[{"command":"settings","settings":{"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"ajaxPageState":{"libraries":"eJwry0wtL9YvA5F6ufkppTmpOmBOfGJWYkV8emqJPowBFc_MS8vMyyxJjS9OLsrPyYFo1YWJ6kJEAdF1Ikc","theme":"cfr_theme","theme_token":null},"ajaxTrustedUrl":[],"views":{"ajax_path":"\/views\/ajax","ajaxViews":{"views_dom_id:322a576ab6c04f0a859e77b25d83d8a76fffdc0d69bd69de66b54076044bf793":{"view_name":"blog_posts","view_display_id":"block_archived_blog_posts","view_args":"17\/252719\/2015","view_path":"\/custom\/ajax\/archived_blog_posts\/17\/252719\/2015","view_base_path":null,"view_dom_id":"322a576ab6c04f0a859e77b25d83d8a76fffdc0d69bd69de66b54076044bf793","pager_element":0}}},"viewsAjaxGet":{"blog_posts":"blog_posts"},"user":{"uid":0,"permissionsHash":"e331052eb0a1bc4b2feb3d0cfc1f0f2f6ec5dfd9a50125d1397e4ccee31da7be"}},"merge":true},{"command":"add_css","data":[{"rel":"stylesheet","media":"all","href":"\/sites\/default\/files\/css\/css_sgviVl_37H6Ta5Bl-lc7uAkjneU0Dj6JvASOxbgV9L8.css?delta=0\u0026language=en\u0026theme=cfr_theme\u0026include=eJwry0wtL9YvA5F6ufkppTmpOmBOfGJWYkV8emqJPowBFc_MS8vMyyxJjS9OLsrPyYFo1YWJ6kJEAdF1Ikc"}]},{"command":"add_js","selector":"body","data":[{"src":"\/themes\/custom\/cfr_theme\/node_modules\/jquery\/dist\/jquery.min.js?v=3.1.0"},{"src":"\/themes\/custom\/cfr_theme\/node_modules\/jquery-migrate\/dist\/jquery-migrate.min.js?v=3.1.0"},{"src":"\/core\/assets\/vendor\/once\/once.min.js?v=1.0.1"},{"src":"\/core\/misc\/drupalSettingsLoader.js?v=10.2.11"},{"src":"\/core\/misc\/drupal.js?v=10.2.11"},{"src":"\/core\/misc\/drupal.init.js?v=10.2.11"},{"src":"\/core\/assets\/vendor\/tabbable\/index.umd.min.js?v=6.2.0"},{"src":"\/core\/misc\/progress.js?v=10.2.11"},{"src":"\/core\/assets\/vendor\/loadjs\/loadjs.min.js?v=4.2.0"},{"src":"\/core\/misc\/debounce.js?v=10.2.11"},{"src":"\/core\/misc\/announce.js?v=10.2.11"},{"src":"\/core\/misc\/message.js?v=10.2.11"},{"src":"\/core\/misc\/ajax.js?v=10.2.11"},{"src":"\/themes\/contrib\/stable\/js\/ajax.js?v=10.2.11"},{"src":"\/modules\/contrib\/views_ajax_get\/views_ajax_get.js?tcwifo"},{"src":"\/core\/assets\/vendor\/jquery-form\/jquery.form.min.js?v=4.3.0"},{"src":"\/core\/modules\/views\/js\/base.js?v=10.2.11"},{"src":"\/core\/modules\/views\/js\/ajax_view.js?v=10.2.11"},{"src":"\/modules\/contrib\/views_infinite_scroll\/js\/infinite-scroll.js?v=10.2.11"}]},{"command":"insert","method":"html","selector":".blog-series__accordion-item[data-year=\u00222015\u0022] .blog-series__accordion-body","data":"\u003Cdiv class=\u0022views-element-container\u0022\u003E\u003Cdiv class=\u0022js-view-dom-id-322a576ab6c04f0a859e77b25d83d8a76fffdc0d69bd69de66b54076044bf793\u0022\u003E\n  \n  \n  \n\n  \n  \n  \n\n  \u003Cdiv data-drupal-views-infinite-scroll-content-wrapper class=\u0022views-infinite-scroll-content-wrapper clearfix\u0022\u003E\n\n\n\n    \u003Cdiv class=\u0022views-row\u0022\u003E\n    \u003Cdiv class=\u0022views-field views-field-search-api-rendered-item\u0022\u003E\u003Cspan class=\u0022field-content\u0022\u003E\n\n  \n\n\u003Cdiv class=\u0022card-article-large article card-article-large--with-thumbnail\u0022\u003E\n  \u003Cdiv class=\u0022card-article-large__container\u0022\u003E\n    \u003Cdiv class=\u0022card-article-large__content\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__topic-tag\u0022\u003E\n          \u003Ca href=\u0022\/defense-and-security\/cybersecurity\u0022 class=\u0022card-article-large__topic-tag-link\u0022\u003E\n            Cybersecurity\n          \u003C\/a\u003E\n        \u003C\/div\u003E\n            \n                  \u003Ca href=\u0022\/blog\/top-five-cyber-policy-developments-2015-encryption \u0022 class=\u0022card-article-large__link\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__title\u0022\u003E\n            The Top Five Cyber Policy Developments of 2015: Encryption\n                    \u003C\/div\u003E\n                  \u003Cdiv class=\u0022card-article-large__image\u0022\u003E\n            \n                          \u003Cdiv class=\u0022card-article-large__image-cover\u0022 style=\u0022background-image: url(\/\/cdn.cfr.org\/sites\/default\/files\/styles\/card_landscape_m_380x253\/public\/image\/2015\/12\/RTX1JKZP-encryption-Comey.jpg.webp)\u0022\u003E\u003C\/div\u003E\n                      \u003C\/div\u003E\n              \u003C\/a\u003E\n\n              \u003Cdiv class=\u0022card-article-large__dek clamp-js\u0022 data-clamp-lines=\u00224\u0022\u003E\u003Cem\u003EOver the next few days,\u00a0Net Politics\u003Cem\u003E\u00a0will countdown\u00a0the top five developments in cyber policy of 2015.