A tale of two foundational orders

The Internet – as a global technological facility enabling information and communication creation and exchange – has become an object of regulation by international law. But more than that: the Internet’s security, stability, robustness, resilience and functionality (its integrity) has crystallized into a global common interest. Internet integrity has become essential for the effective administration for all private and statal critical infrastructural resources.

States are not able to regulate through national law alone the network of networks as a multi-layered socio-technological facility. International law thus plays a key role in the regulation of the internet. This is not a recent development. Early regulatory approaches to the internet committed to an international law-based order of the internet: a “people-centred, inclusive and development-oriented Information Society […] premised on the purposes and principles of the Charter of the United Nations and respecting fully and upholding the Universal Declaration of Human Rights.“

The purposes and principles of the UN Charter are foundational elements of the international legal order, some of them have ius cogens character. A 2015 report of a UN Group of experts confirmed that international law, including the UN Charter and international legal principles, apply fully to the Internet. Indeed, the international community aspires to regulate the internet in a peaceful manner “for the common good of mankind”.

New rules?

Is there a need to develop new rules? International law is the ius necessarium of the Internet. It is only international law that can successfully protect global common interests: certainly, the integrity of the internet’s public core lies in the global common interest as does the mitigation of dangers stemming from misuses of the internet. The public core has been defined as including „packet routing and forwarding, naming and numbering systems, the cryptographic mechanisms of security and identity, and physical transmission media“.

There are no international conventions directly pertaining to the internet’s public core, but its foundations are protected indirectly through the enabling dimension of human rights treaties. States must not only respect human rights, but also protect them. Individuals, as the Tallinn Manual authors wrote, enjoy “customary international human rights protection with respect to their cyber-related activities”. States need to ensure the respect for these rights. Of particular importance are the right to privacy, freedom of expression and the overarching right to internet access.

International law is to be fully applied to the Internet, including with regard to regulating cybersecurity. Particularly relevant to ensuring and promoting cybersecurity are the following principles of international law, some of which have been translated into treaty law in the UN Charter, are protected under customary international law or are recognized as part of the general principles of international law: sovereign equality, the ban on aggression and intervention, peaceful settlement of disputes, the protection of human rights, the cooperation principle (which draws on the principle of good neighborliness (‘no harm’) and the precautionary principle (‘due diligence’).

Customary international law and the general principles of international law particularly restrict (and define) national Internet policy. Each state has protection obligations vis-à-vis the international community – to avert threats to the stability, integrity and functionality of the Internet – which can be derived from customary international law.

In addition to post-incident information and communication requirements, preventive obligations arise from the due diligence principle and the tenets of good neighborliness and can in part only be met in cooperation with non­governmental stakeholders. This binding cooperation principle of customary international law provides mandatory guidance to states in their development of strategies for promoting Internet integrity.

Law is not enough

Internet governance – the development and application by states, the private sector and civil society, in their respective roles, of norms and procedures shaping the evolution and use of the internet – is the second foundational order of the internet. The norms developed within the normative processes of Internet governance are part of the category of transnational regulatory arrangements, which form an element of the normative order of the Internet.

Internet governance has a much broader ambit than international law in that it focuses less on norms and more on responsibilities of actors for different aspects of the governance of the Internet. Internet governance tends to normatively frame, in a non-binary (legal/illegal) logic, with varying, flexible normativity, the ‘softer’ topics of Internet regulation such as accountability in contrast to traditional (international) legal approaches focusing on, e.g., international cooperation to fight cybercrime. Principles such as due diligence and initiatives for Internet-related capacity-building blur the differences and consequently have foundations in both orders. This also makes the deep connection between law and governance of the Internet clear.

An order of two dominions: international Internet governance law

Just as elaborating and accepting Internet governance mechanisms can be examples of state practice, new legal instruments, including court decisions, can strongly influence governance decisions and processes. A case in point is the Global Commission on the Stability of Cyberspace, a commission charged with refining Internet governance to ensure a stable Internet. The Commission, in late 2017, proposed a norm to specifically protect the public core of the Internet and establish a principle of non-interference with it: “Without prejudice to their rights and obligations, state and non-state actors should not conduct or knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.”

This is obviously a more precise formulation of the non-interference principle, oriented towards the public core of the Internet, whose protection lies in the common interest. As states are enjoined, by customary international law, from damaging global infrastructure essential for ensuring internet integrity (because its protection lies in the common interest), the norm does not include a new duty but rather puts an existing one into sharper focus and thus promotes norm-conforming behavior. The normative pull holds water even against phenomena of Internet fragmentation (Russia), nationalization (China) and normative extraterritoriality (GDPR).

Internet governance processes are normative forums in which norms are proposed by norm entrepreneurs, discussed, promoted, sometimes adopted (in non-binding declarations or collections of principles), used by states – and  are then ready to be reimported into international law as a contribution to the crystallizing obligation of all states to ensure the protection of the common interest that lies in the internet’s stability, security, functionality and integrity.

Internet governance processes may sometimes suffer from vague language and repeated normative mantras (“multistakeholderism”), but they nevertheless matter because they produce norms and legitimize procedures in which these norms are developed.

Internet governance is based on international law and contributes to international legal developments. Understanding the Internet and its regulatory challenges means understanding both international law and Internet governance and the rich normative potential of their interaction. This will be progressively evident, not only at the Internet Governance Forum.

PD Mag. Dr. Matthias C. Kettemann, LL.M. (Harvard), is Head of the Research Program Regulatory Structures and the Emergence of Rules in Online Spaces at the Leibniz Institute for Media Research | Hans-Bredow-Institut (HBI), Hamburg, Chair ad interim for Public Law, International Law and Human Rights – Hengstberger Professor for the Foundations and Future of the Rule of Law, University of Heidelberg, and associated researcher at the Alexander von Humboldt Institute for Internet and Society, Berlin and the Privacy and Sustainable Computing Lab of the Vienna University of Economics and Business.

Cite as: Matthias C. Kettemann, “A tale of two foundational orders. How international law and Internet governance protect the future of (us on) the Internet”, Völkerrechtsblog, 28 November 2019, doi: 10.17176/20191128-180707-0.