “Internet as a subject to Press Code.” In order to operate as press, you need to register with the authorities and send two copies of each print issue to the Public Prosecutor for inspection. The proposal included everything involving online communications. This caused widespread uproar. Upon protests from the public, the amendment was softened and later returned by then President Ahmet Necdet Sezer (formerly head he of Constitutional Court, nominated by all parties) to the parliament for revision. Yet, the government insisted and the law was enacted. That was the first law specific to the intenret passed by parliament. The main philosophy of the code was to increase the penalties by half, whenever the internet was involved in the commitment of a crime; which was already the rule for the press. Detailed information about the code and reactions to it can be found in Draft RTUK Law (2001), RTUK Law (2001), Inet (2001) and Akgül & Pekşirin (2001).

In 2004, a new penal code was passed, this time including additional provisions on the internet and computer crime. The Penal Procedural Code was consequently renewed but, it did not include any provisions regulating rights and responsibilities of internet actors; mainly internet service providers (ISP). The Ministry of Justice formed a commission in order to prepare an “Internet law” to accommodate missing parts of criminal law and procedure. The commission started working in early 2006. The committee developing the ”Internet law” included members from public institutions, faculty members from law schools and representatives from internet NGOs. It prepared a draft bill named “Law on Network Services and Computer Crimes.” The draft was to be presented to the Prime Minister’s Office (Akgül, 2006).

This could be interpreted as Turkey's attempt to comply with the Cybercrime Convention. The Budapest Convention on Cybercrime is the first international treaty dealing with internet and computer crime. It was prepared by the Council of Europe, opened to signature in 2001 and came into effect in 2004 (Convention on Cybercrime, 2001). Turkey participated in the preparation of the Cybercrime Convention but chose not to sign it. It is only in 2010 that the government signed on to the Cybercrime Convention. It was finally ratified by parliament in 2014 on insistence of the opposition (Sanal Suçlar Sözlesmesi, 2001).

The making of Law 5651 about Regulation of Publications on the Internet

As mentioned above, the Justice Ministry Committee for Internet Law prepared a draft entitled “Law on Network Services and Computer Crimes.” A new draft was prepared  by the Transportation Ministry with restricted scope. The Justice Ministry draft was published on the website of the Ministry of Justice (Akgül, 2006). It was then opened for comments and contributions and sent to government institutions, with responses collected via official letters. Comments from public institutions and other parties were compiled, and were taken into account. The Justice Ministry Committee evaluated and decided by itself without any public participation.

In the fall of 2006, child abuse and child pornography cases flooded the media. The first Computer Crime Unit was officially established at the Istanbul Police headquarters. It serviced most of the child abuse and child pornography cases that were already available in printed form. The internet pornography issue took such proportions in the media that it looked as if child pornography was one of the most important problems in Turkey. This came across as an orchestrated effort to pass the Internet Censorship Law. Yet, in their assessment of the situation, the Ministers of Interior and of Transportation differed on the magnitude of child pornography in Turkey (Aydilek, 2006).

The Prime Minister asked the Minister of Transportation – rather than the Minister of Justice – to resolve the declared paramount child pornography problem that apparently aimed to introduce broad measures of censorship in Turkey. The Transportation Ministry was responsible for the BTK (Information and Communication Technologies Authority) – the regulatory authority for the telecom sector, while Turkish Telecom is the dominant operator and major ISP.1 Although a privatised entity, it has an intimate relationship with the state and has an important role in carrying out the practice of censorship in the country.

Although the Ministry of Justice was not happy that it was bypassed, it could not object to the Prime Minister and consequently, lawyers at the Ministry of Transportation prepared what became the “Law for Regulating the Publications on the Internet and Suppression of Crimes Committed on such Publications No. 5651.” The draft of the Transportation Ministry was prepared behind closed doors, and only state institutions were allowed to participate in the preparation process. Government ministers prepared the public opinion by promising a “clean Internet”, “clean knowledge” and the “protection of children, family and family values” (Sabah, 2007a; Sabah, 2007b). On 29 March 2007 a one-day conference was held in Ankara entitled “Clean Internet”, whose logo was three copies of the letter ‘W’ hanging from a laundry drying string (Sabah, 2007a). The Transportation Minister declared a few times that “Turkey will be a leader in providing a clean and safe Internet. The World will follow our example” (Sabah, 2007a; Sabah, 2007b).

Internet and communication technology related NGOs tried to alert the public, opposition parties, the media and internet users against the intended censorship of the internet. “Defend your Internet!” was the motto of the “İnternetine Sahip Çık ... İnternet Yaşamdır” campaign (Internet Kampanyası, n.d.). The draft prepared by the Ministry of Transportation was submitted to the parliament. During deliberations of the Justice Committee in parliament, this draft was softened to some extent. The initial draft was more drastic and would have covered all communication media with the aim to monitor, filter and curtail chat and similar services. The draft listed a catalogue of six crimes as defined by the Turkish Penal Code to be banned either by the BTK or by penal courts. This will be explored in detail in the next section. In parliament, the Justice Committee mainly made two additions: i) crimes against the founder of the Republic, Mustafa Kemal Atatürk, were included in the catalogue list, ii) a “Notice and Takedown” clause (TBMM, 2007).

The Justice Committee version passed in parliament upon a 59-minute deliberation with no major opposition on 4 May 2007 (Law 5651, 2007). One opposition MP of the Republican Party, Osman Çoşkunoğlu, asserted that ICT-related NGOs were against the Law and suggested that NGO concerns should be dealt with. The Transportation Minister Binali Yıldırım of the AKP stated that they will be taken care of and the law passed quietly. No one talked about the danger of censorship, nor defended freedom of expression, nor again claimed the unconstitutionality of the passed law. The main opposition party, the People Republican Party (CHP), could have brought the Law before the Constitutional Court for annulment, but remained silent. ICT-related NGOs appealed to President Sezer to send the Law back to parliament to be discussed once more, but he did not overturn the decision. Child pornography cases created such an atmosphere that no politician could have adopted a position without the danger of being seen as promoting it.

On 4 May 2007, the Law No. 5651 came into effect. Passing the required secondary regulations took another six months and by the end of November 2007, Law No. 5651 “Internet Ortamında Yapılan Yayınların Düzenlenmesi ve Bu Yayınlar Yoluyla İşlenen Suçlarla Mücadele Edilmesi Hakkında Kanun” (Regulation of Publications on the Internet and Combating Crimes Committed by Means of Such Publications) was fully in force.

What did Law No. 5651 provide?

The law provided some definitions and organisational structure, a catalogue of crimes, the legal framework for banning websites and a few procedures. It defined the concepts of information, data, traffic data, publication, internet medium, internet publication, monitoring, access, hosting, access and content providers, and internet usage provider. It classified ISPs as either access providers, host providers, content providers or commercial usage providers; also, it listed their accountability and responsibilities. The Law and secondary regulations requested that access and hosting providers register and acquire a license from the BTK. Commercial usage providers such as internet cafes apply for and get licenses from local authorities. For commercial content providers, a clear listing of contact information and hosting information is required online. There are monetary penalties and invalidation of license if these requirements are not fulfilled.

A classification of in-country and out-of-country websites and hosting companies was made without any definition. A registered hosting company is regarded as in-country even if the hosting machines are outside the country. If a hosting company located in Turkey is not registered, it is then categorised as out-of-country for banning purposes. If the purpose is other, the company is treated as in-country.

Prior to Law No. 5651, a division of the BTK called the Presidency of Telecommunication and Communication (TIB) was established with the mandate of performing legal telephone tapping. In the course of the new legislation, this division progressively evolved in becoming responsible for internet related issues such as blocking websites, along with telephone tapping. Almost hundred positions were reserved for the TIB, 32 of which were filled within a few months in 2007.2

The main task of the TIB is to observe and monitor the internet and take precautions to “clean” it, i.e. to prevent online content relevant to Turkey that is considered harmful from being accessed. The TIB division itself has the authority to determine the level of monitoring and filtering. It also enforces regulation and monitoring of internet cafes, so as to make sure that they keep necessary logs and prevent harmful content to be accessed by customers.

If the web or hosting company is out-of-country, the TIB has the authority to ban harmful content from the catalogued list of crimes without the need to get permission from a court. If the website or hosting is within the country, then the TIB needs a court order to ban it. However, in the case of emergency (such as with child pornography or where human life is in danger) the prosecutor can ban a website due to harmful content. In such a case, a court order within 24 hours is required. The aggrieved party can appeal the ban decision using regular procedures.

The Law provides a procedure for removal of content and right to reply. It is called “notice and takedown.” It starts with a request to ISPs to take down the offending content and could result in imprisonment of the ISP’s head between two months and two years by a Penal Court.3 When the harmful content is removed from the banned site, the decision to ban the particular website is reversed upon the verification of removal of the offensive material by the TIB, court or prosecutor. In some cases, the court appoints an expert witness for this verification.

Secondary regulation specifies banning or “curtailing access” via two methods: i) DNS tampering and, ii) IP blocking. Courts sometimes order both of these measures at the same time. URL blocking is initially not implemented, even though NGOs demand URL blocking for offensive objects only, instead of blocking the entire website. URL blocking, which we will discuss, was put into law in 2013.

The catalogue crimes

Law No. 5651 lists the following as catalogue crimes with reference to the provisions of the Turkish Penal Code (TCK) and other laws (Law 5651, 2007):4

1. incitement to suicide (TCK-84)
2. sexual abuse of children (TCK-103), i.e. child pornography
3. facilitation of the use of narcotics (TCK-190)
4. provision of substances harmful to the health (TCK-194)
5. obscenity (TCK- 226)
6. prostitution (TCK-227)
7. facilitation of gambling (TCK-228)
8. the crimes against Atatürk (law 5816)5
9. betting/gambling (sports law)

The TIB has the authority to unilaterally block or ban the whole website, when hosted outside of Turkey, via DNS tampering or IP blocking. Whereas the TIB can only block a website for these alleged crimes, independent courts can ban any website for any reason they see fit under the national laws and regulations. After Law No. 5651 was implemented, several social networking and other platforms such as Wordpress, Geocites, Alibaba, Richarddawkins.net or Blogger were banned by invoking Civil Code or Intellectual Property Rights violations. It must also be noted that many of these decisions were later lifted.

Censorship in practice

The following cases, ordered chronologically, provide some insight into Turkey’s internet blocking mechanism.

Eksisözlük (sourtimes.com) is a Turkish social networking website which is organised as a dictionary where people can comment on entries. The courts blocked this website, run by a small company, on 6 January 2006 (Andaç, 2006; Eksi Sozluk, n.d.). However, the company appealed and the ban decisions were later removed.

The Youtube.com case best exhibits the many flaws of the Turkish censorship system. Youtube.com was first banned in 2007 before the internet censorship law was enacted. The reason was a video insulting Atatürk that was allegedly uploaded by a Greek youngster. The two largest national dailies took this seriously, carried the news to their front pages and set up a letter campaign to protest. Then, the state prosecutor for media intervened and brought the case to court. The judge saw the video on a CD and decided to block Youtube.com. Although Youtube was reopened after several months, it was later banned several times for shorter periods (Youtube Censorship, n.d.). The 2008 Youtube ban lasted more than two years. Until 2014, there were more than 30 court decisions banning Youtube.

The Wordpress.com case: In Turkey, Adnan Oktar is a well-known creationist and the head of an Islamic foundation. His lawyers have become known for the rigorous persecution of webpages that contain a defamatory statement about his activities. They have gone to court in various parts of the country to get court orders for banning websites. Following one of these decisions, the whole wordpress.com website was banned in August 2007 (Butt, 2008). After several months, a blogger objected and the ban was lifted.

Ateizm.org is a portal and forum for Turkish atheists. There, an expert, Turan Dursun, was questioning the main concept of Islam. Ateizm.org, turandursun.com and similar websites were banned in 2007 (O'Connor, 2008; Religious Tolerance, 2009). Reflecting the general attitude of the Turkish government against left-wing movements. Anarsist.org, a forum for Turkish anarchists, was banned in 2008 (Önderoğlu, 2008). Both these decisions were later lifted.

Alibaba.com is the largest B2B platform in the world. It is mainly the largest import-export shop in the world. The Turkish government subsidises Alibaba. The website was banned for a trademark dispute between two construction firms. One firm went to court for removal of a picture from the other firm's webpage, claiming violation of trademark. The court decided for the removal of the picture. Upon not removing the picture, the court ordered the blocking of Alibaba.com. The blocking continued for over a week. Although the court could have decided on a fine, it preferred to ban the whole website in February 2008 (Bilisim ve Hukuk, 2008).

Richarddawkins.net included a comment about Adnan Oktar’s book rejecting Darwinian evolution. Adnan Oktar went to court claiming the comments are defamatory. The court banned the site without any trial in September 2008 (Guardian, 2008). Richard Dawkins waited for notice of a trial and a chance to defend himself. The website finally reopened after a long legal fight.

Egitimsen.org.tr is the website of a trade union in the educational sector. The head of the trade union made a statement to the media about a book written by Adnan Oktar. In 2008 Oktar's lawyers went to court claiming that the website of the union carried defamatory statements. The court banned the website (Schleifer, 2008), but trade union lawyers successfully appealed to the court in favour of lifting the ban. The offending statements made two years earlier were removed from the site.

Since 2008, Geocities.com is another indefinitely banned website in Turkey. There is no scheduled trial and no appeal for reversal of the decision. It could be accessed within Turkey as of May 2015 but a note indicated that the site was blocked via a court order.

Blogger.com was banned in October 2008 by a Diyarbakır Court upon a complaint by Digiturk, a broadcasting company that had the rights to broadcasting the Turkish Football League matches (Censorship Turkey, n.d.). The company questioned the existence of about 60 blogs that contained links to illegal broadcasting of football matches. Digiturk is an Istanbul company, while Diyarbakır is located in Eastern Turkey. As a result, the court banned the whole blogger.com and blogspot.com platforms. Later, the court suspended its decision, and as of May 2015, the case is still pending.

Sites.google.com was banned after a long process. The site hosted a blog which contained anti-Atatürk remarks and insults. An NGO whose main purpose is to promote the ideas of Atatürk went to the state prosecutor in Ankara and asked for the blocking of the website in 2009 (Open Society, 2011). A different court in Denizli, far away from Ankara, banned the whole sites.google.com in 2010. The court justified its decision by the fact that it was not technically possible to block an individual URL. IP-based blocking had to be made, said the court. A PhD student who published his work on sites.google.com appealed to that decision and went to the European Court of Human Rights (ECHR) and the court found that Turkey violated the European Convention on Human Rights (Convention on Cybercrime, n.d.). Currently, both IP-based and URL-based blockings are made in Turkey.

Facebook was banned in 2009 but the decision was not implemented. A Facebook group was formed that claimed that Kemal Kılıçdaroğlu, president of the main opposition party CHP, was supporting the PKK, the Kurdistan Workers’ Party. Kılıçdaroğlu's lawyer went to court asking for the blocking of this group and if not possible, the full blocking of Facebook.com. The court approved the request. The decision of the court was transmitted to the TIB, but the TIB did not implement the decision stating that the insult does not fall within the catalogued crimes. If the decision of the court had been transmitted to ISPs, then it would have been implemented. Kılıçdaroğlu then went to court asking the head of the TIB be tried for not implementing a court decision. As of May 2015, the case is still pending. There are about 500 Facebook groups supporting Kılıçdaroğlu, and just a few groups opposing him. Then again, the CHP has about 500 Facebook groups created by various branches (NTVMSNBC, 2010).

Twitter was an important venue for communication during the Gezi events between May and June 2013. Twitter usage surged substantially during the Gezi protests. Twitter’s role is important when it comes to freedom of expression in Turkey, especially against the backdrop of widespread complaints about the direct and indirect control of mass media by the government (Nielsen, 2013). Then Prime Minister Erdoğan, who has over five million followers on Twitter (@RT_Erdogan), labelled Twitter “a menace to society” (Nielsen, 2013; Huffington Post, 2013). This follows the appearance of corruption-related material6 on Twitter about Erdoğan and four cabinet ministers. Erdoğan vowed to eradicate Twitter on 20 March 2014 (Watson & Tuysuz, 2014). Twitter was blocked on that day without a court order (Dockterman, 2014). The ban was lifted three days after the 30 March 2014 elections by the Constitutional Court (BBC, 2014a). In the following months some Twitter accounts (eg. @Haramzadeler333 , @Bascalan and @fuatavni), from where corruption charges were leaked, were also blocked (Musil, 2014).

Websites supporting ISIS and al-Qaeda derivatives, however, are not blocked in Turkey. Sites like takvahaber.net and mustaqim.net, which openly disseminate ISIS propaganda, function as a recruiting tool and call to violence operate freely in the country (Arango, 2015).

The Turkish government is demanding that Google, Twitter and Youtube open an office in Turkey, issue invoices from Turkey, pay due taxes, and more importantly, respond swiftly to the demands of internet censorship whether they be issued by a court or the TIB. Such demands are usually declined.

Engelliweb, a watchdog website that monitors the blocked websites in Turkey reports as of May 2015 roughly 80,000 blocked websites. The real figure is well above these numbers, as Engelliweb only reports the blocked websites signalled by internet users. The real number and the list of blocked websites are never disclosed by the government. About 93% of the sites registered by Engelliweb are blocked by a decision of the TIB, i.e. without a court order. The majority of the blocked sites contain pornographic material. The second group contains the websites of dissident political groups and Kurdish insurgent movements. Almost all of the pornographic websites are international and do not specifically target Turkish audiences. On the contrary, the banned political websites target the audience in Turkey and can only be accessed by VPN.

Deep Packet Inspection

Deep Packet Inspection (DPI) is one of the primary surveillance and blocking methods on the internet. Data travels as small units called ‘packets’ over the internet. Each packet includes an address portion and a data portion that contains the real content (e.g. part of a photo to be displayed on a website). Normally, routers located at ISPs check only the address portion of each packet and direct the packets to their destination addresses. This modus operandi is one of the features of “net neutrality,” one of the main tenets of the internet. DPI systems form the basis for violations of net neutrality. By checking not only the address portion of a packet but all of it, DPI enables discriminatory treatment of traffic. As such, these systems facilitate the monitoring of the content of a message as it travels through the ISP hardware. DPI systems can also be used for some other tasks such as network optimisation, blocking or throttling down content.

Phorm, a company specialised in behavioural advertisement systems over the internet, uses TTNET, the largest ISP in Turkey, as its infrastructure partner. It implements the DPI technology which profiles internet users by assigning unique ID numbers to them. Through these ID numbers, every action of the user is recorded for the declared objective of displaying relevant advertisements to him/her. However, such profiling also helps determine the political, religious and sexual orientation of the user as well as his/her membership to political parties, trade unions and other communities.7

TTNET was fined by the regulatory body BTK for supporting Phorm's activities in Turkey, which mislead internet users (Aru, 2013). Phorm’s operations were stopped for about four months, before resuming in April 2013.

Filtering the “secure” internet

On 22 February 2011, the BTK announced that the “Secure Usage of Internet” project would be implemented on 22 November 2011. All Internet subscribers were obliged to choose one of four profiles to access the internet, namely “family”, “standard”, “children” or “domestic” (in-country).

This caused a major uproar in the country and on 15 May of that year, a major demonstration was held in Turkey’s major cities. The BTK withdrew the decision and introduced a modification which included voluntary “family” and “child” profiles only. These profiles worked as a voluntary filter that blocked “unwanted” material. The child profile consisted of a “white list” of URLs that are determined by the BTK. The family profile blocked a set of websites, in other words a “black list.” All lists were determined by the BTK and the ISPs were obliged to apply filtering to the subscribers that had opted for these profiles.

As of the summer 2013, 1.4 million subscribers had opted for a filter. They thereby agreed to voluntarily limit their internet access according to the above-mentioned lists. While the length and content of lists are unknown, one can check whether a website is listed or not. There are no defined procedures for listing a website or remove it from a list.

Lack of transparency and the Rule of Law

At the end of 2008 the BTK published a report providing statistics on the number of websites blocked by the TIB and by court orders during that year, by categories of offense. Since then, the agency has stopped providing details. Attempts to dig out the reasons by means of freedom of information requests have systematically been unfruitful (Palabiyik, 2015). As stated above, the TIB blocks websites according to decisions given either by the court or the TIB, without attempting to dialogue. In other words, civil servants are often those deciding on the blocking of websites, i.e. restricting several freedoms, such as the freedom of expression. Very rarely does a ban result in a trial. The TIB publishes not the numbers but percentages of blocked websites in terms of categories. As of September 2014, child related blocks are at 10%, prostitution at 4.6%, obscenity at 84%, Atatürk-related blocks close to 0.04%, and the remaining categories make up the remaining 1.2% (Guvenliweb, 2014).

International media covered the wave of “Gezi protests” (May-June 2013) live and the number of Twitter users jumped from 2 million on 28 May to 8 million on 10 June (Yalçıntaş, 2015). Government responded with attempts to discourage usage of social media in relation to the protests. At the peak of the demonstrations, the police raided youngsters at night for their Twitter usage (Harding and Letsch, 2013). Partly due to the effect of social media on the Gezi protests, an amendment to Law No. 5651 was passed by parliament on 5 February 2014, and approved by President Abdullah Gül, a founder of the AKP. The new amendment envisaged even harsher measures against freedom of expression on the internet (Järvinen, 2014a; Frosio, 2014). The amendment was passed as a package of laws and amendments, and regular procedures of consulting with state actors and outside stakeholders have not been followed. The amendment introduced fast banning of websites in relation to privacy and personality rights, access by the TIB to logs of all user activities on the internet, URL and IP blocking, and a new government-controlled ISP union. URL blocking was justified by preventing blocking of whole website for just a few “harmful contents”. For privacy or private life violation, a proper application to the TIB is enough for immediate banning (within four hours) of the offending URL. The complaint will also go to court within 24 hours, and the court will decide within 48 hours. Even top TIB management can render such a decision, as long as it then goes to court for approval within 24 hours. Although there is a time limit of four hours for implementing a blocking decision, there is none for uplifting it. In addition, ISPs are obliged to implement data retention, i.e. they have to log user activity and store the data between one and two years, and submit to officials when requested by a court.

A union of ISPs was formed to centralise and speed up the process of banning a website. Bylaws of this union are approved by the BTK. Once a court decides to order the ban of an undesirable content, that decision is valid for all websites containing that content. The costs related to URL blocking and other filtering is left to corresponding ISPs. Collective access providers, of commercial nature or not (universities, firms, even large families) are forced to prevent access to “unlawful” content. ISPs are asked to prevent any attempt to bypass blocking restrictions, while bypassing blocking is not criminalised.

Internet cafes are subject to stringent regulations, which extend beyond limits defined by this law. After Erdoğan's election as President, another amendment came into force on 8 September 2014, just after the United Nations Internet Governance Forum took place in Turkey. The amendment was justified as “protecting the esteem and honour of individuals against defamation on the Internet,” but it must be noted that this justification came to Turkish political scenery only after the internet became an efficient medium for disseminating corruption scandals in the highest echelons of politics. On 2 October 2014, the Constitutional Court overturned critical parts of the amendment (Järvinen, 2014b). Unperturbed by the Constitutional Court's decision, the government simply waited for the retirement process of some key members of the Constitutional Court and brought the same amendments to the parliament on 20 January 2015, “reinforced” by some harsher measures. By the newly added amendments, authority for blocking decisions was widened to cabinet ministers who can justify their decisions by invoking the protection of national security, public order, public health, prevention of crime, and protection of life and property. The new amendments were adopted by the parliament on 19 March 2015 (CPJ, 2015a). Currently, the new bill and accompanying new laws, such as the Internal Security Bill (Al-Monitor, 2015), are applied in full force. The application of the law is seemingly arbitrary, sometimes with bizarre consequences. For example, a university student was sentenced to one year for retweeting an article from the popular satirical website Zaytung, which “reported” that a provincial governor declared autonomy from Turkey. The article had the picture of the governor in a military vehicle and surrounded by guards in a parade during a national holiday (Bolton, 2015) where it is customary for governors to appear in such parades. Zaytung was not prosecuted for that article.

Turkey in the context of international censorship practices

Disregarding crimes such as child pornography, which are unacceptable in all cultures, internet censorship is usually justified by protecting the so-called “existing social system” in any given country. In this context, the social system implies the social and economic relationships between social classes and individuals. There is also a second implication for the social system which has personal overtones in the context of censorship. Adult pornography is an example which is regarded as a threat to this perception of social system. Many countries either apply varying degrees of censorship or develop measures for enforcing self-censorship to protect their social systems. Albeit with much harsher measures, Turkey is no exception in this matter. Internet censorship in Turkey used to have mainly two pillars: preventing “undesired” political messages and fighting pornography. Indeed, the majority of blocked websites reported by Engelliweb are related to pornography. There are also websites of political nature which are regarded to be harmful. However, it must be stated that the phrase “existing social system” is getting increasingly vague in Turkey due to the fervent efforts of the ruling AKP party and President Erdoğan to transform the country into what he calls “new Turkey.” This provokes a sizeable tension in the deeply divided society where more than half of the population is anxious, perceiving the country as being dragged into a fundamentalist abyss experienced already by countries such as Afghanistan, Iraq, Yemen, Syria and Libya. This in turn results in a higher level of struggle against the current trend and thus, an increased level of internet censorship.

Beyond the usual practices of internet censorship which aim to protect the existing social system, Turkey has made a significant “contribution” in this area since the 17-25 December 2013 events: internet censorship in Turkey is applied en masse for preventing the dissemination of news about corruption and for “protecting the esteem and honour” of corrupt politicians (The Center for Internet and Society, n.d.; ARTICLE 19, Committee to Protect Journalists, English PEN, Freedom House, P24 and PEN International, 2014; Amnesty International, 2014). This type of censorship is not as easy as blocking individual websites wth tiny audiences. Corruption news is usually broadcast through venues such as Twitter and Youtube which have millions of users and operate under the spotlight of the international community. For this reason, occasional blockings of global platforms in Turkey result in increasingly strong backlashes from all over the world.

As a result of the government's fervent efforts in internet blocking and censorship, the Removal Request Report by Twitter, covering the period July-December 2014, shows that requests from Turkey are higher than from all other countries combined (Twitter, n.d.). This measurable attribute gives an idea about the level of censorship in the country. However, this seemingly does not make sense, because technical bypass measures such as changing DNS settings and using VPN are widely used in the country. As a result, sometimes Twitter usage increases in Turkey after Twitter bans take effect (BBC, 2014a). So why does the government, which must be well aware of the “Streisand effect”, take such measures that harm its reputation? One explanation is an attempt to criminalise social media usage (Tufekci, 2014). Although this interpretation may have some merit, a more plausible explanation is related with the profile of the internet users in the country. The users who have the proficiency to bypass the ban are, by definition, comparatively more educated. The AKP government, however, mainly relies on comparatively less educated and conservative masses from rural and urban areas (Tillman, 2014) who turn to TV channels - most of which are government-controlled - when internet sources are blocked. 

Iran

Iran is another country where the internet is heavily censored. PLatforms like Twitter and Facebook are banned and there are attempts to block VPN software as well as Tor, which is widely used to circumvent the censorship (Franceschi-Bicchierai, 2015). Attempts like these have been made in the past, most pf which were then successfully circumvented later (Arma, 2011; O'Neill, 2014). Due to the strictly religious nature of the regime, Iran has introduced a filtering system called “Halal Internet” (O'Neill, 2014). Aryan and Halderman (2013) have technically analysed the Iranian censorship mechanism under various lights: http host-based blocking, keyword filtering, DNS hijacking, and protocol-based throttling. The authors argue that the mechanism possibly relies on centralised equipment which they believe is easier to circumvent in the future. This seems to contrast with the Turkish experience which relies on ISPs as intermediaries to perform the blocking. As stated above, the amendments in Law No. 5651 led to the establishment of an ISP union with compulsory membership. The most important function of this union is to execute blocking orders by the TIB within four hours. It is not clear why the blocking orders are not simply fulfilled by TTNET, which runs the backbone.

China

China also blocks the internet widely through the Great Firewall of China (Feng and Guo, 2013). Contrary to Turkey, where access to the banned sites through VPN or Tor cannot be technically prevented, the Chinese government can block Tor8 - a sophisticated privacy tool commonly used for circumventing internet blockings (MIT Technology Review, 2012). It is not clear whether the technology used by China is commercially available. King, Pan and Roberts (2013) analysed the internet censorship practices in China and found that, against general understanding, criticism of the Chinese government, its policies and leaders are not likely to be censored. The authors argue that the posts which contain calls for collective action and social mobilisation against the government and its policies are the ones that are blocked. This is more or less the same in Turkey where, except for sporadic cases that seem to stem from some overzealous officers like in the Zaytung case, individual criticism of the government is not likely to be censored. Like in China, calls for social mobilisation appear likely to attract much harsher responses from the Turkish government. However, unlike China, technical and institutional weaknesses prevent most of such calls to be censored, let alone punished. This results in arbitrariness of the “law enforcement” where some of such calls are harshly punished and some go unnoticed.

As an element of context here, institutional and technical weaknesses of the government cannot be understood without analysing the bitter fight of now President Erdoğan with Fethullah Gülen, a religious leader who lives in exile.9

The power struggle led to important consequences: firstly, Turkey has become the first and only country where computer fraud was effectively used to topple a ruling class and its ideology (in power since 80 years). Secondly, purges of “old guards” and Gülen followers from bureaucracy resulted in the loss of well-trained staff and led to increasingly severe technical and institutional weaknesses which have had implications for censorship. And thirdly, beyond specific issues such as internet censorship, the fierce fight for power adversely affected almost all public institutions, many of which became much less effective compared to ten years ago. For example, the Scientific and Technological Research Council of Turkey (TÜBİTAK), which has become a boxing ring between Gülenists and AKP followers (Anadolu Ajansi, 2015; Todayszaman, 2015), had to decline requests for expertise in specific issues like digital forensics, mainly because of the loss of qualified personnel (Saymaz and Çelikkan, 2015).

Getting back to the comparison of Turkish and Chinese internet censorship practices, there is an important difference between the two countries: King, Pan and Roberts (2013) argue that posts about corruption are usually not censored in China. However, this does not mean that all of such posts are tolerated. On the contrary, some of them are subject to censorship as Richet (2013) reports. While China demonstrates some level of tolerance to corruption news, posts about corruption of high-ranking government officials are fervently blocked in Turkey. For example, the government went to great lengths to block Twitter accounts @Haramzadeler333 and @Bascalan, which were instrumental in disseminating the corruption recordings of 17-25 December 2013.

Conclusion

Internet has become a very important medium of communication, entertainment and business in today’s society. This is true for not only the so-called developed countries, but also for developing countries. The “Arab Spring” has demonstrated that the internet can play a role in mobilising people, eventually even leading to the toppling of authoritarian governments (note: what comes after, is another story). Unlike mass media - which is easier to control due to its centralised nature, internet is a truly decentralised and chaotic environment which is very difficult to control. Additionally, there is no technical tool that guarantees hundred percent control over the internet. As the examples in this article show, attempts to control the internet may result in little success, while harming the reputation of rulers all over the world.

Turkey's recent history is marked by severe turbulences that came one after the other. After AKP's ascend to power in 2002, the anxiety and suspicion of the military and civil bureaucracy did not result in a coup, due to the lack of support from the Western world. After the AKP and its allied Gülen movement (which have exactly the same ideological-religious background) managed to eliminate the possible threat of the bureaucracy, they started the infighting. All these events were associated with redesigning the society according to religious rules, resulting in an increasingly divided population. This in turn paved the way to increasingly high tensions in the society. Turkey's internet censorship practices followed this course, albeit with little success in preventing free speech for all. It is, however, open to discussion whether the internet censorship has been successful to prevent the conveying of free speech to those parts of Turkish society which have lower levels of education.

Internet censorship is usually practiced to protect the social order. Social order, however, is a complicated term which has different meanings in different contexts. In the case of Turkey, to complicate the matter even further, a new “source” for internet censorship has been added to the list since December 2013: protecting individuals at the highest echelons of politics from “defamation” resulting from the use of the internet for broadcasting explicit corruption recordings. This again demonstrates the power of the internet vis-à-vis mass media that is controlled directly or indirectly by the government.

For many years there has been a close-to-philosophical debate about what the cross-border nature of the internet meant and how national law should deal with it.

But with more and more court cases and new legislative efforts, time has come to find practical solutions. "We have all agreed that international law applies to the internet. Now we have to agree on how,“ said Marina Kaljurand, Undersecretary for Political Affairs at Estonia's Ministry of Foreign Affairs during the EuroDIG 2015 in Sofia, Bulgaria. A panel organised by the Internet Jurisdiction Project took a quick look on possible solutions and some nascent concepts.

A case before a Paris Court about a painting by Gustave Courbet taken down by Facebook, US courts seeking access to user data stored on Microsoft servers in Ireland – increasingly courts have started to "assert jurisdiction“ over internet platforms not physically present or not headquartered in their jurisdiction - the cases certainly underline the question of how to deal with the cross-border nature of the internet and jurisdiction. This question has "arrived at the core of internet governance discussions,“ Paul Fehlinger, manager of the Paris-based Internet & Jurisdiction Project said in opening the discussion in Sofia.

Kostas Rossoglou, Head of EU Public Policy at the crowd-source review and online reservation portal Yelp said the question of jurisdiction and applicable law arouse constantly using services like Yelp. When he made a comment about a restaurant, that the restaurant owner did not like, what law applied where the company internet service company is headquartered in the US and the restaurant somewhere in the EU? Some headaches for the intermediaries resulted from the problem that the discussion was "hi-jacked by copyright“ with distinctions on the lawfulness of the content per se rather than its lawful use.

Rossoglou reminded that some high-level principles on intermediary liability have existed for some time. "The challenge is to operationally define what are the norms,“ he said.

Manila Principles and User Guide

One attempt to operationalise the many priniple sets available has been made by civil society organisations. Gabrielle Guillemin, Legal Officer at Article 19, pointed to the so called Manila principles. Intermediaries should not be held liable when not directly taking part in content postings. Instead, notice-and-takedown regimes for content which could have a chilling effect are put to the fore. The principles also request transparency and due process from the various legal systems. The Manila principles were an attempt to keep up with basic human rights while not touching substantive law.

The effort, while on intermediaries, would protect users who were "not able to cope“, Guillemin said. Users often face an "incredibly complex legal environment“ with platforms like Facebook, Youtube or Twitter subject to the law of their country of origin. When they expressed themselves online, users might be liable or even violate criminal law for defamatory acts, for instance. Not even in the 28 member states of relatively harmonised EU is navigation on the web easy. Users and intermediaries have to live with the fact that the EU e-commerce Directive was "implemented in very different ways.“ Notions such as "actual knowledge“ and "a notice“ were open to different interpretations.

Another effort to help users navigate was presented by Elvana Thaci, Administrator at the Directorate General of Human Rights and Legal Affairs for the Information Society, Media & Data Protection at the Coucil of Europe, one of the founding organisations of the EuroDIG. The "Guide to human rights for Internet users“ gives some more or less practical hints on access and non discrimination, freedom of expression and information, assembly, association and participation, privacy and data protection, education and literacy, children and young people, effective remedies and redress. The guidelines should be embedded, Thaci said, in frameworks that rule over the relationship between users and platforms“. Human rights could help as a basic guide in the cross-border tussles, Thaci said.

For Bertrand de la Chapelle, founder of the Internet & Jurisdiction Project, cross-border mechanims for remedies and redress are just not yet conceived. Thaci hinted at international private law as a source of inspiration and experience. "We need more lawyers in the discussion," she said.

Treaties or coexistence in the network of networks

For the European Commission, which has considerably stepped up its engagement with the EuroDIG this year - even pointing to EuroDIG funding it intended to put on the table, Megan Richards, Director for Coordination, at the Directorate General Connect, and member in ICANN's Governmental Advisory Committee, offered the planned data protection regulation as an effort for better harmonisation. The regulation has to be implemented as such in all member states – as compared to a directive - is expected to help cross-border economic activities.

"If there is one regulation applied this makes our life easier,“ she said. Other issues under discussion, for example the removal of unjustified geo-blocking in the copyright reform or the harmonisation of common contract provisions were under way, Richards said. At the same time, Richards challenged the idea that there was one internet. "It is in fact a network of networks.“ Certainly it was not possible to come up with one comprehensive solution to the net cross-border jurisdiction problems. Richards at the same time distinguished between multi-stakeholder net governance on the one side and state driven efforts to find common rules, as for example on cybercrime.

The question if an international treaty approach was the right answer to cross border tussles or the discussion should focus on operational principles could only be answered on a "case-by-case“ basis, said Thaci. A distinction could be made by harmonisation on substance and harmonisaton of procedures.

Fehlinger summarised that on some rare issues, such as child abuse images on the internet, "it is likely to achieve an international, universal consensus between governments through traditional Westphalian cooperation mechanism such as treaties.“ On issues related to hate speech or defamation, it was on the other hand highly unlikely that an international consensus can be achieved. This left the community advancing with baby steps towards "harmonised procedures, so called policy standards, to guarantee due process, accountability and transparency across borders and enable the digital coexistence of different national laws in shared cross-border online spaces,“ Fehlinger said.

At the latest Russian Internet Governance Forum – a gathering of the business community, officials, and the civil society to discuss internet regulation – the “sovereignty” of the Russian internet featured prominently amongst the key topics discussed.1 As one official stated:

Few people seriously consider the possibility that the Russian segment of the internet could be disconnected from the global internet. However, we have to be prepared for this – full sovereignty of Russia over the RuNet2 is necessary for national security purposes.3

Another one, famous for his legal haste once a member of Parliament:

Listen, everybody knows who controls the internet. [...] We should not let one country run the internet.4

The current stand-off between Russia and the West over Ukraine has posed new geopolitical challenges which have added to the general defensive leitmotiv in the Russian domestic internet governance with a tighter grip on online communications and transactions, which often contradicts the announced goals of economic stimulation in the information and communications technologies (ICTs) area as one of the vehicles of non-commodity based growth.5

As the past two years have shown, the economic potential of the ICT and internet-dependent industries is given due credit: internet penetration in Russia reached 59,27percent people in 2014, compared with 29 percent people in 20096, and the internet market grew by 31 percent between 2012 and 2013.7 However, this economic trend – still modest when looking at the internet economy’s share of Russia’s GDP8– is likely to remain secondary to the “sovereign-isation” of the internet, in certain cases potentially mitigating its effects. Russian authorities indeed have been expressing “legal haste” towards a stricter control over the internet since Vladimir Putin returned to the presidency in May 2012. In the Kremlin, the raison d'État is more than ever a topical issue: all the means likely to undermine it are systematically thwarted.9 This “vision” once transposed to the digital sphere translates into a discourse placing the internet on top of the list of threats that the government must tackle, through an avalanche of legislations aiming at gradually isolating the Russian internet from the global infrastructure.