\u00a0Each policy event will have its own post, explaining what happened, what it all means, and its impact on\u00a0cyber policy in\u00a02016. In this post, the encryption debate.\u00a0\u003C\/em\u003E\u003C\/em\u003E\n\n\u003Cem\u003ELincoln Davidson is a research associate for Asia Studies at the Council on Foreign Relations. You can follow him on Twitter\u00a0@dvdsndvdsn.\u003C\/em\u003E\n\nThe debate over encryption\u2014whether tech companies should be required to maintain the ability to decrypt communications pursuant to a lawful government request\u2014dragged on throughout 2015. The year started with a bang, as evidence was released suggesting that the National Security Agency had the ability to break certain virtual private network protocols and it had access to the encryption keys that major telecommunications providers use to encrypt network traffic.\u00a0 It ended with the debate back in the spotlight, as politicians mulled the need to weaken encryption in the wake of terrorist attacks in Paris and San Bernardino, California. (For a solid recap of what\u2019s what in encryption, see this FAQ published by ProPublica.)\n\nThe format of this debate has become almost ritualized. Something bad happens. Politicians, law enforcement agents, and intelligence officials claim that encryption helped enable the bad thing or prevented them from stopping the bad thing. Privacy advocates, security researchers, and representatives of the tech industry respond that there was no evidence that was the case, and that weakening encryption would be even worse than the bad thing. The debate then dies down for a bit, nothing having been accomplished. Rinse, repeat.\n\nIn 2015 we heard from United Kingdom Prime Minister David Cameron; French Prime Minister Manuel Valls; telecommunications regulators in India and Pakistan; government attorneys and police officials in New York City, Paris, London, and Spain; NSA Director Michael Rogers; Senators Dianne Feinstein (D-CA) and John McCain (R-AZ); and presidential candidates Jeb Bush, Hillary Clinton, John Kasich, and\u00a0George Pataki\u00a0all arguing for some form of government access to encrypted communications.\n\nNone of them can match FBI Director James Comey, however, who\u2019s long been one of the most outspoken U.S. government officials in the encryption debate. Comey is particularly opposed to end-to-end encryption, such as that offered by Apple\u2019s iMessage, saying that \u201cuse of encryption is part of terrorist tradecraft now.\u201d Testifying to Congress in early December, for the first time Comey gave a specific example of encryption getting in the way of a federal investigation: a shooter exchanged 109 encrypted messages with an \u201coverseas terrorist\u201d before shooting a security guard at an anti-Islam event in Garland, Texas earlier this year. Comey said he found it \u201cdepressing\u201d that tech industry leaders support encryption and fail to acknowledge that there are \u201csocietal costs to universal encryption,\u201d and called for companies to reconsider their \u201cbusiness model.\u201d\n\nThis \u201cbusiness model\u201d has a lot of support, however, and not just from the tech industry. In the past year alone, strong encryption has garnered public support from the usual suspects in the tech sector such as the Information Technology Industry Council and Apple CEO Tim Cook (who also spoke to \u003Cem\u003E60 Minutes\u003C\/em\u003E on the topic), but also from former NSA and CIA Director Michael Hayden, former Secretary of Homeland Security Michael Chertoff, and former NSA Director Mike McConnell. In May, more than a hundred civil society organizations, tech companies, and security experts signed an open letter urging President Obama to develop \u201cpolicies that will promote rather than undermine the wide adoption of strong encryption technology.