The Global Commission on Internet Governance (GCIG) advocates that governments, in collaboration with individuals, private corporations and technical community stakeholders, adopt measures in a new global social compact to achieve digital privacy and trust.
Toward a Social Compact for Digital Privacy and Security was presented at a press conference today by Carl Bildt, chair of the GCIG and former prime minister of Sweden, on behalf of the GCIG. The Commission met on 14 and 15 April in The Hague, Netherlands.
It is now essential that governments, collaborating with all other stakeholders, take steps to build confidence that the right to privacy of all people is respected on the Internet, Bildt urges. It is essential at the same time to ensure the rule of law is upheld. The two goals are not exclusive; indeed, they are mutually reinforcing.
Individuals and businesses must be protected from the misuse of the Internet by terrorists and cybercriminal groups, as well as from the overreach of governments and businesses that collect and use private data.
The core elements that the commission advocates in building the new social compact are:
* Privacy and personal data protection as a fundamental human right – fundamental human rights, including privacy and personal data protection, must be protected online. Threats to these core human rights should be addressed by governments and other stakeholders acting both within their own jurisdiction and in cooperation.
* The necessity and proportionality of surveillance – interception of communications, collection, analysis and use of data over the Internet by law enforcement and government intelligence agencies should be for purposes that are openly specified in advance, authorised by law (including international human rights law) and consistent with the principles of necessity and proportionality. Purposes such as gaining political advantage or exercising repression are not legitimate.
* Legal transparency and redress for unlawful surveillance – laws should be publicly accessible, clear, precise, comprehensive and non-discriminatory, openly arrived at and transparent to individuals and businesses. Robust, independent mechanisms should be in place to ensure accountability and respect for rights. Abuses should be amenable to appropriate redress, with access to an effective remedy provided to individuals whose right to privacy has been violated by unlawful or arbitrary surveillance.
* Safeguarding online data and consumer awareness – businesses or other organisations that transmit and store data using the Internet must assume greater responsibility to safeguard that data from illegal intrusion, damage or destruction. Users of paid or so-called “free services” provided on the Internet should know about, and have some choice over, the full range of commercial use on how their data will be deployed, without being excluded from the use of software or services customary for participation in the information age. Such businesses should also demonstrate accountability and provide redress in the case of a security breach.
* Big data and trust – there is a need to reverse the erosion of trust in the Internet brought about by the non-transparent market in collecting, centralising, integrating and analysing enormous quantities of private information about individuals and enterprises — a kind of private surveillance in the service of “big data,” often under the guise of offering a free service.
* Strengthening private communications – consistent with the United Nations Universal Declaration of Human Rights, communications should be inherently considered private between the intended parties, regardless of communications technology. The role of government should be to strengthen the technology upon which the Internet depends and its use, not to weaken it.
* No back doors to private data – governments should not create or require third parties to create “back doors” to access data that would have the effect of weakening the security of the Internet. Efforts by the Internet technical community to incorporate privacy-enhancing solutions in the standards and protocols of the Internet, including end-to-end encryption of data in transit and at rest, should be encouraged.
* Public awareness of good cyber-security practices – governments, working in collaboration with technologists, businesses and civil society, must help educate their publics in good cyber-security practices. They must also collaborate to enhance the training and development of the software workforce globally, to encourage creation of more secure and stable networks around the world.
* Mutual assistance to curtail trans-border cyber threats – the trans-border nature of many significant forms of cyber intrusion curtails the ability of the target state to interdict, investigate and prosecute the individuals or organisations responsible for that intrusion. States should coordinate responses and provide mutual assistance to curtail threats, to limit damage and to deter future attacks.
The GCIG is a two-year initiative launched by the Centre for International Governance Innovation (CIGI) and Chatham House. With twenty-nine commissioners and thirty-six research advisers, the GCIG will produce a comprehensive stand on the future of multi-stakeholder Internet governance, with a final report in 2016.