In an international context in which internet governance is at a crossroads, and major internet firms come under greater regulatory pressure from governments, this article aims at comprehending the contradictory trends that are shaping the development of the Russian internet. The Russian “dictatorship of the law”10 paradigm is not over: it is now deploying online, with potentially harmful consequences for Russia's attempts to attract investment in the ICT and internet sectors, and for users' rights and freedoms online.

Stability at all cost

As a relatively young nation-state that has been experiencing, since the chaotic 1990s transition to a free market economy and pluralism, a potent feeling of insecurity, Russia has been adopting a threat-oriented lens towards the internet.11 By extension, the country's internet policy conveys a long-lasting national security fear. This feeling stems in part from the complex interactions between state authorities and the media ecosystem since the 1980s, when Soviet leaders tolerated increased access to previously suppressed information, thus opening the ‘information gates’ to the masses. In the 2000s, with Russia striving to recover its full sovereignty and struggling against the ‘permeability’ of its neighbourhood, Vladimir Putin gradually saw the information revolution – driven by the considerable growth in domestic internet access – as one of the most pervasive components of the United States’ expansionism in the post-Soviet sphere, most notably in Russia itself.

However, officials have long paid a modest attention to RuNet's development, supporting its benefits for the country's economy while tolerating some spaces online for dissenting activities.12 The first legal online restrictions were imposed in 2002-2003 on condition of fighting “extremism”. In parallel, SORM-II, the technical system used by several law enforcement agencies to intercept and analyse the contents of telecommunications within Russia, extended its reach to monitoring the internet.13

The authorities’ approach radically changed from 2011 when they observed citizens from some Arab countries mobilising and coordinating their protest actions through networked technologies. These events – known as “Arab Spring” – did profoundly impact the minds of Russian political elites. Reflecting on the sustained use of digital technologies – microblogs such as Twitter, video platforms such as YouTube and social networks such as Facebook – in the revolutionary processes in Tunisia, Libya and Egypt, the Kremlin and Russian law enforcement agencies started to monitor closely the impact of the political use of networked technologies upon social mobilisation and democratic transition.14 The events in the Arab world did clearly reawaken the authorities’ fear of “regime change” initiated from abroad with the use of digital tools.

These international developments inspired many in Russia who demanded substantial political changes after a decade of Vladimir Putin’s rule characterised by rising living standards for the population guaranteed by the state in exchange of (most) political freedoms.15 During the years of Dmitry Medvedev as President of Russia (2008-2012), the internet served as a substitute to the public sphere in Russia, equivalent to the role played by the literature in the XIXth century and independent media in the 1980s.16 Digital technologies have been used indeed by citizens in a “creative” way for mobilisation purposes around a particular cause, addressing directly the politicians to solve such issues, thus going beyond both the legal online restrictions that have been imposed since 2002-2003,17and overcoming the traditional distrustful attitude towards institutions among the Russian society.18 Overall, internet users have become skillful in circumventing 'legislative" obstacles online or at least mitigating their consequences. They learned to move their profiles quickly or duplicate them on Western social networks when popular blog platforms such as LiveJournal were subject to DDoS attacks. They massively use services such as TOR (see pp. 6-7), and traditionally resort to humour to make a mockery of political authorities.19

However, the ‘power of networks’ was mostly used at a local level: blogs were the only way to draw the attention of authorities and make them act, when usual means did not work due to the total lack of attention of politicians to the population’s daily problems and the level of corruption.20

The 2011-2012 election cycle in Russia – a parliamentary ballot in December 2011 and a presidential vote in March 2012 – reawakened Russian leaders' anxiety over the internet's potential for political disruption. Indeed, the political leadership feared a ripple effect in the countryside, as mass protests in its biggest cities – primarily Moscow and St Petersburg – were mostly coordinated on and facilitated by the use of digital technologies.21 Likewise, the Kremlin felt irritated by the fact that the internet enables citizens to circumvent government-controlled ‘traditional’ media, most importantly television.22

The series of restrictive laws discussed and passed at the State Duma since VladimirPutin’s return to the Kremlin in May 2012 are thus no coincidence. The first of these – which drew heavy media coverage – created a ‘single register’ of banned websites that contain child pornography, advocacy of drug abuse, suicide advocacy, and came into force on 1November 2012. Roskomnadzor, the federal service for supervision of telecommunications, information technologies and mass communications,23 administers the list of websites with banned content. The scope of the law leaves the latter open to manipulation on political grounds: as Milton Mueller wrote, “emotional appeals to ‘the children’ have deliberately been exploited as the entering wedge for a broader reassertion of state control over internet content”.24

Tightening the screws

Members of both parliamentary houses have been promoting further legal initiatives, and the most prominent Russian rulers regularly speak out in favour of greater internet regulation and more highly organised policing structures.25The 2012 legislation reflects the Russian authorities’ perception that controlling ‘their’ national cyberspace constitutes a twofold challenge both to governance and to political legitimacy.26 Not surprisingly, the ongoing conflict with the West over Ukraine27 provides the perfect context to justify and further a more repressive agenda towards the internet in Russia. In February 2014 amendments to the Federal Law “On information, information technologies and information security,” allows pre-court blocking of websites instigating riots, extremist or terrorist actions, thus extending the outreach of the original law fighting child pornography. This law has been actively used ever since to ask Facebook, YouTube and Twitter to remove or restrict access to content. In its 2014 Transparency Report Google reported that between July and December 2013 the number of content take-down requests from Russia increased by 25percent compared to the preceding reporting period.28

Discussions also focused on granting the police extrajudicial power to block access to internet anonymisers and “the means of accessing anonymous networks, such as TOR.”29 The latter is already blocked in countries such as Belarus, China, Ethiopia, Iran and Kazakhstan – while its average number of daily users in Russia does not cease to grow (142,600 Russian internet users access TOR on a daily basis), as it represents a convenient means to circumvent the new legal restrictions.30 Despite recent failures to fight online anonymity, the Russian legislators still seem eager to resort to law-making in order to restrict access to the TOR network.31

Right to be forgotten

The issue of the “right to be forgotten” – so far limited to Europe – has also sparked off parliamentary debates. In June 2015 the State Duma passed in first reading a draft bill which forces search engines to delete links to any information that is over three years old, based on citizens’ requests and without court orders. A formal complaint addressed to the search engine and mentioning the topic of the information to be removed (not a hyperlink, as in European Union) is enough. In early July 2015 the draft passed in third reading in the State Duma, but it still needs to be approved by the Federation Council and then signed by the President to become law. Internet industry representatives in Russia have spoken out against the law, calling it unconstitutional and claiming it limited Russians’ right to access information.32 According to Russian media reports, after representatives of Yandex and the Russian Association of Electronic Communications met with Duma members, lawmakers agreed to remove a controversial component of the legislation's first draft that would have allowed individuals to force search engines to delete links to any personal information that is more than three years old – even without evidence that the information is inaccurate or false.33 Concretely, leaks on corruption cases involving high-level officials or state companies' executives could possibly be sued – the examples of Alexey Navalny’s disclosures on his blog, or Boris Nemtsov’s online report that proves the involvement of Russian troops in the war in the Donbass region, immediately come to mind.34

After Snowden: the path to ‘information sovereignty’

In an international context marked by strenuous information campaigns over the events in Ukraine, added to what he perceives as the decline of a “morally decadent” West – which would use the internet to pervert Russian society and culture, Vladimir Putin has seriously come to consider the foreign policy of the internet as the establishment of a new U.S.-led hegemonic framework. Not surprisingly, the scandal involving the United States National Security Agency (NSA) sparked by Edward Snowden’s leakage of classified documents from June 2013 allowed Russian authorities to legitimise their own regulation and surveillance practices, and to push forward other legislations further tightening government control over the internet.

In April 2014 VladimirPutin publicly assimilated the internet to a “CIA project” and expressed reservations to Russian internet companies which are registered abroad “not only for taxation purposes” (such as the successful local search engine Yandex). Rumours about an internet “kill switch” being devised in Russia came after “cyber exercises” reportedly revealed vulnerabilities in RuNet’s security infrastructure preparedness against potential external aggression.35 This produced calls for the creation of a self-contained system duplicating the root domain name system (DNS) architecture to keep the RuNet running in case of emergency, either externally – which is no longer seen as hypothetical in the current belligerent geopolitical context – or, in case of civil disorder and/or extremist action, internally. Even though a special Security Council meeting reassured that “no internet switch off” or state takeover is planned, it would be right to assume the further strengthening of Russia's internet at the level of critical cyber infrastructure as part of the national security capacities.36

All powers to Roskomnadzor?

The most controversial discussions and laws have been involving the private sector. The post-Snowden context proved timely for officials on the basis that the privacy policies adopted by transnational companies such as Google, Facebook, Twitter and others pose a threat to Russia’s digital sovereignty – and consequently national security. In the wake of Snowden’s intelligence disclosures, several members of both houses of the parliament suggested that all servers on which the Russian citizens’ personal data were stored should be located in Russia, and started a media campaign to bring global web platforms under Russian jurisdiction – either requiring them to be accessible in Russia by the domain extension .ru, or forcing them to be hosted on Russian territory.37 Deputy Prime Minister Dmitry Rogozin claimed that services such as Facebook and Twitter are elements of a larger American campaign against Russia, while State Duma members called for tighter regulations on state officials’ internet activity, based on the concern that Russian bureaucrats commonly discuss or upload government secrets in communications hosted on American websites (mainly Gmail).38

Parliamentary debates nevertheless continued for a year until the controversial Federal Law “On the introduction of amendments into separate legal acts of the Russian Federation defining the order of personal data processing in the information and telecommunication networks” was passed in autumn 2014.39 The law is aimed at restricting the use of foreign servers for the collection, retention, processing and storage of Russian citizens' personal data and facilitating state supervision activities by Roskomnadzor.40 Initially meant to come into force on 1 September 2014 it caused stir in international business circles – which realised they would be unable to comply with the new requirements on time, when a new deadline (1 January 2015) brought this date forward. However, the negative reaction of numerous Russian and international companies forced the Duma to reschedule the effective date on 1 September 2015. The requirements of the law do not cover the personal data of non-Russian citizens and stateless persons, even when their data is collected in Russia. In this case, it would be possible to continue processing such data in the same way as it is currently the case, as long as it is separated from the data of Russian citizens.

The law indeed took force on 1 September 2015, although it introduced nuances in its scope, adding to the confusion surrounding the legislative process. Roskomnadzor made clear it will not verify the compliance of mainstream services with the personal data until 2016.41 Roskomnadzor has made an exception for air travel data, which under international conventions must be stored internationally (the so-called “Passenger Name Records”). According to some observers, the main target of Russian authorities is the RuNet market: “companies that buy and sell products or services in Russia to Russians, but may store consumer data in servers offshore”.42 Roskomnadzor spokesman even declared that the main transnational internet actors are not the target of the law, the first in line being financial institutions, hotels, mobile operators and e-commerce.43

Unquestionably, Russia is not the first country in the world to impose such data localisation requirements across all sectors of the economy: China, India, Indonesia and Vietnam have implemented similar laws and Brazil and Germany have sought to enact localisation policies. As Jonah Force Hill noted, the data localisation movement is a complex and multilayered phenomenon: depending on the country in which it is being advanced, localisation – supposedly defending privacy – also serves to protect domestic businesses from foreign competition, to support domestic intelligence and law enforcement ambitions, to suppress dissent and to stir up anti-American feelings for narrow political ends.44

It is not exaggerate to say Russia combines all these motivations – at the expense of its economic performance. Half of Russia's GDP comes from the services sector, which uses data extensively.45 Some fear the localisation law would have unforeseeable consequences for the Russian economy and its ability to attract investments and create jobs.46 In the short run, data localisation requirements may well reduce both demand and supply, resulting in loss of productivity, competitiveness and economic activity. In the long run, such policies also could make Russia less attractive to investment and deprive its economy of its innovative potential.47 On a security perspective, the law on data localisation may be interpreted as the Russian authorities’ will to “fight” against the https protocol, which is used in particular by Gmail, Facebook and Wikipedia. The Russian law enforcement agencies’ system for monitoring the internet cannot handle https due to the encryption used, whose standards have been reinforced by the main internet players in the wake of Edward Snowden’s disclosures.48 Once again, Russia is not a cas isolé: EU countries such as the United Kingdom or France have sought to pressure internet firms so that their security services could track the online activities of extremists.49

Catch up and overtake America!

Though not specific to Russia, plans to promote national networking technology, set up a secure national email service and encourage regional internet traffic to be routed locally are well in the spirit of the times in Moscow.50

All these claims tend to legitimise and revive the longstanding call for a “national operating system” (OS) that would reduce the Russian dependency on Microsoft Windows. Back in 2011, then Minister of Communications Igor Schegolev approved what he called a prototype for “Russian Windows”, a national operating system that was designed to be used by government officials and civil servants. However, that project was called off in 2012 when Vladimir Putin appointed Nikolai Nikiforov as the head of the Ministry of Communications – with a seemingly less ambitious agenda.

In May 2015 the Russian authorities announced their plan to work alongside the Finnish smartphone company Jolla, which built the Sailfish OS, to develop an alternative mobile OS.51 In his statement, the Minister of Communications pushed for a BRICS-made project, with the goal of creating an “international consortium” that would include IT companies from each of the BRICS countries (Brazil, China, India and South Africa).52 Foreign mobile operating systems currently account for more than 95percent of the Russian market53– the official ambition is to see this reduced to 50 percent by 2025.54 Undeniably, developing a wholly Russian-made mobile OS corresponds to the government's plans for import substitution – in a strained domestic economic context, which is also applicable to most of its economic sectors.

It may also be a response to the American technological embargo upon Crimea: in January 2015, Barack Obama ordered sanction that targeted Crimea – banning American online services like Amazon, PayPal, and Apple's App Store from operating in the disputed peninsula. Russians promptly reacted by underlining the U.S. “double standard”: “Isn't it strange that a country claiming to defend freedom suddenly imposes territorial sanctions?"55Besides, it paradoxically reveals as well a will to catch up with a technological gap with the West, as a perceived feeling of inferiority towards the U.S. technological supremacy.56

More broadly, these debates also happen outside Russia – Europe is also increasingly worried with its digital sovereignty, that is, its perceived dependence upon U.S. technologies and services.57 Worries are often similar as regards the net giants' practices. In February 2015, after Yandex lodged a complaint, the Russian Federal Antimonopoly Service (FAS, for its abbreviation in Russian) opened a probe against Google for abusing its dominant market position with its mobile operating system Android. Yandex accused Mountain View of forcing smartphone manufacturers to pre-embed all of Google's applications, including its search engine, at the expense of fair competition. Google would also have caused Yandex's loss of market share on the mobile market – they have dropped from 49percent to 44 percent in a year.58

Several high-level officials echoed these above-mentioned concerns at the recent St.Petersburg International Economic Forum (June 2015): Alexandr Zharov, head of Roskomnadzor, claimed Russia needs its own national text messaging service “to reflect [Russian] national identity”.59 Chechen President Ramzan Kadyrov – who is tech-savvy and often uses social networks to reach Russian or global audiences – stressed that the main issue with using foreign communication services is a lack of control and access to user data for Russian security services.60

If there is no direct evidence that the Russian authorities took their inspiration from foreign internet legislations, they do care about regulatory practices observed in other countries – be they authoritarian or democratic regimes. A report by the Civil Society Development Foundation, a Russian “think tank” with close ties to the Kremlin,61 assessed in length various forms of internet control in China and Iran on one side, and the U.S. and Great Britain on the other side, and produced policy recommendations to the Russian government.62 Besides, the regular consultations between Russian, Chinese and Central Asian high officials on “information security” within the Shanghai Cooperation Organisation (SCO) framework63 partake of structuring common approaches towards broader internet regulation issues.

Steady grips ahead

In such a restrictive context, and in the light of the current information struggle over Ukraine, one may assume that the Russian official state-centric approach towards the internet is highly likely to prevail – if not to strengthen, with less freedom for civil society and independent businesses.

Pioneers of Russia's internet – mostly the technical community that introduced the internet in Russia in the 1990s and the not-for-profit structures “governing” the national segment, along with IT entrepreneurs and active users of the blogosphere – have clearly been overshadowed by a more security-oriented grouping of so-called “power ministries” (Ministry of Internal Affairs, Ministry of Defense, Federal Service for Control of the Narcotics Trade, law enforcement agencies such as the Federal Security Service), and political figures from the ruling party United Russia and its affiliated youth organisations. State-controlled media64 and a myriad of “information” portals also increasingly contribute to the dissemination of a security-driven approach to the internet, favourable to increased online monitoring and further regulation by law enforcement agencies. Public perceptions of the internet remain dominated by the authorities and large numbers in the Russian population are favourable to increased regulation and censorship. A recent study by the Annenberg School for Communication's Internet Policy Observatory showed that almost half of all Russians believe that online information needs to be censored; that one quarter of Russians think the internet threatens political stability; and that a clear majority of Russians do not like having information critical of the government or calling for political change being available online.65

The “Arab Spring” uprisings, the mass demonstrations in the winter 2011-2012 in Russia's biggest cities, then Snowden's disclosures are as many examples of a geostrategic landscape modeled by “information” which is dominated by a still hegemonic United States – as the Russian decision-makers see it. All the recent regulatory initiatives pushed by the government may well fit into a broader “information warfare” strategy directed against the West – the objective of securing the domestic “informational space” being not the least of the stakes.66 The will to create an alternative “reliable” Wikipedia and official calls for a “patriotic internet” are cases in point.67 The same with the state-controlled telecom Rostelecom-sponsored search engine Sputnik.ru, released in May 2014. The idea of creating a state search engine is nothing but new: it arose in 2008 after Russia’s war against Georgia – seeing that the information rising to the top of existing search engines did not always chime with the government line, officials realised the desirability of an aggregator more amenable to the state's interests.68

The consequences of this increasing “self-isolation” in Russia’s internet are likely to prove more severe in the economic realm. Data regulation including data localisation measures may have a significant negative economic effect: Russia’s innovative capacities would likely be severely hampered, and data-driven industries, typically e-commerce, tourism, financial services, logistics and most forms of business services would also be affected in the first instance.69

Conclusion

What we are likely to see is a “hybrid” approach, combining more legislation with some later fine-tuning. Unquestionably, in the current difficult legislative context, complicated by Western sanctions against Russia and the new strategy of import substitution, it is going to be more challenging both for Russian companies to keep up with global business, and for the foreign players to stay in the Russian market.70

Will then the RuNet wall-garden itself? Like many governments in a post-Snowden context, Russia is actively seeking to legislate and enforce sovereign internet laws that may well fragment digital information-sharing. Although it is tempting to emphasise the restrictive nature of these laws, we should put them into a wider context in which appears an objective convergence between states, be they authoritarian or not, towards a “digital wave” that might carry their sovereign prerogatives away. Here lies a relevant ground for further research: in a post-Snowden context, more than ever, we need to think beyond a binary vision of the internet as “a new space of freedom” or “a new instrument of control”.

Once, Mike Savage predicted the downfall of sociology – but now, he revises his pessimism. In 2007, his famous essay “The coming crisis of empirical sociology” had caused quite a stir. Back then, he stated that social scientists would be falling behind the natural scientists, failing to make use of the oil of the 21st century: big data.

In a talk within the series “Big Data: Big power shifts?” held on 5 November 2015 in Berlin, the sociologist from the London School of Economics and Political Sciences (LSE) drew the conclusion that, today, the most successful and popular social scientists primarily build up their work on data analysis.

Nowadays, it would be unthinkable that intellectuals could contrive theory buildings or propagate grand narratives like those of Michel Foucault or Jürgen Habermas. Still, there is a new star in the sky: social scientist Thomas Piketty, with his book “Capital in the Twenty-First Century”.

Piketty as a pioneer of big data

Piketty is said to be using data from various sources, focusing on income distribution, in order to illustrate the complex coherences in a bunch of simple data visualisations. “Piketty is using big data, but he is not calling it big data,” Savage said.

Further, the French economist builds his critical reasoning on comprehensible data visualisations, combining a descriptive approach with a critique of the prevailing conditions.

Robert Putnam is said to be using a similar approach in his book “Bowling Alone”, building his thesis of a decrease in social integration on data drawn from memberships in clubs and other statistics. Another example for social sciences relying on big data is the book “The Spirit Level” by Richard Wilkinson and Kate Pickett, which focuses on social inequality. According to Savage, social scientists are only able to make up for their lack of technical knowledge by better contextualising.

At the early November event - organised by the Humboldt Institute for Internet and Society, in collaboration with the Vodafone Institute for Society and Communications - Isabelle Sonnenfeld from Google News Lab made a similar statement: “Social scientists, unlike computer scientists, can come to a data source with a more complex and historical understanding.” The Mountain View firm decided to make some of its most important data – search data – partially accessible via offerings such as google.com/trends. This said, the decisive factor is not the data itself, but rather its interpretation. “We provide aggregated and anonymised Google Trends data, but it is the journalists and academics who are contextualising it,” Sonnenfeld said.

Why big data still has a long way to go

Google's practice of sharing some of its data with the public clearly demonstrates that access to big data is still unevenly distributed. Fortunately, more and more large companies – most recently Deutsche Bahn, but state institutions as well – bank on openness and decide to make machine-readable sets of data available to the public, as a web search on “gov data” shows. A significant problem that remains is, however, that these data are not very informative, because they usually lack two things: 1) relevant context and, 2) enough granularity.

Deutsche Bahn, for example, has so far only released seven sets of data, including a directory listing the lengths and heights of the railway platforms in Germany. At the same time, far more interesting and informative data regarding the consumption and mobility patterns of the German people remain inaccessible for the public. Data journalist Lorenz Matzat therefore sees the datasets published so far as “Schnarchdaten” (“snoring data”). So far, state administrations are keeping back the more interesting sets of data: i.e. the City of Cologne has published its budget data in machine-readable form. However, since the budget items are summarised in rough categories, the data remains difficult to decipher.

While many datasets are not published at all, there are also problems with the ones that are available. Typically, datasets are published in an anonymised manner, which is also important in the way of privacy protection. It makes it almost impossible though to compare an anonymised dataset with another set of data. To be able to integrate and compare different data is precisely what is needed in order for the scientists and the public to gain insight.

An example: a supermarket chain collects data regarding the shopping habits of its customers via customer cards. Now, there is only little demographic or personal data connected to the customer card; mainly name and address. By itself, the dataset is of little interest, so – in order to gain more insight – the supermarket chain purchases additional data on demography, household size, age, hobbies, interests, and more from a third party. The customer profiles are “filled with life”, allowing conclusions about the possible motives behind purchasing decisions. Big data can only develop its full potential if it is possible to connect different datasets.

The determining factor to connect different datasets to each other is a so-called unique identifier, serving to identify a person in several different datasets; again, in our example, mainly name and address. While companies and security agencies rely on integrating different datasets, researchers and journalists often don’t have this option. Firstly, because of a lack of financial resources, and secondly, because of ethical concerns vis-à-vis the investigation and publishing of such data.

Great opportunity vs. ethical concerns

For social sciences, the fact that people (or data subjects) feel unobserved while producing data, unaware that they are an object of study, is both an ethical dilemma as well as a great opportunity. For example, it is now possible to examine income distribution or prostitution with the help of big data, while in the past voluntary disclosure and self-description often lead to inaccurate results.

Of course, it can be argued that social scientists have always been working with large amounts of data – or Big Data– in censuses, election analyses or large surveys. However, the new thing about big data is that a lot of data is seemingly collected incidentally, not for a specific purpose such as in the scope of a census. Thus, the online retailer Amazon primarily sells products – but a lot of consumer data is collected as well. It is stored and processed as a raw material, based on the assumption that it will sooner or later be used for further evaluation.

Social scientists as 'Jacks of all trades'?

It is not only the access to large datasets that is unequally distributed, but also the skills to handle them. While companies such as Google have countless programmers and data analysts to interpret data, social scientists often work on their own.

Should aspiring sociologists thus also learn programming? Savage doesn’t think so: “If you had to actually learn those big data skills, that would be a big commitment - and you would lose a lot of theoretical and substantive skills too.” Instead, there have to be cooperations with programmers and data analysts. In mixed teams like this, the sociologists’ theoretical, critical and historical knowledge can help to interpret data.

As the adoption of the General Data Protection Regulation (GDPR) by the European Council and the European Parliament seems to be approaching fast, there are some good news to report: the Court of Justice of the European Union (CJEU) has in the meantime taken advantage of the lengthy discussions surrounding it to firmly assert the fundamental rights dimension of EU personal data protection law. And it has done so in a clear and compelling manner. Well, almost.

EFFECTIVE, COMPLETE AND STRONG

To ensure ‘effective and complete protection’. This is not a random commercial slogan about an unspecified product, but the formal objective of the Directive 95/46/EC (the ‘Data Protection Directive’), according to the EU’s Court of Justice emerging case law. More concretely, the Data Protection Directive must be regarded as seeking to ensure ‘effective and complete protection’ of all the fundamental rights and freedoms of natural persons, and actually not just any protection, but ‘a high level of protection’ of these rights and freedoms.1 Three rights stand out among those to be protected strongly, effectively and completely by the Data Protection Directive: the right to respect for private life, as enshrined by Article 7 of the EU Charter of Fundamental Rights, the right to the protection of personal data, established by the Charter’s Article 8, and the right to an effective remedy and to a fair trial, set out in Article 47.

The CJEU has not always looked at EU personal data protection law from this perspective. Traditionally it favoured the view that the Data Protection Directive’s ‘principal aim’ was to ensure the free movement of personal data, also acknowledging, however, that its provisions had to be interpreted, to a certain extent, in light of fundamental rights.2 Originally, the fundamental rights considered were de facto only the right to respect for private life as established by Article 8 of the European Convention on Human Rights (ECHR). The entry into force of the Lisbon Treaty in 2009, which granted legally binding force to the EU Charter, gave the Court the impetus to renew its position and redefine the criteria to be applied when reading EU personal data protection instruments.

THE EU CHARTER IS THE PLACE TO START (NOW)

It was actually in the 2014 Google Spain and Google3 judgment where this shift took place. In that ruling, the CJEU was confronted with a request from a national court that explicitly asked the Luxembourg Court to interpret the Data Protection Directive in light of Article 8 of the EU Charter. Until then, the CJEU had been cautious in considering the relevance of the Charter for the interpretation of an instrument adopted five years before the Charter’s proclamation, and more than 14 years prior to its entering into force. In Google Spain and Google, however, this reluctance was put aside. Here, the Court openly noted that Directive 95/46/EC referred to fundamental rights, and pointed out that these ‘are now [that is, since 2009] set out in the Charter’.4 From there, it even went on to declare that some provisions of the Directive actually implement requirements directly derived from the EU Charter’s Article8, despite the fact that, chronologically, the former saw the light first.

This has serious consequences for the future of EU personal data protection law. It entails that whatever the CJEU tells us about Directive 95/46/EC, insofar as it describes requirements that derive from the fundamental rights enshrined in the EU Charter, will have to be remembered once the Data Protection Directive disappears and is replaced by the GDPR. Then, all provisions of GDPR will have to be interpreted in the light of such requirements, as described by the CJEU in its rapidly growing case law. If, for any reason, that interpretation happens to be just impossible, the problematic GDPR provisions will have to be annulled.5

With the adoption of the GDPR drawing closer, the Court’s position is particularly welcome. The new Regulation is indeed expected to present itself as giving substance to the EU right to the protection of personal data, as set out by Article 8 of the EU Charter, but also by Article 16 of the Treaty on the Functioning of the EU (TFEU). These provisions, despite being placed at the highest level of EU law, are subject to a series of vague clauses generating uncertainty regarding their exact meaning, with the Explanations accompanying the Charter seemingly obliging to read Article 8 in light of EU secondary law.6 The replacement of the Data Protection Directive with a flawed or weak GDPR could have thus potentially negatively impacted the very interpretation of this EU fundamental right, in what might sound as a heresy to constitutional lawyers, but is nevertheless the reality of current EU fundamental rights protection. The CJEU’s recent case law is therefore timely.

THIS CLEARLY MEANS ‘BROAD SCOPE’

Various examples of what it means in practice to approach the Data Protection Directive under the motto that it pursues complete, effective and strong protection of fundamental rights as enshrined in the EU Charter can be found already in the Google Spain and Google judgment. The CJEU relied for instance on such idea to argue that data subjects must be able to request search engines to stop displaying certain results about them without conditioning this to an obligation to obtain, before or in parallel, the erasure of the problematic information by the original publishers: imposing such an obligation, indeed, would be incompatible with ensuring ‘effective and complete’ protection of individuals, the Court stated, proclaiming it should thus be discarded.7

More generally, the CJEU made recourse to the idea that the Data Protection Directive needs to ensure ‘effective and complete’ protection of individuals to favour a wide interpretation of its scope. In this sense, the Court declared that a broad definition of the concept of ‘controller’ is instrumental to ensuring such ‘effective and complete’ protection of data subjects,8 that the words ‘carried out in the context of the activities’ [of the establishment of a data controller] cannot be interpreted restrictively as to exclude data processing activities in a way that would compromise such ‘effective and complete’ protection,9 or that this effective and complete protection obliges to make sure that the processing of personal data by search engines falls under personal data protection law.10

IT PROBABLY MEANS MUCH MORE

For all its insistence on this idea that EU personal data protection law serves the complete, effective and strong protection of fundamental rights as enshrined in the EU Charter, and despite the affirmation that some Data Protection Directive provisions de facto implement the fundamental right to personal data protection, the CJEU is still to provide a detailed account of the exact content of this right. In reality the Luxembourg Court has struggled to draw a clear distinction between the traditional, broad European Charter of Human Rights inspired ‘right to privacy’ and the EU’s own, novel right to the protection of personal data, two rights nevertheless patently put forward as separate rights in the EU Charter, in Article 7 and 8 respectively.

Yet, the CJEU is trying. In the 2014 Digital Rights Ireland judgment, the Court attempted to analyse the measures brought about by the Data Retention Directive as constituting interferences with the right to respect for private life of Article 7 of the EU Charter, on the one hand, and with the right to respect for the protection of personal data of the EU Charter’s Article 8, on the other.11 As a matter of fact, the Court even tried to review the possible justification of such interferences12 taking seriously the specificity of each right. It did so, however, purporting two extremely unfortunate assertions: first, that measures that do not provide access to the content of communications do not adversely affect the essence of the rights enshrined under Article 7,13 and second, that the essence of the right to the protection of personal data would not be affected whenever measures involving the processing of personal data include some data security safeguards.

The fact that even the CJEU is uncomfortable with the latter idea became visible in the Schrems judgment. This ruling concerned a request for the interpretation of the Data Protection Directive in light of Articles 7, 8 and 47 of the Charter, three provisions that the CJEU considered in detail, except when coming to the point of reviewing whether the measures at stake constituted a legitimate limitation of the rights at stake. In this regard, the CJEU declared that legislation granting public authorities access ‘on a generalised basis’ to the content of electronic communications compromises the essence of the right to respect for private life, as guaranteed by Article 7 of the Charter,14 but then immediately jumped to proclaim that legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, does not respect the essence of the right to effective judicial protection enshrined in Article 47 of the Charter.15 Between these two assertions, nothing was said about what could constitute (or not) an interference with the essence of the right to the protection of personal data of the Charter’s Article 8. Silence.

A RIGHT THAT IS A TRIANGLE

In the absence of consolidated case law on the essence of the right to the protection of personal data - the safeguarding of which, nevertheless, will have to be ensured by the GDPR in a complete, effective and strong manner, we are left with the possibility to keep on reading (and re-reading) Article 8 of the EU Charter, now taking into account the numerous CJEU judgments that have been throwing light on its content and on the provisions of the Data Protection Directive, which, as we know thanks to Google Spain and Google, at least partially implement the EU Charter’s Article 8.

Doing so, it becomes apparent that the EU right to the protection of personal data has a triangular structure. It brings together three different elements: the obligations of data controllers, the rights of data subjects, and the monitoring activities of independent data protection authorities. These three vertices are inseparably connected to each other. The data controller’s obligations must be respected to allow for the exercise of the data subject’s rights, which in their turn are actually granted to individuals to help them keep track of the compliance by data controllers with their obligations, while all this is submitted to control by an authority that must be attentive to both. Despite being connected, these three elements are also relatively autonomous, and should all be cumulatively respected. This vision of the fundamental right to the protection of personal data should prevent us from falling into over-simplifications of its role in EU law.

LET’S JUST CALL IT ‘THE RIGHT TO REMIND THEM’

This perspective also allows us to understand better the genuine significance of the CJEU’s Google Spain and Google judgment. The issue at stake in that case concerned the right for data subjects to ask search engines to stop displaying certain results when online searches are carried out using their name. To judge the scope and functioning of such a right, the Court looked into the Directive 95/46/EC’s provisions on the data subjects’ right to access16 and right to object,17 and examined how these provisions are connected with those establishing the obligations of data controllers, both in terms of data quality18 and regarding the need to process personal data on the basis of a legitimate ground.19 After this analysis, the Court concluded that data subjects have indeed the right to request search engines to stop displaying certain results, which also means search engines have some specific obligations connected to the respect of this specific ‘right to delist’.20

All this does not mean, however, that these are the only obligations of data controllers such as search engines. It does not mean that data controllers, and thus also search engines, only need to comply with their data protection obligations related to data quality and to the need to process personal data on the basis of a legitimate ground when, and only if, data subjects make use of their ‘right to be delisted’. This ‘right to be delisted’, and more generally the right of access to personal data and to object to personal data processing, are actually mirrors that data subjects can, when they wish, place in front of data controllers so the latter are forced to examine their own compliance (or lack of) with data protection obligations. Responsibility for such compliance had always fallen on their shoulders, irrespective of whether somebody was looking, or whether somebody complains.

In other terms, it is not because there exists a judgment on the ‘right to be forgotten’ that a company like Google can process personal data for its own interest only if this interest is not overridden by the interests of the data subject which require protection. Google is generally bound by such rule, and has always been. What the Google Spain and Google judgment did was clarify that this is even truer when the search engine is displaying results following a search made using somebody’s name.

In any case, and regardless of the shape that such a right to be delisted might adopt in the future GDPR, the main concern of data controllers, including search engines and, especially, of search engines that process massive amounts of personal data falling under EU law, should be to comply with the obligations that the EU fundamental right to personal data protection already imposes on them - rather than the possibility that one, two, or even a few thousand individuals among the millions concerned occasionally raise their hand to point out they disagree with the way in which the data controller is dealing with their personal data. Hopefully, this idea will one day no longer come to them as a big surprise, but rather as a kind reminder.

This is one of a series of posts about the pending EU General Data Protection Regulation (GDPR), and its consequences for intermediaries and user speech online. In an earlier introduction and FAQ, I discuss the GDPR’s impact on both data protection law and internet intermediary liability law. Developments culminating in the GDPR have put these two very different fields on a collision course - but they lack a common vocabulary and are in many cases animated by different goals. Laws addressing concerns in either field without consideration for the concerns of the other can do real harm to users’ rights to privacy, freedom of expression, and freedom to access information online.

Cross-posted to Stanford Law School’s CIS Blog

Disclosure: I previously worked on "Right to Be Forgotten" issues as Associate General Counsel at Google.

This series of blog posts has identified problems with the GDPR’s notice and takedown provisions for user-generated content processed by internet intermediaries. The unnecessary new burdens these provisions place on internet users’ free expression rights could be avoided, without undermining protections for privacy, through simple changes to the Regulation. But the GDPR’s procedural bias toward content deletion by private intermediaries is not the only threat to free expression under the new law.

Several other GDPR provisions give short shrift to speech and information rights.1] One is the GDPR’s specific provision covering freedom of expression, at Article 80. Another is the GDPR’s process for adjudicating disputes and balancing rights through Data Protection Agencies (DPAs), courts, and the newly created European Data Protection Board.  

These parts of the law disadvantage expression and information rights in ways that would be relatively harmless if data protection law still primarily applied, as it once did, to data held and processed internally by companies. They have far larger consequences now, given the law’s application to vast amounts of publicly available information and content. Problems created by these provisions are compounded by the new obligations on internet intermediaries to erase users’ online expression under the “Right to Be Forgotten.”

I will treat these problems in far less detail than I did the notice and takedown process. Even this relatively simple overview, however, raises real concerns about whether the GDPR can really provide proportional protections for free expression as a right co-equal with privacy and data protection.  

The GDPR’s Article 80 free expression provisions

Free expression rights under the GDPR are directly addressed in Article 80, which requires that “Member States shall provide for exemptions or derogations” to protect free expression. Draft Recitals discuss – quite reasonably – the need to balance fundamental rights, including privacy and information rights. (Council Recitals 3a, 38, 53 and 56) However, a closer look at the Regulation reveals numerous causes for concern about this balance.  

One problem with Article 80 is that it relies on Member State law to define and enforce the free expression rights guaranteed by the European Charter. This is the same allocation of responsibility that exists under the current Data Protection Directive, and empirical research has revealed significant problems with it. Cambridge professor David Erdos has exhaustively reviewed and analysed national implementation of the current free expression carve-outs from data protection, and found significant and troubling variation from one country to another.  Some countries have not even passed legislation to create the derogations that have been required for the past twenty years under the 1995 Directive.2 Others have enacted laws that fall far short of the goal of balancing expression and privacy rights. Given this history, it is unreasonable to expect member states to enact more balanced protections under the GDPR.  

A second cause for concern arises from the language of the GDPR’s free expression provision in Article 80. In some drafts, this Article does not even require member states to protect all forms of expression – only those “carried out solely for journalistic purposes or the purpose of artistic or literary expression.” (Comm. Art. 80, emphasis added). This restrictive language is not new, but it is newly troubling given the data protection law’s greatly expanded application to online speech. Individuals posting information, opinions, and ideas online will often lack the credentials to claim protection under these limited exemptions. Their failure to fit into defined categories should not preclude legal protection for their fundamental rights.

The rules member states enact under this flawed framework directly affect intermediaries when they are asked to delete users’ online expression. “Right to Be Forgotten” requests under the GDPR can in theory be rejected if the content being challenged is necessary “for exercising the right of freedom of expression in accordance with Article 80.” (Art. 17.3 Commission) (This provision does not, however,  affect the intermediary’s obligation to immediately take the content offline pending review.) In practice, intermediaries will be far less likely to honour this exemption if the relevant member state law is vague, inapplicable to ordinary internet users, or significantly different from one country to another.