\u201d\n\nFor a while, it seemed as if these voices had won. A National Security Council memo leaked in September suggested the president was leaning towards advocating strong encryption. In October, administration officials said they had decided not to seek a legislative challenge to end-to-end encryption for the time being. But then came the terrorist attacks in Paris and San Bernardino, and a debate that had looked like it was almost settled flared back up.\n\nThe debate seems ultimately futile. Both sides keep repeating the same talking points and talking past each other. This isn\u2019t terribly surprising, though. The talking points aren\u2019t just the same as they were a year ago; they haven\u2019t changed much in twenty years. The arguments of today\u2019s advocates of \u201cbackdoors\u201d and \u201cgolden keys\u201d are the same as the arguments that were deployed in the 1990s in support of the Clipper chip. In both cases, advocates for increased government access to private communications pick whatever threat seems the scariest and resonates best with the public, and argue that encryption makes the threat that much scarier. In the mid-90s, the threat bandied about the most was drug dealers; today, it\u2019s terrorists.\n\nLooking ahead to 2016, we can expect the encryption debate to continue. In the wake of the San Bernardino attack, as Americans\u2019 fear of terrorism shoots to the highest point in ten years, there will be plentiful opportunities for more anti-encryption proposals. If any evidence comes out that the San Bernardino attackers used encryption, you can be sure that legislators will be quick to act in response. Until then, the encryption debate will drone on.\u003C\/div\u003E\n      \n      \u003Cdiv class=\u0022card-article-large__metadata\u0022\u003E\n                              \u003Cspan class=\u0022card-article-large__authors\u0022\u003Eby Guest Blogger for Net Politics\u003C\/span\u003E\n                  \n        \n                  \u003Cspan class=\u0022card-article-large__date\u0022\u003E December 28, 2015\u003C\/span\u003E\n        \n        \n                          \u003Ca href=\u0022\/blog\/net-politics\u0022 class=\u0022card-article-large__series\u0022\u003E\n            Net Politics\n          \u003C\/a\u003E\n              \u003C\/div\u003E\n    \u003C\/div\u003E\n  \u003C\/div\u003E\n\u003C\/div\u003E\n\n\u003C\/span\u003E\u003C\/div\u003E\n  \u003C\/div\u003E\n    \u003Cdiv class=\u0022views-row\u0022\u003E\n    \u003Cdiv class=\u0022views-field views-field-search-api-rendered-item\u0022\u003E\u003Cspan class=\u0022field-content\u0022\u003E\n\n  \n\n\u003Cdiv class=\u0022card-article-large article card-article-large--with-thumbnail\u0022\u003E\n  \u003Cdiv class=\u0022card-article-large__container\u0022\u003E\n    \u003Cdiv class=\u0022card-article-large__content\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__topic-tag\u0022\u003E\n          \u003Ca href=\u0022\/defense-and-security\/cybersecurity\u0022 class=\u0022card-article-large__topic-tag-link\u0022\u003E\n            Cybersecurity\n          \u003C\/a\u003E\n        \u003C\/div\u003E\n            \n                  \u003Ca href=\u0022\/blog\/top-five-cyber-policy-developments-2015-trans-pacific-partnership \u0022 class=\u0022card-article-large__link\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__title\u0022\u003E\n            The Top Five Cyber Policy Developments of 2015: The Trans-Pacific Partnership\n                    \u003C\/div\u003E\n                  \u003Cdiv class=\u0022card-article-large__image\u0022\u003E\n            \n                          \u003Cdiv class=\u0022card-article-large__image-cover\u0022 style=\u0022background-image: url(\/\/cdn.cfr.org\/sites\/default\/files\/styles\/card_landscape_m_380x253\/public\/image\/2015\/12\/RTS4AN6-Corn.jpg.webp)\u0022\u003E\u003C\/div\u003E\n                      \u003C\/div\u003E\n              \u003C\/a\u003E\n\n              \u003Cdiv class=\u0022card-article-large__dek clamp-js\u0022 data-clamp-lines=\u00224\u0022\u003E\u003Cem\u003EOver the next few days,\u00a0\u003C\/em\u003ENet Politics\u003Cem\u003E\u00a0will countdown\u00a0the top five developments in cyber policy of 2015.