Digitalization is now permeating every aspect of our daily and working lives. It therefore comes as no surprise that companies from the Internet and digital industry are coming increasingly into the focus of ethical and political debates. Amongst all of the talk/clamor, a consistent message from the Internet industry rings through as clear as a bell: the key to maintaining the energy and innovation of digitalization, whilst at the same time ensuring societal safeguards, is industry self-regulation.
While critics may regard this message as being self-serving on the part of the industry, in reality it represents the outcome of more than two decades of distilled learning. All companies are aware that, while digitalization is ushering in countless innovations and positive changes in human life, it is also accompanied by some undesirable side-effects that need to be faced up to. Naturally, when we switch on our laptop or smartphone, we want to be sure that we are not bombarded by unsolicited emails and that we can shop safely; that we can communicate with friends without sharing our data with the world; that our children can reap the massive benefits of digitalization, without being exposed to society’s darker side. Reassuringly, as this edition of dotmagazine shows, ample evidence exists of the industry’s evolving ability to counter these hazards – and even more importantly, to counter them through self-regulatory measures which offer faster and more effective methods than prescriptive regulation ever could. In reading this month’s articles, what becomes most apparent is: All companies can tap into their trademark energy and innovation to contribute to self-regulation – and to a better Internet.
Self regulation – to achieve cross-border consensus in the borderless Internet
But, firstly, what does self-regulation entail? Detractors often view it as a laissez-faire approach led purely by market interests. However, self-regulation in the eyes of the Internet industry is a nuanced approach and does not equate to stamping out regulation – it is a response, rather, to the inherently transnational nature of the worldwide web and to its sheer pace of development. In other words, the global architecture of digitalization has rendered the “protective shield” of national legal and moral systems inadequate when it comes to digitalization, with global governance and self-regulation therefore becoming the rational alternatives. Moreover, assuming that the impetus for self-regulation is always industry-fueled is simply wrong. Due to the wide range of challenges (institutional, technological, and social) presented by the boundless growth of the Internet, governments have questioned their own capacity to do more than steer digitalization, and the industry itself is often resorted to as a resource for responsibility. As self-regulation evolves, the Internet community is looking for a different relationship with government, and to find a common ground for internationally acceptable rules and regulations.
But even as the industry as a whole embraces the concept of self-regulation, individual companies may still need to be convinced of the commercial advantages of the approach. As Rafael Laguna of Open Exchange points out in his article 'The Economics of Trust in Digital Services', “trust is emerging as a crucial factor for the success of Internet service providers. ISPs are finding that customers are so appreciative of trustworthy services that sustainable and successful businesses can be built on their loyalty.” Building a better Internet, with greater resilience, stronger security, and better mechanisms for dealing with issues when they arise, is something that everyone benefits from – the digital infrastructure providers, the companies operating commercially on the Internet, and the end consumer.
The multi-stakeholder model – shouldering and sharing responsibility
As such, industry veterans such as Michael Rotert argue that, in the world of self-regulation, the correct model upon which to build – in order to empower both society and the industry – is a multi-stakeholder approach, involving not just the industry and governments, but also civil society, the private sector, the technical community, and academia. The multi-stakeholder approach, which proved its value in redefining Internet governance globally in the debate around the US government’s relinquishing of control over IANA (the institution responsible for the global coordination of DNS Root, IP addressing, and other Internet protocol resources) is a consensus-building process which prevents any one party – be that governments or industry – from monopolizing the discussion (read about that particular adventure in Internet governance in an earlier interview with Thomas Rickert).
As our society and economy becomes increasingly digitalized, the Internet, and subsequently the governance of the Internet, takes on ever greater significance. As our cities and public transport systems become smart, our cars learn to independently prevent traffic accidents, and our factories become able to self-diagnose and self-repair, it is clear that the complexity of the ecosystem of stakeholders is growing dramatically. In such a world, it’s not only the very abstract technical layers of the Internet that require governance – further elements that have a tangible impact on end users, such as IT security, also need to be governed in this manner. Prof. Norbert Pohlmann, Member of the Board at eco, argues that a multi-stakeholder approach is imperative to tackling new challenges arising for IT security in the ecosystems in the Internet of Things – and to ensuring that the Internet industry does not have to singlehandedly shoulder security liability.
“Successful digitalization always demands our ethical reflection”
Self-regulation based on multi-stakeholder input may be a system which is still finding its feet, but it is more than conducive to taking on ethical considerations. The Internet industry’s development is increasingly being underpinned by a conscious industry morality. For example, the eco Association, as voice of the industry, has stepped up to assume social responsibility for ethically-oriented digitalization. As the CEO of the eco Association Harald A. Summa points out, “Aside from hardware and software, successful digitalization always demands our ethical reflection. With the myriad of new digital possibilities and opportunities for individuals, values and morality must be the safety rails to keep society from going off track.”