Another problem with this provision is the lack of clarity about whose free expression rights an intermediary may consider. The most obvious person should be the internet user who posted the content.3 But doctrinally and before courts, serious legal uncertainty can arise regarding an intermediary’s ability to act on the basis of that user’s rights - as opposed to the company’s own, relatively paltry, free expression rights. As a conspicuous example, the CJEU’s Costeja ruling itself did not identify the publisher’s expression rights as a balancing factor in determining what content must be removed. The GDPR perpetuates this uncertainty, sometimes suggesting that relevant interests are only those pursued by “the controller, or by the third party or parties to whom the data are disclosed” – in other words, the intermediary and the users who read the content, but not the publisher. (EDPS Art. 6.1(f))

Inadequacies in the GDPR’s provisions governing free expression are problematic on their own, but will ramify as that law is interpreted by risk-averse private companies under the GDPR’s notice and takedown framework.  

Process and public resources to protect fundamental rights

A second set of problems for free expression arise from the way the GDPR instructs courts and regulators to handle disputes involving both privacy and free expression rights. At every step of the way, the person asserting a privacy right has government support and a clear avenue to enforce her rights. The person asserting a free expression right does not. The GDPR’s provisions for DPA and court enforcement replicate many of the problems of the notice and takedown process: responsibility for defending or assessing free expression rights rests with entities that lack the information or incentives to reach a fair outcome, while people who do have information and incentives to defend their expression are excluded from the process.  

In brief overview, what happens is this: when an intermediary does not comply with a Right to Be Forgotten removal request, the requester can take her grievance to the regional or national Data Protection Agency.4 The DPA then adjudicates the matter as a two-party dispute between the data subject and the intermediary, under strict rules of confidentiality. The person whose free expression rights are at stake is absent from the process.5 Defense of her rights lies in the hands of an intermediary that likely doesn’t know the facts of the underlying dispute, and has little incentive to risk antagonising an important regulator.  

This institutional imbalance – the person asserting a data protection right has a presumptive ally and audience in the DPA, the person asserting a free expression right has neither – is compounded by the basic mission and function of most DPAs.  Their legal mandate is to “protect the fundamental rights and freedoms of natural persons in relation to the processing of their personal data.” (Comm. Art 46). They are staffed by privacy professionals, well-versed in their field but not necessarily expert in free expression law, or in relevant internet law. This is not to say that DPAs will always shortchange free expression – in many cases, including the Right to Be Forgotten removals criteria put forward by the Article 29 Working Party, they very thoughtfully balance competing rights. That said, DPAs are in most cases bodies of privacy professionals whose job is to regulate the processing of personal data.  In the absence of a far stronger legal mandate for them to balance privacy with free expression, and without robust inclusion of internal free expression experts as part of the Agencies themselves, it is not reasonable to expect DPAs to be equally attuned to both sets of rights – particularly when the person asserting a privacy right is before them, while the person who might claim a free expression right is nowhere to be seen.  

Under pre-GDPR data protection law, regulatory review of such a claim would typically end with the DPA, at which point either party (the data subject or the intermediary) could move the dispute to national court. The GDPR changes this by adding another potential level of review within the privacy regulation system, under the new pan-European Data Protection Board. (EDPB) The EDPB will review cases and issue opinions to harmonise differences between national DPAs – differences which, in the free expression context, may easily arise from divergent member state law. The EDPB’s conclusions do not appear to be reviewable by member state courts. Its binding opinions can seemingly be reviewed only by the CJEU. (Council Recital 113) Since the CJEU does not accept amicus or intervenor briefs, the online speaker or publisher has no say in that level of review, either.

By contrast to this robust system for review and enforcement for privacy rights, the legal avenues available to a publisher or online speaker asserting free expression rights are scant. No publicly funded, legally powerful “Free Expression Agency” has a mandate to protect her rights; no “General Free Expression Regulation” lays out detailed enforcement mechanisms. In most cases, her only recourse is to courts of law, where she can attempt to sue either the intermediary or the data subject who requested removal. Neither claim is likely to succeed – most countries have no clear cause of action against an individual whose false accusation led an intermediary to remove content, or against the intermediary for taking that accusation at face value.6 For publishers, speakers, and internet users deprived of access to information under the GDPR, no clear remedy exists.

Conclusion

Privacy and free expression are in principle equally important rights, protected proportionally under EU law. Nonetheless, the GDPR tilts the playing field powerfully in favour of privacy rights – and incentivises widespread deletion of online expression even in cases where no privacy or data protection right is really infringed. Fixing these problems in the GDPR’s text at this late date is probably impossible. Protection of free expression will fall to member state lawmakers and privacy regulators, as they interpret and implement the law. The best hope for more balanced protections lies in their hands.

The European Court of Human Rights ruled on Tuesday, 1 December 2015, that the blanket blocking of YouTube by Turkish authorities violated the right to freedom of information. But not even the victorious complainants trust that Turkey will comply with the court's decision.

In an unanimous ruling the European Court of Human Rights in Strasbourg declared blanket bans of YouTube between May 2008 and October 2010 a violation of article 10 of the European Convention on Human Rights. Some ten websites on the YouTube platform allegedly insulting the memory of Kemal Atatürk, founder of modern Turkey, resulted in a complete ban of the video content platform. The Court found that there is not even a provision in Turkish law allowing domestic courts to release blanket blocking orders.

Article 10 of the European Convention on Human Rights violated

This kind of blanket ban clearly violated the right to receive and impart information of the three complainants, Izmir lawyer and international law expert Serkan Cengiz and law professors Yaman Akdeniz (Bilgi University Istanbul) and Kerem Altıparmak (University of Ankara), the Court decided.

The complainants had appealed the original blocking decision by the Ankara Criminal Court of First Instance earning a rejection by the same court “on the grounds that the blocking order had been imposed in accordance with the law and that the applicants did not have standing to challenge such decisions.” The court also defended the total blocking of YouTube with the argument that while the videos were no longer accessible from Turkey, they still could be accessed by users worldwide. The Ankara Criminal Court upheld the decision resulting in the appeal of the three Turkish law experts to Strasbourg.

While not targeted individually, users have standing in article 10 procedure

Akdeniz in a first reaction wrote to the Internet Policy Review that he did “not expect blocking practices to be ceased immediately or in the near future. In fact there have been several more instances of blanket bans by the Turkish authorities. However, we will use this decision in our fight against internet decisions. It will be an important weapon against mass internet censorship.”

The YouTube decision furthermore was “not only legally but also politically important,” as “the Court recognised our user-based application which is a significant step forward not only in relation to Turkey but for all countries recognising the jurisdiction of the European Court,” he underlined. Recognition of users having rights protected by Article 10 is very important and is now “beyond doubt”, the Istanbul-based professor said. The Strasbourg Court had dismissed the argument of the Turkish Courts that the three academics had not been targeted directly by the ban and therefore had no standing.

Notorious Law No. 5651

Despite the victory Akdeniz and his colleagues had hoped for more from Strasbourg, namely that the court would include a statement based on article 46 of the European Convention on Human Rights on “binding force and execution of judgments.” Akdeniz noted: “to be credible as part of its democratisation progress, Turkey needs to abolish all blocking measures under Law No. 56511. Unfortunately the Court did not address our article 46 request, though.” Law No. 5651 was amended only at the beginning of this year to finally make blanket bans of websites legal, in clear contempt of an earlier ruling of the Strasbourg Court on blockings (see Yildirim vs Turkey).

The European Court of Human Rights did indeed not go as far as to clear the air about the notorious Law No. 5651. The judges observed "that after the introduction of the present applications Law no. 5651 had been amended and now allowed blocking orders to be imposed on an entire Internet site where the conditions set out in section 8 A 3) were met. As the new Act was not of concrete application in the present case, the Court did not consider it necessary to rule on Article 46 of the Convention.” This is where the court made an “error”, thinks Akdeniz.

Deteriorating human rights situation

From Brussels, Marietje Schaake, member of the European Parliament commented: “The judgment sends another clear message that Turkey is really damaging itself by adopting disproportionate laws and practices that allow the blocking of entire internet sites." Schaake, who had criticised Turkey for its deteriorating human rights record, also called on the European institutions to not let President Recep Tayyip Erdoğan's regime off the hook for the continued attempts to stifle free expression and the freedom of the media. The Dutch liberal2 called on European Commission Vice-President Frans Timmermans to not remain silent on the human rights violations in Turkey - over a EU-Turkey deal with Erdoğan’s administration preventing refugees from entering the EU.

While the court in Strasbourg was rendering its judgment, Reporters Without Borders sent out an urgent request to Turkey to immediately release Cumhuriyet journalists Can Dündar and Erdem Gül - and many colleagues detained in the country for doing their work of reporting and investigating. Turkish authorities are “persecuting journalists of all colors in an increasingly ferocious manner,” the signatories of the call warned. They spoke of a “spiral of oppression” in the country.

Also 1 December 2015, the United Nations Special Rapporteur on the independence of judges and lawyers Mónica Pinto, condemned in the strongest terms the recent killing of Tahir Elçi, human rights lawyer and head of the Diyarbakir Bar Association.

Cross-posted to Stanford Law School’s CIS Blog

Disclosure​: I previously worked on "Right to Be Forgotten" issues as Associate General Counsel at Google.

Europe’s pending General Data Protection Regulation (GDPR) threatens free expression and access to information on the internet. The threat comes from erasure requirements that work in ways the drafters may not have intended - and that are not necessary to achieve the Regulation’s data protection purposes.

The GDPR’s “Right to Be Forgotten” or “Erasure” provisions serve an important goal, establishing enforceable rights and procedures to delete personal data held in companies’ back-end storage systems and used for purposes such as profiling. But the GDPR’s streamlined erasure process, which makes sense for this data, can also be used to erase other internet users’ online expression. The process, and the threat of high penalties, encourage companies to comply with most or all requests - erasing information that, under the law’s own terms, is legitimately processed and should not be deleted. Minor revisions or clarifications in the GDPR could protect internet users’ online expression from being erased without good reason, and better serve the goal of proportionality under EU law.

Improper removal requests are common

Protecting online expression from legally invalid removal requests is important, because erroneous or malicious requests to delete online content are very common. Widely reported examples include attempts, using intermediaries’ legal notice and takedown systems, to suppress online information based on religious or political disagreement, or to silence negative consumer reviews.

Data protection-based removal requests are no exception to this pattern of over-reaching claims. According to Google, 58% of “Right to Be Forgotten” requests it receives do not actually state valid claims under EU law. The 58% figure is presumably roughly accurate - Data Protection Authorities reviewing these cases have generally agreed with the company’s legal assessment. The many additional intermediaries covered by the GDPR’s expanded “Right to Be Forgotten” will inevitably receive many invalid or abusive requests as well.

Standard tools derived from intermediary liability law can protect online expression from improper removal requests

The EU already has laws and norms intended to solve the problem of invalid content removal requests. Intermediary liability rules under the eCommerce Directive are designed to facilitate removals for people with legitimate grievances, while preventing abusive or over-reaching requests from succeeding. The most basic protection for internet users’ rights comes from the eCommerce Directive’s “knowledge” standard for removal, which ensures that intermediaries need not comply with clearly groundless removal demands. More detailed rules in member state implementing law and in the civil-society-endorsed Manila Principles include penalties for bad-faith removal requests and opportunities for the accused online speaker to defend her rights.

The GDPR encourages intermediaries to comply with legally invalid erasure requests

The GDPR does not apply established rules and norms from other notice and takedown systems. Instead, it tells intermediaries to follow a new process with minimal checks and balances to protect online expression against groundless accusations. Among other things,

• Intermediaries must take content offline immediately upon receiving a removal request – before even assessing the legal claim asserted.

• Intermediaries are generally barred from notifying the accused speaker or giving her a chance to defend her online expression before it is erased.

• Intermediaries may be compelled to disclose the accused speaker’s personal information to the person seeking removal – surely an unintended suggestion, given the law’s larger pro-privacy purpose.

Companies also have financial incentives to honour most or all removal requests: noncompliance with the GDPR can cost a company up to 5% of its annual global turnover or €100 million per violation. It is unreasonable to expect small companies - or indeed, almost any companies - to take on such risks to defend users’ rights.

GDPR drafters can solve this problem by more clearly incorporating EU intermediary liability standards to balance internet users’ fundamental rights

The GDPR’s erasure provisions are probably not intended to work this way, and they don’t have to. Clearly invoking standards from existing European notice and takedown law would improve protections for expression, without undermining the GDPR’s privacy provisions in the process - and without taking a side in long-running debates about how other aspects of data protection and eCommerce law relate to one another.

Alternately, for erasure requests targeting online expression, lawmakers could eliminate the “restriction” requirement for controllers to temporarily take content offline before even assessing the legal claim against it. This provision may be particularly harmful in practice, because it shifts intermediaries’ default behaviour toward deletion and moves a large number of requests away from the “knowledge” standard for removal.

If adding other new amendments at this late date proves impossible, the best hope for at least some improvement will rest with DPAs, courts, and member state legislatures as they interpret and implement the law. But it would be far better to fix it now.

Introduction

This paper proposes a set of four criteria of meaningful stakeholder inclusion in global internet governance processes, that can simplify the process of examining and critiquing processes that purport to allow for public or multi-stakeholder involvement in public policy development. Because the criteria that will be presented here are largely independent, they allow for the multi-dimensional assessment of such processes. In comparison, the application of a binary designation “multi-stakeholder” conveys too crude a meaning, which has allowed its appropriation by a broad range of processes (Raymond and DeNardis, 2015, p. 575), some of which are not particularly open or participatory. This has even led certain people to assume that multi-stakeholder processes are necessarily undemocratic or captured, merely because some are.

Redefining the term “multi-stakeholder” is not the answer to this, because although more detailed definitions have been offered, its natural and literal meaning is appropriately fairly limited: denoting policy processes which allow for the participation of the primary affected stakeholders, or groups of these who represent different interests (which is the baseline from which this document also proceeds). Neither is it particularly useful to fall back on catchwords like “open”, “transparent” and “bottom-up” (although these are important characteristics of meaningfully inclusive multi-stakeholder processes), without considering the object that these characteristics serve. It is suggested here that such characteristics are not values in their own right, but are valuable to the extent that they facilitate a democratically legitimate governance process.

More specifically, the criteria of meaningful stakeholder inclusion presented here are designed to capture the extent to which the processes in question are effectively designed to incorporate the viewpoints of all affected stakeholders into the development of those policies in a balanced way, this being the essential feature from which this subset of multi-stakeholder processes can claim democratic legitimacy. Because it is very difficult to get this right, skepticism about multi-stakeholder processes in general is justified. But at the same time, there is little alternative to exploring such processes, given that despite pockets of internet policy that can be effectively governed locally, more often the border-crossing impacts of (or impacts upon) such regulation caused by the internet’s global architecture impel stakeholders to coordinate in order to govern those issues effectively and legitimately.

Criteria

A useful starting point in assessing whether public policy processes that incorporate multiple stakeholders meaningfully1 include those stakeholders in those processes is to pose the following four questions:

1. Are the right stakeholders participating?

2. How is their participation balanced?

3. How are the body and its stakeholders accountable to each other for their roles in the process?

4. Is the body an empowered space?

Since institutions utilising multi-stakeholder processes tend not to directly address these issues, or do not do so in a way that easily allows them to be compared with other such institutions and processes, this paper is intended to supply a set of criteria that makes such comparison easier. These criteria are developed below.

1. Are the right stakeholders participating?

A multi-stakeholder process does not begin to provide meaningful stakeholder inclusion unless the right stakeholders are participating, where “right” means that it should include sufficient participants to present all the perspectives of all with a significant interest in any policy directed at an internet governance problem.2 This means not only those who will implement the policy or be affected by its implementation, but also those whose knowledge or resources will be key to solving the problem, and those whose consent or cooperation is needed to clear the way for its effective implementation.3

This does not mean that all of the individually affected stakeholders must or should participate in the process. On the contrary, the fewer distinct interests that can feed into the process, the more smoothly it can be managed. Unlike in representative democratic processes with geographically bounded electorates, the interests of stakeholders in global internet governance decisions need not be toted up numerically.4 Thus questions commonly asked by critics of multi-stakeholder processes about how stakeholders are “enfranchised” (for example, one stakeholder one vote, or some sort of proportional representation) miss the point, as other methods are used to balance stakeholders' perspectives (see 2 below).

In most cases, this involves aggregating the perspectives of participants with similar interests into stakeholder groups. This induces similarly-placed stakeholders to cooperate and to self-organise around a collective view, thereby much simplifying the later task of balancing stakeholders' views.5

Globally, such stakeholder groups may be as broad as “governments”, “industry” and “civil society”, or it may be that any or all of those stakeholder groups need to be further sub-divided or, conversely, collapsed. The World Intellectual Property Organization (WIPO) - although not a good example of meaningful stakeholder inclusion - demonstrates both of these cases, in that it includes several distinct groups of governments, yet treats the private sector and civil society as a single stakeholder group. Cross-cutting groups of stakeholders that run across the traditional categories may also exist; the internet technical community, as recognised by the Internet Governance Forum (IGF), Organisation for Economic Cooperation and Development (OECD) and Commission for Science and Technology for Development (CSTD), is the most obvious example.

As Gasser, Budish and West (2015, pp. 18-19) have found, it follows that there is no single correct set of stakeholder groups. The most convenient grouping will depend upon a range of factors including the issue or issues to be dealt with, the history of governance of these issues and of the actors involved in dealing with them, and the working methods that are to be adopted in developing and implementing solutions. For this reason establishing a set of groups or constituencies (or several sets of them) that most smoothly facilitate the governance process can be an imprecise and iterative process, and this paper does not attempt to systematise that process.6

However the incorrectness of a set of stakeholders can often be determined experientially. Stakeholders who represent new perspectives may emerge and demand involvement, or an existing stakeholder group with diverse internal perspectives may exhibit pressures towards division. Thus, without attempting to propose positive specifications for institutional mechanisms to forestall or respond to these pressures, it can nevertheless be posited that any multi-stakeholder process that desires to meaningfully facilitate the inclusion of stakeholders should be open enough to admit new participants, and dynamic enough to adapt its structures and processes to include their perspectives in a way that meets with the approval of the community of stakeholders at large.

Not directly addressed by this is the question of how the stakeholders are defined and selected, and by whom? Although, again, no attempt is made to specify the procedural minutiae here, by the very nature of how a multi-stakeholder process works, this has to be a consensus-based process. The facilitation of this consensus may be led by a single stakeholder group or by the staff of the body, but all the participating stakeholders will ultimately have to accept that the structure is fair and balanced, or they will withdraw their participation, leaving the remainder with an apparent deficit of legitimacy that will render the outputs of the process less persuasive.7

The absence of participation of stakeholders who are integral to the resolution of an internet governance problem does not always reflect a deficit in the perceived legitimacy of the process. Their failure to participate may also be due to lack of resources, lack of familiarity with the issues of the forum in which they are discussed, or due to cultural or linguistic differences. All of these must be bridged through proactive outreach and resourcing, and an institution's ability to address these needs is often one of the deciding factors as to whether it can achieve inclusive stakeholder participation or not.8

As a first step towards achieving meaningful stakeholder inclusion, it is suggested to apply the following criterion as to whether the right stakeholders are participating in a multi-stakeholder internet governance process:

The body should have access to the perspectives of all those with significant interests in a policy problem or its possible solutions.

Strategies that a body can pursue to ensure that it meets this criterion include:

• Being structurally and procedurally open to admit the participation of all stakeholders who self-identify as being significantly interested9 in an internet governance policy problem or by the possible solutions to that problem that are within its mandate.10

• A programme of resourcing and outreach to ensure that the perspectives of all those stakeholders who are significantly affected by that problem or those solutions are indeed included.

• Flexibility to adapt its internal structures and processes to accommodate stakeholders within groupings that facilitate the work of the body, and can be consensually accepted by all participants as being fair and balanced.

2. How is their participation balanced?

One of the most important insights of the NETmundial Multistakeholder Statement was that there are no uniformly appropriate roles for stakeholders in internet governance, being such a broad regime covering a range of issues.11 This amounts to a critique of a simplistic “equal footing” multi-stakeholder model, that would require the perspectives of participating stakeholders to be weighted equally (Doria, 2014, p. 123).12

While all interested stakeholders do have an equal right to participate, it will seldom be appropriate to consider all views with the same weight, because their interests may well be engaged to different degrees, they may have different levels of expertise, and different sources of legitimacy that may require one stakeholder's input to be given greater weight than another's. For example, when setting cross-border standards for consumer privacy (as the OECD, for example, does), it is appropriate to take into account the perspectives of a company like Facebook, that monetises consumers' data, but inappropriate for those perspectives to trump those of governments and transnational civil society.

Thus it is a fallacy to assume that multi-stakeholderism necessarily involves putting governments in a subordinate role, or requires treating the private sector as an equal stakeholder with others, or allows an objection by any stakeholder to veto the development of a policy recommendation.13 In practice, such an inflexible arrangement allows governance to be held hostage to minority interests.14

How, then, should the perspectives of different stakeholders be balanced, and by whom? There are two main ways in which this can be done: through policy development processes designed to roughly balance the views of stakeholders ex ante (but usually subject to a formal decision-taking process by a governing council), or by a deliberative democratic process in which the roles of stakeholders and the balancing of their views are more dynamic (though might again be subject to a formal decision taking process, which may be situated elsewhere, and/or be distributed). Some multi-stakeholder processes may also combine these two models.

The first, which could be called the constituency model, is conceptually simpler and therefore the most common, but also the most politically fraught and vulnerable to capture. It is best suited to a body that deals with a narrow range of issues that can conveniently be considered by the same stakeholder groups using defined structures and processes (see question 1). To the extent that these structures and processes leave a degree of discretion in the final decision-taking, it also depends upon a degree of trust being placed in the putatively impartial or stakeholder-balanced governing council that will exercise that discretion, which in turn places a high burden upon the body's accountability to the stakeholders (see question 3 below).

The second way to balance the perspectives of the stakeholders is the deliberative model. Democratic deliberation aims towards achieving a rational consensus through a process of public reasoning by stakeholders couched in terms of the common good, rather than private self interest or, particularly, exogenous political or economic power. The challenges of the deliberative model are no less than that of the constituency model, but they are different challenges. Rather than front-loading the process of balancing stakeholder views into the design of the institution's structure (and placing much trust in the governing body to play fair when it makes a final decision), a lot more work must be done in the design and facilitation of a policy development process that allows the stakeholders to become well-informed while eliminating power imbalances. Because this is a more novel approach, fewer good examples of it exist; however, the NETmundial meeting was one notable attempt (Varon, 2014), the IETF has also been described as utilising a deliberative process - notably without pre-defined stakeholder groups (Froomkin, 2003), and the IGF has also begun to experiment with deliberative structures for its 2015 meeting, including a Deliberative Polling side-event and a methodology for providing feedback on the outputs of Dynamic Coalitions.15

Either way, a multi-stakeholder process that is not systematically designed to eliminate the massive power imbalances between stakeholders can become an instrument of domination by the powerful. It is worse if these imbalances are exploited during the design of the institution's decisional structures and accountability mechanisms, because in that case those power imbalances can become self-perpetuating. This is why multi-stakeholder processes have come under much criticism from some who fear that corporations will entrench their positions of power and abuse those processes to overpower the public interest—particularly if the role of governments is not structurally elevated over those of all other stakeholders. Similarly, there is concern that the security and economic interests of certain governments can be (as, indeed, those of the United States have been) structurally cemented in what are notionally multi-stakeholder internet governance processes.

The flattening of power imbalances, which is intrinsic to deliberative democratic processes, is also absolutely critical to multi-stakeholder processes of all kinds, if they are to promote meaningful stakeholder inclusion in internet governance. Yet while there are many examples of how to do this, there is no single template that will serve all bodies best. Thus this document does not prescribe in detail how workflow and agenda work, how consensus is assessed, how committees are structured, what online tools or meeting methodologies should be used, and so on. Instead the following more general criterion is proposed, along with some examples of how it may be advanced:

There must be mechanisms to balance the power of stakeholders to facilitate them reaching a consensus on policies that are in the public interest.

The ways in which this can be done include:

• As a first pass, agreeing upon any unique roles of the participating stakeholders in respect of the policies under consideration, based on all relevant factors including historical roles, expertise and resource control.

• Thresholds for decision-making, such as rough consensus, that give all stakeholders an effective voice in developing policy, while minimising the possibility of minority veto or capture by the powerful.

• Deliberative processes that flatten power differences between stakeholders and require them to defend their position in terms of their view of the public interest.

3. How are the body and its stakeholders accountable to each other for their roles in the process?

Integral to any multi-stakeholder process that produces outcomes is the need for trust that the host body will actually uphold its responsibility to fairly balance the perspectives of participating stakeholders. Conversely, the body must have trust that the stakeholders can claim a legitimate interest to contribute the perspectives that they do. Thus, to more fully express this question, it asks how accountable the body is to stakeholders for the authority that it exercises, and how accountable the stakeholders are to the body (and to each other) for the legitimacy of their participation.

Taking the authority of the body first, this may be drawn from various sources other than being derived from the stakeholders themselves, usually recorded in some kind of constitutional document. It may be a pre-existing institutional authority such as the United Nations.16 Similarly, it may claim democratic legitimacy, as in the case of an elected national government that leads a multi-stakeholder consultation (though this would usually be better described as an example of participatory democracy). Or it may have a free-standing authority drawn from the consent of the stakeholders.17 Whatever the source of its authority, if the stakeholders do not accept its exercise (in functions such as formal decision-taking or stakeholder selection), the body cannot function.

Assuming that the authority of the body over its stakeholders is accepted, in order to maintain that authority it must also embed various well-understood mechanisms of accountability to them. For example, the body must operate transparently, it must be internally accountable in its adherence to process, it must be subject to some form of independent external oversight or review, and so on (Weber, 2009).

By the same token, there are various bases on which stakeholders can demonstrate their legitimacy to participate in a particular stakeholder group that has been accepted as possessing a significant interest in the policies under discussion (see question 1).18 Where governments have been accepted as stakeholders, their institutional or sovereign authority to participate in that capacity should be fairly easily demonstrable. Stakeholders who may claim to be in some other way representative of the views of a broader public, as civil society does, have various ways of demonstrating that, such as a membership structure and internal elections for self-selection of representatives.19 Those who claim involvement because of their technical expertise, as the academic and technical communities do, can likewise provide evidence of this as a condition of their participation.

The level of documentation of these claims of legitimate membership as a stakeholder will vary from nil (for example the contributions of participants at the IETF, from a 14 year old bedroom hacker to a university professor, are assessed on merit), to self-assessment (as at the IGF), to formal vetting (to achieve accreditation by the United Nations Economic and Social Council (ECOSOC) requires civil society stakeholders to provide substantial documentary evidence of their activities). It has been suggested that transparency of sources of funding of participants could also be required of participants in a multi-stakeholder internet governance process (Belli, 2015); this may be particularly important where there is a risk of capture or undue influence.

To the extent that objective assessment of stakeholder claims is possible, transparency of the facts that underlie those claims is imperative. On the other hand, it cannot be the role of every multi-stakeholder process to vet the various claims of legitimacy of every actor who participates in the process, as not only would this be resource-intensive, but is also ultimately largely redundant, as the legitimacy of the process is not drawn only from that of its participants, but also from the accountability and transparency of the body's own processes as well as from the acceptance of its outputs by the broader community of stakeholders.20

It should also be noted that public rationality of a deliberative process acts as a further safeguard against the capture of that process by a few misidentified or otherwise “bad” actors (see 2 above). This is a further point counting in favour of the deliberative rather than the constituency model.

In summation, the criterion relevant to the question posed above can be couched in the following terms:

Mechanisms of accountability must exist between the body and its stakeholders to demonstrate the legitimacy of their authority and participation respectively.

The factors involved in determining whether this is so include:

• Where the body exercises any authority over the stakeholders, its legitimacy to do so (whether institutional, democratic, meritocratic, or otherwise) must be generally accepted by the community of stakeholders at large.

• The body must operate transparently and adopt mechanisms of accountability that are recognised as organisational best practices, such as independent review.

• The process must include means by which the stakeholders can be held accountable for the legitimacy of their participation, as appropriate to the process and their roles in it.

4. Is the body an empowered space?

The fourth and final question bears upon how “meaningful” is the stakeholder inclusion in an internet governance process, where meaningfulness is a function of how closely the stakeholder's participation is linked to empowered spaces in which authoritative mutual decisions are made, as opposed to public spaces that are limited to discussion (Haristya, forthcoming). The body might not be an empowered space in itself, but might be effectively (and usually formally) linked to other empowered spaces, which can also make participation in the former meaningful to some degree; amongst these processes, some may lay claim to being multi-stakeholder, while others might not. However a body which is neither empowered in its own right, nor effectively linked to empowered spaces, is not accurately described as a multi-stakeholder process, and certainly not as one that provides meaningful stakeholder inclusion in internet governance.

An example of a multi-stakeholder process that is an empowered space in its own right is ICANN, which, by means of the participation of its stakeholders, directly makes policies about the global domain name system (DNS). The OECD Recommendation on Consumer Policy Decision Making describes a multi-stakeholder process that is not directly empowered, but which is formally linked to empowered spaces, in the following terms:

9. Engage stakeholders from consumer organisations, affected firms and/or industry associations and subject matter experts in the process, so as to obtain information, technical expertise and advice on the issues being addressed. Such consultation should be considered at each step of the decision making process, with particular attention to the steps when policy options are being formulated and evaluated.

Thus in the case being described, the OECD member’s national lawmaking processes are the empowered space, to which the consultations with non-governmental stakeholders are formally linked.

An example of a body that has been found not to be well linked to any empowered spaces is the IGF,21 which in its historical format—and as a result of quite deliberate interventions by certain private sector and governmental stakeholders who desired to limit its political influence (Malcolm, 2008, pp. 423-431)—has been effectively limited to the status of a discussion forum. As noted above, ongoing experiments with the IGF's format may however see it strengthening its link to empowered spaces in the future.

Each of the other three questions posed above suggests an answer that advances meaningful stakeholder participation (involving more interested stakeholders is better than fewer, having mechanisms to balance their views fairly is better than not having them, and more accountability is better than less). But this question is presented more openly, since even amongst civil society, the “best” answer is contingent on one's view of how closely non-governmental stakeholders should be linked to empowered spaces.

For some, multi-stakeholder processes can and should be directly empowered to make or to implement global internet governance policies. But for others, there are concerns about multi-stakeholder processes that directly effect changes in global governance, particularly outside of the technical and administrative realm.

These concerns are heard from both the political left and the right. From the left, they have manifested in a rejection by some of multi-stakeholder processes in general, to the extent that these lack the intermediation of more traditionally representative democratic institutions such as national governments, or intergovernmental bodies such as the United Nations (Gurstein, 2014). This in turn stems from a distrust of providing corporations with a pervasive role at (and behind) the negotiating table, as this is seen as effectively corporate self-regulation under another name, and therefore a diluted pacifier to much needed action (by governments).

The right on the other hand has no great love of regulation, and so while expressing support for the multi-stakeholder model, has been wary of accepting it as a method of policy development. For example, some private sector stakeholders have been amongst those most resistant to the IGF developing the capacity to produce even non-binding recommendations, since this would complicate the existing structures of power and influence by which corporations and governments craft policy in less open fora, or act in default of policy (Malcolm, 2008, p. 425).

This paper seeks to address these concerns by breaking the essential features of effectively inclusive processes into several criteria, and in particular by separating out this last criterion, which isolates the core concern of these critics. The extent of the disagreement can be further narrowed by breaking the process of internet governance into several stages, such as framing and agenda setting, drafting, validation of outputs, implementation and dispute resolution (de la Chapelle, 2011). Most of the concerns about overreach of multi-stakeholder processes could be resolved by limiting the empowerment of those processes to the stages of framing and drafting.22 And indeed, those are the stages to which almost all multi-stakeholder processes outside of the technical and administrative are already limited.23 Over time as multi-stakeholder processes mature and prove themselves, we can expect their adaptation to use in later stages of governance, including outside of the technical realm, to become less contested and for this limitation to be relaxed.

Meanwhile, it is important that the stages of the governance process in which the body is empowered be linked to other institutions with authority to execute the stages for which it is not empowered, in order for the inclusion of stakeholders in those earlier phases to be meaningful. This criterion is framed here in a way that is neutral as to exactly where to draw the dividing line between being the body directly empowered, and being linked to external authoritative empowered institutions:

For each stage involved in governance, the body should either be directly empowered to execute it, or linked to external institutions that have the authority to do so, as appropriate.

This requires, for example, the following:

• The body should develop a shared understanding of the extent of its own legitimate authority (that may vary by issue, stage of governance, implementation mechanism, and over time).

• At every point where the body lacks either the capacity or the authority to act, formal or informal two-way liaison mechanisms linking its outputs to external empowered institutions should exist.

• To facilitate this, the outputs of the body should be collected, synthesised, recorded and delivered in clear, actionable forms.

Conclusion

Amongst the important criteria that differentiate a self-styled multi-stakeholder process from one that actually promotes meaningful stakeholder inclusion in internet governance, the following have been suggested:

• The body should have access to the perspectives of all those with significant interests in a policy problem or its possible solutions.

• There must be mechanisms to balance the power of stakeholders to facilitate them reaching a consensus on policies that are in the public interest.

• Mechanisms of accountability must exist between the body and its stakeholders to demonstrate the legitimacy of their authority and participation respectively.

• For each stage involved in governance, the body should either be directly empowered to execute it, or linked to external institutions that have the authority to do so, as appropriate.

It is not suggested that the above criteria are the only relevant ones for assessing the legitimacy and effectiveness of governance processes that include multiple stakeholders.24 However, it is hoped that the application of these criteria does provide a modest advance on the status quo in which multi-stakeholderism is too frequently portrayed as an unalloyed good (or evil). Applying these criteria as a standard can assist to differentiate between notionally multi-stakeholder processes that wildly differ in how open, inclusive and democratically legitimate they really are.

No claim is made that meaningful stakeholder inclusion in internet governance is easy to achieve, or that if achieved, it will easily resolve all internet policy problems. In particular, distributional effects of existing power structures are all-pervasive and these cannot be ignored. Inclusive stakeholder participation will not fully negate these imbalances.25 However, to the extent that multi-stakeholder processes score highly against the criteria presented here, they are less likely to have negative distributional effects than existing, less-inclusive governance institutions and processes that afford greater control over the global internet to overreaching national sovereigns and near-stateless global monopolists alike.

Civil society's agency in the ongoing process of the improvement of multi-stakeholder processes should not be dismissed. Doubtless, some compliant civil society actors have at times been co-opted into unproductive discussions under the guise of multi-stakeholderism. On the other hand, the subset of multi-stakeholder processes that promotes meaningful stakeholder inclusion is one of the first and only governance innovations with the promise of truly empowering internet users. Until now, mass protest has probably been the most effective option for advancing civil society interests at the global level, especially in promoting transnational civil society interests that are otherwise unrepresented even in domestic politics (Losey, 2014). The evolution of mechanisms for their meaningful inclusion in multi-stakeholder internet governance processes provides a second, inside-track option for civil society to promote change.

By advancing these criteria it is hoped to help to establish a gold standard or “quality seal” of multi-stakeholder internet governance processes that provide the opportunity for meaningful stakeholder inclusion, allowing a more nuanced understanding of which such processes truly do further the global public interest, and which are just window-dressing of a government or corporate agenda.

Introduction: the need for a global framework for internet intermediary liability

Internet intermediaries are, in the most generic form, those entities providing services that enable individuals to receive or impart information on the internet. Given their instrumental role for individuals’ speech, intermediaries are a frequent target of legal actions aimed at preventing or stopping the publication of allegedly illegal material, even where such material was not produced or edited in any way by the intermediary. Whether and to what extent these entities have indeed a justiciable obligation to do so (and a consequent liability for failing to honour that obligation) depends on the applicable legal regime, which varies from country to country. Yet, unlike other areas of global internet governance which are subject to a specific forum of discussion,1 this field currently lacks an overarching framework for the development of a common understanding on the role of intermediaries.

Internet intermediary liability is a wide-ranging topic, stretching into many different areas of law, from defamation and privacy to trademark and copyright infringement - just to name a few. Given the substantial differences between the issues at stake in these areas, legislators in many countries adopted domain-specific solutions, with the aim to appropriately account for the tension between different rights and interests at stake. However, in an increasingly interdependent digital environment, with an internet dominated by multinational corporations providing their services across the entire world, this uncoordinated heterogeneity risks generating significant problems of compliance and friction across different regimes. The recognition by the European Union of a so called “right to be forgotten”, seen in contrast with the reactions by US commentators (e.g., Zittrain, 2014 and 2014b; Bridy, 2014; Farrell, 2014; Farrell and Newman, 2014; Ambrose, 2014) and the proposals for the adoption of a similar yet significantly different right in Brazil,2Japan, Korea, and most notably, Russia (where it was signed into law in July 2015), offers one notable example of such friction. Differences of culture, approaches and underlying values are exposed and accentuated, rather than mediated, in the absence of a dedicated global governance forum defining guiding principles for the involvement of internet intermediaries in the enforcement of the rights of their users. While a civil society initiative was launched just last year to define guiding principles for intermediary liability worldwide, a forum of discussion of these crucially important issues is conspicuously missing in internet governance processes. This article suggests that the model chosen by Brazil in the adoption of its civil framework for the internet (Marco Civil da Internet) could be seen as an inspiration for the definition of principles underlying such global mechanism. In particular, the Brazilian model distinguishes itself on the basis of: (1) the multistakeholder nature of the process that led to the definition of the existing legal framework; and (2) the aspiration to give a “constitutional” dimension to such framework, by recognising a number of fundamental rights and principles as founding pillars of internet regulation.

Section 1 briefly illustrates the clashes of interests that underlie the discussions on intermediary liability, including distinctions of the role of such parties under different scenarios. Section 2 describes the remarkable achievements of the Brazilian Marco Civil, signed into law in April 2014, and explains the tensions underlying some of its key provisions. Finally, Section 3 sets the foundations for a “global Marco Civil” by identifying key baseline principles, and recommends the creation of a global forum for the discussion of intermediary liability.