\u00a0Each policy event will have its own post, explaining what happened, what it all means, and its impact on\u00a0cyber policy in\u00a02016. In this post, the WSIS+10 process.\u00a0\u003C\/em\u003E\n\nIn October 2015, twelve nations from Asia and the Western hemisphere that account for nearly 40 percent of the world\u2019s gross domestic product concluded negotiations on the Trans-Pacific Partnership Agreement (TPP). Over a decade in the making, the TPP is one of 2015\u2019s most significant policy developments for trade and other areas, including cyberspace. The TPP includes a chapter on electronic commerce, which the U.S. Trade Representative called \u201cthe most ambitious trade policy ever designed for the Internet and electronic commerce.\u201d But the TPP\u2019s importance to cyber policy extends beyond its e-commerce provisions.\n\nFor the United States and other participating countries, the TPP has strategic significance. With trade liberalization stagnated at the World Trade Organization (WTO), the TPP offers a way to liberalize trade as a source of global economic growth and interdependence. With China\u2019s rising influence, the TPP establishes benchmarks for trade and investment regimes in a time of increasing geopolitical competition. Thus, TPP provisions relevant to cyber policy serve purposes greater than increasing cross-border data flows. Further, the prominence the TPP gives to digital dimensions of trade elevates their importance to the TPP\u2019s strategic goals.\n\nIn substantive terms, the TPP\u2019s centerpiece for cyber policy is the groundbreaking chapter on e-commerce, which I examined in an earlier post. But, the agreement has other provisions that underscore the importance of cyber technologies to twenty-first century economic and commercial activities. The TPP:\n\n\n\n\tReduces tariffs on exports of information and communication technology products;\n\n\tLiberalizes trade in software and Internet-provided services;\n\n\tIncludes protections addressing intellectual property challenges associated with software, digital technologies, and the Internet; and\n\n\tCovers investments that involve making cyber-oriented products or providing cyber-based services.\n\n\n\nThe e-commerce chapter and other cyber-relevant provisions fall within the TPP\u2019s rules on dispute settlement between states, meaning case law interpreting them and their relationship with other rules, such as exceptions to obligations, is likely to develop. Further, investors in cyber-centric sectors can use the investor-state dispute settlement mechanism if they believe the host government has violated protections for investments the TPP includes.\n\nAs CFR\u2019s Edward Alden has argued, the TPP\u2019s geographic and economic scale and ambitious content give it the potential to catalyze and shape future bilateral, regional, and multilateral agreements, including what such agreements contain concerning e-commerce and provisions on trade in cyber-associated goods, services, and intellectual property protections. Much as the North American Free Trade Agreement (NAFTA) did for the Uruguay Round negotiations that created the WTO and subsequent bilateral and regional agreements, the TPP can influence the direction of future trade and investment regimes. This impact will be most likely in areas, such as e-commerce, where the TPP represents the cutting edge for policy and law.\n\nEven the controversies associated with cyber-relevant TPP provisions highlight the significance of this development now and in the future. Experts have attacked its provisions on e-commerce for potentially threatening privacy, criticized its intellectual property protections for digital technologies, complained that trade and investment liberalization and TPP\u2019s dispute settlement mechanisms will override public interest regulations, and questioned whether certain provisions pose a threat to cybersecurity. In the short term, such controversies will inform whether the governments of the TPP countries approve the agreement. In the near term, these and other critiques will be used to evaluate whether the TPP\u2019s implementation produces outcomes that vindicate the critics or the champions of the agreement.