Such social responsibility provides a basis for shared understanding that can question, guide, and set limits around economic considerations, by giving a voice to other aspects of what is important for the industry, consumers, and society – such as protection of minors within the Internet setting. Within the broad spectrum of the Internet’s activities, the area which is undoubtedly generating the most public debate is the regulation of online content. And in this area, the Internet industry is already successfully taking the lead. At the front-line of its self-regulatory work are the industry’s complaints offices, which form part of the international INHOPE network of hotlines. Alexandra Koch-Skiba, Head of the eco Complaints Office, believes that not only is self-regulation the best way for swiftly removing illegal and harmful content from the Internet – no matter which country it is hosted in – but it can also, through the application of industry standards, help to stop it from getting up there in the first place.
Industry collaboration – projects to encourage the adoption of best practices and standards
But while the multi-stakeholder approach is a proven mechanism for taking on the big societal questions of governance, there is still space for the self-regulation of the Internet in terms of industry initiatives. The industry’s endeavors in this regard are clearly manifest in its multiplicity of initiatives to promote best practices and open solutions, working towards creating greater Internet security on the one hand, and reducing the digital divide on the other.
Once the painstaking process of developing best practices and standards has been achieved, what remains to be done is to encourage adoption. Many Internet industry companies are collaborating in a whole variety of different projects to promote the uptake of standards that can, for example, ensure user safety, support inclusion, improve security and data protection, and heighten user experience. And as evidenced in initiatives such as the Open Compute Project (read Robbert Hoeffnagel's article), such collaborations can also produce significant benefits for the environment - not to mention for the industry itself, with multiple benefits including increased agility and lower costs.
In the area of responsible email marketing, a wealth of good practice models exist. This is an area long supported by the industry, notably through the eco Certified Senders Alliance (CSA). The goal of email authentication represents a major step towards ensuring consumer security and building trust, as Julia Janssen-Holldiek, Director of the CSA, argues. Industry protocols such as DMARC (Domain-based Message Authentication, Reporting & Conformance), which authenticate and verify emails at the receiver end, are paying off. Meanwhile, the Authindicators Working Group is working on the BIMI (Brand Indicators for Message Identification) initiative with a view to encouraging brands, marketers, and their email senders to implement DMARC.
Data privacy and enabling users to have control over their data is another area that has received a significant amount of media attention in the past year. Martin Przewloka, CDO with msg Group Automotive explores data ownership, data sovereignty, and issues with consent and anonymization of personal data. With data portability enshrined in the GDPR, the industry also needs to tackle the issue of vendor lock-in. The ID4me project offers a solution in an open, federated, privacy-friendly, global identity management protocol, which has been developed to provide a global universal digital standard for identity management, as Katja Speck explains. Meanwhile, the ICANN Universal Acceptance Steering Group, whose vision is “to enable the next billion users to build their own spaces and identities online,” is working towards building a multilingual Internet in which users around the world can navigate entirely in local languages, through encouraging the universal acceptance of the broad range of new top-level domains by services and platforms around the world. “The web alienates non-English speakers,” Mark Svancarek argues, “and we need to change that.”
Another initiative that promotes the security and resilience of the Internet is the MANRS project, initiated by the Internet Society. MANRS brings together ISPs and IXPs to implement best practices for dealing with route leaks and improving routing hygiene, reducing the chance for data to be lost or manipulated while in transit, as explained by Christian Dietzel, Head of R&D at DE-CIX, who has been instrumental in developing the IXP side of the MANRS project.
As digitalization proceeds apace, the industry is fundamentally driven by its potential to produce previously undreamt of solutions, which go far beyond narrow interests of profit making. But even for companies who may principally be motivated by commercial factors comes the realization that, if they fail to act when it comes to online hazards, this will damage their reputation and their shareholder value in the long-term. It is a business maxim that you should change before you have to. The issues of trust, integrity, and privacy are now taking center stage – and the solution is that of socially responsible self-regulation.
Lars Steffen is Director International at eco – Association of the Internet Industry (international.eco.de), the largest Internet industry association in Europe. At eco, he coordinates all international activities of the association and takes care of the members from the domain name industry and the blockchain community. He further represents the industry as Community Outreach Co-Coordinator of the Universal Acceptance Steering Group at the Internet Corporation for Assigned Names and Numbers (icann.org), to facilitate the support of internationalized domain names and email address internationalization.