1. The dilemma of internet intermediary liability: exposing the clashes of interests

In essence, internet intermediary liability is concerned with one fundamental question: what are reasonable normative expectations of involvement by intermediaries in the enforcement of different laws and regulations? If on the one hand, the protection of rights in cyberspace may be deprived of its effectiveness without the ability to rely on intermediaries for immediate enforcement, on the other hand imposing on intermediaries the duty to monitor the activity of their customers and/or prevent the publication of any potentially infringing content constitutes a serious restraint on speech, which can only be permitted under stringent conditions according to international human rights law.3 Moreover, imposing a duty to monitor or police content leads to the risk of having the intermediary holding back the emergence of new services with even the slightest infringing potential, and generates a “culture of permission” which is ill-suited for the development of innovative products and services in a knowledge-intensive economy.

To obviate these concerns, legal systems generally define some “comfort zones”, also known as “safe harbours”, where intermediaries can operate without being held responsible for the conduct of their users. However, the scope and depth of these safe harbours vary across jurisdictions, thereby generating conflicting standards which are in tension with the transnational nature of the internet. The elaboration of common standards faces two distinct challenges: first, the conceptual challenge of defining the boundaries of the notion of “internet intermediaries”; second, the practical challenge of designing a regime that is fair and effective in securing the protection of individual rights, whilst encouraging responsible behaviour by the intermediaries. Admittedly, answering these questions is not a binary exercise, and will depend on the perspective one adopts. For this reason, understanding the needs and concerns of the various actors involved, in relation to different regimes, is crucial to the identification of appropriate rules.

One size does not fit all: distinguishing actors in intermediary liability regimes

A first striking divergence of interests exists between (1) content producers, whose business model depends on the publication of “quality” content; and (2) infrastructure providers, who merely provide a technical service, and for this reason aspire being treated as “dumb pipes”, not expected to either detect or remove potentially illegal material. This distinction indeed informs virtually any intermediary liability frameworks, providing at a minimum two different safe harbours for these categories. Less visible or widely acknowledged are the tensions and differences within these two categories: for example, big content producers place great importance on proactive and automated enforcement by intermediaries; in contrast, small and independent producers tend to promote greater ability to make transformative uses of content (as this increases visibility of their work), and are therefore opposed to a system of automatic takedown, pointing out the risks of collateral censorship. Similarly, within the group of infrastructure providers one can distinguish mere conduits (who simply provide connectivity to the internet) from those who provide more advanced or “special” services,4 which require the application of traffic or content management techniques for the distinction between types of transmitted or selected content. The latter entities have the technical ability to detect at least some illegal material and take enforcement action against it, though it is debatable how far this technical ability should translate into a duty of care towards the government (as it has occurred, for example, in the case of prevention of malware or child-pornographic material). At the same time, it should be noted that the ability of selecting or discriminating content places these intermediaries outside the “mere conduit” safe harbour, which requires the conduit not to initiate the transmission and not to select the receiver, nor select or modify content. Although some of these activities (for example, search) can be protected under different safe harbours (such as those for hosting and caching), other advanced services may fall outside the protection defined by the existing intermediary liability regimes.

Another important point to be made with regard to infrastructure providers is that their interests on the scope of intermediary liability legislation are usually in direct tension with those of copyright owners, making it difficult to reach compromises other than of bilateral nature. This difficulty can be ascertained, for example, in the failure of the long process of negotiation which followed the approval of the Digital Economy Act (in 2010) in the UK, where the communication regulator (Ofcom) was entrusted with the task to implement general principles by brokering a multistakeholder consensus on the splitting of costs for the filtering imposed to internet service providers (ISPs) in order to prevent copyright infringement. After negotiations under Ofcom’s auspices protracted for over three years without bearing fruit, an agreement on voluntary copyright alert measures was achieved between ISPs and copyright owners, thereby bypassing the multistakeholder character of the consensus that the procedure was supposed to follow. While the failure of the institutional mechanism was arguably due to the complexity of reaching multistakeholder consensus in an area of such intense conflict, it also provided clear evidence that the relative weight of copyright in the discussions of intermediary liability should not be underestimated.

2. A case study in the governance of online intermediaries: the Brazilian approach

A. The birth of the Marco Civil da Internet

The situation in Brazil regarding intermediary liability was until 2014 one of complete absence of specific rules; and this led courts to treat it on the basis of general principles of civil and consumer protection law, which imposed a very high standard of care5 sometimes comparable to strict liability. It also led to a series of private agreements between copyright holders, ISPs and other internet services and to the affirmation of a set of informal norms around notice and takedown that proved “very compliant with industry demands” (Nicoletti Mizukami et al., 2011, p. 263).

Despite the effectiveness of this system for prompt removal of copyright infringing material, copyright owners were still uneasy about the possibility for users to play “whack-a-mole” with copyrighted content, uploading it swiftly and with impunity shortly after removal. In their view, absence of a procedure for obliging ISPs to hand over or even retain subscriber data manifested itself as a key challenge to the effectiveness of copyright protection vis-à-vis repeated infringers. For this reason, a bill (the “Azeredo Bill”) was introduced in 2008 proposing a 3-year mandatory period of data retention, and requiring ISPs to collaborate in the disclosure of the identity of infringers. The Azeredo Bill also criminalised access to data “without authorization of the legitimate owner”, by imposing a sanction of two to four years of jail, thereby turning into a felony overnight (Saldias, 2015, p. 3) the conduct of approximately 60% of Brazilians. Inspired by the Council of Europe Convention on Cybercrime, the bill was an attempt to enact a criminal statute without even having in place a civil framework for the internet - which was the case for the great majority of the other states parties to the convention.

This is the background from which the Marco Civil da Internet (Federal Law No. 12965/2014, previously Bill No. 2126/2011), gradually came into being: civil society, firmly rejecting the measures put forward in the Azeredo Bill, launched a campaign of fierce opposition (which became known as “Mega Não”) and generated consensus over the need to develop a civil framework in respect of the civil rights and liberties of Brazilian citizens. This led to a partnership between the federal government and the Center for Technology and Society of the Law School at the Fundação Getúlio Vargas (CTS/FGV), resulting in a joint proposal and relying on an innovative platform for online public consultation which allowed everyone to comment and to contribute to the drafting of the bill.

Between 2009 and 2010 the public consultation gathered approximately 2,000 comments (respectively 800 and 1,180 in each of its two phases); contributions were also collected via other channels, including receiving direct submissions and scanning social media for dedicated commentary (Nicoletti Mizukami, 2015). In 2011, the bill was signed by the executive and sent to Parliament, where Alessandro Molon was appointed as its rapporteur. Having organised a series of events and a further consultation for the proposed text, Molon cleared the bill for voting on July 2012; however, the approval was repeatedly delayed (until March 2014) due to strong pressures on particular provisions, including: (1) on intermediary liability, with the clash between telecommunications companies and Rede Globo, a powerful media group representing a significant player in the copyright industry in Brazil; (2) on data retention, with the clash between civil society, the federal police and other sectors engaged in the fight against cybercrime; and finally (3) on network neutrality, with the clash between telecommunication companies and content providers.

The Marco Civil is also known as “constitution for the internet” because it revolves the whole regulatory framework around a number of guarantees for civil liberties, such as the privacy and freedom of expression of users. Freedom of expression is explicitly erected as the main pillar for the discipline of internet use in Brazil, along with others listed in article 2.6 Furthermore, article 3 explicitly recognises, among other things, the guarantees of freedom of expression, privacy and liability of the agents according to their activities (i.e., not for the conduct of others) pursuant to the law; and the freedom of business models on the internet is subordinated to the aforementioned principles. Finally, article 8 establishes that any contractual clause in breach of the rights to privacy and freedom of speech (including in particular the inviolability and secrecy of communication)7 will be considered null and void.

While the battle over net neutrality was settled with the need to define the appropriate regulation at a later (upcoming) stage, the fight over data retention resulted in a steep decrease of the mandatory period of three years proposed in Azeredo Bill, imposing one year for the storing of connection data and six months for the records of access to internet applications (so called “logs”). In comparison, the solution found to the controversy over intermediary liability strikes as being much more complex and articulated.

B. Intermediary liability provisions in the Marco Civil

The intermediary liability package of the Marco Civil consists of four main rules. The first is laid out in article 18, which establishes that the provider of connection to the internet shall not be liable for civil damages resulting from content generated by third parties: this is a strong version of the “mere conduit” principle, without any circumstantiations (found in other jurisdictions) concerning the initiation or modification of the transmission, or the technological means used to accomplish transmission. Secondly, article 19 limits the possible liability for internet application providers (broadly analogous to “content hosts”)8 to cases where they fail to remove illegal content upon specific judicial order. It also enables judges to issue injunctions anticipating the effects of the request, upon fulfillment of the requisites of likelihood of success and irreparable damage (or damage that is difficult to repair). Third, article 21 establishes a special provision for breach of privacy arising from the disclosure of images, videos and other materials containing nudity or sexual activities of private nature, without the authorisation of participants: this is known as the “revenge porn” exception, which imposes liability to internet application providers for lack of “due diligence” whenever they fail to promptly remove content after receiving a specific request in this sense,9 either by the interested party or by his/her legal representative. Finally, article 31 makes a specific exemption for the liability of internet application providers in case of copyright or related rights: the applicable procedure in force will remain that of the existing copyright law, at least up and until the entering into force of the copyright regulation which is currently under discussion at the Parliament (since 2010). Given intense industry pressure, this was considered too sensitive of an issue to be dealt with under the same golden standards applicable to other categories of intermediary liability; in fact, this exception was reportedly crafted to prevent the blocking of the bill by the cultural production industry, spearheaded by Globo.

In particular, the introduction of the exception was considered by civil society a better option than the abandonment of the requirement of prior judicial order, which had emerged strongly from the multistakeholder process of the consultation. Unwilling to give up the “notice and takedown” procedure already utilised by a variety of intermediaries, representatives of the copyright industry interceded with Rapporteur Molon before the clearing of the bill for voting, in an attempt to generalise the application of the notice and takedown regime. Following an amendment of the proposed bill in this sense and the subsequent pushback by civil society, the final bill re-incorporated the judicial order requirement and included the aforementioned exception for copyright (Nicoletti Mizukami, 2015). This late addition was coupled with the revenge porn exception, which resulted from the demands of government and public prosecutors prevailing over the opposing forces in civil society (Lemos et al., 2015). All in all, it is apparent that the Marco Civil was the result of a compromise between different constituencies. Nevertheless, the opening to multistakeholder participation at various stages of drafting and consultation of the bill did not prevent it from achieving quite far-reaching positions of entitlement for individual rights, particularly on privacy and freedom of expression. In this context, the enunciation of two important principles of intermediary liability (that such liability is excluded for conduits, regardless of the means of operation; and that the same applies to content hosts, as long as they have not received a judicial order to remove content) is a remarkable achievement which reinforces the guarantees enshrined in this document. Both this substantive achievement and the participatory process giving rise to it provide important lessons for legislators around the globe.

C. Multistakeholder processes and differentiated regimes

One of the added values of the participatory process followed in the drafting of the Marco Civil was to bring to the fore the interests of a variety of constituencies, in the attempt to achieve a balanced outcome. However, while the immediate outcome of such process satisfied the majority of participants, it became clear that the produced draft left a number of key stakeholders at discontent. This dissatisfaction prompted pressures to re-calibrate the rules in line with the peculiarity of those interests that were insufficiently considered. Despite the criticism towards these late amendments of the draft, it is arguable that these pressures were not a bug, but an unavoidable feature of the multistakeholder process: democracy is also based on the idea of contestation (Dahl, 1971), implying the ability for affected stakeholders to voice their concerns in an attempt to influence the shaping of norms.

From a substantive perspective, the added value of this process was the identification of key neglected elements in the design of the rules for intermediary liability. Uncalibrated intermediary liability regimes can have a significant impact on the effectiveness of the operation of other such regimes: the failure to account for the divergence of actors and interests can generate negative externalities not only between the regimes established in specific cognate areas, but also across the laws and policies pursued in different countries. Thus, in addition to minimising friction across regimes, well calibrated principles of intermediary liability may contribute to preventing the proliferation of private agreements for area-specific enforcement efforts, which arise precisely in response to the unsatisfactory treatment of some of the particular interests at stake. For example, what past experience has shown is that, in the absence of a copyright-specific regulatory solution, representatives of the intellectual property constituency tend to prevail over other stakeholders and skew the balance of the whole process – conceivably as a result of greater subject-matter expertise, rhetoric and coordination - at the expense of a more dispersed and less resourceful representation of users and civil society.

This came out clearly in the latest attempt to establish global provisions on intermediary liability within a charter of “Principles” of internet governance: the Global Multistakeholder Meeting on Internet Governance (NETmundial). While the original text which resulted from a call for online contributions had no specific provision on intermediary liability, the new text which was drafted on the basis of the inputs received at the NETmundial meeting included the principle that “Intermediary liability limitations should be implemented in a way that respects and promotes economic growth, innovation, creativity and free flow of information. In this regard, cooperation among all stakeholders should be encouraged to address and deter illegal activity, consistent with fair process.” As noted elsewhere, this formulation is problematic to the eye of civil society because the focus on economic aspects prevails over the protection of human rights - precisely the opposite of what Marco Civil suggests. Those who were present at the meeting witnessed that this compromise was the result of intense lobbying from the copyright industry; in other words, the sole existing model for intermediary liability in global internet governance processes appears to be designed to accommodate the needs of copyright (and perhaps trademark) owners.

3. The pillars of a human rights compliant model for intermediary liability

As noted, the Marco Civil is known as a “constitution for the internet” in light of its focus on fundamental rights: heralding those rights as pillars for the discipline of internet use in Brazil, the Marco Civil subordinates the freedom to conduct business and the legitimacy of contractual arrangements to the respect of those fundamental values. While the prioritisation of fundamental rights is not enshrined in a document with force superior to that of ordinary legislation, as it is usually the case for national constitutions, the fact that the amendment of the Marco Civil does not require a reinforced procedure is of secondary importance for our purposes: the symbolic value of this law is enormous, as it illuminates the road ahead for the development of a “global constitution” for intermediary liability. The form that such international document may take is, in this context, less relevant than the model that it offers, and the potential that this has in breaking the global deadlock (and reducing the friction) of contrasting positions advanced by different countries in the regulation of internet intermediaries.

In order to achieve a balanced framework for the regulation of intermediary liability, it is wise to proceed on the basis of a number of pillars, which, much like in the Marco Civil, can serve as guidepost for the drafting of more specific provisions, including those concerning the conduct expected from intermediaries. Modeling an appropriate regime requires an acceptance of the essential rule of law requirements which are at the basis of our understanding of the internet as an enabler of economic and social development. To that end, the following list proposes five principles which most clearly enshrine these ideals, and which can thus be fruitfully erected as pillars for future discussions on global intermediary liability.

(1) Freedom of expression. At its core, the development of human beings and societies in an interconnected information economy is founded on the engine of the internet as a way to connect people and let information flow between them, which is conceptually anchored on the idea of a global, unrestricted ability to impart and receive information. Accordingly, appropriate principles should be developed to frame the extent to which intermediaries may legitimately interfere with this fundamental right.

(2) Access. Without equal and effective access to the internet, the ability of “netizens” to receive and impart ideas is undermined at its root, thereby compromising the series of benefits that such “flow of information” can bring about. In this sense, access is a prerequisite for the enjoyment of individual rights and freedoms on the internet. A full embracement of this concept would require the creation of a level playing field (for instance, through some form of “net neutrality” regulation) where all individuals have the same opportunity to engage in communication without discrimination, and the compliance with minimum standards of quality of service to ensure that such opportunity is not impaired in practical terms.

(3) Privacy and data protection. This is a concept that is intrinsically connected to the idea of free expression, in at least two different ways: first, the respect for a sphere of intimacy of individuals serves as a limitation on the scope of the right to freely express oneself. Second, the possibility to exercise some form of control over the information of oneself, which is made available to the public, enabling oneself to communicate more freely in the first place. As a result, intermediary liability regimes should duly acknowledge and account for the interaction between these interests and freedom of expression.

(4) Due process. This is a notion that is also used in a variety of contexts, and which can therefore give rise to confusion. It represents the foundation of a democratic society on the rule of law, as opposed to rule by law (Ginsburg and Moustafa, 2008), which in the words of the legal scholar who is considered to have founded this concept, is grounded on the notions of equality before the law, absolute supremacy of the law over arbitrary power; and interpretation and enforcement of the law by the courts (Dicey, 1959). Putting this in more concrete terms, due process refers to those procedural rights which a state “owes” to members of the legal system that are subject to specific individual determinations, specifically imposing the existence of the following minimum requirements to enable any potentially affected party to present its case: (a) a form of legal process which respects the guarantees of independence and impartiality; (b) the right to be informed about the law and to receive notice of the allegations against oneself, and respond to them to the extent that not doing so may prejudice the outcome of the dispute; and (c) the right to a reasoned decision, addressing every essential claim in the matter under dispute. The fulfilment of these requirements should be demanded to intermediaries in any dispute resolution system they set up, and should be ensured through any further remedies offered to individuals against adverse decisions taken by intermediaries which concern them.

(5) Free and open internet. This is a principle from which emanate important consequences for the free flow of information and ideas - although not necessarily of the same rank as that of the fundamental rights and freedoms mentioned above. Perhaps the best way to define internet freedom is to focus on the concepts of “openness” and “permissionless innovation” (Van Schewick, 2012), both alluding to a collaborative environment where users are to a meaningful extent free to develop new ideas, without being “held up” by proprietary technologies or other rigid legal or technical mechanisms of protection. The implication for intermediary liability is that any designated governance mechanism should strive to preserve these characteristics, so as not to undermine the “generative” nature of the internet (Zittrain, 2006).

In accordance with the above principles, a very useful departure point in the search for a global regime for intermediary liability is the dedicated section of the 2011 Joint Declaration of the four Special Rapporteurs on Freedom of Expression of the United Nations (UN), the Organization of American States’ Interamerican Commission on Human Rights (IACHR) the African Commission on Human and Peoples’ Rights (ACHPR) and the Organization for Security and Cooperation in Europe (OSCE). The declaration restates the traditional "conduit principle" (applicable in virtually every regime of intermediary liability) and suggests considering the possibility of limiting the liability of other intermediaries under the same conditions: in other words, treating intermediaries uniformly by exempting them from liability to the extent that they do not initiate the transmission or select its receiver, or modify the information contained in the transmission. This enables automatic services provided upon request to develop without the threat of potential litigation, simultaneously enabling speech and maintaining the incentives for the creation of innovative business models.

The other side of the coin, however, is that immunity may also generate perverse incentives on some of the rights at stake, such as privacy, due process, and even the very same freedom of speech that the qualified immunity is meant to serve. As a result, while this principle is useful to define a minimum standard, it is insufficient to identify a framework for responsible engagement by online intermediaries. On this aspect, the Rapporteurs’ message holds back in order to leave space for creative solutions in the definition of the applicable regime. At the same time, however, it calls against the imposition of duties to monitor the [legality of] the activity taking place within the intermediaries’ services; and against the adoption of extrajudicial content takedown rules which (as is the case under several regimes) fail to provide sufficient protection for freedom of expression.

Furthermore, while the Rapporteurs encourage the adoption of self-regulatory solutions for the management of rights online, this should be read in conjunction with the importance of minimum safeguards for individual liberties. Such safeguards would imply, for example, the need for stringent conditions for disclosure of the identity of suspected infringers– an aspect on which national laws differ, and which is traditionally left unaddressed by the agreements stipulated between ISPs and the copyright industry. The creation of a dedicated forum for substantive discussion on these topics, ideally of multistakeholder nature, would provide the opportunity to define minimum safeguards for the protection of the fundamental rights of individuals, and for preserving the incentives for responsible innovation. The values of privacy, freedom of expression, due process, access and free and open internet should be institutionally embedded into intermediary liability regimes of any form and dimension.

Conclusion

The Brazilian experience provides at least three lessons for the development of intermediary liability regimes: first, it identified the “constitutional ground” upon which an intermediary liability regime should be founded, circumscribed by a number of principles safeguarding fundamental rights while encouraging private enterprises. Second, it offered a practical example of the feasibility of achieving consensus over basic intermediary liability principles not only among a variety of stakeholders, but strikingly, through a participatory multistakeholder drafting procedure. At the same time, the multistakeholder process exposed the need for a differentiated intermediary liability regime, in particular for copyright and “revenge porn”, by defining specific exceptions to those principles. Besides illustrating the unsuitability of a “one size fits all” approach, this raises important questions concerning the appropriate scope for differential treatment in intermediary liability legislations, an aspect which should be at the core of future intermediary liability discussions. Now that the Marco Civil has shed light on the promises and challenges of this path, it is up to participants in internet governance processes to seize the opportunity and elevate the intermediary liability discussion from localised parochialism to the global stage it deserves.

Disclaimer

The author is a co-founder and co-chair of the Internet Governance Forum’s Dynamic Coalition on Platform Responsibility (DCPR), a multistakeholder group focused on the definition of standards of “responsible conduct” for online platforms. The DCPR recently produced a set of Recommendations on Terms of Service and Human Rights, the main ideas of which are under consultation at the following link.

Disclaimer: the article was updated by the Editorial team on 23 March 2016 at 5:24 pm CET to support the statement made with regard to Georgia. 

We read the news, send photos and shop online. Only our interactions with state authorities still largely take place offline. In certain countries, such as Estonia, there has been more progress in this regard: there, it takes just five minutes to do your taxes online, without any tax advisors. No wonder that the Alexander von Humboldt Institute for Internet and Society (HIIG) had invited to the Embassy of “e-Stonia” to discuss the topic of “Big Data For President”. The event was a keynote dialogue for the series Big data: big power shifts?, that the HIIG conducts in cooperation with the Vodafone Institute for Society and Communications.

The digitalisation of administration

Changing address or registering a business: in Estonia, you don’t need to walk to an office or get a stamp. Thanks to digital administration, all the data needed for a person’s tax return is already on file; citizens just need to cast a glance at the result and click on “submit”. In the future, no interaction should be necessary at all, said Siim Sikkut, Digital Policy Adviser at Government Office of Estonia, in his keynote speech.

Although the first German computer system for calculating pensions began operating in 1956, to this day many applications must still be submitted on paper. In Estonia, by contrast, newborn babies get a number from the authorities before they are even given a name, as the hospital immediately reports their birth to the state. Processes like this are considered part of “service orientation” – as “customers”, taxpaying citizens demand that public authorities adapt to the internet-based reality of everyday life. Although not everyone will share this neo-liberal understanding of the state, in Germany it is intended that file management, communication and payment will also be done digitally in the future. To achieve this, the German parliament introduced the “E-Government Act” in 2013.

Industry hopes for profits

In a paperless, networked administration, it is not the clerk entering the data into the computer while the citizen watches from the other side of the desk. People will not just be able to download forms and print them out from home, but also – comfortably – sign them online, instantaneously. McKinsey has calculated that this could allow Europe to save 250 billion euros each year. The time savings for citizens are another advantage.

Industry is hoping for big business: Cisco’s big data expert Dirk Mahnkopf, for example, commends the Swiss transport planning system, which reduced “costs, fraud and error” by analysing people’s (mobile) data. The German public remains skeptical: the first attempt to provide secure communication with the authorities – the “De-Mail” system agreed on in 2011 – can be considered a failure due to its lack of acceptance. The “new ID card” presented in 2010 does contain an electronic identity and signature function, but many people do not enable these functions in the first place. This may also be because public agencies and companies do not offer enough useful applications for this to make sense.

(Even) more data for the state

Digitalised administration can allow for an easier exchange of data between authorities. Citizens only have to enter their data once – the Estonian administration operates on an “ask only once” principle. In Germany, the data is still scattered in different filing cabinets – treasures, just waiting to be analysed for the good of the population?

The state could collect and bring together more data: administrative data, communications data, health data. At best, this would make our administration more efficient and our lives more convenient: Big Data for President. According to Sikkut, data analysis by the state brings citizens’ needs and wishes to the fore. Software could calculate what we care about based on the websites we visit. Analysing health data would provide early warnings about diseases; irregularities in income and taxes would be noticed earlier on. Forecasts of all kinds could be created. Algorithms would allow the police to be at the scene of a crime before it even happens.

What are the dangers?

But the flip-side of big data has to be considered: government-funded data collection and analysis would subject individuals to even more scrutiny. The secret services would certainly rejoice. But, in our urge to optimise, do we run the risk of endangering privacy. Even if data is technically anonymised, it may be retroactively possible to link it to an individual due to the amount of data. For data in the public sector, there is also a right to informational self-determination: at each point when data is processed, explicit consent must be given. In addition, people who are not online should not be disadvantaged.

Data is often looked on as a kind of commodity, as the “new oil”. But such considerations fall short: data constitutes the digital image of the person, whose dignity is inviolable according to the German Basic Law. Without a question, companies would be delighted to get the funds to build a digital administration. But we should be cautious: all this data could be used against us one day.

Attacks on IT systems are increasing worldwide. Estonia does not share health data with third parties, and citizens have the right to prevent the disclosure of certain items in their health profile – but this only applies until the next data leak. Having too many safety functions usually comes at the expense of usability. A fully networked administration increases opportunities for attacks. Data could be manipulated or taken by criminals and intelligence services; there are many unknowns.

This also applies to electronic elections, which seem to not just be attractive for citizens living abroad: a review of the Estonian electronic voting system found significant deficiencies, and from a safety point of view, the election software is unusable. In addition, elections must be open to scrutiny. Computer systems are only safe to a certain extent: they are not just manipulable, but also rather opaque.

An outlook

One aspect of digitalisation that is associated with lower risks is new methods of participation: citizens can comment on legislative processes online early on. Online consultations, such as those for the Tempelhofer Feld park in Berlin or online discourses give the public’s opinions and ideas more of an airing.

There are also great hopes for “Open (Government) Data”: instead of maintaining official silence, governments and administrations would make data freely available. Interested parties could, for example, critically question data about government contracts or statistics or suggest applications for it. As far as the free disclosure of government data is concerned, Germany is still behind Georgia1– but that is set to change with the E-Government Act, too. In this context, data protection should not be forgotten. Because transparency is not an end in itself: It should ensure equal treatment for all and provide protection against corruption and manipulation, not create new power imbalances.

In this respect, the legal requirements for the digitalisation of the state in Germany are clear: creating efficiency and diminishing bureaucracy are desirable, but data protection and privacy have constitutional priority.

As a scholar of constitutional law, of European and international law, having along the way gathered some knowledge of the workings of the internet, I am happy to present some perhaps somewhat revolutionary thoughts about governing in the future. The issue I was asked to deal with was: Governing the 21st century. Here are my thought about it.1

Let me start with a question: Who is the sovereign today? My answer is: the individual in a of democratically organised multilevel system of political action that includes the global level. And this is possible, as I will explain, thanks to the internet and, more specifically, through e-democracy.

My proposition is based upon the recognition of human dignity, that means both, self-determination of everybody, and the mutual respect of the other, his or her otherness, based on diversity as a value of our society. And in our society we can organise our life and self-determine our conditions of life so to make best of it, on all levels: in our families, local communities, regions, states and, if you like, at supranational or even at a global level. Take the perspective of the mature, civilised individual, who associates, as appropriate for achieving common objectives, and defines herself as:

• a citizen of her local community

• a citizen of her region or subnational district

• a citizen of her nation-state

• perhaps also, as is the case for me: a citizen of a supranational union: I am a European Union citizen, - and

Let me ask: what are the reasons and conditions for us, people from all around the world, not to perceive us also as citizens of the world – or as “global citizens”?

This is the question of the 21st century. Yet, in 1795 already Immanuel Kant spoke about world citizenship (Third Definitive Article for a Perpetual Peace). It is worthwhile indeed to read his “perpetual peace”. It is the question of the 21st century - at least if we wish that this century becomes a century of peace and liberty, of solidarity and prosperity for all. I do wish so, definitely, for the sake of humanity.

In fact, we already have several political identities, related to the diverse levels of political communities to which we belong: each level serves certain tasks, for certain purposes of common public interest. As the case may be, each level has its own constitutional setting: institutions, responsibilities and powers, decision-making procedures, with some definition also of the rights and obligations of the individuals being citizens of the respective political community. Governance, already today, thus, has a multilevel structure. And to understand this in terms of constitutional law, I propose to talk about “multilevel constitutionalism”. With this concept I try to explain the European Union; and this is what I propose to extend to the global level.

What is new about multilevel constitutionalism? It is the perspective of the individual – that is, in terms of democracy, the only source and origin of legitimate or sovereign powers exercised by public authorities, at whatever level it may be.

In academic writing, you can find a broad debate on “global constitutionalism”, where the main trend is to argue for a binding character of some international law upon states, with a view to protect human rights and to preserve peace: taming the prince! The prince, here, is the state. Binding international law would represent a sort of external constitution for each country. But this is not the reality. As we know, states – sometimes just their governments – feel sovereign, and there is little hope that this will change, except for very convincing reasons.

The European Union, questioning states’ sovereignty

Taming the prince, means questioning states’ sovereignty. Take the example of the European Union. Its institutions exercise sovereign rights they are entrusted with for special purposes. The result is, as the European Court of Justice says, that member states gave up parts of their sovereignty for the benefit of a functioning European Union.

But who has conferred these sovereign rights to the European institutions, who could really do so, and for what purposes?

The common answer is: the member states. My answer is: the citizens of the member states. By contracting through their national institutions the establishment – or better: the “constitution” – of the EU the citizens of the Member States have given themselves the status as citizens of the Union.

The primary purpose was: preserve peace, after centuries of terrible wars among the peoples of Europe. Other purposes were: secure prosperity and welfare for all, and freedom and the protection of human rights, through “an ever closer Union among the peoples of Europe”, as the Preamble of the EU-Treaty states.

Here is my answer to the question of the 21st century, laid out earlier:

The condition for us, people from all countries of this world, to perceive us as global citizens would be a global constitutional setting by which we create the institutions, powers and procedures for achieving objectives of our common interest, to act in matters that are beyond the reach of national or even supra-national authorities.

Be sure, this does not mean a global state. Other organisations can have a constitution too, at least in a post-national, functional sense.

But there are at least three important questions I will try to answer step by step:

1. Why should we endeavour to adopt the identity of global citizens through a constitutional process with the aim to set up institutions vested with the power to act?

2. How could a constitutional setting look like for democratically and effectively implementing the responsibilities of such institutions, and what is their relationship to our states?

3. What is the specific role of the internet and e-democracy in this constitutional process, and for the later operation of institutions set up for the purposes that may justify them?

The first question regards the democratic deficits of our present system of sovereign nation-states.

The second is related to the concept of multilevel constitutionalism as a possible way-out of the existing sovereignty-trap we are still in.

The third is critical insofar as we have no experience with e-democracy connected to global constitutionalism, so we approach new territory.

Let me shortly sketch out the main ideas at the basis of the answers to these questions. My observation is simple: if democracy means self-government, or self-determination of the individual, than provisions for legally binding regulation at the global level are not only an option, but a necessity. This said, the internet is not only a subject for such regulation, but primarily a new instrument that makes it possible: global democracy through the internet.

The first question: why should we do this?

Why should there be a global constitutional setting for regulation beyond the state, why global citizenship?

Some people feel as global citizens already today; they travel around the global village without even noting the different countries and cultures, they speak many languages and make business across borders: cosmopolitans. This is part of what global citizenship is about.

More important is that relationships among people around the world are becoming denser, people travel, meet, communicate, associate, and this not only for the good; they may also organise crime or terrorism, so abusing the freedoms, facilities and the internet for bad purposes. Massive migration due to war, adverse economic conditions or climate change threatens existing social structures. This all speaks to a need for regulation.

As David Held (1995, p. 16) observed already in the 1990s, the global interconnectedness increases the external effects of national politics:

“National communities by no means exclusively make and determine decisions and policies for themselves, and governments by no means determine what is appropriate exclusively for their own citizens.”

Let me just name a few examples:

• Climate change: low-lying islands, such as countries in the Pacific will perish in the sea. This is not a consequence of their domestic policies.

• Why are nuclear plants in the northern hemisphere, where the wind from west is the rule, generally located at the eastern border of each country?

• The global financial crisis was the result of certain policies in the US. The consequences hit the economies of other countries worldwide.

• Can we accept that powerful banks determine the destiny of our countries through global financial transactions made within seconds via the internet?

True, we should not blame the banks for using the freedoms given to them. What we should do is: setting limits, a global legal framework for their action, as necessary for preserving democratic self-determination of our countries. And this framework needs to be democratically established, as an expression of self-determination of the citizens of our countries, acting together as global citizens through global institutions.

Tackling climate-change or regulating the global financial markets, fighting against organised crime and international terrorism or protecting human rights effectively in failed states or in the context of totalitarian regimes, but also ensuring the openness and security of the internet, privacy and data protection all raise the same question: how could a single state acting individually deal with these issues?

Democracy means also the capacity to act effectively in matters of concern. Only common action and binding regulation at the level where the problem appears is a solution. If the state does not have the power, the necessary institutions have to be established beyond the state. Jürgen Habermas (2012, p. 15) rightly says:

“In view of a politically unregulated growth in the complexity of world society which is placing increasingly narrow systemic restrictions on the scope for addition of nation states, the requirement to extend political decision-making capabilities beyond national borders follows from the normative meaning of democracy itself”.

The second question: a constitutional setting at the global level?

What can a constitutional setting look like for democratically and effectively implementing policies beyond the state? What is the relationship to our national constitutions? This is where multilevel constitutionalism comes in:

We would not strive to creating a world state, with a world parliament and a world government. Copy and paste of the state model is not an option, for many reasons.

Immanuel Kant already said that it would lead to tyranny. The idea of a world parliament as a legislative body in the traditional sense, faces the problem of size. It would either be too big to function properly, or it would not be representative for the diversity of cultures and political preferences.

My vision for a global constitutional framework for regulation in some key areas is more modest. It is built upon functioning democratic states and supranational organisations, additional and complementary to our states, and necessarily less rigid, and above all: based upon the rule of law, action through law – with no physical coercion, no police, no army.

From the perspective of the individual, the conceptual model was already presented by James Madison (1787-88) in the Federalist No. 46:

“The federal and state governments are in fact but different agents and trustees of the people, instituted with different powers, and designated for different purposes.

What we need, thus, and what seems to be possible today thanks to the internet and e-democracy, is the establishment of a global layer of political discourse, of will-formation and – as I would call it: of validation of – normative processes resulting in common principles, standards and, as felt appropriate, binding regulation for limited, well determined policy fields.

The architecture of the system would be governed by the principle of subsidiarity: only where states or supranational organisations are unable to effectively achieve the desired results, can global institutions be competent. We have some experience in Europe for how this principle works for the attribution of responsibilities and powers, as well as for their exercise.

Though David Cameron is not happy with it, it works pretty well. The system could be improved, yet also for global ruling.

Against the backdrop of the experience with internet governance, and drawing from experiences in the Rio-process at large, I believe that at least five elements of a regulative system for global issues should be considered:

The establishment, by the UN, of a Global Governance Forum (GGF). It would follow the example of the very successful Internet Governance Forum (IGF).2 The GGF would not take decisions, but offer the space for an open, organised, inclusive and structured multi-stakeholder discourse on the relevant questions to be tackled. Its function is rather a brainstorming and mind-setting function; people who participate on the spot or on-line would learn from each-other, develop ideas and better understand diverse interests, perspectives and preferences.

Insights and ideas from the GGF are the basis for the elaboration of principles and standards by a body to be established following the model of NETmundial (2014).3 Let us call it: Principle-setting body (PSB). The principles and standards would be adopted by consensus, without being legally binding. But processes of monitoring, best practices and peer review could be applied for encouraging the respect of the principles by states and organisations.

The classical form of validation and legal concretisation of the principles would be international conventions. Yet, as we experience, it is not only difficult to negotiate meaningful legal obligations – the Paris Agreement on climate change (Harvey 2015) is a recent example –, but it is often not sure that they are implemented properly. More importantly, citizens and the civil society have little to say. The more international treaties tend to lay down self-executing law in each state – some talk about “Weltinnenrecht” (domestic global law), the more effective democratic participation of the citizen is in need. – My proposal, thus, is to give the General Assembly of the UN the power to decide upon the validation and concretisation of the principles and standards with qualified majority. But, to become binding law, the consent by the global citizens is required. This is to be achieved through a system of e-voting at the global scale, possibly organised by the United Nations Secretariat.

If legal provisions that are directly applicable to the citizens are adopted at the global level, the system must include both, an effective protection of the fundamental rights and a Global Court of Justice (GCJ) in charge of the judicial review. The competence of this Court could be extended to decide upon questions of implementation of the global law so as to make sure that it is equally applied in all countries.

Both the regulation and the case-law of the CCJ should be subject to review-processes. An open global discourse on the effects and necessary improvement could lead to new initiatives within the GGF and the PSB and ensure a dynamic development of global law at large.

The third question: a possible role for the internet?

What is the specific role of the internet and e-democracy in this constitutional process, and for the later operation of the institutions finally set up for the purposes that may justify them?

Part of the answer was already given: E-voting. But let me shortly explain why only in the age of the internet the vision of democratic regulation at the global level can be seen as a realistic option.

Or, in other words, what is it to allow saying: governing the 21st century means self-government of the citizen in a multilevel system including a global level of regulation.

I do not need to rehearse, at this spot, the benefits of the internet related to the access to information, education, communication, social networking and deliberation in real time, with no borders and the potential to include everybody everywhere.

Nor do I need to remind problems that exist with regard to the digital divide, that is a democratic divide, net neutrality, mass surveillance, data security and protection, privacy and all abuses of the internet. To deal with these problems effectively is a first priority, it is the basis of the trust people can have in the internet, and therefore, it is the condition for the application of the internet in governing the 21st century.

In some respect, indeed, there is a vicious circle. Trust is the condition for the full application of the internet, while a properly functioning internet may be the condition for establishing a system for regulation as necessary for re-establishing trust.

The solution seems to be a pragmatic step by step constitutional process, that is lead hand in hand with arrangements among the stakeholders making sure that people support the process for their own benefit.

There are four important aspects to be mentioned, where the internet has a decisive relevance:

• Unlimited and real-time access to information, education, culture for all citizens interested in participating in the political discourse at all levels.

• With the internet, for the first time, it is possible to envisage a global public sphere to emerge. Deliberation is possible, across borders, in social networks, discussion fora. This includes, as already mentioned, the on-line participation in the IGF and NETmudial, or the future institutions established following these models.