\n\nIf accepted by participating countries, the TPP will become an important regime for global cyber governance. The Obama administration has stressed the need for norms of responsible state behavior in cyberspace, but, for various reasons, a number of efforts to promote such norms have encountered difficulties or produced results of questionable importance. By contrast, the administration\u2019s leadership on TPP has helped create norms negotiated by developed and developing countries around the Pacific rim that have the potential to stabilize, strengthen, and sustain global governance for economic cyber activities. In that sense, the TPP connects with the administration\u2019s success in promoting a norm against governments engaging in economic cyber espionage. By being anchored in private-sector trade and investment, TPP-based governance can support efforts to maintain a multistakeholder approach to Internet governance and foster Internet freedom through a global, free, and open Internet.\n\nThe TPP\u2019s fate will be determined in 2016 when participating countries decide whether to accept it. In the United States, this decision will take place amidst a presidential campaign in which the TPP has already become a political lightning rod. The Obama administration\u2019s desire for Congress to vote on the pact early in 2016 produced skepticism from the Senate majority leader that a vote would happen before the November elections. Although the TPP has implications for cyber policy, its cyber aspects will not, in all likelihood, be at the forefront of the political fights in the United States the TPP has yet to face.\u003C\/div\u003E\n      \n      \u003Cdiv class=\u0022card-article-large__metadata\u0022\u003E\n                          \n        \n                  \u003Cspan class=\u0022card-article-large__date\u0022\u003E December 24, 2015\u003C\/span\u003E\n        \n        \n                          \u003Ca href=\u0022\/blog\/net-politics\u0022 class=\u0022card-article-large__series\u0022\u003E\n            Net Politics\n          \u003C\/a\u003E\n              \u003C\/div\u003E\n    \u003C\/div\u003E\n  \u003C\/div\u003E\n\u003C\/div\u003E\n\n\u003C\/span\u003E\u003C\/div\u003E\n  \u003C\/div\u003E\n    \u003Cdiv class=\u0022views-row\u0022\u003E\n    \u003Cdiv class=\u0022views-field views-field-search-api-rendered-item\u0022\u003E\u003Cspan class=\u0022field-content\u0022\u003E\n\n  \n\n\u003Cdiv class=\u0022card-article-large article card-article-large--with-thumbnail\u0022\u003E\n  \u003Cdiv class=\u0022card-article-large__container\u0022\u003E\n    \u003Cdiv class=\u0022card-article-large__content\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__topic-tag\u0022\u003E\n          \u003Ca href=\u0022\/defense-and-security\/cybersecurity\u0022 class=\u0022card-article-large__topic-tag-link\u0022\u003E\n            Cybersecurity\n          \u003C\/a\u003E\n        \u003C\/div\u003E\n            \n                  \u003Ca href=\u0022\/blog\/top-five-cyber-policy-developments-2015-wsis10-review \u0022 class=\u0022card-article-large__link\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__title\u0022\u003E\n            The Top Five Cyber Policy Developments of 2015: The WSIS+10 Review\n                    \u003C\/div\u003E\n                  \u003Cdiv class=\u0022card-article-large__image\u0022\u003E\n            \n                          \u003Cdiv class=\u0022card-article-large__image-cover\u0022 style=\u0022background-image: url(\/\/cdn.cfr.org\/sites\/default\/files\/styles\/card_landscape_m_380x253\/public\/image\/2015\/12\/RTS29JU-UNGA.jpg.webp)\u0022\u003E\u003C\/div\u003E\n                      \u003C\/div\u003E\n              \u003C\/a\u003E\n\n              \u003Cdiv class=\u0022card-article-large__dek clamp-js\u0022 data-clamp-lines=\u00224\u0022\u003E\u003Cem\u003EOver the next few days,\u00a0\u003C\/em\u003ENet Politics\u003Cem\u003E\u00a0will countdown\u00a0the top five developments in cyber policy of 2015.\u00a0Each policy event will have its own post, explaining what happened, what it all means, and its impact on\u00a0cyber policy in\u00a02016. In this post, the WSIS+10 process.\u00a0\u003C\/em\u003E\n\n\u003Cem\u003EAlex Grigsby is the assistant director for the Digital and Cyberspace Policy program at the Council on Foreign Relations.\u00a0\u003C\/em\u003E\n\nIn the very niche world of Internet governance, the ten year\u00a0review of the World Summit on the Information Society process\u00a0(WSIS+10) was one of the biggest events to happen in 2015. Over the course of the year, UN member states, civil society actors, academics and private sector representatives reviewed objectives set in 2003 and 2005 to bridge the digital divide and improve access to information and communications technologies (ICTs). UN agencies issued\u00a0a series of reports\u00a0with fancy graphs and metrics pointing out bright spots, such as the fast adoption of mobile broadband technologies and the over three billion people connected, and highlighting areas where more needs to be done, such as closing the Internet access gap between men and women.\n\nAll of this work and review culminated in an outcome document that UN member states adopted last week. In it, they reiterated their commitment to the goals and objectives they set out ten years ago and noted that, despite improvement, much more needed to be done.\n\nMost of the reviews on the WSIS+10 outcome document are mixed. Access, a digital rights advocacy organization, praised\u00a0the outcome document\u2019s language on human rights\u00a0and privacy but criticized it for not including any language on net neutrality.\u00a0The Internet Society and Byron Holland\u00a0of the Canadian Internet Registration\u00a0Authority applauded the fact that the document explicitly recognizes the multistakeholder model of Internet governance, despite the fact that references to the multistakeholder model\u00a0are often accompanied by text suggesting stakeholders stick to their respective \u0022roles and responsibilities.\u0022 That language is important as it\u2019s often used as code to kick non-state actors out of discussions where states don\u2019t want their input. There is also a requirement that the UN system conduct yet another study on the meaning of \u0022enhanced cooperation,\u0022 a term first used back in 2005 as a compromise between those who wanted states to manage the Internet and those wanted the status quo. In a decade, no one has ever figured out what the term means. There have been at least four\u00a0reports, one working group and countless meetings on\u00a0the issue. In a seemingly desperate move, the WSIS+10 document\u00a0calls for the\u00a0creation of another working group to \u0022develop recommendations on how to further implement enhanced cooperation.\u0022 I wish the working group members luck in what will almost certainly be another exercise in futility.\n\nDespite my pessimism, the WSIS+10 review process led to two\u00a0important outcomes. First, the Internet Governance Forum (IGF) was renewed for another ten\u00a0years. In spite of criticisms and its flaws, the IGF is still the only UN venue where member states, civil society, and the private sector can debate\u00a0Internet policy issues, ranging from cybersecurity, improving broadband access in the developing world, surveillance and privacy, intellectual property and copyright, and zero-rating.\u00a0The\u00a0IGF\u00a0sensitizes participants, particularly governments, to the complexity of the issues at play and that government-mandated responses to Internet policy challenges are unlikely to work. That may seem small but it is definitely beneficial if\u00a0the IGF\u00a0can help a few countries to\u00a0craft good\u00a0Internet policy, or at least prevent bad policy that has cross-border implications.\n\nSecond, the\u00a0WSIS+10 document doesn\u2019t\u00a0contain anything particularly offensive.