• Encouraging experiences made with direct participation of citizens in constitution-making processes. One is the “futurum” website opened in 2001 by the Constitutional Convention that elaborated a draft Treaty on a Constitution for Europe. A second example is the attempt in Island of what was called the “first crowd-sourced constitution”. Lessons to be learned from the two examples could help to develop an internet-based participative process, including for the establishment of a global constitutional setting.

• E-voting and e-referendums, as a mode of direct democracy at the global level. It is true that experience so far with e-democracy is rather limited and academic writing tells us that it does not change the democratic system fundamentally.

This, however, could be different if a new setting is organised following the lines proposed by Majid Behrouzi (2005): His “theory of direct-deliberative e-democracy”, developed for reforming the US constitution with a view to empower the citizen, gives us a number of insights that are helpful for designing a system of e-voting for the global citizen called to directly participate in global decision-making processes.

I shall not bore you in summarising his theory. What is essential, however, are three points he makes that are particularly important:

1. The citizen should be regarded as the real sovereign: Behrouzi understands Rousseau in an individualistic way:

“the sovereignty of the people turns out to be the sum total of the individual sovereignties of the individual citizens who comprise the demos”;

2. E-voting of the citizens shall be based upon a process of education, learning and public deliberation related to the subject at issue.

3. Elected experts and trustees acting as “guardians of the citizens” set up the agenda for the voting exercise, and in some way also participate, as a special assembly, in the final decision.

The weight of the citizen’s e-vote in the decision-making process, finally, depends on the voter turnout. This would encourage participation, but also leave the power in the hands of the institutions, if people are not interested.

Conclusion

Even if we understand that there not only is a need for global regulation on global issues, but that this is even a requirement of effective democracy, a constitution setting up the appropriate institutions and procedures will not be done from one day to the other. There is a long way to go for achieving it. Yet, the internet and e-democracy, in particular, may make it possible.

The process will include establishing democracy in many countries where it is not existent yet, let alone in failed states that even do not have a government at all. It will include coming to what Hasso Hofmann (1993, p. 367-369) called a mutual promise of human dignity among people, as a basis for solidarity not only within a state but also at the global level, and to the recognition of human rights worldwide. Also the technical requirements for free and equal access to the internet are yet to be set up. All of this, however, may be a question of time. More important is:

If we learn to take ourselves seriously as the owners of our political system, it is the internet that allows us to establish digital democracy at the global level and so to govern, ourselves as global citizens, the 21th century.

Recent debates in the media (Curtis, 2015; Hardy, 2015; Peterson, 2015) and academic discourse about the Internet of Things (hereinafter ‘IoT’) are stimulating public interest in this topic. Although the discussion around autonomous cars is one of the most prominent at this point, the phenomenon will likely not be restricted to the anticipated changes in traffic, but will further have an impact on all spheres of human life. Debates in the media and also in the legal academic discourse revolve around specific questions on the existing legal framework, especially rules of liability. In this article we propose taking a step back to examine the implications of the IoT for regulation and law from a broader perspective. Therefore, in this paper we highlight some of the important aspects surrounding how these developments will affect our ideas of governance and regulation by law. We believe that these issues indicate fundamental challenges for governance concepts.

There is no need to jump to the conclusion that the end of law has come (Hildebrandt, 2015). There have been statements to that effect in the 1960s that proclaimed the end of politics and law triggered by progress of technology and science (Schelsky, 1965: pp. 453 et seq.). Those statements proved to be wrong. The recent developments call, however, for new legal concepts.

I. The rise of the internet of things

One is hard pressed to find a convincing, universally accepted definition for the IoT. On the one hand, the subsequent discussion shows the ever-evolving character of the IoT (Santucci, 2008); on the other hand, different disciplines tend to have different perspectives. 1 Technically it means combining technologies – especially sensors, actuators, data processing and communication – into a bundle with new usability (Mattern & Flörkemeier, 2010). If scholars from different disciplines were asked to define the phenomenon, there would be numerous different approaches: an information scientist might emphasise the opportunities to automate processes. A sociologist might define the IoT as an ambivalent social development with possible beneficiaries and losers within society (Davies, 2014). An economist might see this process as a chance to increase efficiency and welfare by replacing manual human labour with the work of intelligent machines (Fleisch, Christ, & Dierkes, 2005).

Our perspective derives from legal sciences and is significantly influenced by ideas of regulation in the sense of the normative influence of law. Besides this traditional idea of the functioning of law, we consider that with the IoT the “code is law” paradigm (Lessig, 2006) might enter the physical world with all its consequences. We call this the ‘Governance by Things’.

Even though it is still uncertain in which direction the IoT will develop, we are convinced that it will have a considerable impact on the application and the requirements for modern forms of law.

In the following, we develop some basic ideas about the role of law in the future and how law could react to such far-reaching developments in our technological and social environment. This discussion ties in with old (Aultman, 1972) and recently refueled, more differentiated debates about “normative technologies” (e.g. Hildebrandt, 2015; Koops, 2007).

II. Governance by things - code becoming physical

Research on the normative factors influencing and determining human behaviour on the internet has led to at least four important circumscribable governance factors. These are social norms, law, contracts and code.2 Social norms, law and - as a surrogate of law - contracts, tell people what they should do. If people act against the rules, they will be sanctioned socially (e.g. social isolation), by law (penalties) or by contracts (contractual penalties). The fourth factor, code, which essentially describes the circumstances shaped by hardware and software, works differently: it sets the framework for behaviour in virtual spaces by defining the options and limits of interaction. Additionally, the code can nudge (Thaler & Sunstein, 2009) people with inscribed affordances, increasing the likelihood of a desired behaviour (Oermann, Lose, Schmidt & Johnsen, 2014: pp. 10-11).

(Oermann et al., 2014: p. 18.)

Like the above model shows, all of these factors are interweaved and potentially influence each other. It requires deep empirical insights to decipher these connections, like the influence of social norms on legislative procedures or the changing of social norms by the introduction of a new law. For code the knowledge about interdepencies with the other factors is in its infancy.3 Mostly literature has warned - from a theoretical point of view - about the determination by code in virtual spaces (Lessig, 2006; Reidenberg, 1997). Due to the emergence of smart things, we want to scrutinise what will happen if this paradigm becomes tangible and especially highlight the relevance of the Governance by Things in relation to traditional regulation by law.

1. The regulation by law

Black’s Law Dictionary used to define law as “that which is laid down [...]” (Black, 1910: 700). Nowadays this refers to the textual quality of law. In order to discuss substitutes for legal rules we first have to go back to the function the legal system fulfills in society. There are various approaches indicating how legal intuitions fit into the working of the overall social structure. Parsons has been instructive to our discussion and quite influential in the realms of sociology of law. According to him the major function of law is an integrative one (cf. Schur, 1968: 80 et seq.): “It serves to mitigate potential elements of conflict and to oil the machinery of social intercourse. It is hindered, only by adherence to a system of rules that systems of social interaction can function without breaking down into overt or chronic covert conflict.” (Parsons, 1962: 57 et seq.) It is noteworthy that according to Parsons the legal system has to address three problems to fulfill that function and those are legitimation, interpretation (establishing rights and obligations by determining the application of rules) and enforcement (including jurisdiction and sanctions).

Luhmann serves as another important reference point especially in the German discourse. He stated that, in an exceedingly complex and contingent world, social systems exist in order to reduce social complexity and give some stability to social expectations (Luhmann, 1993: 131-133). The legal system fulfills this function because it enables one to select between diverse choices on the basis of a binary code, “lawful” or “unlawful” (Recht-Unrecht), that cuts in “self-referentially” (Luhmann 1993: 165-173).

Llewellyn identified five "law jobs", which are relevant in our context. Law in any community serves to prevent disruptive conflicts within the community and helps maintain a peaceful, orderly society, and contribute to this stability by providing a means of resolving disputes (1940). Thus giving stability to social expectations.

Furthermore, conflict solving can serve as a common denominator for the functions of law among society (Röhl 1987: 576). Building on those functions, politics can make use of law to govern society.

The application of rules is the way in which the legal system fulfills this function. Textual law is a cultural artefact that enables people to get a glimpse of normative contents, although it is also a specific system with its own interpretation methods. This means there must be a differentiation between social systems and the methodological toolbox of law. In written law we have meta rules that are supposed to guarantee that the legal texts are drafted in a way that the normative content can be deduced. If rules were enacted orally and face-to-face, the addressee could simply ask about the potential meaning of the rule. With the invention of written words and rules, mass application of law was possible and there was no need for ruler and addressee to be in the same place at the same time (Hildebrandt, 2008). This, in turn, resulted in a need for legal certainty, which legal science tries to reach through the systematic interpretation of law.

2. Governance by code

As mentioned above, the advent of the IoT might give the discussion about code a new twist. To provide a better understanding of this debate, let us briefly introduce our understanding of code and its role in governance. This will lead to the concept of Governance by Things.

As far as IT-related developments go, the idea of governance by code is quite old. Lawrence Lessig developed this intriguing idea of implicit influence on user behaviour by hardware and software back in the 1990s. The most important aspects of the ongoing discussion on code were and still are the following:

Firstly, code is – besides other factors like social norms, law, and contracts – one of the factors regulating human behaviour by setting the rules for the usage of digital products. Unlike law and social norms, however, code is self-executing. It defines the environment for user behaviour instead of explicitly setting the rules by stipulating what one should do and defining legal sanctions for misbehaviour. Code therefore implicates restrictions, enables behaviour or nudges users in certain directions and therefore at least partly takes over functions of law as described above.

Secondly, code governed by private companies can result in a power shift: rules implemented in code can have a huge impact on what is allowed for a mass of people without sufficiently reflecting existing law or the will of society.4 An example might help illustrate the impact of regulation by code in contrast to traditional law: the political struggle for a federal minimum wage in Germany was a long and arduous one, before it was finally introduced in 2015. The online platform Upwork (formerly oDesk), which helps businesses and freelancers to connect, included global minimum wages simply by tweaking the source code of the platform. Following this change, some users were barred from entering a wage of under four US dollars.5 While the effectiveness of this simple alteration to the code is quite impressive, it pushed some low qualified workers out of the market completely, because they could no longer offer their work at conditions viable to them. Marginally higher qualified workers from other countries were hired instead. Ensuring a minimum payment standard takes on a peculiar flavour since the whole business model relies on percentage commissions based on the wages.6 Put bluntly, one could state that code is essentially a resource through which the ones designing the code can pursue their interests.

Thirdly, and connected to the second aspect, code is – as virtually all internet-driven technologies are – hard to address for national governments. Taken together, these three aspects dominate the debate on code.

3. Governance by things as a new paradigm?

In the literature reflecting on code, starting with Lawrence Lessig, the authors always took it for granted that code was a factor influencing human behaviour in virtual spaces. In contrast to this, the restraints by physical environments were called architecture (Lessig, 1998: p. 663 et seq.; 1999A: p. 506 et seq.), which can be used for regulation: for instance, if a rural community wants to prevent heavy goods vehicle traffic from passing through, they could forbid that kind of vehicles via law by putting a sign up (“unsuitable for heavy goods vehicles”). Another way would be to build up funnel shaped physical road embankments to make the road narrower, thus enabling only cars to pass through this architecture (Dankert, 2015: p. 52).

This shows that physical circumstances always were and still are of importance. Today the awareness throughout research disciplines, product design and planning of cities is rising. Urinals include games to nudge men to “aim” at the right spot (Sommer, 2009). This includes the idea of gamification. So-called “defensive architecture” keeps skaters from skating in certain places (Mersom, 2015) or spikes keep homeless people from sleeping in certain places (Quinn, 2014). These examples lead to two follow-up questions. Firstly, why was the idea of code limited to virtual spaces? Secondly, what do the developments connected to the IoT change concerning the differentiation between architecture and code?

The first question can be answered with respect to the concern Lessig wanted to formulate with the equation “code is law”. It was his concern to warn against an excessive technical determination; essentially this means a determination not by technology itself, but by a few decision-makers in private companies (Lessig, 2006: p. XV). In contrast to physical architecture, the example of Upwork and the minimum wage shows the differences strikingly: digital markets tend to stimulate the formation of monopolies supported by direct and indirect network effects (OECD, 2013: p. 170; Van Gorp & Batura, 2015: 22). If there are changes in the code, millions of users can be affected by them. Therefore, some companies without a binding to democratic control can set rules by editing their code. Additionally, this code opens up subtle options for the companies to nudge people unknowingly, analyse the output and optimise the code, which is not possible to this extent in physical spaces. So this is why code was, so far, only used in terms of virtual spaces.

This leads to the second question: Why does the IoT change this limitation, which leads to an idea of Governance by Things? One might say that the IoT has the capability to reduce the gap between reality and virtual datasets (Fleisch et al., 2005). In technological terms this means that “things” – including not only technical devices, but all kinds of things in a broader sense – can have sensors gathering data about their environment and communicating with each other. Whereas computers have been bound to a certain place and are mostly dependent on data input by humans, these processes are increasingly being replaced by automatic sensors and even the reaction can be automated by actuators (Hildebrandt, 2008). Therefore, datasets become more accurate in reproducing a picture of reality.

A glimpse of the utopia (or dystopia) of “ambient law” (Hildebrandt, 2008) is currently only real in demo smart cities, as can be seen for example in Saudi Arabia (Ouroussoff, 2010) or South Korea (O’Connell, 2005). But with the advent of the IoT it becomes obvious that legislators have to think carefully about the societal changes and implications for law that it will bring.7 The EU has acknowledged this need and put out an action plan to react to this development.8 Against this backdrop, it is specifically the first of the 14-point action plan we address, which states the goal of “defining a set of principles underlying the governance of IoT”. In this article, we want to step back even further and describe the developments initiated by the Governance by Things and their implications for the regulation of human behaviour by written norms.

We see structural challenges in at least four key aspects of the code paradigm entering the physical world that we want to highlight: firstly, the need to explicitly “regulate” situations which so far have not been regulated, secondly, the hermeneutical connection between the application of a norm and the construction of the norm, the impact on private ordering and finally the imperfection of technology.

a) Necessitas eget legem – Necessity needs law

A common thought experiment in ethics is the trolley problem (Ghanayim, 2006). In this thought experiment there is a runaway trolley racing down railway tracks that would kill five people if there were no intervention. The person in question could pull a lever, which would set the trolley on a different track where it would kill just one person. This has applications for other rules, such as the example set out by the character Mr. Spock in Star Trek that “the needs of the many outweigh the needs of the few”.9 This can indeed be an acceptable ethical norm for adherents of the utilitarian doctrine (Bentham, 2000).

Many legal systems address these kinds of exceptional cases with correctional norms on a secondary review level, such as the Choice-of-Evils in American criminal law or a comparable construction in German criminal law, which resolves this conflict on the level of unlawfulness when two obligations are in conflict (Lackner & Kühl, 2014: § 34 margin number 15). These exceptional cases – like the trolley problem – are systematically solved by moving them from the level of rules regulating behaviour to principles of justification. Thus, law does not have to provide rules on how to act when confronted with these kinds of decisions and still the underlying moral values, the rules in criminal law, can be upheld. However, at the same time, the law recognises that it would not be fair to punish someone who decides one way or the other. This follows Immanuel Kant’s discussion of the similar carneades-problem10 and supports the saying “necessitas non habet legem” – necessity has no law.

For autonomous cars there are at least two basic situations discussed (Bonnefon, Shariff, & Rahwan, 2015: p.3), which connect closely to the thought experiments above: 1) Autonomous cars must be programmed to choose between unavoidably harming either one person or several people; 2) The car is harming one person, but the chance to save this person will unavoidably harm the driver. This would be the case if e.g. one person surprisingly appears on the road and the only chance to swerve would be to drive into a wall, off a cliff, etc. Generally speaking when technical systems are built that anticipate critical decisions, necessity has to have a law or - in other words inspired by a recent post of an MIT blog - “self-driving cars must be programmed to kill” (Bonnefon et al., 2015). The rules that technology needs in order to function are also normative rules. Anticipating critical situations can be an opportunity to implement reasoned determinations in situations that would otherwise lead to arbitrary results, e.g. because reacting appropriately would be impossible due to time constraints.

Recently a survey in the field of experimental ethics showed that there might be a preference for “utilitarian cars”, which are programmed in a way to always minimise the death toll - even if this decision meant harming the ‘driver’s’ life (Bonnefon et al., 2015: p. 7). But likewise the survey showed that the acceptance of the programming of a car to sacrifice the driver potentially decreases, when this affects one’s own car (Bonnefon et al., 2015: p.7). Interestingly enough, the survey asked for the willingness to accept legal enforcement of self-sacrifice of the passenger of such a car. In this case the acceptance of a legal enforcement towards autonomous cars was higher than if it applied to the behaviour of humans (Bonnefon et al., 2015: p. 7 - 8). Without a doubt, a legal obligation to sacrifice oneself as a driver would not only face ethical challenges, but would at least in Germany also most likely not be compatible with constitutional values, such as human dignity or the right to live (BVerfGE 115, 118, p. 159).11 Nevertheless the intuition of the participants to regulate the implicit rules of autonomous cars seems to be right. When there is a rule-making process for a car, which results in a Governance by Things possibly anticipating a multiplicity of critical cases in a certain way, then law is an appropriate tool to accompany this process and leave room for a differentiated public discussion, whether Mr. Spock’s utilitarian approach was right or not.

If society wants to profit from the advantages of a highly efficient and consistent Governance by Things,12 the inscribed rules need to anticipative normative guidelines on how to solve critical decisions - in the figurative sense: “necessity needs law”.

b) The (self-)execution of normative rules

If we put a normative complexion on code, there are some parallels discussed by Lawrence Lessig and others between code and law. There is, however, at least one thing that sets code apart: its special self-executing character (Reidenberg, 1997: p. 569). Written law only provides psychic compulsion. This means the inscribed normative contents of law can motivate the addressee directly or indirectly to behave in a certain way, but even the enforcement of a specific norm by the organ in charge does not make the sanctioned person follow the rule of conduct which is enshrined in the legal rule. At best it can have an effect for future actions. Kelsen describes this paradox as follows: The “[...] sanction to be executed by the organ is provided for only in those concrete cases where the conduct which the legal order tries to bring about has not been ‘enforced’ and, thus, has proved not to be ‘enforcible’” (Kelsen, 2006: p.23). Thus normative rules provide an idea of what should be “normal” (meaning potentially benefiting a society), but they only come into actual effect whenever a discrepancy of the actual and desired behaviour occurs. The enforcement regards ex post penalties, but there is no other than psychic compulsion before someone decides not to conform to the law.

Governance by Things as described is also self-executing in the purest sense, in that the rules can be directly implemented in algorithms13 that control things, where the enforcement is anticipated and - in contrast to the psychic compulsion of law - can directly restrict or substitute human behaviour. As a result, regularly behaviour automatically conforms to the range of possibilities that the Governance by Things allows. Consider this famous example: the law can stipulate that one must fasten one’s seat belt while driving and the police can enforce this regulation. Smart cars, however, could simply refuse to start the engine if the sensors indicate that the driver has not buckled up properly. Hildebrandt states – building on Searle – that with normative technology regulative rules can become constitutive rules (Hildebrandt, 2008: pp. 169-183). While regulative rules leave the options open to either follow the rules or ignore them, constitutive rules only permit the action to be taken if the criteria the rules define are fulfilled.

Even in cases in which an algorithm does not fully prevent some kind of behaviour but just nudges someone in a certain direction, there is a significant difference when compared to law. The process of application lacks the complex interaction between abstract norms and the specific case at hand that makes each application of the law in itself a construction of the law. One consequence of the specific hermeneutics of law is a certain flexibility that is at least not inherent to algorithms. This leads to the question: what makes human rule-based decision-making so special? For human decision-making processes, psychologists differentiate between explicit and tacit knowledge. They say that human decision-making often is based on tacit knowledge (also ‘procedural knowledge’) (Polanyi, 1965: p. 16 et seq.). This type of knowledge is hard to verbalise. It is a fact that “we can know more than we can tell.” (Polanyi, 1965: p. 14). Theoretical models can be used to develop an abstract idea about explicit and implicit knowledge, their interaction and their influence on gathering knowledge (Nonaka & Takeuchi, 1995: pp. 61 et seq.).

In contrast, algorithms always use explicit knowledge to reach a solution (Carr, 2014: p. 8 et. seq.). The fact that no-one can describe the human decision-making process in every detail, because it is for the greater part based on tacit knowledge, led to the idea that complex interactions between humans and their environment (like driving a car) cannot be overtaken by algorithms (Levy & Murnane, 2004: p. 20). Although autonomous cars today prove the contrary, the automation of technical processes still is result-orientated. Algorithms with inherent social values conserve certain decisions according to predictable input-output-patterns, without a systematic self-conception. For instance, algorithmic rule-making reaches its’ limits, when rules have to be reasonably ignored or refined. Test-drives with autonomous cars show that they are able to stick to traffic rules slavishly, but still cannot decide when to override rules reasonably (Richtel & Dougherty: 2015).

At the same time, we also apply and (re-)construct tacit norms when we make decisions (cf. Kratochwil 1989: pp. 54-56). Similar to tacit knowledge, tacit norms are norms we follow without reflecting on them. They have become part of our scripts for decision-making without us even realising that we are applying a norm. These norms can emerge in interactions between people or they might be internalisations of explicit norms.

At this state, it might be possible for a car to drive autonomously, following traffic-rules in certain decision patterns. But this is just a translation of complex interactions between physical objects. Abstract judicial or ethical concepts like fairness or good faith are unwieldy to handle technically, because they are dependent on the implementation of social perception, which is based on tacit knowledge and tacit norms. To refer to the example from the beginning: legal research on the clarity of normative rules and the constitutional requirement of certainty showed that this principle paradoxically is loosely structured and dependent on smart decisions by judges (Towfigh, 2008: p. 15). As long as we cannot decipher what these abstract concepts mean, we are not able to translate them into explicit rules. At least this is likely to fail, like the seemingly elaborate robot laws in Isaac Asimov’s I, Robot, which led to chaos, because of the missing interpretation and legal discretion of the norms by robots (Söbbing, 2015: p.46).

In other words, in judicial processes even under a civil law system which is mainly governed by written laws, those written norms can be ‘updated’ since, each time, the legal text’s meaning is construed in view of the specific facts of the case at hand (Vesting, 2015: p. 140). This means that the specific inscribed normative content of a norm is constantly being redefined in step with social developments. In this regard, the uncertainty of law and the inclusion of human communication in this process are advantages.

As said before, the differences between law and the Governance by Things in terms of code can also be studied in the internet realm (Oermann et al.: p. 3 et seq; Kesan & Rajiv, 2005; Wagner, 2004).

c) Private ordering of things

The discussion about code and law has already triggered a debate about private ordering (Elkin-Koren, 2008: p. 5). Private ordering describes the process of setting up social norms and/or specific (self-)regulatory determinations and sanctions by private parties (Schwarcz, 2002: p. 319; Elkin-Koren, 2005). Besides the general attempt to regulating markets through private actors, private ordering can use regulatory measures, made by publicly empowered private authorities (Schwarcz, 2002). In the digital age, private ordering is seen as an efficient alternative way to regulate the information environment (Benkler, 2000: p. 2063), because its flexible structures complement the dynamic market structures in the technology sector. It has lengthy historical precedent that private actors – mainly companies and industry associations – at least partly take over regulatory tasks (Hofmann, Katzenbach, & Gollatz, 2014: pp. 12-13.; Feick & Werle 2010: p. 525). Nevertheless, this has expanded in scope over the past years (Schwarcz, 2002: p. 5 et seq.) and will probably increase further with the advent of the Governance by Things.

There are various forms of private ordering, a core element of which are contracts. One strategy of governments to reach certain regulatory goals can be to delegate responsibility to the industry. There is, however, also the possibility that the industry itself sets de facto standards. Governance structures on internet platforms go beyond simple contracts and also include the code created by the industry that can set standards, but which is not the result of a democratic rule-making process.14

It is settled case-law in Germany that in case of infringements of the Terms of Use, content providers (chatrooms, forums etc.) are legally able to exclude users from using their platforms (OLG Köln, ZUM RD 2000, 547; LG München, K&R 2007, 283). This idea derives from the notion of ‘domestic authority’, which ironically is associated with physical spaces and ownership in civil law as in criminal law (see section 123 StGB). Now imagine this argumentation returning from digital to physical spaces with the Governance by Things, possibly influencing all aspects of human life: this would mean that every owner of a “smart home” would at least from a legal perspective have to follow the implicit rules of the one who designed the algorithms controlling it in terms of communication.

If we push this idea further, we can consider how this argument might be transferred to other areas such as ‘smart cars’ or ‘smart cities’. As the gap between materiality and digital spaces narrows further (the architecture and the code), this discussion will become a core aspect of the regulation of the Governance by Things since public and commercial interests can collide. The ‘domestic authority’ line of argument returning from digital spaces back to physicality may sound reasonable to a certain degree, because consumers are able to ‘choose their authority’ by buying certain products or not. Rules set by companies with commercial interests might be appropriate and capable of substituting governmental decisions with Private Ordering in some cases.

On the other hand, it is known that digital markets tend to concentrate due to certain effects (e.g. power law effects or network effects), which seems to foster paradoxical situations in which the services with the highest market shares for a certain market may score low in customer satisfaction.15 This tendency for market concentration might spill over on IoT-markets, which are close to digital markets. This might make the domestic authority argument problematic in areas where an IoT product prevailed in the market and can set the implicit rules of Governance by Things while not taking consumer interests into account. If private companies driven by economic self-interest autonomously implement their ideas of ‘rightful’ behaviour in algorithms, there is no guarantee that they are complementary with social consent. Whether economic competition can guarantee that, depends on the market structure (e.g. the contestability of markets). At this point, the anticipated decisions embedded in algorithms can produce accomplished facts in large-scale scenarios, determining the behaviour of many members of society.

Among the important questions to be discussed at this crossroads is at what point the software behind the Governance by Things becomes a public affair, especially when it can have a direct physical impact. This often has far reaching consequences on the regulation by law: when a decision appears to be a public affair, questions of legitimacy come into play; the decision-maker is bound by human rights and has to adhere to the rule of law. Accompanying the latter is an expectation of transparency. Surely one cannot take these legal principles and impose them on Governance by Things. In contrast to law, which is open to be read by everyone from the broad public to lawyers, to the press, etc., algorithmic regulation in many cases relies on a lack of transparency to keep its intrinsic value, especially if it is connected to private companies’ economic interests. If a company like Google revealed how its search algorithm worked, this information would be used to manipulate search results. By the same token, if a producer of an algorithm for autonomous cars revealed its source code, it could be misused or competing companies could use it for their own products. But even in the unlikely scenario that there were participative structures and the source code was ‘open’, there would only be a small minority of people who could comprehend the logic of complex coding and really participate in the process of shaping algorithmic regulation (Oermann & Töllner, 2014: p. 8; Lessig, 1999B: p. 1418). We need to explore, which concepts of transparency can be helpful in this context.

Therefore, lawmakers have to learn about the interplay between governance factors and the impact of the Governance by Things to be able to analyse the need for an intervention by the state. If Public Ordering is the right mode of intervention, this leads to questions of how to regulate software, especially concerning the question of what the regulatory link is: is it the software itself, the standards behind it, the algorithms or even the maxims of coding?

d) The imperfection of technology

Research on the impact of the IoT and its normative implications tends to hold the theoretical view that technology is without failure and inevitable. The chief motivation for the establishment of automated cars is to reduce and eventually eliminate the possibility of road accidents. Likewise, ‘smart guns’ are supposed to help in achieving the aim of drastically decreasing the illegal use of weapons (Borrup, Heneghan, Hernández-Arranz, Luna, & Lapidus, 2014: p. 20 et seq.).

Although the Governance by Things can certainly be helpful to optimise traffic or other complex processes, in the end, every technology is a product of human work, so an infallible technology will never be invented.16 Therefore, not only will the possibility of misusing technology remain, but new types of failures and new opportunities for abuse will emerge as these become more ubiquitous. For instance, just recently technical security gaps in self-driving cars were revealed, which could be exploited to control certain functions of the cars remotely over the internet (Greenberg, 2015; Zetter, 2015). The option of tampering with imperfect technology is not new, but coupled with the self-executing and physical character of the Governance by Things, this phenomenon becomes a challenge. Every new technology involves new possibilities of abuse, but Governance by Things enables the possible manipulation of our physical surroundings once the IoT is ubiquitous.

Additionally, ‘bugs’ get a promotion with the Governance by Things. We already saw that algorithms can deliver odd outcomes, e.g. when automated credit ranking systems denied the former head of the US Federal Reserve Bank a restructuring of his mortgage. Even though “it would take fewer than three speeches for him to pay off his entire house” (Moore & Kasperkevic, 2014), some of the criteria led to a red flag on his refinancing inquiry. Questions about how to deal with such ‘bugs’ legally become even more pressing when algorithmic decisions can have an actual physical impact.

In our view, the imperfection of technology has two main implications for regulation: firstly, ‘smart’ things will replace human decision making processes and behaviour in an increasing number of situations, e.g. the autonomous car will substitute the decisions of drivers. This leads to several liability questions with potentially significant impacts on markets and innovation. Just imagine: who or possibly even what would be liable in the case of an accident involving or even caused by an autonomous car? It cannot be the car itself,17 although it seemingly ‘decided’ – maybe even wrongly – in a critical situation. But the anticipation of such algorithmic decisions can always be traced back to a manufacturer. At this stage and without changes in German law, there would possibly be a shift in liability towards the manufacturers of these cars, resulting in costly litigations against them (Jänich, Schrader, & Reck, 2015: p. 318). This scenario can come about, although it does not change the idea of owner liability: liability lies with the one who has increased the risk and enjoyed the advantages of something – which is still the owner of a car and not its manufacturer (Lutz, 2015: pp. 119 et seq.). Examples of shifting liability are not restricted to autonomous cars, but include a wide variety of products that could potentially harm people. In these cases, the pressure on producers to take precautions increases. Additionally, autonomous vehicles tend to “complicate the already complicated entanglements between insurance providers, plaintiffs, drivers/owners named as defendants, and manufacturers.” (Villasenor 2014: p.13). These problems have already been discussed and will likely result in new insurance concepts (Jain et al., 2015).

Furthermore, there will be a need for law to regulate situations where ‘software bugs’ do not merely affect software, but have a real-world physical impact in terms of security mechanisms preventing abuse or misuse of a technology. An obvious example are ‘smart guns’, which recognise their owners (Borrup et al., 2014) and - maybe in the future - are only able to be fired in situations of self-defence. Even if such a device has built-in security measures against non-conforming usage, there will be ways to bypass these measures and misuse the weapon for criminal purposes. The same goes for autonomous cars: it cannot be ruled out that such a car is hacked to make it drive markedly faster than allowed.

This implicit weakness of technology results in a significant gap in the Governance by Things and leaves the requirement for regulation by law and its educational character to prevent people from misusing technology and to shape social standards (Rüthers, Fischer, & Birk, 2013: p. 54).

IV. Conclusion: a call for second-order regulation of Governance by Things

According to a study, sometime after 2050 every vehicle will be driving autonomously (IHS, 2014). At that point, the implicit rules of the Governance by Things will have a huge impact on people’s lives, not only limited to autonomous cars. Currently, there are only a few examples of actual Governance by Things problems. Nevertheless, it seems evident that the development of new IoT technologies will give rise to a number of challenges in the not too distant future, which will be closely connected to the developments observed in internet governance.

We explained that on the one hand, there have to be concrete normative decisions in situations, which – so far – were not explicitly regulated (see section II. 2. a). On the other hand, we saw that these implicit normative decisions cannot substitute law, because technology lacks a systematic self-conception: Although law can seem antiquated in terms of efficiency, especially in contrast to constitutive normative rules of Governance by Things, we think that this will neither be the end of politics nor law. Lawmaking and court decisions are processes of communicative constructions, which include a variety of social perceptions. These are mostly based on tacit knowledge and tacit social norms. The uncertainty of these processes might seem inefficient but still has an advantage in keeping law up-to-date with social developments (see section II. 2. b)). Consequently, Governance by Things cannot replace law. But we think that it is time for lawmakers to accept and make use of the normative qualities of this “physical” code.

Therefore, lawmakers might be well advised to ponder a second-order regulation for the Governance by Things in some areas, which have to be analysed, since the influence of the Governance by Things will certainly increase, either not following specific democratic values or necessarily representing social perception. These self-executing rules with their regulative and constitutive elements include a subtle resource of governing people. We have learned that, in contrast to the Governance by Things, regulation by law is based on psychic compulsion, which means the enforcement of law is not identical to the intended normative content of a legal norm. A second-order regulation will not change this fact, but it would recognise the regulative and even constitutive elements of the Governance by Things and use them knowingly as a possibly strong resource of regulation.

These second-order rules can be perceived as legal rules defining explicit boundaries and guidelines for the producers of IoT-products, not really “taming” the code but rather socialising it. One striking example of how this could work are the “no fly zones“ programmed in drones, which can include areas like airports to prevent drones from harming flights. Regulation requiring to upload publicly curated maps for the operation to be legal could even include the opt-in or opt-out of private property owners who might want delivery drones to have access but exclude all others. At this point some drone manufacturers already include such measures voluntarily.18 Yet, it is conceivable to have a regulation by law defining these areas and the way it is included in the code.

However, it is not our intention to say that all kinds of product design should be in the hands of lawmakers – second-order regulation should be limited to certain areas, which must be carefully selected. The limits will be defined in a discourse on what is regarded as a “public affair” as outlined above. It is likely that the need of having an influence on regulation on implicit technological rules must be determined by the weight of the legal interests at stake. Especially when it comes to vital interests, like in health care or autonomous driving, software programming will not solely remain in the hands of market forces and their private ordering. Now governance experts have the chance of preparing for the coming challenge by creating second-order mechanisms that oversee the Governance by Things. One obvious first step they can take is to create interfaces between software engineers and experts in legal matters, ethics and governance. This will create the knowledge base for a meaningful debate on regulation in the era of the Governance by Things. Even nowadays some studies point in this direction (Bonnefon, Shariff, & Rahwan, 2015). Such work can contribute to defining the areas in which software programming can be seen as a public affair, and help in understanding what the points of reference and convenient methods of regulation are.

Based on the above discussion, there could be certain principles that technology must obey, conflict-solving mechanisms, and evaluation requirements; the whole toolbox of context regulation can be unpacked and filled with new instruments. It is a new El Dorado for governance research.

With the ball on the IANA - Internet Assigned Numbers Authority (IANA), responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources - transition in the court of US politics, the ICANN community delves into another round of clarifications and inventions for practical global self-governance of internet core resources.

Not a done deal, the transition of oversight over the central root zone of the Domain Name System from the US to an “empowered community” kept the Internet Corporation for Assigned Names and Numbers (ICANN) busy at its 56th meeting in Helsinki this week. Very busy, in fact. While another cross-community working group tackles leftover issues including ICANN's jurisdiction, governments’ struggle to define their new role in the post-IANA world.

On 9 June the US National Telecommunications and Information Administration (NTIA) acknowledged that proposals presented by the ICANN community and other users of IANA met all NTIA conditions for full privatisation. The coordination ensures interoperability and universal connectivity. ICANN since 1998 performed the IANA tasks under contract with the US NTIA. Now an “empowered community“ shall become the self-governing steward for the core internet resources.

Will Congress step in or not?

On 30 September the IANA contract will run out and the new “multi-stakeholder“ IANA era is expected to start. This was no big topic this week in Helsinki, though. Despite green lights from the NTIA on 9 June, a political battle is still ongoing in the US. A handful of Republicans, including former leadership candidate Ted Cruz have been warning against what they say would mean “giving away the Internet“.

Would the US Congress pass the draft “Protecting Internet Freedom Act“, introduced recently by Senator Cruz, Congress would get a final say on the transition, explains Thomas Rickert, lawyer for the German Industry Association Eco and one of the Co-Chairs of the Cross-Community Working Group on Accountability. This working group had successfully hammered checks and balances for the stakeholder groups (commercial, non-commercial and governmental) to control the more powerful ICANN self-regulator, which instead tried to just carry on. 

Despite receiving ‘A’ grades for the procedures from the NTIA and external academic studies commissioned by the NTIA, Rickert said, that it is “very difficult for us to say at this point, how this will play out.“

Without Congress stepping in, transition in September is likely, observers think. NTIA which just did address the Republican concerns in a 28 June letter to Cruz supporter Marco Rubio has set one more deadline for ICANN. On 12 August the regulatory body will "gauge whether all the transition related work will be completed prior to September, 12”.

Implementation work, including the change of bylaws and the finalisation of contracts with the IANA-customers from the IP address community and the standardisation body Internet Engineering Task Force (IETF) was currently pushed by ICANN staff, a rather optimistic Rickert reported. In case implementation is not to the NTIA's liking, “NTIA, in consultation with ICANN and stakeholders will determine the appropriate contract extension,” the NTIA letter to Rubio states.

Governments grappling with their new role as one of many

With not much more the ICANN community could do other than hoping for the best from ICANN staff and US politics in Helsinki, Rickert's CCWG went ahead to kickstart work on items left-over from the accountability “workstream 1“. Workstream 2 instead is supposed to tackle some of the really complex issues – is there a way to solve the problem that ICANN is bound to one jurisdiction whose laws may bring its partners in conflict with their own jurisdiction? Should it therefore reside in many? And also, what are the responsibilities of the quasi global regulator with regard to international human rights? On these and issues like transparency, diversity and accountability of the self-selecting stakeholder groups themselves, proposals will be developed over the coming year. 

Helsinki also saw preparations of the various stakeholder groups for themselves the post-IANA-transition system. In the Governmental Advisory Group (GAC) opinions about the future role of governments in the multi-stakeholder empowered communities clashed, with everybody eager to be very diplomatic. Chris Hemmerlein, newly designated representative for the NTIA, underlined the US standpoint that the GAC should stick to its advisory role. “We do not support the GAC exercising any of the community powers in a decision-making role“, said Hemmerlein.

Government representatives from Brazil, Swaziland and Iran did not like this idea at all. The GAC had decided already, the Brazilian GAC representative noted, “that the GAC accepts its role as a decisional participant. Now we need not discuss how we will put this in practice but there is a decision that we will be a decisional participant and that is settled”. GAC Chair Thomas Schneider tried to calm the waters, acknowledging that there were those in the GAC that favoured to have an advisory-only GAC and those who wanted to see GAC participating in decisions – for example in potential community challenges over the ICANN budget – much more. “And there are those that think it should be decided on a case by case basis,“ Schneider said.

More influence of governments via the multi-stakeholder process – which some would call more co- than self-regulation – has been contentious for years. Some governments thought the reformed Post-IANA ICANN still lacked in government influence – others like Republican politicians warn against autocratic countries “taking over“.

Two or three bites of the apple

Government influence already has been highly effective at times in ICANN even without decisional powers. One of the avenues sought was criticised just this week by registrars and members of the Non-Commercial Stakeholder Group.

With a hard-fought compromise for a new policy on privacy and proxy registrars being on the way to implementation, law enforcement representatives in the new ICANN Public Safety working group called to push for additional safeguards now. Privacy registrars which allow customers to hide personal data from the public WHOIS should, a FBI officer explained, answer requests from law enforcement agencies not only of their own, but also of other countries as well. Taking the usual route via mutual legal assistance is too slow and cumbersome.

“Investigating and responding to allegations of abuse is fine. Sharing personal data is problematic. Our default is to request something from an Irish court,“ explains Michele Neylon, CEO of Irish Registrar Blackknight and outgoing Chair of the Registrar Stakeholder Group. “The policy work for proxy privacy took us years of hard work to agree on. The GAC and law enforcement cannot circumvent the policy development process just because they don't like the outcome.“

Regardless of checks and balances, a lot of watching has to be done for a global internet governance body to function at full potential.

Disclaimer: The theoretical reflections and empirical findings presented in this essay emerged from the collective work of the Internet policy project group of the WZB Berlin Social Science Center. Therefore, the authors would like to highlight the contributions of Benjamin Bergemann, Jeanette Hofmann, Florian Irgmaier and Lena Ulbricht.

Introduction

Over the last decade, it has become increasingly obvious that the internet and digital technology are changing modern societies in fundamental ways. They are undergoing an open-ended process of transformation that is gradually affecting all areas of social life, calling into question societies’ normative and institutional underpinnings. On the national and international levels, public authorities started to respond to the new political challenges by developing new expertise and competences to understand the technical change and to adapt their regulatory repertoire. Likewise, in most parts of the world, the digital transformation results in a dynamic public discourse and an expanding network of non-governmental actors seeking to shape and assess the socio-technical changes and discuss corresponding policy options.

This short research essay proposes to analyse these new constellations of actors, issues and policies as an emerging policy field related to the internet. Rather than assessing them as loosely connected elements that form a fragmented mosaic, the policy field perspective allows us to view actors, issues, discourses, policies and regulatory competences that emerge around internet issues as interrelated. But what is the relation between the various actors in the field and how do these actors, through their interactions, link issues with institutional structures, expertise and regulatory responsibilities? Which are the discursive and institutional processes that contribute to the emergence and shape of the policy field? In order to answer these research questions, the essay proposes an analytical approach that draws on different relational and constructivist theories from the social sciences. Since processes in the field are often conflict-laden, this approach is based on the conceptualisation of policy fields as fields of struggle and aims to retrace how conflicting discourses and power struggles materialise in form of the institutional and regulatory structures of the policy field.

By combining field theory with conceptual tools from discourse and institutional theory as well as Science and Technology Studies (STS), the proposed qualitative and historical approach builds on and simultaneously informs research interested in the emergence of policy fields (Bergemann et al., 2016; Bernhard, 2011; Haunss, 2015; Knoke, 2004; Lynggaard, 2007; Massey & Huitema, 2013). 1, the role of discourse for institutional change (Schmidt, 2008; Phillips, Lawrence, & Hardy, 2004) and the contribution of actors, discourses and material structures for social ordering (Flyverbom, 2010; Latour, 2010). After introducing the analytical approach on a conceptual level, the essay illustrates the analytical ideas via selected empirical examples from Germany, which provide insights into the interrelations of discourses, regulation and institutional structures during the early and more recent stages of field emergence. Due to space limitations, the empirical case studies can only give a fragmented assessment of the various processes that helped shape the material and discursive structures of the German internet policy field. Drawing on the analysis of organisational charts and interviews, the selected examples serve to illustrate the value of the conceptual ideas by identifying crucial discourses and core conflicts that have shaped the German internet policy field.

Internet policy: an emergent policy field

Without a doubt, internet policy making can be considered an increasingly important political field of action at both the national and transnational level. On the one hand, policymakers, researchers and non-governmental organisations (NGOs) show a growing interest in better understanding internet-related problems and in building up relevant expertise.2 On the other hand, the ever growing amount of internet policy related documents, institutions and decision-making structures indicates that public authorities and non-state actors persistently seek to create competences and influence the new societal and technical developments. As a result, we can currently witness the emergence of a multifaceted ensemble of policies which, thanks to the shared reference to the internet, link issues that previously were not interrelated. This ensemble also involves a relatively fixed number of individual and collective actors and institutions which are interconnected through their ‘common concerns’ (Lynggaard, 2007, p.293), that is, their shared interest in internet-related questions. Collectively these policies, issues, actors and institutions form an emergent policy field related to the internet.

Although still in emergence, the internet policy field has already acquired a high degree of complexity and diversity. This is not least due to the tension between the inherently global nature of the internet infrastructure and the attempts to regulate public policy aspects on the national or regional level (Johnson & Post, 1996). Since the 1990s, the technical coordination of the global internet infrastructures has become gradually institutionalised in transnational settings that often apply a multi-stakeholder governance approach, such as the Internet Corporation for Assigned Names and Numbers (ICANN) (Mueller, 2010). In contrast, the regulation of public policy issues related to the internet—such as data protection, competition, security, access and content control—is primarily coordinated and implemented by national or regional authorities (Drake, Cerf, & Kleinwächter, 2016, pp.31ff).3

Yet internet policies and related responsibilities differ quite significantly from one country to another. Some countries, such as the United States, tend to leave internet rule-making primarily to the ‘free market’, while others, such as France, assign regulation more strictly to public authorities. While many developing countries still focus on basic access problems, others’ policy approaches are shaped by discourses on cyber threats, counter-terrorism or child protection, for instance in the UK. Moreover, countries put forward different governance instruments, such as national commissions (e.g. the German Parliamentary Enquete Commission on Internet and Society) or charters of internet principles (e.g. the Brazilian Civil Rights Framework for the Internet).4 As a result, national differences regarding internet policymaking appear to be strongly influenced by the concrete constellations of actors, existing and newly created institutional structures and the influence of dominant discourses. To analyse the emergent internet policy field of one particular country or on the global level, we propose to study the interrelation of these different elements constituting a social field.

Internet policy as field of struggle

The conceptualisation of policy fields as a specific category of social fields provides a useful heuristic for analysing policy fields in general and for understanding the nature and effects of internet policy in particular. On that account, this essay draws on sociological field theory as developed by Pierre Bourdieu (Bourdieu & Wacquant, 1992) and the more recent work on strategic action fields by Neil Fligstein and Doug McAdam (2012). 5 Although the application of field theory to policy fields as social spaces where state actors and non-state actors interact requires a broader theoretical discussion (see for instance Bernhard, 2011; Hösl & Reiberg, 2016), it is important to highlight the constitutive elements of fields and their implications for the analysis of internet policy: the relatively autonomous constellation of actors, the struggle over meaning making and the issues at stake.

Social fields, such as arts, sports or academia, are relatively autonomous spaces, composed of a specific constellation of actors with their own social rules (Bourdieu, 1991, pp. 25ff; Swartz, 1997, p. 126). In fields, ‘[...] actors take one another into account in their actions’ (Fligstein & McAdam, 2012, p. 28). A specific feature of policy fields is that they are a constellation of both state actors and non-state actors who negotiate and make sense of social problems in relation to each other. We can assume that both the degree of autonomy and the relationship of state-actors and non-state actors varies significantly between policy fields in different countries and between different policy fields within the same country. In Germany, for instance, the internet policy field is composed of a multitude of state and non-state actors, including a large community of internet activists6, NGOs7, academics, federal agencies8, business associations9, members of political parties who often define themselves as ‘Netzpolitiker’, and ministries—as our examples in this essay will highlight.

Like all social fields, policy fields are areas of both collaborative meaning making (Fligstein & McAdam, 2012, p. 46f.) and struggle (Bourdieu & Wacquant, L., 1992, pp.102ff). In other words, actors in a field are engaged in struggles over meaning making. In the internet policy field, the struggles concern the design of the technical infrastructure and the modes of regulating internet content and usage. But they also concern the definition of the internet’s role for society, for instance its framing as a public good, as a disruptive force of innovation or as a sphere of risk that requires surveillance. Many have argued there is a certain logic of the internet, inherent in its technical characteristics (van Vugt, 2016, p.131): the idea that the global internet should be open, decentralised, non-hierarchical and accessible to all (e.g. Schulze, 2016). Yet, as David Clark argues, ‘the character of the Internet as we experience it today is, in fact, contingent on key decisions made in the past by its designers, those who have invested in it, and those who have regulated it’ (Clark, 2016, p.9). Indeed, what some consider as the internet’s inherent logic has always been the subject of disputes, initially between a few technicians, the network pioneers (ibid., p. 12). With the increasing commercialisation and politicisation of the World Wide Web starting in the 1990s, more actors such as activists, governments, companies and users entered the game and modified the internet continuously (DeNardis, 2014, pp.15ff). This ongoing modification concerns both the internet’s technical design and the interpretation of this design. Broadly speaking, whereas some actors define the design of an open and neutral network as ‘inherently insecure’, others consider it as ‘inherently democratic’.

What occurs in a policy field cannot be reduced to the conflictual search for policy solutions to a given problem.10 Instead, the policy problem itself, the knowledge necessary to address it and its potential solutions are being continuously produced, negotiated and reshaped by the interaction between the field and its actors. Accordingly, concrete policy decisions also depend on the contested question of what is at stake in the field. Is it (cyber)security, innovation or the social value of an open and universally accessible global communication network? And who has the expertise and the regulatory competencies—similar to the Bourdieuian concept of capital—to influence policy options and their implementation? The struggles among actors over these competing interpretations, over the expertise and over related modes of regulation can be described as core conflicts of the internet policy field. They structure the field of internet policy and distinguish it from the struggles structuring other policy fields, for instance the field of environmental policies or security policies.

In sum, policy fields can be conceptualised as relatively autonomous and contested spaces in which state actors and non-state actors ‘jointly but antagonistically’ (Marres, 2007, p.773) engage in processes of meaning making, the production of expertise and the negotiation of policy options. In order to analyse how actors, issues and competences are interlinked and to identify the concrete processes through which actors become engaged in the field, this essay combines the field approach with the concept of discursive institutionalisation.

The institutionalisation of discourse in the policy field and its materiality

To identify the struggles that shape a policy field in an observable way, it is necessary to understand how actors build links between themselves and the policies, perceptions, expertise and regulatory competences that, through their interrelation, form the field and its structures. For this purpose, the analytical approach proposed in this essay combines the meso-level analysis inspired by field-theoretical approaches with a micro-level analysis focussing on discourses and their role for the emergence of the policy field. Inspired by interpretative approaches that emphasise the importance of discourse for policymaking and institution building, we understand discourses as the ensemble of ideas, narratives and definitions that attribute meaning to objects and phenomena and, by doing so, create and reproduce a certain worldview.11 Hence, discourses are not simply the result of meaning making and an expression of problem perceptions, they also actively influence them due to their productive and reproductive function (Milliken, 1999, p. 235).

The performative effect of a discourse is particularly strong if it affects the formal and informal institutions that define the context in and modes through which actors interact in a field (Schmidt & Radaelli, 2004, p. 192).12 Institutions serve as external structures that set the rules of the field. They are constructed by and, at the same time, structure the discourses and interactions in the field.13 But not all discourses are eventually institutionalised and develop a performative effect on the field and its actors (Phillips et al., 2004, p.638). In a policy field as a contested space, the process of discourse institutionalisation involves struggles between competing actors and their discourses. As our empirical research will show, in the end, it is either one of the competing discourses or the conflict itself that is inscribed in and, thereby, (re)shapes the policy field.

Thus, to better understand how actors are linked to institutions through discourses, it is necessary to analyse which discourses become institutionalised and, thereby, produce and change the institutional structure of the field: ‘If a discourse solidifies in particular institutional arrangements [...] then we speak of discourse institutionalization’ (Hajer, 2005, p.303). In order to retrace, on the micro-level, these moments of discursive institutionalisation and assess their performative effects on the actors, perceptions and practices on the field-level, we borrow the concept of ‘inscription’ from STS.14 There, the term refers to a process through which engineers, inventors and designers embed their visions, ideas and discourses in the material structure of objects or technical artefacts (Akrich, 1994), like the internet’s technical designers inscribed the principles of openness and de-centrality into the materiality of the network’s structure. Similarly, these visions can also be inscribed into institutional structures that constitute the material foundations of a field, such as policy programmes, organisational units and regulatory competences, and are equally artefacts as they are produced and shaped by the field’s actors. By inscribing discourses into the materiality of the policy field, actors link issues with perceptions, institutions and competences and, that way, fundamentally add to the processes of social ordering in the field.15

Through their inscription, discourses not only become part of the material world but also of actors' social practices; as a consequence, they are conducive to their own reproduction:

Objectified beliefs often become embedded in routines, forms, and documents, e.g. the types of classifications employed, and artifacts – tools, hardware, and machinery. We organize our material world in accordance with our mental categories, and the two become self-reinforcing. (Scott, 2014, p.149)

In this sense, materialisations are not pure representations of reality, they also transform and reproduce the discourses and conflicts embedded in them. They have a performative character and contribute to the exclusion of alternative worldviews. Accordingly, the inscription of discourses into documents, technologies or organisational structures can be seen as ‘[…] enactments of reality; they are means by which some things are made present and others absent, so that specific ontologies are performed into being and others made invisible’ (Nimmo, 2011, p.114). Moreover, through their inscription, discourses reach a more stable form and develop more permanent effects on actors, their perceptions and interactions. That way, discursive institutionalisations contribute to the development of a field-specific logic (Bourdieu, 1996, pp.227f; Thornton, Ocasio, & Lounsbury, 2012, p.148), just as the visions inscribed in the internet’s technical characteristics determine its inherent logic.

Retracing the institutionalisation of discourses and competences in the German internet policy field

As outlined above, policy fields contain a heterogeneous population of state actors (i.e. political parties, governments, ministries) and non-state actors (i.e. NGOs, private companies). Despite this wide range of actors, this essay takes a closer look at selected processes of institutionalisation of discourses and competences within German ministries, which for two main reasons are particularly useful for illustrating our analytical ideas.

First, federal and state ministries in Germany are important sites of production for political programmes, professional expertise and regulatory competences (Derlien, 1995, p.80). Organised according to the principle of departmental ministers (Ressortprinzip), ministries both shape and reflect particular perceptions of problems and the logics in the policy field for which the ministry is responsible. This is not only the case for a ministry as a whole (e.g. the Ministry of the Interior following the logics of security) but also for the different divisions within the ministries (e.g. the IT Division following a distinct logic of IT security). Second, although ministries produce discourses that shape the policy field through their competences and programmes, they are simultaneously responsive to public, professional and political debates. Thus, we often see that a certain discourse is taken up by a ministry, where it materialises and solidifies into organisational structures and regulatory competencies. It is through both these functions—the production of discourses and their inscription—that ministries link issues with competences and institutional structures and, hence, contribute to the emergence and shape of a policy field.

To develop a historical perspective on the emergence of the internet policy field in Germany, the empirical examples in this essay illustrate instances of institutionalisation of international discourses in ministerial structures and competences. They took place at different moments in time and in two different ministries, namely the Federal Ministry of the Interior and the Federal Ministry for Economic Affairs.16 Both of them are in charge of implementing the German Digital Agenda, a strategic policy programme adopted by the current government coalition in August 2014.17 To retrace the moments in which conflicts and discourses materialised in these two ministries, we draw on organisational charts and semi-structured interviews with senior officials of federal ministries. The analysis of organisational charts has allowed us to understand how ministries take up and frame new issues and structurally integrate them in light of their specific policy traditions and remit.18 The qualitative interviews help us to detect narratives that explain the findings gained from the organisational charts in more detail.19 Each empirical example addresses in a first step the inscription of a discourse, followed by the creation of material structures and their contribution to social ordering and, lastly, the inscription’s further implications for the policy field.

(a) The institutionalisation of the information society discourse

Like most other countries, Germany began to develop a political response to the internet and its societal impact in the early 1990s, when the discussion on the information society started to unfold on both the national and international level. The concept of 'information society' was commonly used as a metaphor to capture the importance of information for economic and societal progress. Accordingly, many countries and international organisations started to adopt information society policies designed to pave the way for the transition towards an information economy driven by digital technology.20 Despite their similarity, the various initiatives differed in their nuances, revealing a key conflict inherent in the policy debate on the information society—a conflict that has accompanied internet policy discussions ever since. It consisted in the struggle between those who wished to accomplish the transition towards an information society through market liberalisation and self-regulation of the private sector and those who argued in favour of a more regulatory approach, which would strengthen the role of public authorities in planning and coordinating this transition (see also Kubicek, Dutton, & Williams, 1997; Moore, 1998).

The German government perceived the transition to the information society as a matter of necessity resulting from international pressures and from what the government considered an inevitable external development (Thorein, 1997, pp. 69f). Therefore, it decided to build up regulatory capacities to shape the transition, which led to the institutionalisation of the discourse on the information society. Indeed, the discourse was inscribed in the bureaucratic structure of the German public administration in form of a ‘Working Group on the Information Society’, created within the Federal Ministry for Economic Affairs in 1995.21 The ministry’s Division for Industry Policy developed the idea for this working group in the context of an internal debate reflecting the core conflict related to this early period of internet policies: as interviewees pointed out, there was a sense of anxiety in the ministry that too much regulation might be a barrier to the expected positive effects of the information society. Hence, many traditionalist actors in the ministry claimed that the existing competition policy was a sufficient regulatory frame for the digital age, whereas others argued in favour of a dedicated strategy for the information society in form of an industry policy.22 As the then Minister for Economic Affairs, Roman Herzog, saw both positions as equally important, there was high-level support for both sides. Thus, the constellation within the ministry was favourable for the institutionalisation of the information society discourse.

Among other tasks, the new working group was responsible for the development of an influential strategy paper on the information society, called ‘Info 2000’ (BMWi, 1996; Thorein, 1997, pp.58ff)23, which institutionalised both the dominant discourse on economic progress and the core conflict between market liberalisation and a stronger regulatory approach. It expressed the idea that governance instruments like data protection and labour law should be adapted to the requirements of the information society (Thorein, 1997, p.70) and the view that laws concerning the protection of consumers, data, youth, and others are not values per se but simply means to increase the acceptance and usage of the internet (Scholz, 2004, p.71). That way, the inscription of the information society discourse in the ministry led not only to its materialisation in form of a newly created organisational structure; it also materialised in form of an important policy text and thus contributed to the ministry’s and its actors’ effort to shape Germany’s response to the new technological developments.

The performative effect of the materialisation of the information society discourse did not remain limited to the Ministry for Economic Affairs alone. Indeed, the ‘Info 2000’ paper served as one of the major reference points for the ‘Multimedia Act’, which was adopted in 1997 (Bundesregierung, 1997) and constituted the first German law accounting for the technological developments of the early 1990s in a holistic way. The working group was the first impetus in the Federal Ministry for Economic Affairs to produce expertise and regulatory competencies for the new policy questions related to the growing importance of digital technology. By inscribing the information society discourse, the ministry created a first material link between the economic issues, the internet and itself. It thereby shaped the structures of the new policy field and inscribed its own role in a strategic and solid way, with the result that today, in 2016, the competencies of the former working group are part of a proper Division for Digital and Innovation Policy, which is responsible for most economy-related parts of Germany’s Digital Agenda.

(b) The institutionalisation of the IT security discourse

Some years after the initial institutionalisation of the information society discourse within the German administration, we can observe the inscription of a second discourse that eventually shaped regulatory competences for internet policy, this time created by the Ministry of the Interior. At the turn of the millennium, two major IT-related security issues raised public attention for the risks of technological development. The first issue was related to the change of date from '99 to '00 that was feared to cause dramatic failures in IT systems (known as ‘Y2K bug’), potentially affecting almost every aspect of social, economic and political life, including healthcare, financial markets and nuclear power (Special Committee 2000, 1999)24. The second security issue consisted of the computer virus named ‘ILOVEYOU’, a bug hidden in a fake love letter that spread via e-mail, affecting millions of computers within a few days.

The Y2K bug and the ILOVEYOU virus were not simply technical problems that had to be dealt with. Rather, they were discursive events which, in the ministry and beyond, led to a new level of awareness of how much the state’s capacity to act was dependent on global IT infrastructure. According to some interviewees, both these events were major triggers for the decision of the German Ministry of the Interior to concentrate all IT-related competencies in a single unit, the IT Staff (German: IT-Stab), which was created in 2002.25 The IT security discourse materialised in the ministry’s organisational structure through the creation of the new unit.26 In the following six years, the IT Staff developed from a unit outside the regular organisational hierarchy into a proper division. Named ‘Division for IT and Cyber Security’ since 2014, it bears responsibility for the Ministry of Interior’s stake in implementing the German Digital Agenda. Thus, through the early inscription, the ministry not only linked internet and security issues in a stable way. It also institutionalised its own role and competence in the emerging policy field.

One particular decision concerning the IT Staff’s design in 2002 illustrates how the way in which the security discourse was institutionalised shaped the further development of internet policy within the Ministry of the Interior. As an interviewee explained, the IT Staff’s composition was guided by the idea to pool ‘genuine IT topics’ within a single unit. Yet, instead of regrouping all existing IT-related technical and regulatory competences, the ministerial officials decided that the IT competence of the security agencies (police, internal intelligence agencies) should remain within the Division for Public Security. This organisational setting, characterised by a clear thematic distinction between general IT issues and the IT competence of the security agencies, contributed to institutionalising a conflict in the ministry which remains central to the internet policy field until today: the conflict between the protection of IT systems, on the one hand, and the possibility for security agencies to intrude into these systems, on the other hand.

The conflict between a preventive and repressive side of cybersecurity, as it was characterised by one interviewee, is in fact a variation of what is commonly described as the ‘crypto debate’.27 For more than ten years, this conflict has been the subject of ongoing internal debates between two divisions of the ministry, the Division for IT and Cyber Security and the Division for Public Security. At the same time, the controversy over the protection (e.g. by encryption) and intrusion of internet communication (e.g. through spyware) has linked bureaucrats, security officials, politicians, and activists who are jointly but antagonistically engaged in the internet policy field.28 Thus, the inscription of the IT-security discourse in the ministry not only structured its own perception of internet policy but had a long-lasting influence on the larger debate and, hence, on the processes of social ordering in the field in general.

(c) The institutionalisation of the political discourse following the Snowden disclosures

While the first two examples illustrate the discursive institutionalisations shaping the organisational structures of the emergent internet policy field in its early stage, the third example shows how actors altered or intensified the institutionalisation of discourses and conflicts in the field and, thereby, created new or strengthened existing links between issues and regulatory structures. This happened in the context of the political debate that followed the revelations by the former National Security Agency (NSA) subcontractor Edward Snowden in 2013 concerning the mass surveillance programmes of the US foreign intelligence service and its allies. The political discourse on illegitimate and uncontrollable data collection and surveillance that was triggered by the Snowden disclosures reflects the tension between the global nature of the internet and policy problems at the national level. However, our interviewees made clear that the disclosures were taken up and institutionalised in a selective manner by the two ministries under investigation. The Ministry of the Interior focused on the vulnerability of national infrastructures embedded in global communication networks and framed the intelligence practices revealed by Snowden as a problem of security. The Ministry of Economic Affairs, by contrast, highlighted the technological and economic dependency on other countries or regions, which it perceived as a question of primarily economic nature.

In the context of the Digital Agenda, which was adopted a year after the first revelations by Snowden in 2013, the Ministry of the Interior established two new units dealing with ‘cyber issues’: a unit responsible for ‘IT and cyber security; secure information technology’, which is part of the existing IT Division, and a unit concerned with the technical competence of Germany’s internal security agencies and the prosecution of ‘cybercrime’ within the Division for Public Security. This expansion of ‘cyber’ competences through the establishment of two separate units in different divisions was accompanied by the introduction of an overarching management structure in the form of a director heading both units. This union at management level is remarkable since the IT Division and the Division for Public Security share an interest in digital technology but—as described above—in a confrontational manner. Whereas the IT Division is concerned with the protection of information systems, for instance through encryption, the Division for Public Security seeks to improve the capabilities of the security agencies to fight ‘cybercrime’. The Snowden revelations and the increased awareness of ‘cyber threats’ related to terrorism increased the existing controversy and, following long internal discussions among the ministerial staff, materialised in additional competencies for both protection and intrusion. As indicated by interviewees, the appointment of a joint director reflected the need for better coordination and mediation.

The disclosure of the surveillance programmes by the NSA and its partner services also intensified another debate which the Ministry for Economic Affairs inscribed into its institutional setting. Triggered by the increased perception of technological and economic dependencies on other countries and foreign companies in the IT sector that followed the Snowden revelations, a debate emerged regarding the trust in and security of IT infrastructures and applications. Politicians across Europe put forward solutions to this perceived problem that ranged from technical proposals like localised routing to measures fostering national IT sectors and were often summarised under the term ‘technological sovereignty’ (Maurer, Morgus, Skierka, & Hohmann, 2013, pp.28f). The core conflict embedded in this debate is the tension between striving for more control over information flows and protecting the ‘free and open internet’ and the global free flow of information (Maurer et al., p.4).

The term ‘technological sovereignty’ gained popularity in Germany as well, and the current German government inscribed it into its 2013 coalition agreement (CDU, CSU, & SPD, 2013, pp.103f.) and the 2014 Digital Agenda (BMWi, BMI, & BMVI, 2014, p.4). Finally, it also materialised within the administrative structure of the Ministry for Economic Affairs.29 for the new responsibilities created within the ministry. According to an interviewee, the ministry saw the need to increase its capacities for issues often neglected due to the broad focus of the Digital Agenda. Therefore, in 2015, it established a new unit within the Division for Digital and Innovation Policy, which among other tasks is in charge of ‘digital sovereignty’. With this move, the ministry not only inscribed the sovereignty discourse into its structure and thereby created a material and more permanent link between the conflict embedded in the discourse and its own competences. It also influenced the perception of policy problems and the production of expertise beyond its own institution as it linked economic, academic and administrative actors and key topics of digital sovereignty by developing a policy paper in cooperation with a group of experts (BMWi, 2015).30 It thereby reinforced and shaped the debate on technological and economic dependencies in Germany.

Conclusion

This essay proposes an analytical approach which conceptualises internet policy as a field of struggle that emerges through processes of discursive institutionalisation. It identifies key conflicts and discourses that, thanks to their materialisation in the policy field, are able to link actors, issues and regulatory competences and, thereby, shape the field’s structure in a temporary yet stable manner. For this purpose, we combine field theory and approaches focusing on discourse and institutions with STS tools, in particular the concept of ‘inscription’. While the field approach serves to emphasise linkages and structures and to address their temporal stability on the field-level, the focus on discursive institutionalisations allows us to scrutinise the material traces left by inscriptions, for instance in form of organisational structures or policy papers. Hence, the conceptual combination makes it possible to evaluate the performative effect that the identified discourses and conflicts had on the policy field as a whole.

We illustrate this conceptual approach via three selected examples that show how international discourses related to the internet materialised in organisational structures in German ministries. The discourses on the information society of the early 1990s and IT security around the turn of the millennium were not transient debates that passed without leaving any traces. Instead, they created cognitive effects that translated into permanent structures within the Ministry for Economic Affairs and the Ministry of the Interior. These first materialisations were the starting point of a development that has led to proper divisions in charge of internet policy within both ministries, indicating that internet policy has grown into a relatively autonomous field of action within the German administration. The third example highlights how the two ministries selectively inscribed the political discourse following the Snowden revelations into their organisational structure, as the disclosures intensified existing debates in IT security and the call for more technological sovereignty. The examples show, on the one hand, how both ministries became actors in the emerging internet policy field through the discursive institutionalisations. On the other hand, they demonstrate how the ministries sought to position themselves within the field by shaping and reproducing field-relevant discourses and, thereby, influencing the field beyond their borders.

Furthermore, our analysis has identified two central conflicts and related struggles which have shaped the policy field’s emergence and—in various facets—have structured many controversies in the internet policy field until today. Through the information society discourse, internet regulation became linked to the conflict between free-market liberal ideas and approaches that emphasise the need for dedicated political intervention. Besides the economic question of regulation versus liberalisation, the second example adds the institutionalisation of another, related core conflict to the map of the internet policy field: the conflict between the protection and the intrusion of digital communication. Both conflicts, as highlighted in the example related to the Snowden revelations, are connected to the tension between the internet as a global communication infrastructure and the attempts of actors to influence the internet through local regulation within the nation state. The conflicts’ institutionalisation not only linked the related issues in a solid manner to the German internet policy field, it also created links between different actors in the field, as the ministries we investigated continuously engage with other state and non-state actors in the struggle over these core conflicts.

By combining the observation of the emergent policy field with the micro-level processes of discursive inscriptions, we gain insights into the materiality of the field that links actors, issues, expertise and regulatory competences. In addition, we are able to observe how actors seek to contribute to the processes of social ordering in the field that, ultimately, impact the autonomy and stability of the newly emerging policy field. In order to paint the larger picture and look at the policy field in its entirety, the proposed analysis would need to extend to other actors involved in the field, including non-state actors. Even more importantly, it needs to address the relation between these actors in a systematic way by retracing their linkages via shared or contested discourses and responsibilities. The identification of relevant conflicts and the initial analysis of relevant actors in this essay may provide a useful starting point in this respect. In addition, since in other countries the core conflicts might differ and materialise in other institutions, our future research will also assess processes of discursive institutionalisation in different countries to uncover the many interrelated yet often competing discourses, actors, issues and regulatory responsibilities that configure the internet policy field as a whole.

This paper is part of 'Regulating the sharing economy', a Special Issue of the Internet Policy Review.

Defining sharing economy

The ‘sharing economy’ is a concept that has received a lot of attention in both academic and popular writing in recent years (e.g., Botsman and Rogers, 2010; Cohen and Kietzmann, 2014; Nicholas A. John, 2012; Rosen, Lafontaine and Hendrickson, 2011). Yet, very rarely has this concept been discussed in the context of media services. In this article we will demonstrate the relevance of the sharing economy concept for understanding contemporary changes in media markets and, especially, how content sharing practices may undermine the existing policy frameworks that regulate these markets. In particular, we demonstrate how online video sharing practices are incompatible with and may challenge the updating of the European Union’s (EU) core regulative instrument, the Audiovisual Media Services Directive (AVMSD). The AVMSD is understood to have facilitated recent successful export of audiovisual content by European producers, which could now be at risk. Furthermore, the article seeks to demonstrate how new video sharing practices could also lead to concentration of media markets in the EU due to ‘network effects’ present in sharing platforms. This outcome would contradict the general perception of the sharing economy as facilitating more effective coordination, inclusivity and plurality in markets.

Before discussing the effects of the sharing economy for EU media policy let us first define this phenomenon more broadly and then in relation to the specifics of media markets. The sharing economy is generally characterised as an exchange practice where economic agents do not purchase properties to own them, but rather where the sharing of these properties among them is the prevalent trend. In a sharing economy, having access to something is more important than owning it (Belk, 2014). Yet, is the sharing economy altogether new? This is questioned since the sharing of resources among members of a society can be seen as one of the oldest forms of economic governance. Indeed, as Baldwin and von Hippel (2009) indicate, due to the very high production and communication costs, sharing was one of the main forms of economic governance in ancient and agricultural societies. Whereas industrialisation conditioned firm-driven production and markets in the industrial era, the steep decrease of design and communication costs in the network society has facilitated the emergence of so-called hybrid economies, in which non-market activities, such as the sharing of skills, labour, assets or knowledge, often without the accompanying exchange of money, have become important components of the emergent societal order and new economic relationships. In the network society, users of social media platforms such as Facebook and YouTube share information and media content with each other, while on platforms such as Airbnb or Uber, they ‘share’ their accommodation or cars. Networked communications and social media platforms are therefore characterised by low communication costs, which have enabled new forms of connection making, cooperation and sharing between economic agents on the global scale (Rifkin, 2014). As John (2013) points out, sharing is the fundamental and constitutive activity of Web 2.0.

On the other hand, various new operations that rely on the Web 2.0 logic of coordinating the actions of network participants and marketing their operations as ‘sharing’ are, as demonstrated by Slee (2015), potentially about organising established services differently in order to circumvent existing market regulations. Such activities tend to result in harsh free-market practices being extended into previously protected areas of people’s lives, also pushing vulnerable individuals to take on unsustainable risk. The non-market activities that would actually justify the term ‘sharing’ in these operations are often very minimal. Therefore, services such as Uber are in reality just expressions of neoliberal capitalism under the mask of the sharing economy.

The sharing economy in the media

Whether similar concerns could also be raised about the media and other content industries is, however, a stimulating question. For answering this we need to distinguish between different kinds of sharing. According to John (2013) sharing economies can be either of consumption or of production and this applies also to the media field.

In terms of sharing economies of production or ‘collaborative production’, what is relevant for the media and content industries is that networked technologies enable interested parties to ‘share’ their labour - i.e., to work for free in the content production or service development processes (see also Terranova, 2004). This usually means that fans or other interested users participate in creating and editing media content on a large scale (see also Bruns, 2012). As Von Hippel (2005) has demonstrated, there is a range of rationales for people to contribute their labour including enhancement to reputation in specific communities and the potential positive network effects to that reputation if the particular product gains traction.

What is important, however, is that such rationales and activities contribute to the production of culture and knowledge outside the traditional market (Benkler, 2006). Yet, paradoxically, any audience member who shares data, information or content with content-producing companies can thereby be said to participate in the company’s production and value creation processes. Practices of crowdsourcing (Howe, 2009) and citizen journalism (Allan and Thorsen, 2009; Goode, 2009), where audience members actively participate in the acquisition and creation of content, are forms of collaborative production and expressions of a sharing economy in the media field.

Sharing economies of consumption may include collaborative forms of content consumption through the re-distribution and spreading of content among peer-to-peer networks or through any form of social networking as part of a shared media experience, as, for instance, discussed under the headline of social TV (Botsman and Rogers, 2010; Noam and Pupillo, 2008; Pagani and Mirabello, 2011). Yet, while sharing economies of production are generally celebrated for their potentially democratising effects the sharing economies of consumption are perceived as more controversial. The views on free content sharing are often ideologically charged in terms of their impact on the societal order and development as well as on cultural evolution. The different views on content sharing by audiences become clear when we consider that audience members that practice free sharing can be conceptualised both as citizens and as consumers.

First, when we conceptualise the audiences and users as ‘citizens’, i.e., political and social agents, then content sharing, even without the consent of intellectual property rights owners, is often viewed in popular discourse as being associated with freedom of speech and the free exchange of knowledge by all and to all. Such an exchange is expected to facilitate the ‘democratization of innovation’ (von Hippel, 2005) and therefore also more innovation, followed by more development, economic growth, cultural diversity and potentially a more equal distribution of wealth in society. Most importantly, the capability to share and, therefore, also to access knowledge freely is seen as translating into citizen empowerment and the widespread distribution of agency. It is, therefore, often claimed that the sharing of knowledge in the form of access to content may be good for the polity, i.e. for the effective functioning of contemporary societies. There has been a consensus forming among policymakers that, as much as possible, new policy frameworks should enable free sharing of new knowledge – especially government funded research results, academic articles, etc. (European Commission, 2016b).

Second, when we define audiences and users as ‘consumers’, i.e. economic agents, then the general tone often turns more negative, where the sharing of content as a violation of copyright is seen to harm the media and other content industries (although evidence to this has been disputed, see Mansell and Steinmueller, 2013). In this context it should be emphasised that the sharing of content usually does not involve the turning over of the property rights. The logic behind intellectual property rights (IPR) means that in the case of content ‘sharing’, what is really shared is access to the content, thus enabling its consumption with regard to specific circumstances (e.g., on specific platforms, within a specific timeframe, etc.). Therefore, the sharing of content does not mean that the owner of the property, as a rule, needs to tolerate the risk of losing it, other than the risk of potentially needing to change how the particular property is made to generate returns for its owner.

Yet, there are plenty of examples where especially audiovisual media industry losses from peer-to-peer sharing have been calculated to be colossal, content sharing has been criminalised and countries have moved towards hardening the penalties. This is despite the fact that young sharers of media content are often unaware of the illegality of their actions and may be driven by reciprocity (Becker and Clement, 2009). Still, relevant for the further discussion in this paper is that differently from some other content production sectors, in case of audiovisual media industries the policy work has mostly focused on minimising free sharing by audiences.

In parallel to this, also new perceptions have emerged from within the media industries. It is often realised that sharing of content properties by users may support new kinds of ‘hybrid’ business models that enable new ways for content owners to generate income (Lessig, 2008). That is, where there are heightened interests around particular media content, facilitated by a free sharing practice, this may be used for the additional monetisation of it in various forms. Very often, media organisations follow so-called freemium business models (Anderson, 2009), where they share content or parts of content for free in return for promotional sharing activities by audiences, but also in return for data on audience behaviour, which may be useful for the improvement of future content creation as well as for marketing purposes. Such a hybrid economy, conditioned by free sharing practices, is increasingly becoming the new normality in the media sector.

In-depth interviews by one of the authors with 25 audiovisual and print media providers in Estonia, Finland and Germany (carried out between 2011 and 2015), for instance, demonstrated that content providers are increasingly choosing to share their content or promotional material across a variety of online platforms (Rohn and Baumann, 2015). Through, for instance, sharing their videos freely on YouTube, companies hope to trigger further sharing behaviour by audiences. Over their interaction with audiences, companies hope to receive crucial information to help them improve their services. Therefore, various kinds of sharing practices are increasingly prevalent in the media industries.

The sharing economy may contribute to media concentration

What is also of crucial interest is to know where such sharing activities take place. As it became clear through the interviews, both content owners as well as the audiences prefer to utilise the few globally dominant platforms for their sharing practices. These include, above all, YouTube, Vimeo and Facebook. This means that the gatekeeping function for the sharing-based global societal dialogue is carried out by only a few service providers, mostly of North American origin.