\u00a0The craziest proposals, like breaking up the Internet into national segments or calling for new international law to regulate online activity\u00a0were thankfully left on the cutting room floor. Much of the cybersecurity language from\u00a0previous drafts, some of which hinted at a\u00a0need for new global cybercrime treaties, was paired\u00a0back to something more reasonable. In fact, some of the unfortunate language that has plagued the WSIS process since 2005 seems to have vanished.\u00a0According to the \u003Cem\u003ENew York Times\u003C\/em\u003E, China tried but failed to include language \u0022that would have made authority for Internet-related public policy issues \u2019the sovereign right of states.\u2019\u0022 That was a reference to the Tunis Agenda that governments like China, Russia and others used to argue for more state control in the management of the Internet. Going into the WSIS review process, many Western governments were concerned\u00a0that it could lead to the adoption of unsavory language on cybersecurity or Internet governance.\u00a0The benign and rolled-back nature of the text is reassuring.\n\nAn outsider might look at this process and express bafflement that a review of ten years of work led to a commitment to talk more and that success is defined as having a final text that isn\u2019t as bad as feared. Unfortunately, that\u2019s how most international discussions on Internet policy and governance unfold: people agree to\u00a0keep talking in multilateral venues when most\u00a0of the actual work of improving access to ICTs occur thanks to the work of\u00a0private sector actors and civil society groups.\n\nExpect more of the same in 2016.\u003C\/div\u003E\n      \n      \u003Cdiv class=\u0022card-article-large__metadata\u0022\u003E\n                              \u003Cspan class=\u0022card-article-large__authors\u0022\u003Eby Guest Blogger for Net Politics\u003C\/span\u003E\n                  \n        \n                  \u003Cspan class=\u0022card-article-large__date\u0022\u003E December 22, 2015\u003C\/span\u003E\n        \n        \n                          \u003Ca href=\u0022\/blog\/net-politics\u0022 class=\u0022card-article-large__series\u0022\u003E\n            Net Politics\n          \u003C\/a\u003E\n              \u003C\/div\u003E\n    \u003C\/div\u003E\n  \u003C\/div\u003E\n\u003C\/div\u003E\n\n\u003C\/span\u003E\u003C\/div\u003E\n  \u003C\/div\u003E\n\n\n\n\n\t\t  \t  \u003Cli class=\u0022views-row\u0022\u003E\n\t    \u003Cdiv class=\u0022views-field views-field-search-api-rendered-item\u0022\u003E\u003Cspan class=\u0022field-content\u0022\u003E\n\n  \n\n\u003Cdiv class=\u0022card-article-large article card-article-large--with-thumbnail\u0022\u003E\n  \u003Cdiv class=\u0022card-article-large__container\u0022\u003E\n    \u003Cdiv class=\u0022card-article-large__content\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__topic-tag\u0022\u003E\n          \u003Ca href=\u0022\/defense-and-security\/cybersecurity\u0022 class=\u0022card-article-large__topic-tag-link\u0022\u003E\n            Cybersecurity\n          \u003C\/a\u003E\n        \u003C\/div\u003E\n            \n                  \u003Ca href=\u0022\/blog\/final-thoughts-chinas-world-internet-conference \u0022 class=\u0022card-article-large__link\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__title\u0022\u003E\n            Final Thoughts on China\u2019s World Internet Conference\n                    \u003C\/div\u003E\n                  \u003Cdiv class=\u0022card-article-large__image\u0022\u003E\n            \n                          \u003Cdiv class=\u0022card-article-large__image-cover\u0022 style=\u0022background-image: url(\/\/cdn.cfr.org\/sites\/default\/files\/styles\/card_landscape_m_380x253\/public\/image\/2015\/12\/wuzhen-night-759x10241.jpg.webp)\u0022\u003E\u003C\/div\u003E\n                      \u003C\/div\u003E\n              \u003C\/a\u003E\n\n              \u003Cdiv class=\u0022card-article-large__dek clamp-js\u0022 data-clamp-lines=\u00224\u0022\u003EThe big takeaway from the second\u00a0annual World Internet Conference was Xi\u2019s speech and his promotion of cyber sovereignty, which I wrote about here. The rest of the meeting was a bit of letdown, though the infrastructure and logistics were formidable, Wuzhen a very picturesque city to walk around, and the blue-coated volunteers friendly and helpful. But before moving on to the next conference, two quick comments on organization, and one on content.