What is the reason for this highly concentrated, oligopolistic market for platforms that enable sharing practices? We suggest that among the main conditioning factors is the phenomenon known as positive network externalities (also: network effects). The theory of network effects stems from economic theory and claims that the value of a network depends on its number of users (David and Greenstein, 1990; DiMaggio and Cohen, 2005; Katz and Shapiro, 1986; Rohlfs, 1974). Hence, due to network effects, the more members a platform for sharing purposes has, the more attractive it is for any of its users (Ahn, 2009; Cusumano, 2011; Kwon, 2011). A study by Rohn (2013), for instance, showed that Facebook is so popular because of its large membership, which further attracts users from different cultural and geographic background. Although not all members of Facebook may be relevant to a specific user, according to Reed’s Law (Reed, 2001), the utility of a social network scales exponentially with its size, even if the direct number of contacts per individual is very small. Likewise, Skype, for instance, is more valuable to any of its individual users the more people use it on a steady basis. Hence, large, international platforms for sharing purposes benefit from network effects that no national or local platform could offer.

One problem with network effects is that such ‘value pull’ often leads to concentration in the specific markets, since the majority of consumers tend to prefer the most popular services. In the case of standard communications services, such as telephone or VoIP (Voice over Internet Protocol), this problem is mostly ‘economic’ – whereby monopolistic players may not serve society in the best or cheapest ways. Yet in the domain of media and culture, the concentration is also feared due to its potentially negative effects on cultural diversity or political pluralism.

Our suggestion is that network effects are highly relevant for markets affected by sharing practices since people share where there exists a potential for exchange with as many others as possible. For instance, users are likely to register their cars for ride-sharing on the most popular platform for this purpose and they are also likely to share media content on the platform that has the most users and most active interactions between contributors. Therefore, while the economies of scope and scale logic has traditionally conditioned media markets to slide towards oligopolistic structures, it may be suggested that the network effects of sharing practice may further contribute to the situation of only a handful of large online platforms controlling the global hybrid economies of the contemporary media and content sectors. We will discuss below the implications of this tendency for the design of EU’s Digital Single Market strategy and the risks involved for EU’s smaller member states and their media systems.

Market concentration with all its associated threats represents a classic challenge for media policy making anywhere in the world. But what exactly are these challenges this time as platforms such as YouTube are effectively nothing other than channels that enable content sharing practices by an unprecedented number of users from all over the world? As such, would they not, in fact, facilitate and promote cultural diversity? The problem is that as global platforms with a universalised approach, they are not designed to serve specific national cultures by taking into account their particularities. There is evidence, for instance, that when memory institutions, such as libraries or archives, use these platforms to share their historical audiovisual heritage content, then YouTube algorithms suggest to users only the most popular videos and make finding the less popular, but still highly valuable, videos often impossible or at least the search results unpredictable (Vonderau, 2015). Further, Vonderau (2016) demonstrated how YouTube’s focus has changed over the years from facilitating sharing by individuals and servicing interactions within communities to streamlining consumption processes. As such, YouTube’s new focus lies on a channel- and genre-oriented interaction design, centred on pushing content towards viewers with the help of an algorithm that prioritises videos with longer overall viewing sessions over those that receive more clicks. Vonderau (ibid.) suggests that today, YouTube’s interface resembles that of Netflix, evoking television’s programmed flow rather than, for instance, the interaction on a dating website that it imitated in its infancy.

This suggests, first, that such ‘sharing economy’ companies in media markets are moving towards decreasing the sharing component of their hybrid models. Second, in terms of John’s (2013) distinction between a sharing economy of production and a sharing economy of consumption, we witness a gradual move from the first to the second. Thirdly, for policymakers regulating the sharing economy as something distinctly different from more traditional services of media content distribution, would be a difficult endeavour – content sharing is increasingly an element of hybrid offers of online service providers and any regulative framework will need to accommodate this. Lastly, if sharing contributes to positive network externalities and, therefore, also to the dominance of only a few platforms in any market then this constitutes a new challenge for media policy making, including the design of the Digital Single Market (DSM). We will elaborate on this in the rest of this article as we discuss the effects of the sharing practice on the market evolution in Europe as well as on the cultural diversity in the EU Digital Single Market and then analyse the ways to accommodate these trends with existing regulatory frameworks.

The impact of the sharing economy on the Audiovisual Media Services Directive

The DSM strategy initiated by the European Commission is set to be completed under Jean-Claude Juncker’s presidency by summer 2019.Therein, the EC seems broadly aware of the complexities of the sharing economy and the challenges faced in regulating it. In its communications in 2015, its representatives repeatedly stressed that, while the sharing economy through its increased consumer choices offers opportunities for increased efficiency, growth and jobs, it also raises new regulatory issues (European Commission, 2015a). The potential for the associated threats were articulated and inquired about in the EC public consultation in autumn 20151. Although the results of this consultation have not been presented by the time of writing this paper, the questions in the consultation indicate that the EC has been most concerned about the dissolving rights and obligations of both the providers and consumers of services; the weakening of employment and social rights for workers; the non-compliance with health and safety standards and regulations and the rise in undeclared work and the black economy; as well as the uncertainty related to the protection of personal data, etc.

These concerns relate mostly to other sectors than the media, but the same consultation addressed also the roles of dominant platforms and here the complexities of the contemporary media economy are certainly forming on the horizon. The consultation asks for transparency of the platforms and asks if the relationships between the suppliers of content and the platforms should be regulated by the EU or if self-regulation by platform operators should be trusted. Such dilemmas will have implications in the first place for the EU’s Audiovisual Media Services Directive (European Commission, 2010).

The AVMSD is the EU’s regulatory instrument to design the single market for audiovisual media. That is, television in the first place, but it has implications also for the film sector. The existing version of the AVMSD has been in force since 2010 and has also started to lightly regulate video-on-demand (VOD) services. That is, there has been a graduated approach to audiovisual media regulation in Europe, involving strong regulations for broadcasting and light regulations for non-linear services. However, both the EC as well as the member states (Council of the European Union, 2014) have noted the further service convergence and the growth of online content consumption among audiences, which is motivating further regulatory convergence – leveling the terms for different content transmission methods – and therefore also the revision and updating of the AVMSD. The EC announced the updating of the AVMSD in 2015, carried out an associated REFIT (EC's Regulatory Fitness and Performance programme) analysis and conducted a related public consultation and other studies.2

One of the first conclusions of the review indicates that the majority of EU member states and interest groups see, indeed, the need for leveling the regulations for different transmission technologies and platforms. It is understood that the sector has already converged when it comes to all aspects of the value chain, e.g., consumption, distribution, production. Most media providers deploy various cross-media strategies and diversify their services across different distribution technologies, while most content travels across multiple platforms and most users access media content on a variety of channels or platforms (Ibrus and Scolari, 2012). In this situation, maintaining different regulatory regimes for different technologies would create unnecessary complications and unfair conditions for market participants. Hence, the consensus that emerged based on the public consultation that the regulations need to converge.

There are several challenges to this convergence. One is related to the incompatibility between the AVMSD and the EU’s E-Commerce Directive. The core logic of the AVMSD is that media services are licensed by member states and therefore all audiovisual media should have a ‘country of origin’ in the EU. In parallel, the E-Commerce Directive maintains that business in the internet should not be based on member states issuing licenses – i.e. the right to provide any kind of service online should be made available and free to all. Furthermore, from the human rights perspective, the Council of Europe has repeatedly addressed that issuing licenses for a right to publish content on the internet would be harmful to freedom of expression. In this context it is often seen that video sharing services (as market based innovations that could be understood to contribute positively to the freedom of expression) should not be drawn under the scope of the AVMSD. The proposition that this paper elaborates below is that, indeed, the sharing practices on some media platforms pose a challenge that may make the entire tradition of audiovisual media policies in Europe obsolete.

The AVMSD has several rationales, but key is to overcome the fragmentation of the European media market and to coordinate the evolution of a European single market for audiovisual content. It does this by facilitating demand for European works in member countries, which it has done so far with relative success (Ibrus, 2016). Historically, US dominance in the international export markets for film and television content has been facilitated by its huge monolingual domestic market, which has enabled a rich generic variety in production and good average returns from the home market, which in combination has enabled a significant flexibility in export strategies (Hoskins and Mirus, 1988; Rohn, 2004). Historically, Europe, which is a conglomerate of fragmented small national markets, has not been able to compete with the flexibility and related market power of the North American distributors. But now the AVMSD (and the directives and conventions that preceded it), with its provisions that require 50% of the programmes of all European broadcasters to originate from Europe and 10% of content to be commissioned from independent producers, has to some extent neutralised the limitations due to European market fragmentation. As one of the authors of this paper has argued (Ibrus, 2016), the increasing export of European content, such as Scandinavian drama series or UK TV formats, not only within Europe but also globally, has been expedited by the provisions of the AVMSD. In our country of residence, Estonia, the change over the last two decades has been visible and dramatic – American TV-series that once dominated the TV schedules have been replaced by drama content and other TV formats from different corners of Europe. AVMSD, therefore, has functioned as a market coordination mechanism that has facilitated the growth of demand for original European content and has encouraged European producers to invest in development, innovation and quality, which in turn has resulted in further demand in Europe and elsewhere.

The main question regarding the potential leveling of regulations for linear and non-linear audiovisual media is: how, at times of convergence, can one achieve the same or similarly positive results for the European audiovisual industry and culture? Current discussions indicate that this may be very difficult since extending the AVMSD logic to non-linear internationally provided VOD-services may not be possible, as the content of digital catalogues cannot be regulated similarly to linear broadcast programmes. This is mostly because these catalogues may be structured and used in very different ways. For instance, the provision of news and current affairs video content on generic news portals is, as a rule, constantly being updated and, therefore, what is prioritised is the most recent content. At the same time, Netflix, for instance, organises its catalogue of professionally produced material based on its dynamically changing genre-categories (Madrigal, 2014) and on users’ previous choices. YouTube, in turn, is mostly a video-sharing service, where the content offered to users is based on their search queries and on previous activities on its website. In the latter context, trying to make sure that certain percentage of YouTube content is of ‘European origin’ or that 10% has been commissioned from independent providers would not make much sense.

With this we want to emphasise that it is especially the sharing model of YouTube and the like that are about to undermine the extension of the AVMSD model to non-linear media platforms. This leads to the question of whether it would be possible to distinguish in regulatory terms between ‘sharing economy’ platforms and more conventional ‘curated’ platforms? Indeed, the EU Commission thinks it is doable, since its proposal (European Commission, 2016a) for the updating of the AVMSD published in May 2016 includes a distinction between VOD providers and video-sharing platforms whereas the latter are generally not included into the scope of the AVMSD. Therefore, only “VOD providers” would have to make sure that 20% of their content is of European origin. We expect such distinguishing to become very difficult due to the dynamically changing operational models of online video content provision services. As was shown above, although Netflix and YouTube may be seen as opposites, with one offering subscription-based access to professionally produced content and the other offering free sharing by everybody, the latter has been becoming gradually closer to the first – it has started to aggregate content into subscription-based channels and is launching new forms of subscription/VOD-like services such as YouTube Red that offers professionally produced content commissioned by YouTube. Furthermore, there are plenty of services in Europe offering often various kinds of hybrid forms that combine elements, such as sharing, free viewing, subscription and content purchasing, to various degrees. We therefore suggest, that as sharing practices become an increasingly omnipresent element in the wider media ecology, it makes continuation of the existing regulatory tradition impossible.

Risk of market concentration in the Digital Single Market

The ways that sharing practices induce network effects and therefore media concentration in Europe is another challenge for the development of the DSM. This is related to another articulated aim of the DSM strategy – to minimise the ‘unjustified geoblocking’ practice by media service providers. That is, the practice of only enabling access to a media service from the national territories for which they control the copyright or have licenses. The EC commissioners immediately responsible for the DSM – Andrus Ansip and Günther Oettinger – have been critical of the practice of geoblocking, pointing out that the single market is not functioning well if the access to specific content services is not enabled across national boundaries. This discourse has not been well received by AV-industry representatives anywhere in Europe, since the territory-by-territory sales of rights have enabled them to fund filmmaking more effectively. In particular, the whole co-production model could be undermined, as it presumes co-production parties receiving and then exploiting exclusive rights for specific European territories. Still, copyright legislation in Europe, as elsewhere, is based on international treaties, and its central principle is its territorial application, and therefore the EC’s hands are somewhat tied as it cannot make rights holders issue pan-European licenses or the buyers to pay for such licenses. Still, in December 2015, the EC published a proposal (European Commission, 2015b) that suggested cross-border ‘content portability’ for limited (although unarticulated) periods, enabling Europeans with lawful access to specific services to use the same services unhindered when travelling. However, such practices when implemented may still resemble a form of ‘passive sales’ and may therefore undermine the content production industry’s business models.

The problem here for cultural and media policymakers is not only that the audiovisual industry but also, in particular, the content production industry would suffer. Also the potential blurring of national media spaces may have a negative impact on the media industries of the member states and could potentially facilitate the emergence of very large players that could then dominate media service provision in all of the EU. Indeed, there is already plenty of evidence that media markets have a tendency to evolve towards oligopolistic structures (Doyle, 2013) and, therefore, the risk is that if indeed an unhindered digital single market was to be enabled, this too would be dominated by only a very small number of providers. This could be expected to happen due to many factors, including the economies of scope and scale logics that have traditionally favoured larger operations in media markets. However, in the network economy, what adds to this is the logic of ‘network effects’ that, as suggested earlier in this article, may support the evolution of the oligopolistic market structures and the further lock-in of such structures.

What is problematic with such potential development is that the platforms currently set to dominate the European digital market (YouTube, Netflix, Amazon, Hulu, etc.) are all of US-American origin (see also Cunningham and Silver, 2013). The problem is not specifically about who owns these companies, but simply about the nature of their existing business conduct, which does not seem to be oriented to facilitating cultural diversity in Europe, as their catalogues are dominated by American content (Grece, Lange, Schneeberger, and Valais, 2015). Regarding professionally produced content, such dominance of American content in their catalogues is due to these players usually having close relationships with the dominant US-American film and TV content distributors, such as Warner Bros., 20th Century Fox and Sony Pictures Entertainment, whereby they are able to broker comprehensive and occasionally exclusive deals with them. In comparison, EU national players, such as the public service media institutions of smaller member states will, firstly, not be well placed to compete for licenses (Netflix has openly admitted to preferring exclusive global licenses – see Spangler, 2015) or, secondly, they will not be able to compete for audience attention when they may want to offer unique European content to audiences. When combined with the impossibility of making VOD providers offer any European content at all (as discussed above), this may be harmful for the curation of national media spaces and, therefore, for cultural diversity in Europe.

Interviews by one of the authors with audiovisual media providers in Estonia and Finland (the study referred to above) also indicated that although smaller European TV providers may enjoy the communication and promotional activities enabled by the sharing platforms, such as Facebook or YouTube, the existence of international, US-American online VOD platforms puts pressure on them to change their business models. Traditional broadcasters have long been aware that they need to also target online streaming audiences in addition to their traditional broadcast audience. Non-linear VOD platforms are increasingly changing audience behaviour and expectations and shaking up the traditional value proposition of TV providers (Rohn and Nylund, 2016). As such, audiences increasingly expect to be able to consume their media whenever they want and from wherever they want. However, being able to feed various distribution channels with dedicated content is not always possible for every traditional TV provider or may incur extra costs and efforts (Ibrus and Ojamaa, 2014). What is more, when companies use platforms such as YouTube or Facebook for promotion and distribution, they operate in an environment where the rules are defined by the respective platform and not by themselves.

Previous research (Rohn and Baumann, 2015) has shown that many media providers have experienced insecurity about how to best present their content and brands on such platforms and have felt uncomfortable about surrendering to such platforms. However, at the same time, companies feel the pressure to be present on these platforms as a way of remaining relevant and discoverable. The above-mentioned interviews demonstrate that much of the audiences’ sharing activities of their content via internationally dominant platforms are tolerated in the light of the potential to create heightened attention for a media property, which could lead to further monetisation of the particular property. Likewise, companies share large amounts of content across a variety of platforms, but as the interviews revealed, they often have no long-term strategy on how to monetise such sharing activities. Furthermore, the sharing activities on their own platforms or websites have to compete with the sharing activities on the large US-owned sharing platforms that reach much larger audiences. That is, while traditional content providers usually operate and target audiences within their national borders, any initiative on their part in terms of setting up their own sharing platforms will fail to trigger the same network effects as global platforms do. For instance, the Finnish public broadcaster YLE launched in autumn 2015 a new platform called Yle Folk, with an aim to facilitate sharing processes among their audience members and to promote an exchange of cultural works within their audience community in Finland. Yle Folk is thus a media content sharing platform through which YLE encourages its audiences from around the country to submit original content that they created themselves. Therefore, Yle Folk can be seen as an initiative to take back culturally-relevant content sharing processes to a platform whose aim it is to facilitate content sharing relevant to the national cultural and media system – as opposed to having such sharing activities on a platform owned and operated by global companies who do not have the vitalisation of the national cultural and media exchange as one of their goals. It remains to be seen how such ‘nationally oriented’ sharing platforms will fare, but the fact that such a platform was launched is indicative of the tension between national and global media systems with regard to the sharing practice.

While the purpose of the AVMSD has been to advance the cross-border market for television broadcasting services, it has also been about facilitating cultural diversity in Europe. Both the EU and national media policies have, in general, perceived national media institutions as the cornerstones of the polity, as a vital part of contemporary reflective societies (Beck, Giddens, and Lash, 1994) and as the central curators of the national cultural space. It is for this reason that European countries, as a rule, support public service media institutions and aim to make private media provide more quality European content – all with an aim to systematically raise the awareness of different perceptions of social, cultural and political realities everywhere in Europe, in order to facilitate greater reflection on ‘European life’ in different textual modalities. A presumption would be that in the era of collaborative content production and the sharing economy, the rationales of public service media would be strengthened and the scope of their activities deepened. However, our paper suggests that there is a risk that the DSM and the specific logic of the sharing economy may instead actually contribute to media concentration on the European scale, which conversely would limit the impact of national media systems. That is, on the broader scale, the cultural diversity in Europe may suffer.

Conclusion

The EU is seeking ways to update its core instruments of media regulation. At the heart of this endeavour is the AVMSD, but the broader framework for this is its DSM strategy, which means that also several other directives and instruments will be changed – all due to the perception that media convergence and related market developments are about to make existing regulations outdated and therefore unaccommodating to the contemporary situation. However, the convergence of the regulatory traditions of television on the one hand and the internet on the other promises to be challenging and is expected to bring about the dropping of one of the two. This is due to the very different rationales of these regulatory traditions – TV regulation being the domain of cultural policy making, while the related internet regulation in the EU, formulated in its E-Commerce Directive, is about the regulation of service markets, based mostly on economic rationales and aimed at safeguarding entrepreneurial freedoms in the internet space. Although the AVMSD (and its predecessors) have over time evolved towards economic rationales rather than cultural goals (Celsing, 2010; Jõesaar, 2015), important differences with the E-Commerce Directive have remained. The first of these is the question of whether countries could issue licenses for media services. Broadcasting services have always been licensed in Europe and in this tradition the AVMSD sets the terms for this practice, enabling countries to use this instrument to design their national media systems. The E-Commerce Directive in parallel forbids any kind of licensing of activities or businesses on the internet. Furthermore, the Council of Europe has repeatedly addressed that issuing licenses for a right to publish content in the internet would be harmful for freedom of expression and therefore for human rights. This is in line with the broader perception of content sharing, described in the introduction, that free sharing promotes knowledge exchange and by extension a more democratic and more balanced evolution of societies.

The latter two regulative rationales – the perceived needs for entrepreneurial freedom and the freedom of expression – explain why ‘sharing’ as a practice could bring about the demise of the European tradition of audiovisual media regulation. On the one hand, there is a pressure for regulatory convergence, which in turn will likely bring about liberalisation in audiovisual media markets, thus leaving the national media systems of small European countries susceptible to buffeting by global market dynamics (Ibrus, 2015, 2016). Furthermore, as our article has demonstrated, sharing practice, as a component in the hybrid economies of contemporary media markets, is incompatible with the provisions of the AVMSD, which set specific terms for TV programmes and potentially for VOD catalogues in terms of requested proportions of European and independent works. What is more, we demonstrated that sharing practices may contribute to media concentration in the internet, bringing the European Digital Single Market potentially in conflict with the EU’s media policy tradition, which has traditionally aimed at avoiding media concentration. That is, next to the benefits of the ‘sharing culture’ in media industries (i.e., the potential for democratisation and for more participatory forms of media production), there are also plenty of associated risks and, therefore, difficult challenges ahead with regard to new policy development in Europe as well as elsewhere.

This paper is part of 'Regulating the sharing economy', a Special Issue of the Internet Policy Review.

Introduction

The sharing economy is rapidly affecting different transport markets. One such sector is the taxi industry, where strict regulations impose high costs on the operators and favour the operators that are already in the market. Given the disintermediating effects of new technologies such as smartphones and social media, new service providers impose considerable competition to the existing taxi services. These new operators are ‘crowd-taxis’ which make use of web applications including myTaxi, Taxi Magic and Uber. In interviews, representatives of these firms argue that they want to be viewed as something different from a taxi service. While offering services that are similar to taxis, crowd-taxis are actors ‘outside’ the regulated taxi industry. Several researchers emphasise the benefits of such innovations, arguing that they are likely to do a better job of serving consumer needs than traditional services – therefore bringing into question the need for much of the existing regulation (Koopman, Mitchell & Thierer, 2014). However, historically taxi regulations have contributed to ‘tidying’ up the market, pushing operators in the ‘grey’ area into the ‘white’ economy (Fagerli, Strømsnes & Langli, 2000). Taxis provide important services for the society as a whole, including 24-hour preparedness and transport services where there may otherwise be no public transport. Taxi policies play an important role in ensuring for example, customers’ safety. We therefore ask the question: what are the effects of these new transport innovations on traditional taxi services?

While cities are attractive markets in terms of being profitable for transport providers, rural areas are usually considered less profitable because of longer travel distances. The effects on taxi services and related impacts for society and welfare may therefore vary across areas. A study of the transport sector in Norway is relevant because it is a large country in terms of area (385,000 square kilometres) with a relatively small population (5.2 million people), living in cities and many small, rural municipalities.

Including issues of quality, safety and preparedness, this study contributes to improved understanding of the border between ‘sharing’ as a private activity and public concern. To study this transport sector is interesting as the topic has been widely cited as an example of the effect of the sharing economy by the media, but – with few exceptions (Cohen & Sundararajan, 2015) – remains under-analysed.

The roadmap is as follows. First, we provide useful insights from the literature to understand the effects on the transport market and society. Second, we present the data that we use. Third, we describe the different transport services, both traditional taxi services and innovations. Fourth, we present the views and concerns of providers. Fifth, we discuss the implications of innovations for the taxi market and society. Finally, we conclude that virtual crowd-taxis contribute to strengthening a tendency of weakening revenue base among taxi owners and creating an unlevel playing field. Deregulating the taxi market so that virtual crowd-taxis have access will contribute to a loss of transport preparedness in rural areas with consequences for accessibility. Currently, traditional taxis cover such transport needs. The decreasing revenue base and the structure of the sharing economy incentive scheme leads to gaps in coverage, as drivers will tend to go to more high-paying zones only. Therefore, there might be a need for local public authorities to provide for such transport preparedness.

Theoretical perspectives

The aim of this section is twofold: first, we present Rob Shield’s perspective of virtual technology to create a frame for understanding the taxi sector as such in the context of virtual technologies. This is useful as taxis are typically treated as part of the transport sector and rarely within the field of virtual technology. Second, in order to explore the impacts of crowd-taxis on the taxi market and related societal effects, we draw on contributions related to the post-fordist service economy and professionalisation theory.

The concept of the virtual is relevant as information technology contributes to dramatic changes in economics and everyday life. In his work on the virtual, Rob Shields (2003) identifies some of the different beliefs and fears that have surrounded computer technology. He defines virtual as ‘real but not concrete’ (p. 2, italics in original). He argues that: ‘To describe something as “virtual” indicates that it is not strictly according to definition, as in a “virtual office”, which is to say not literally an “office” as one might understand an office to be, but an office “in effect”’ (p. 23). In other words, ontologically the virtual office is real in purpose and effects, although not ‘concrete’. Shields argues that a physical office (or organisation) is related to a place. However, the network on the internet precedes even virtual space, allowing for flexible work among employees and an agile and responsive organisation (p. 118). Shields suggests that first, information technology replaces old technologies but in existing ways of working. For example, taxi companies make use of similar technologies as crowd-taxis, yet taxis continue to operate more or less in the same way as before. Shields argues that the more important implications occur when expertise and enterprises across time and space intermingle (p. 119), giving businesses the opportunity to combine jobs and cluster work tasks (p. 147). Shields provides a thorough historical analysis of the virtual. However, he does not make ‘the virtual’ a key aspect of the modern networked society (see Kellner and Thomas, n.d.).

In contrast, researchers and interest groups focusing on crowdsourcing and crowdworking in the post-fordist service economy suggest that virtual technologies have resulted in a shift of paradigm (see Felstiner, 2011, p. 145). Describing how in the age of the internet companies arose to take advantage of the networked world in search of cheaper labour, Wired Magazine journalist Jeff Hove, introduced the label ‘crowdsourcing’. He wrote, ‘Technological advances […] are breaking down the cost barriers that once separated amateurs from professionals. […] The labor isn’t always free, but it costs a lot less than paying traditional employees. It’s not outsourcing; it’s crowdsourcing’ (Hove, 2006). Hove pointed out that established businesses were taking advantage of the online connected crowd. Although crowdsourcing has increased remarkably during the last decade, it is still relatively new. Hove’s focus was on paid crowdsourcing. There is also voluntary, unpaid crowdsourcing, which refers to people sharing for example, their capacity or knowledge for free, and contribute to common goods or non-commercial work.

Alek Felstiner (2011) defines crowdsourcing as ‘the process of taking tasks that would normally be delegated to an employee and distributing them to a large pool of online workers, the "crowd," in the form of an open call’ (p. 143). He compares crowdsourcing with domestic subcontracting, temporary staffing and outsourcing of products. The crowdsourcing ‘middlemen’, for example the owners of the Uber application, exercise some kind of control over the workers and obtain revenue (p. 149).

Authors (e.g., Felstiner, 2011; Cohen & Sundararajan, 2015) point out the positive aspects related to crowdsourcing for workers. One key advantage is the flexibility for the worker to work when, where and how long s/he wants to and the freedom to choose tasks. They also highlight the low barriers to enter and exit different markets, as an internet connection is ‘all’ a crowd worker needs, which bears the potential to create new labour markets. Such opportunities spread optimism about work possibilities in areas without sufficient labour markets for example, in rural areas.

However, researchers highlight several issues related to crowd work. First, the wages are frequently low, there are no benefits and job security is lacking. The employment relationships are usually fleeting and the workers do not enjoy legal protection. Second, there are concerns about market failures due to information asymmetry and negative externalities (Cohen & Sundararajan, 2015). Related to asymmetric information, a buyer may not know the quality of the work. Such uncertainty may result in less transactions than what is socially optimal (Cohen & Sundararajan, 2015, p. 120). However, as Cohen and Sundararajan (2015) suggest, increasingly software solutions dependent on exchange of experiences among users are grappling with reputation of workers as a way of quality assurance. Moreover, the choices made by a buyer or provider may create negative externalities, i.e. imposing costs on others. An additional taxi vehicle on the road may contribute to congestion and increasing emissions due to more empty driving, i.e. driving without passengers (Cohen and Sundararajan, 2015, p. 122).

Another perspective, which may be relevant to understanding the effect of virtual technology on the transport sector is professionalisation theory, since crowd-taxis can be offered by anyone. A profession is a job that requires special education, training or skills. Modes of training or preparation for a profession contribute to keep knowledge within the occupational group, while standards help maintain the reputation of competent practitioners (Eraut, 1994, p. 6). Moreover, the workers’ power and status are dependent on their ability to claim that their expertise is unique, i.e, it is not shared with other groups (Eraut, 1994, p.14). However, Eraut (1994) argues that traditional accounts of professionalism is becoming outmoded. Addressing services, he suggests that there has been a change in focus from profession to the client. He suggests that while there has been a growing distrust of scientific and technical knowledge, client needs and rights have increasingly gained acceptance. Politicians have therefore sought to regulate professional work to a larger extent. Similarly, the service-dominant logic of marketing suggests that the web-wired world reconnects supply and demand of services in new ways which increases the focus on the consumer further (Ballantyne & Varey, 2008). Concern for citizens’ rights and the increasing cost of public services has given rise to the potentially conflicting aims of efficiency, effectiveness, economy, responsiveness and quality. Extending this argument, we could expect virtual technologies to contribute to break down in certain professions, if such technologies make it easier for people, who are not part of a profession, to deliver such services.

Data and research techniques

The analysis draws on primary and secondary data, with the former gathered through 19 interviews in two rounds. First, seven interviews took place in late 2014 and early 2015 as part of a study of the taxi services in Buskerud county. Second, during the second half of 2015 and early 2016 we carried out 12 supplementary interviews for the purpose of studying the sharing economy (see Appendix). The interviewees include the management (CEO or regional director) of five taxi companies, which operate as dispatchers and providers of taxi services in Oslo and Drammen (Oslo Taxi, ByTaxi, Star Taxi, Drammen Taxi and Norgestaxi Buskerud). They include representatives for the regional licensing authorities in Oslo and Akershus counties and the management of both small and large dominating dispatchers.1 Other interviewees are the market director of the ride-sharing service GoMore and the chairman of the board and chief advisor of the Association of Norwegian Taxi Owners, which represents more than half of the registered taxi owners in Norway, and the general manager and market manager of Uber Norway. We have gathered information from taxi drivers (one owner operator and three employed drivers) and four crowd-taxi drivers (i.e. Uber drivers). Representing different organisations or interests, the respondents provide different opinions and perceptions rather than a representative view.

All the interviews took place in and had a key focus on Drammen (in Buskerud), which is located 40 km southwest of Oslo and has 115,000 inhabitants, Oslo with 960,000 inhabitants and the county Akershus surrounding Oslo with 600,000 inhabitants. In addition to being the largest taxi market in Norway, Oslo stands out, as it is the only city in Norway where Uber has established itself. In contrast, the counties Akershus and Buskerud are relevant because they have urban and large rural areas. This is of particular interest as the taxi market is different in urban and rural areas, with public service obligations being much more important in rural areas (see Aarhaug, 2015).

The secondary data (Aarhaug, 2015; Aarhaug & Osland, 2010; Aarhaug & Skollerud, 2014; Longva, Osland & Leiren, 2010) is important because it provides nationwide insights. While this data has been published in Norwegian research reports, much of this information is not accessible in English.

The Norwegian taxi market

The rapid growth of information technology in society has created new opportunities and challenges in the passenger transport market. Through a mobile application, passengers may request services not only from taxis and ordinary public transport, but from drivers who offer taxicab-like urban transportation in hundreds of cities all over the world. Applications such as Uber, Lyft, myTaxi, Taxi Magic and Sidecar offer considerable competition to traditional taxi companies. Among the companies using mobile phone technology to offer passenger transport, Uber is the most visible. Currently only UberPop and UberBlack exist in Norway. While UberBlack is for linking customers with professional limousine drivers, UberPop links passengers to drivers without professional taxi licenses or chauffeur training. In this section we describe the differences between conventional taxis and what we call ‘crowd-taxis’, i.e. transport made possible via such applications and functioning outside existing taxi regulations. We use the term crowd-taxis and not virtual taxis as conventional taxis also make use of virtual technologies. We focus on UberPop, as there are no particular controversies related to UberBlack. However, it is of interest that UberBlack has resulted in stricter entry regulation for limousine services in Oslo. The regulating authorities prefer to limit the use of limousines as taxis (Interview 19). In the following, we explore the possibilities and challenges that arise with virtual transport innovations such as UberPop.

Jørgen Aarhaug and Kåre Skollerud (2014) define a taxi as ‘a vehicle with a driver available for hire for the general public’ (p. 277). They argue that this definition is useful as it captures a variety of taxi characteristics in different cities. However, with the arrival of the mentioned innovations, such a broad concept runs into several issues related to when a taxi ceases to be a taxi, what the boundary markers of legitimacy between taxis and crowd-taxis are, as well as whether the boundaries are malleable. The new transport services made possible via mobile applications fall into Aarhaug and Skollerud’s definition. However, several innovation characteristics help us distinguish the new services from conventional taxis. The definition is therefore not relevant in discussions of the sharing economy – at least as long as the current legislation remains. In the following, we highlight five characteristics that distinguish taxis from crowd-taxis.

One distinction is related to taxi permits. In Norway every taxi owner needs to have a taxi licence, which is a needs-tested permit to offer taxi services in a given area. There is one such permit per car and taxi owner, who might employ a couple of drivers. The regional administrations are the responsible public authorities for providing such permits. Therefore it varies across regions how competitive the taxi market is. The key policy behind the Norwegian needs-testing policy is related to protection of the existing taxi providers: it is to ensure that taxi services are offered in areas and at times, where and when such services would otherwise not exist due to lack of profitability (see Longva, Osland & Leiren, 2010). The public authorities limit the access to the taxi market in order to keep random car owners from ‘cream skimming’ in good transport markets, thereby eliminating business possibilities in less favourable times and areas. Furthermore, the needs-testing of taxi permits gives the public authorities an opportunity to require driving and coverage obligations to ensure access to taxi services at all times (24 hours) at reasonable prices and other quality requirements (Longva, Osland & Leiren, 2010). In contrast, there are no similar regulations addressing virtual devices. Although Uber facilitates for transport, connecting drivers and passengers with each other, Uber does not provide transport services itself. This raises the question of the level and the objective regulation should address: whether the cloud efficiencies and pricing algorithms introduced by Uber may overcome the challenges created by the difference between profitability for the taxi driver and society's demand for distribution of service in time and space (see Aarhaug and Skollerud, 2016).

Another distinction is related to the status of the professional versus the non-professional. In order to offer passenger transport services - which are not regular, the Norwegian professional transport law requires that the driver has a taxi permit. In addition to a driving license, a taxi driver has to have good conduct (i.e. a certificate from the police stating that the driver is allowed to drive commercially), adequate professional competence (i.e. local knowledge as tested via local taxi exams) and satisfactory financial capability. These requirements give the public authorities the possibility to control the services: the police controls the permission to conduct vocational transport; the tax authorities control the financial viability and the regional public authorities regulate the permits. In contrast, an Uber driver could be anyone.

On several occasions, the police has arrested and fined non-taxi drivers in Stavanger and Oslo, including both Haxi and Uber drivers (Moe, 2015; Riaz, 2015). Given the taxi permit requirement in the professional transport law, police lawyers interpret the services offered by Uber drivers as illegal ‘private taxis’. Awaiting legal actions, commercial taxis therefore experience some protection from the competition of non-regulated market entrants.

A third distinction is related to employment. While a taxi driver is either the taxi owner her-/himself or the employer of perhaps a couple of drivers, Uber drivers do not have an employer. Uber drivers are independent contractors who pay a percentage of their fares to Uber. Similarly, the traditional taxi dispatcher does not employ drivers. However, the taxi dispatchers require that the taxi owners, who either own or have contracts with a dispatcher, employ a sufficient number of drivers to be able to provide the services that they are responsible for (e.g. driving and coverage obligations), thereby ensuring transport preparedness. This preparedness is incorporated into the taxi dispatchers’ regulations. This requirement to be on duty at all times has contributed to ensure the taxi owner’s income for living (Longva, Osland & Leiren, 2010, p. 20). However, ‘to always be ready to drive, and never be able to party’ may also contribute to making the profession less popular in particular in rural areas, where there may be only one taxi owner and not many connected to a large dispatcher. In contrast, the Uber drivers are free to work as much or as little as they want. They are not obliged to drive, although there may be a transport need; for example, a woman in labour who needs urgent transport to the hospital. Moreover, the drivers themselves are not guaranteed a livelihood from being Uber drivers and their insurance benefits are lower than for taxi drivers. Yet the Norwegian Competition Authority (2015) suggests that the opportunity to be a driver as a second job may make it more attractive to deliver transport services also in rural areas.

A fourth distinction is that it is compulsory for taxis to use taximeters related to payments. These are subject to quality controls. In the city of Oslo, the dispatchers can set their own fares, but the fare schedule is set (a flag fall, and a price per kilometre and minute). In contrast, an Uber vehicle does not have a taximeter. The billing is done via smartphone and the fare structure is dynamic.

A fifth distinction refers to different market segments. Figure 1 highlights a number of transport segments (see also Longva, Osland & Leiren, 2010). The existence or importance of the market segments vary with geographical characteristics. Dense cities have relatively high activity on the street hire and curb/rank market segments, while the pre-book segment dominates in less dense cities. Equally, the size of different contract segments varies with geography: the share is larger in rural areas (Aarhaug, 2015). The share is considerable also in cities; for example, in Drammen 40 percent of the turnover comes from contracts with public authorities (Aarhaug & Osland, 2010). Such contracts include special transport services for educational purposes, people with disabilities, people of old age and patients. The contracts include accessibility requirements; for example, part of the vehicle fleet has access for wheelchairs.

Figure 1. Taxi market segments

While conventional taxi services cover all the segments, the new transport services that have arisen with the virtual technologies are particularly interested in the pre-booked, single trip segment. In this ‘non-contract’ market, information technologies are decisive for arranging transport. Automation and streamlining of connecting drivers and passengers with each other contribute to user and operator benefits. Such possibilities reduce the marginal cost by eliminating manual handling, making it possible for the provider to offer the same services as conventional taxis at a lower price or with higher profits. In comparison to the other segments, the pre-booked, single trip market is more price sensitive (Rose & Hensher, 2013). The lower prices make the crowd-taxis attractive for relevant passengers.

In general, Norwegian consumers perceive taxi fares as being too expensive (The Consumer Council, 2015a). In rural and small urban areas the 24-hour service obligation is the most cost-increasing factor. In rural areas fares are regulated by law with given maximum prices. Large urban areas do not have such price regulation. In many rural areas one consequence of the price regulation is customer queues, as there are not enough taxis at demand peaks. Another is cross-subsidisation from services delivered to the public authorities for special transport services, i.e. contract based services.

A sixth distinction concerns the ‘middle man’, which is a dispatcher or a mobile phone application. While hailing a taxi from the street or a taxi stand only requires a driver and a vehicle on the supply side, pre-booked trips usually require a dispatcher. A dispatcher coordinates trips and connects supply (i.e., driver and vehicle) with transport demand (i.e. the passenger). Historically dispatcher services have been conducted by a person with a phone, radio and post-it notes. Since the early 1990s dispatchers have made use of computers, with software that optimises the services.

Internationally there is a lot of variation in how dispatchers are regulated. In Oslo, it is compulsory for every taxi license holder to be associated with one of the dispatchers. Currently this number is five, but this fluctuates, as anyone can open a new dispatcher, given that they adhere to a set of criteria. Prior to 2015, when the taxi regulation in Oslo was introduced, political approval was necessary in order to establish a new dispatcher. Currently, no dispatcher is allowed to have more than 50 percent of the taxi licenses, in order to limit market domination. In contrast, crowd-taxis are not connected to traditional taxi dispatchers, but web applications such as Uber operate as middlemen.

The mentioned six points suggest that Uber drivers have certain competitive advantages in comparison to conventional taxi owners in the pre-booking and hailing markets. The administrative and fixed costs required for entering new geographical markets are small for Uber drivers as compared to traditional taxi dispatchers, where the taxi owner is obliged to enter several different market segments. On the one hand, the differences in regulation and obligation have created concerns among taxi owners, taxi drivers and the regulating authorities about the lack of a level playing field between taxis and non-taxi service providers (Interview 1; 7; 11; 19). The demand from the taxi industry is to create a level playing field - ‘then we’ll beat them’ (Interview 1; Tobiassen, 2016).

On the other hand, there are voices speaking in favour of the web-based transport services. Private cars represent underused capital. Uber drivers include drivers whose Uber activities is their principal source of income: ‘Uber is my main source of income, while I am applying for other jobs and as I have finished my studies this spring’ (Interview 15). Several drivers only offer such transport services as a part time activity, offering their services in high-demand periods, ‘We have many drivers, but few hours per person’ (Interview 2). They are ordinary car owners, who have signed up on the web to transport passengers. This use of part time vehicles in high demand periods contributes to increasing efficiency, as the demand for taxi services fluctuates considerably throughout the week. ‘Our demand curve fluctuates even more than that of traditional taxis’ (Interview 2). Moreover, Uber drivers can make use of adoptive pricing. They can stimulate the supply by charging higher fees in peak periods and using lower prices in off-peak periods. This has been controversial as the high peak fare or ‘surge pricing’ is considered as being unfair, although it improves efficiency (see Tucker, 2014).

None of the informants express negative attitudes towards Uber’s technology. Uber drivers suggest that they ‘enjoy the app’ (Interview 13; 14; 15). Similarly, taxi dispatchers, owners and drivers highlight the benefit of smartphone based technologies (Interview 5; 6; 8). They do not fear the technology itself - it is the unfair treatment between taxis and crowd-taxis in being ‘allowed’ to use such technology that creates concerns.

One feature of the sharing economy is that it often adopts altruism as a motivation to participate. The idea is that the owner of the available capacity offers this capacity for a small amount of time. As the capacity is available, sharing it makes everyone better off (even independent of any transactions which occur between parties). The understanding is that Uber drivers are in a sense carrying out favours when sharing their vehicle and time. Similarly, there are examples of young people using social media to tell their friends, ‘I’m driving tonight, if anyone needs a ride.’ However, UberPop does more than only ‘sharing’ their rides. Taxi interests highlight the economic aspects: ‘this is not sharing, this is operating outside the regulated economy. It is not altruism to drive and not pay taxes’ (Interview 17). It is disputed whether the exchange of money for labour, provided by independent contractors can be labelled ‘sharing’ (Kessler, 2015).

Furthermore, one of Uber’s aims in Norway is to make it unnecessary for people living in the city centre to own their own car (Eggesvik, 2015). This way Uber is part of a mobility concept, where what is important is to get to a destination as quickly and smoothly and possible – not to get there in your own car. In this way Uber similarly links itself with normative social objectives such as ‘clean’ or ‘smart’ cities.

However, a key concern among service providers, and regulating authorities, is that crowd-taxis only provide services when profitable to the driver. Over time, they suggest that this will result in loss of service in time periods and areas, which are not lucrative for example, rural areas (Interview 1; 17; 18). While today’s taxi regulation requires coverage in areas and at times where these services are not profitable for the taxi owner, competition from crowd-taxis may result in a loss of services. As transport is important for covering a range of everyday needs, this has other consequences for society. The competition that crowd-taxis provide will make the traditional taxis lose their income in lucrative areas or times, as the non-taxi prices are lower than what the taxis can offer. The regulating authorities are therefore concerned that the result will be a deficiency of taxi services in certain areas (Interview 18). In Sweden several smaller communities no longer have a taxi service, because of the deregulation of the taxi market (Interview 17).

Similarly, in rural areas in Norway, in Salten and Troms, there is a lack of taxi services. In interviews carried out by Frode Longva, Oddgeir Osland and Merethe D. Leiren (2010), representatives of public authorities and the taxi industry argued that the disappearance of taxi services is related to the loss of contracts for driving patients (p. 22). In order to increase competition in competitive tenders, public authorities have allowed tour bus operators to compete for access to markets that have traditionally been in the hands of taxi operators. However, the tour bus operators do not have the same driving and coverage obligations as taxis. Tour bus companies have therefore been able to offer lower prices in competitive rounds. As a consequence, given the importance of public contracts for the revenue base of taxi owners in rural areas, taxis have ceased to exist (Interview 1). Interests representing the taxi industry, argue that such ‘unfair’ competition has negative consequences for the communities (Interviews 1; 5; 8). They are of the opinion that Uber, if allowed to operate without the same responsibilities than taxis, will contribute to strengthening such tendencies (Interview 17). There are also concerns related to the status of the profession. A weakening of the revenue base has resulted in a lower status and increasing recruitment issues (Longva, Osland & Leiren, 2010, p. 22). Over the last year, the income in the taxi industry as a whole has decreased (Statistics Norway, 2015).

Others raise concerns with the crowd-taxis’ lack of passenger rights. While taxi dispatchers and taxi owners have a responsibility to have wheelchair accessible vehicles, baby cribs and so on, crowd-taxis do not adhere to such regulations. Avoiding such responsibilities makes it possible for crowd-taxis to charge much lower prices than taxis (Interview 1).

However, Uber services have tried to emphasise optimism about a greener, more efficient future in order to receive political support. For example, the previous liberal City Council Commissioner in Oslo has argued, ‘We need cheaper and better taxi services’ (Melby in Osloby, 2015). She is of the opinion that crowd-taxis should be allowed to carry out their services, but only when pre-booked via the application. In her opinion, crowd-taxis should not be allowed to attend competitive tenders. Similarly, the Norwegian Competition Authority (2015) is optimistic about the consumer benefits and has suggested to deregulate the taxi market, removing the taxi permit and price regulation and allow for services such as Uber. However, it is disputed whether Uber represents ‘greener’ services than regulated taxis, as the authorities cannot enforce environmental standards on unregulated services (Interview 19).

Related to the sharing economy, there are issues of an increasing black or informal economy. Uber is no exception as the drivers do not have the taximeters, which give information about income to the authorities. However, the virtual technologies create possibilities. All passengers pay by credit card, so there is no cash in circulation, and Uber transfers payments weekly (Eggesvik, 2015). There are ways to avoid tax evasion for example, if Uber reported all transactions directly to the authorities. In Estonia there is a function in the Uber application, which lets the driver easily share such information with the authorities. Representatives of virtual transport innovations suggest abolishing current exemptions from taxes to make it easier to collect taxes. The CEO of ‘Neighbour car’, Even Tangen Heggernes argues, ‘I think tax per transaction would be best for everyone. […] The sharing economy makes it easy to earn money. It should be equally easy to pay taxes’ (in Tobiassen, 2015).

Discussion

The evidence suggests that sharing economy innovations affect the taxi market and society in different ways. For the purpose of understanding the new phenomenon of crowd-taxis in a virtual context, we start with Shield’s (2003) concept of the virtual: to some extent and in certain market segments, crowd-taxis, like virtual offices, are ‘taxis’ in purpose and effect. The sharing economy and the mingling of demand and supply on the internet provide private drivers with available vehicle capacity and passengers the opportunity to meet. This has created competitive pressures, which the taxi industry fears. Problems arise because crowd-taxis are not regulated like traditional taxis - not because of the technology they use.

In the post-fordism service economy, researchers focusing on crowdworking expect low entry barriers to create the potential for economic development in for example rural areas. However, certain conditions might hamper this in the taxi market. While there is a low risk in entering the market, given that there is little capital investment or employee training, the taxi market in rural areas is diminishing. One explanation is the importance of contracts with public authorities for the revenue base. Income from public contracts covers 10-20% in the biggest cities, with some companies opting out of contract work, and 80-90% in rural areas, where contract services dominate the market (Aarhaug, 2015). In competitive tenders taxi operators have lost contracts to tour-bus operators, which do not have the same extent of service obligations as taxis. Therefore the taxi industry already experiences competitive pressures due to other developments than the virtual innovations. Crowd-taxis increase such pressures further.

The application-based companies have the possibility to undercut prices on pre-booked trips, thereby undermining the scope for taxi services further. Researchers have found that, in general, price competition is limited in the taxi markets (Kolesnyk & Mengshoel, 2011) and that fare elasticities are low (Rose & Hensher, 2013). In other words, the price effects may be minor. However, Uber drivers do not have the same expenses related to for example, taximeters, uniformed vehicles, dome lights, accessible vehicles, 24h service and full-time employment. It is therefore likely that crowd-taxis are able to provide a cheaper service, and to drive down the revenue for taxis. With lower prices, the demand for such transport services could increase.

Moreover, the difference between the flexibility of crowd-taxi drivers and taxi owners, who are obliged to adhere to driving and coverage obligations duties, is of importance. While the Uber driver can select which travel demand to serve, the taxi driver has to accept the trips and responsibilities as given via a taxi dispatcher. In rural areas it is unlikely that a crowd-taxi driver would be able to be fully employed. The competitive pressures from tour buses has already contributed to put pressure on the existence of taxi services in rural areas. In such situations there might be a potential in increasing the supply of transport services by letting more people drive as their second job. This way crowd-taxis could contribute to keeping the service levels up in rural areas.

It is a question whether the cloud efficiencies introduced by Uber could solve the issue of cream-skimming, e.g. the algorithm plus profit maximisation will distribute taxis across 'cream' and other less profitable areas optimally. If not, in order to ensure a 24h transport preparedness, the public authorities would have to come up with alternative solutions than being based on a service, which only occurs when the supplier is interested in meeting the transport demand. This is in particular an issue in rural areas. In the more lucrative markets in large cities, there might be enough drivers willing to offer services at different hours of the day, so that in practice a 24h service would exist.

Related to asymmetric information, it is a question how to ensure that travelling with an Uber driver is safe and sound. A passenger does not know the qualifications or the intentions of the driver or the quality of the vehicle. In turn, the driver does not know whether the passenger is reliable. Such uncertainty is stronger for crowd-taxis than taxis, as taxi drivers have undergone courses and have good conduct. However, according to a survey carried out by the Norwegian Consumer Council (2015b), more than half of Norwegian taxi customers have had negative experiences with the taxi driver and one in four women responded that they have been afraid. In the bigger cities there have also been several lawsuits related to tax evasion among taxi drivers.

Digital technologies such as online feedback systems allow passengers to learn about the quality of drivers from prior passengers. The question is whether this is good enough for ensuring the customers’ quality. Uber does for example not offer services for people with disabilities or persons without smartphones. In Norway today 20 percent of the population does not have a smartphone (Competition Authority, 2015, p. 2) and is therefore excluded from the web based transport innovations.

According to professionalisation theory, technology may contribute to changing the power relations in the transport sector. Navigation devices have made it less difficult for everyone to know where to drive and find the shortest route. It is therefore more difficult for taxi drivers to claim their unique expertise. The profession has consequently lost power. The weakening of the revenue base in rural areas has contributed to this tendency. The virtual technology may contribute to strengthen this propensity.

The new virtual technologies challenge the existing legal framework (for an overview, see Witt, Suzor & Wickström, 2015). One major issue is that crowd-taxis do not contribute with covering the costs and commitments associated with regulations. Researchers focusing on crowdworking emphasise deregulation and self-regulation as a possible way of approaching such challenges. Yet re-regulation tends to go hand in hand with deregulation, aiming to correct unwanted market failures or self-regulatory outcomes.

Conclusion

The sharing economy has created both optimism and concerns in the transport sector. On the upside, the easy way of connecting supply and demand through virtual technologies contribute to efficiency gains in terms of utilising available capacity. It enhances competition and is customer-oriented. On the downside, there are concerns about poor transport preparedness, accessibility issues, worsened working conditions, lack of quality assurance and tax evasion. In particular the lack of a level playing field between the regulated taxi industry and the web-based crowd-taxis has created resentment all over the world. In Canada taxi drivers have taken to the streets, protesting against Uber (Austen, 2015). In New York people with disabilities are concerned with their accessibility (Dwyer, 2015). In France even Uber drivers protest against Uber (Toor, 2015).

Virtual technologies have contributed to intensify the tension between a ‘universalist’ perspective and a ‘competitive’ approach: the regulations of the taxi market provides existing taxi owners and dispatchers some protection, while requiring that they guarantee transport preparedness and that some vehicles are accessible to people with special needs. Social solidarity therefore justifies such protection. However, competition from drivers operating outside this regulation using web applications for dispatching undermines this social solidarity approach. In a competitive situation, a competitor can choose to enter only those markets that are profitable, thereby depriving the established taxi owners of the revenue to fund universal services. There are therefore concerns that this endangers the quality of transport services as well as the transport preparedness in rural areas. If society wants these services to be performed, in a competitive regime, the payment will have to be made to the service providers in a different way than today's indirect approach.

At present in Norway crowd-taxi drivers avoid costs imposed on conventional taxis through regulations. While crowd-taxis may contribute with services for example, in peak hours quality levels may also worsen: there is no guarantee that an Uber driver will choose to drive at the moment when transport is needed and an Uber driver may not be able to offer for example, a wheelchair accessible vehicle or baby crib. The probability that crowd-taxis will offer such services is currently low.

The example of the taxi sector shows that competitive pressures and regulatory challenges also existed prior to crowd-taxis. Politicians are facing a key challenge in how to design new policies and decide whether to deregulate the taxi industry or regulate crowd-taxis. In the future, new technologies such as autonomous vehicles may further challenge the possibilities of market shares and create the need for new regulations. In the meantime, there is uncertainty about how to practice existing regulations and cases are being decided on in the courts of law. One key challenge in the 21st century is to create regulations which facilitate provision of safe and available transport services to the public, both in rural and urban areas. Another is to allow for the benefits of new technologies without creating an uneven playing field. Given the need for universal services in rural areas, balancing these competing aims is particularly challenging.

Papers in this special issue

Editorial: Doing internet governance: how science and technology studies inform the study of internet governance
Dmitry Epstein, University of Illinois at Chicago, United States
Christian Katzenbach, Humboldt Institute for Internet and Society (HIIG), Germany
Francesca Musiani, Université Paris-Sorbonne, France

Disclosing and concealing: internet governance, information control and the management of visibility
Mikkel Flyverbom, Copenhagen Business School, Denmark

Beyond “Points of Control”: logics of digital governmentality
Romain Badouard, Université de Cergy-Pontoise, France
Clément Mabi, Université de Technologie de Compiègne, France
Guillaume Sire, Université Paris II (Panthéon-Assas), France

Instability and internet design
Sandra Braman, Texas A&M University, United States

The problem of future users: how constructing the DNS shaped internet governance
Steven Malcic, University of California Santa Barbara, United States

The myth of the decentralised internet
Ashwin J. Mathew, University of California, Berkeley, United States

The invisible politics of Bitcoin: governance crisis of a decentralised infrastructure
Primavera De Filippi, Harvard University, United States
Benjamin Loveluck, Télécom ParisTech (Université Paris-Saclay) and CERSA (CNRS-Paris 2), France

Multistakeholder governance processes as production sites: enhanced cooperation "in the making"
Julia Pohle, Berlin Social Science Center (WZB), Germany

Internet governance as 'ideology in practice'– India's 'Free Basics' controversy
Anita Gurumurthy, IT for Change, India
Nandini Chami, IT for Change, India

What we talk about when we talk about cybersecurity: security in internet governance debates
Josephine Wolff, Rochester Institute of Technology, United States

Governing the internet in the privacy arena
Carsten Ochs, Universität Kassel, Germany
Fabian Pittroff, Universität Kassel, Germany
Barbara Büttner, Universität Kassel, Germany
Jörn Lamla, Universität Kassel, Germany

EDITORIAL -- Doing internet governance: how science and technology studies inform the study of internet governance

Introduction: internet governance as usual – and its blind spots

The trajectory of internet governance (IG) research is arguably a story of path dependencies. Starting with the technical design, the early history of internet technology, and internet-related decision-making (Braman, 2011), the trajectory was set for both the kinds of questions being asked and the kinds of disciplinary approaches used in IG research. As van Eeten and Mueller describe it, IG has been shaped by the very real politics and controversies surrounding the “global coordination of Internet domain names and addresses” (2013, p. 724), which are an important, but not the sole factor affecting the internet. Substantively, this research path has focused primarily on institutions such as the Internet Corporation for Assigned Names and Numbers (ICANN), on largely UN processes such as the World Summit on the Information Society (WSIS) and the Internet Governance Forum (IGF), and on the idea of multistakeholderism as a model for internet-related policy decision-making. Conceptually, the field has been dominated by legal scholarship, and by research based in international relations and institutional economics theory, most of which is focused on the role of the nation state in the management of critical internet resources (also see DeNardis, 2010, 2013).

The mainstream view of IG research is being increasingly criticised for its narrow focus on formal institutions, the role of the state, and for missing the mark on what constitutes governance in a networked environment. Van Eeten and Mueller, for example, suggest that the scope of IG research is much wider than what is being labeled as such. They argue that researchers working in areas of telecommunication policy, information security, and cyberlaw all do IG research, even though they are avoiding the label. Conceptually, they suggest rethinking the IG label to include “the diversity of governance on the internet” including “environments with low formalization, heterogeneous organizational forms, large number of actors and massively distributed authority and decision-making power” (2013, p. 730). Substantively, they call to study the economics and practices of organisations that are engaged in managing information flows on the internet, be it in names and numbers, security, or content filtering.

In a similar vein, DeNardis (2010, 2013) has criticised mainstream IG research for largely overlooking private arrangements of power when it comes to routing, interoperability, standard setting or content filtering online. Raymond and DeNardis, taking a rather techno-centric view, have argued for a broader umbrella for IG studies – one that would expose those private arrangements of power in IG. Conceptually, their framework spans six functional areas ranging from “control of critical internet resources” to “architecture-based intellectual property rights enforcement” (2015, pp. 589-594) – all of which focus on the praxis of IG as opposed to discourse about IG, which they view as a weakness of mainstream IG research. Substantively, they identify a series of institutions that host decision-making activities (e.g., policy, standards) as points of control for online information flows.

While the call for expanding the IG label warrants thoughtful consideration, the newly proposed directions remain conceptually and substantively focused on the institutional level of analysis. Indeed, focusing on the institutional or organisational levels of analysis enables the conceptual interrogation both in terms of international relations or institutional economics theories. It is also conveniently compartmentalised for empirical investigation, since most institutions have established boundaries and membership, as well as formal procedures, outcomes, and documentation, all of which are ripe for analysis (van Eeten & Mueller, 2013). However, the focus on institutions as agents largely overlooks the mundane practices that make those institutions tick, thus leaving important blind spots in both conceptual and substantive understanding of the practices and power arrangements of IG. The focus on institutions and formal policy instruments makes it harder to empirically analyse the diverse forms of internet-related decision-making and coordination activities that take place outside of formal and well defined boundaries (Musiani, 2015; van Eeten & Mueller, 2013). Treating institutions as given may overlook institutional change and does not account for functional and structural biases embedded in existing institutional arrangements (Hofmann, Katzenbach, & Gollatz, 2016; Ziewitz & Pentzold, 2014). Moreover, the institutional focus obscures the agency of technology designers, policy-makers, and users as those interact, in a distributed fashion, with technologies, rules, and regulations, leading to unintended consequences with systemic effects (Epstein, 2015; Musiani, 2015). Even though researchers such as van Eeten & Mueller (2013) mention the importance of human agency, IG researchers shy away from empirically analysing or incorporating it in conceptualisation of internet governance. This critique gains additional weight when one adopts a broad definition of IG such as “decision making with constitutive (structural) effect whether it takes place within the public or private sectors, and formally or informally” (Braman, 2009, p. 3) or even just recognises that governance “may be just a side effect of actions with non-governance-related aims” (Hofmann et al., 2016, p. 4).

Tackling the macro questions of politics and power related to IG requires unpacking the micro practices of governance as mechanisms of distributed, semi-formal or reflexive coordination, private ordering, and use of internet resources. Similarly to a scientific lab where “scientific order is constructed out of chaos” (Latour & Woolgar, 1986, p. 33), seemingly stable arrangements of IG arise from the chaos of taken for granted, mundane, and often apparently unrelated activities of internet design, regulation, and use. It is this focus on practices and routines, discourses and design that makes us talk about the doing of internet governance: as an “accomplishment embedded in everyday interaction” (West & Zimmerman, 1987, p. 125).1 Continuing the trajectory set by a number of recent arguments for broader use of social theory in making sense of IG (Flyverbom, 2010; Hofmann et al., 2016; Musiani, 2015; Ziewitz & Pentzold, 2014), this issue argues for adopting a science and technology studies (STS) lens as a way for unpacking the fuzzily defined black box of IG.

In the next section we explain how an STS lens can help addressing some of the blind spots left by institutional and state-centric takes on IG, including functional and structural biases, and how it can foreground the agency of human actors. We will then conclude with presenting papers in this special issue and articulating how they help moving the field of IG research forward.

Bringing STS in – doing internet governance

The field of science and technology studies has developed a set of concepts and sensibilities (Law, 2008; Law & Singleton, 2013) that not only addresses the role of technology within the social, as it is often highlighted, but also what it means to study social order proper. In contrast to classical social theory, which is at the basis of international relations and institutional economics approaches, this perspective does not assume the existence of such an order that needs to be analytically re-constructed (Wagner, 1994, p. 274-276; Latour, 2005, p. 5-8) – or politically changed by means of regulation. Instead, STS scholars consider the social an “effect generated by heterogeneous means“ (Law, 1992, p. 382), thus making continuous processes of ordering – of economic, political, discursive, technical or other nature2– the main focus of scientific inquiry. In this context, governance is broadly understood as social ordering, which does not happen exclusively in politically designed institutions, but is also enacted through mundane practices of people engaged in maintaining or challenging the social order (Woolgar & Neyland, 2013).

For the field of IG, such an approach to the study of social order implies new ways to question, and re-assemble what we think of as the internet (as in, the set of technologies and protocols) and of governance (as in, broad processes of social order). First, an STS lens lends itself particularly well to considering the internet beyond “critical infrastructure” and a limited number of institutions and processes such as ICANN, IETF, WSIS or IGF (Van Eeten & Mueller, 2013; DeNardis, 2012). For example, studying IG related controversies (Pinch & Leuenberger, 2006) is one STS-informed way to unpack the scope of what is meant by internet in IG. Interconnection agreements between internet service providers (Meier-Hahn, 2015), the debate around net neutrality (Marsden, 2010), the use of deep-packet-inspection (Mueller, Kuehn, & Santoso, 2012) and content filtering technologies (Deibert & Crete-Nishihata, 2012), ubiquitous surveillance measures and the use of DNS for regulatory aims (DeNardis & Hackl, 2015) are just a few examples for key sites of contestation over what we think of as our object of study – the internet.

Second, the sensibility for social order as continuous and contested processes translates into a growing attention to the mundane practices of all those involved in providing and maintaining, hacking and undermining, developing and testing, or simply using the network of networks (Musiani, 2015), thus expanding the notion of governance in IG. These diverse practices are not seen as mere objects of regulation, but as elements constitutive to articulating, reifying and challenging established, emerging or contested norms – it is the “doing” of IG. As such, at an analytical level, borrowing from the rich STS tradition of studying the scientific enterprise (e.g. Latour & Woolgar, 1986), this ensemble of invisible work and mundane practices is not treated markedly separate from the designated IG institutions. Thus, IG as a continuously emerging and dissolving order, in this view, is – rephrasing John Law (1992, p. 382) – an effect generated by heterogeneous means. Moreover, conceptually, an STS lens relieves the pressure of pursuing a single precise definition of internet governance as a prerequisite to meaningful enquiry (Ziewitz & Pentzold, 2014). Instead, STS approaches mostly consider that not only is it not necessary to provide one precise definition and perimeter of IG, but that the assumptions derived from this operation may go to the detriment of apprehending how the practice of internet governance is enacted, in pervasive, networked and often invisible ways.3

Key aspects of doing internet governance

Applying the STS lens to IG studies is not entirely new. In recent years, a growing body of STS-grounded IG research (e.g., DeNardis, 2009, 2014; Flyverbom, 2010; Hofmann et al., 2016; Mueller, Kuehn, & Santoso, 2012; Musiani, 2015; Ziewitz & Pentzold, 2014) has brought to the fore a number of important IG facets and complexities that haven’t been the focus of research grounded in political and legal scholarship. The aspects of doing IG highlighted in STS-informed scholarship start with drastically different conceptual frameworks and lean on specific approaches to research cases, sites, and questions. Conceptually, STS-informed IG research relies on understanding IG as a normative ‘system of systems’ and it acknowledges the agency, often discrete and pervasive, of both human and non-human actors and infrastructures. Empirically, STS-informed IG research focuses on the dynamics of ‘ordering’ of assemblages and hybrid arrangements of IG; on the structural and performative effects of controversies and de-stabilisations on norm- and decision-making, or on the construction of authority and trust; and finally, on hybrid forums, private arrangements, users and their practices. All these components help flesh out the ‘doing’ of IG and may be of use in revisiting central, yet ill-defined, concepts such as multi-stakeholderism. Below, we unpack each one of those key aspects.

IG as a normative ‘system of systems’. Technical and political governance are becoming more and more intertwined. The core issue for scholars of IG at the present stage is to acknowledge not only the plurality of these modes of governance, but the fact that they cannot be fully separated. STS approaches plead for an understanding of internet governance as coexistence of different types of norms, elaborated in a variety of partially juxtaposed forums, enforced, implemented or merely “suggested” via a plurality of normative systems: law, technology, markets, discourses, and practices (Brousseau, Marzouki, & Méadel, 2012) .

Ordering vs regulation (and “back to the institutions”). Acknowledging the diverse origins of norms relevant for the use and design of the internet, most STS-informed IG researchers base their understanding of governance in ordering instead of regulation, management or control.4 As opposed to these concepts, ordering not only captures the normative effect of mundane practices and daily routines, it is also considered particularly well-suited to the analysis of the organisational forms of global politics as assemblages – hybrid configurations constantly reshaping their purposes and procedures in order to connect and mobilise objects, subjects and other elements, constituted and positioned relationally, around particular issues. In this light, institutions of IG can also be explored with an STS-informed toolbox, by capturing the complexity of global “political” governance arrangements as sets of embedded practices (Flyverbom, 2011).

Agency of non-human actors and infrastructures as loci of mediation. Information intermediaries, critical internet resources, internet exchange points, surveillance and security devices play a crucial governance role alongside political, national and supra-national institutions and civil society organisations (Musiani, Cogburn, DeNardis, & Levinson, 2016). IG takes shape through a myriad of infrastructures, devices, data fluxes and technical architectures that are often discreet and invisible, yet nevertheless crucial in subtending building the increasingly public and articulate network of networks. Laura DeNardis (2014, p. 11) defines these entities as infrastructural “control points”, around which are entangled matters of technical and economic efficiency, as well as negotiations over human and societal values such as intellectual property rights, privacy, security, transparency. Recent scholarly and policy discussions on “Governing Algorithms” connect with this aspect, and explore not only governance of algorithms, but also the governing power of algorithms themselves (Ziewitz, 2016; Musiani, 2013).

Mundane practices and agency of human actors. Contrary to the institutional approaches to IG, STS-informed scholarship acknowledges the role of invisible, mundane, and taken-for-granted practices in the constitution of design, regulation, and use of technology. It calls the attention to reflexive acts of individuals in articulating internet standards (Braman, 2011), the social aspects of crafting and enacting internet-related policy (Epstein, 2011; Kuerbis, 2010), as well as institutionalisation of non-traditional forms of participation in discourse about IG issues (i.e. multi-stakeholderism), and mechanisms for civic engagement (Epstein, 2013; Nonnecke, 2016). As such it pays the necessary attention to the social - and not just political - aspects of the socio-technical systems of the internet.5

Controversies as structuring and performative processes. STS-informed approaches to IG analyse the structuring and performative effects of controversies on governance. Most prominently, controversies around claims made by different actors or groups about doing IG contribute to the creation of different worlds in which specific notions of governance make sense. Thus, the study of controversies unpacks ‘governance’ as a theoretical and operational concept, by exposing the plurality of notions it refers to, and the consequences of their being in conflict (Cheniti, 2009; Ziewitz & Pentzold, 2014). The very processes by which norms are created, re-negotiated, put to the test, re-aligned, raise conflicts, are as crucial - and perhaps more crucial - in STS perspectives as the “stabilised” norms themselves. The authority of IG institutions should also be analysed as such if we are to avoid an understanding of it as a ‘fait accompli’ (Flyverbom, 2011).

Hybrid forums, privatisation, users… enriching and revisiting ‘multi-stakeholderism’. Several concepts brought in by the STS toolbox, as well as several fieldwork choices, can help unveiling a number of situated practices on, by and for the internet that arguably constitute a vital part of ‘doing internet governance’. In particular, they help enriching and revisiting the concept of multi-stakeholderism (Malcolm, 2008). For example, understanding IG through the lens of Michel Callon et al.’s ‘hybrid forums’ (2009) - entities meant to transform controversies into productive dialogue and bring about democracy - show the importance of actors’ positioning in subsequent decision-making. If the role of the private sector is more and more important in internet governance arrangements, as it is increasingly widely acknowledged, the technology-embedded nature of its intervention can be brought to the foreground by STS methods. Examining the relationship of internet users to content they put online or consume, to their devices and the values they embed, ‘does’ governance inasmuch as it reflects belonging and commitment to a set of norms and to a community in a broad sense, and reveals the interplay of issues of sovereignty, autonomy, and civil liberties (Elkin-Koren, 2012).

Contributions to this special issue

We view this special issue as an important milestone in the broader intellectual project seeking to leverage STS-informed conceptual and empirical toolsets to push the boundary of IG research. This work does not wish to directly criticise or question mainstream IG research. Instead it seeks to add to existing scholarship by focusing on the mundane, situated practices of designing, maintaining, regulating, and using the internet - the aspects of governance that are often overlooked or taken for granted. The papers in this issue cover a broad area of doing IG ranging from concepts and modes of internet ordering, through investigating the link between politics of internet infrastructure and infrastructure as internet politics, to unpacking processes of discourse production and issue framing in IG. Taken together they offer conceptual and empirical contributions that we hope will fuel discussions on how we think about both internet and governance in the context of IG.

The first set of papers engages with concepts and modes of ordering. Mikkel Flyverbom highlights information control and the “management of visibility” as a form of governance. In this view, the current trend to seemingly more transparency is only one side of the coin. In most cases, he argues, transparency reports and big data analytics are disclosing as much information as they conceal. More broadly, this allows to uncover the largely invisible ways in which digital infrastructures and architectures institutionalise and normalise particular forms of seeing, knowing and governing. Romain Badouard, Clément Mabi, and Guillaume Sire recondition Foucault’s concept of governmentality in order to analyse the power and control exercised by platform providers and developers. They are able to show that power not only rests in more or less obvious ‘points of control’, but that it is often exercised more subtly by directing, constraining and framing routine online behaviour through specific forms of website design or frameworks for the development of apps. Taken together, both papers highlight the largely invisible aspects of IG. They demonstrate that institutions such as ICANN, IETF, WSIS, and IGF are only the tip of the iceberg, while governance is rooted in far more pervasive - yet discrete in the eyes of the user - mechanisms of power and control.

Drawing STS approaches’ suitability to analyse in a detailed and situated fashion the design, construction, establishment, and appropriation of technology, a second set of papers explores the connections between the politics of internet infrastructure and infrastructure as internet politics. In a contribution that is both a precious historical effort and an innovative perspective on early internet design as policy, Sandra Braman draws from a large-scale analysis of the Internet Engineering Task Force’s Requests for Comments to explore early internet engineers’ techniques to cope with constant change and instability in conceptual labour, social practices, technical approaches, and definitions themselves. In essence, she argues, this coping work constitutes the early internet’s policymaking. Early internet designers are also at the core of Steven Malcic’s contribution. Grounding his thorough and original archival work in social constructivism and path dependency theory, the author explores the daily struggle of early engineers of the Advanced Research Project Agency Network (ARPANET) to keep this precursor of today’s internet in working order. Malcic argues that these designers started doing an ante litteram internet governance work to solve a fundamental problem of design: the need to address future users. Ashwin J. Mathew also touches upon internet infrastructure design in his analysis; in a piece that is sure to spark discussion, he argues that current internet experiences of “apparent decentralisation” are constructed over an infrastructure which was never decentralised, nor designed with decentralisation as a goal. Using the Border Gateway Protocol as a case study, Mathew argues that responses to current concentrations of power of the net cannot rely on technology alone as a mechanism for eliminating centralised control; socially desirable outcomes should be pursued by combinations of political and technological interventions, at different layers of the internet. A similar argument is put forward by Primavera De Filippi and Benjamin Loveluck in their piece on the interplay of technical, social and political governance of Bitcoin. In today’s context of frequent hype surrounding blockchain technology, praising in particular its capacity to entirely self-regulate via the algorithm it subtends, the authors use the late 2015/early 2016 controversy over the Bitcoin XT fork to illustrate the limitations of over-reliance on purely technical tools to address complex issues of governance, including elements of social coordination and economic exchange.

A third and final set of papers focuses on processes of discourse production and issue framing in internet governance, exploring them as sites of social ordering where worlds, definitions, meanings, and alliances are co-produced. Julia Pohle draws upon her in-depth observation of the United Nations Working Group on Enhanced Cooperation, and upon theoretical approaches including actor-network theory and interpretive policy analysis, to innovatively contribute to the study of multistakeholder policy-making. By focusing on actors’ positionings and on processes rather than outcomes - she argues - it is possible to show the validity of the results of multistakeholder processes albeit in the absence of binding outcomes. Using as a case study the ‘Free Basics’ controversy in India - one of the most telling examples, in recent times, of issues surrounding net neutrality and zero-rating policies - Anita Gurumurthy and Nandini Chami seek to “recover[...] from social practice the contested meanings of the internet”. The authors discuss the discursive and material practices uncovered in the Free Basics case - in particular the conflicting notions of access used in the debate - in light of their meaning for internet governance, especially in terms of the challenge they pose to dominant discourses of economic globalisation. What Gurumurthy and Chami do for access, Josephine Wolff does for security: while actors in the IG/cybersecurity space generally agree that the improvement of internet security is an important goal, she argues, the word has different meanings to different stakeholders. This ambiguity, she stresses, is actually crucial to maintaining a functional multistakeholder governance model, as it lends itself well to negotiation and discussion, contributing to the very fabric of consensus; however, this implicit difference in meanings greatly complicates the search for solutions. Carsten Ochs, Fabian Pittroff, Barbara Büttner, and Jörn Lamla mobilise social worlds theory to revisit debates on privacy and data security. Their case studies of the Schengen/National Routing (SNR) proposal and the German Parliamentary Committee investigating NSA activities illustrate how policy and governance heavily rely on translating contested issues into a shared set of frames, thus lending sense and legitimacy to proposed solutions. Interestingly, their findings suggest a strong dominance of the routines and frames of the nation state – despite the global nature of the issues investigated.

Conclusion

Answering recent calls for broader use of social theory in making sense of IG, this special issue makes an argument for, and illustrates, the applicability of an STS lens to the study of IG. Taken together, the STS framework put forward in this editorial and the articles composing this issue break away from the path dependency of IG research by unpacking macro questions of politics and power through the analysis of practices and discourses that constitute design, regulation, maintenance, and use of both technical and institutional arrangements of IG. As such, this body of work calls to rethink how we conceptualise both internet and governance.

When examined through the STS lens, the internet does not constitute a given, static technological development that needs to be regulated. Instead, the very fibre cables, routers, protocols, and all the other technological elements of the network of networks constitute, perpetuate, and contest order in the first place. In other words, implementation of seemingly technical decisions about the technological design of the network and its operating rules, which are often opaque for the user, constitute a facet of governance itself. But it is not only those decisions, even in combination with formal law and regulation, that draw a complete and nuanced picture of governance when IG topics are examined through the lens of STS. STS-informed IG research pushes further, by unpacking seemingly stable black boxes of technology and regulation through observation and analysis of apparently unrelated activities of internet design, regulation, and use. Some of these activities are deliberately deployed to regulate, but most of them are rather mundane and taken-for-granted routines.

The articles in this issue demonstrate how technical decisions may have a constitutive effect by encoding values, normalising and institutionalising norms of knowing, or by directing online behaviour. At the same time, they unveil the very social nature of the technology design endeavour by showing how technical decisions are intimately intertwined with the social and cultural contexts of their design, and in many cases are dependent on inherently social and political arrangements of trust and consensus. In addition, articles in this collection bring forward the role of deliberation and discursive reflection as constitutive forces in dealing with specific internet policy related issues as well as in establishing norms and propagating unique forms of governmentality for the ordering of the internet.

The STS lens presented in this volume does not necessarily negate or reject previous IG research that is mainly focused on the institutional level and the role of the state. Instead it unpacks some of the elements that are considered as constant or static when the object of analysis is an institution or a state as a whole. The STS lens enables to connect the micro actions of individuals and the affordance of particular technical artifacts with emergent attributes of large, complex systems. As such, it adds a layer of complexity and dynamics, thus allowing to ask more nuanced questions about arrangements of power in IG. The focus on individual cases and particular contexts can be criticised for its limited generalisability and the challenge of validating empirical claims. Yet, this perceived weakness of conducting research on the micro scale can also be viewed as an important opportunity to validate assumptions and observations made about the internet and its governance as a whole. The very focus on detail, specific cases, and controversies offers important ecological validity, often missing in research that takes a more general stance.

If we use the proverbial dark alley - where a man is searching for his keys under a streetlamp only because this is the only lit spot - as an allegory for IG research, this issue adds another lamppost. The STS perspective we develop here offers new perspectives on issues that have been examined before, illuminates previously overlooked aspects of IG, enables asking new questions, and offers new methodological ways of doing that. Of course, just as any other conceptual or methodological approach, the STS toolkit has its limitations and is subject to valid criticism, but together with the existing (and thriving) body of IG work, it makes the dark alley of research in this field a little better lit.