\n\nThe Chinese were clearly sensitive about the lack of high level participation from the United States and its friends. The day after the conference ended, \u003Cem\u003EChina Daily\u003C\/em\u003E quoted a representative from a European business association saying, \u201cThose who did not show up at this conference have made a mistake. Because they are not present, they don\u2019t know what the conference is really about. At this conference, I find Lu Wei is quite open and willing to listen to foreigners\u2019 ideas.\u201d\n\nBesides the he \u201cdoth protest too much\u201d quality of this quote, my experience was that the format did not allow for interaction. All of the panels had way too many people on them, very rarely did speakers address a point raised by another, and few left any time for questions and answers. (There were parallel sessions so I maybe I missed more lively meetings, but everyone I spoke with complained of the same problem.) This of course may have been a conscious decision, a reflection of a format that Chinese speakers are more comfortable with for political or cultural reasons. There was reportedly a more free-flowing discussion in a closed door session on cybersecurity, with many who wanted to participate turned away at the door. But if Wuzhen is truly going to become an important venue for discussions of the future of cyberspace the organizers should take the large demand as a spur to hold more conversations of this type next year.\n\nAt most conferences the most interesting conversations are in the hallways, at dinner, and late at night. Last year all the delegates stayed within the Wuzhen complex, and, from what I\u2019ve heard, people ran into each other in the bars and managed to have impromptu exchanges. This year there was a large contingent who were put in a hotel about 3 km away. This was probably inevitable since the conference was almost twice as large as last year, but the Cyberspace Administration of China needs to create some venue for random encounters and discussions next year.\n\nQuick thoughts on content: Next year I think we can expect to see an even more robust promotion of\u00a0the ITU\u2019s role in cybersecurity from China. This was signaled in Xi\u2019s insistence that the current rules do not reflect the desires of the majority of people and the subsequent need to develop new forms of multilateral governance. The UN and the ITU are already China\u2019s multilateral venues of choice, but comments from Zhao Houlin, ITU Secretary General, suggested a new intensity of engagement. In a panel on cyberspace governance, Zhao argued there was a distinction between Internet governance, which would involve public and private stakeholders, and cybersecurity, which would be dominated by states. Zhou called out other forums, including the London Process, which is a more inclusive set of discussions begun by the UK Foreign Ministry, as doing a good job of raising the issues. \u00a0He also said the world did not need more discussions, but instead must come together to solve real problems. The ITU would serve that role, and Zhao then said he hoped he could count on China\u2019s support.\n\nThis is a bit of a throwaway phrase, but it certainly overlaps with what the \u003Cem\u003ENew York Times\u003C\/em\u003E reported last week about China\u2019s efforts to get a UN document to recognize the \u201cleading role\u201d of states in cybersecurity. Unfortunately, no one at the conference got a chance to ask Zhao what that meant or what role he saw China playing.\u003C\/div\u003E\n      \n      \u003Cdiv class=\u0022card-article-large__metadata\u0022\u003E\n                              \u003Cspan class=\u0022card-article-large__authors\u0022\u003Eby                   \u003Ca href=\u0022\/expert\/adam-segal\u0022 class=\u0022card-article-large__authors-link\u0022\u003EAdam Segal\u003C\/a\u003E\n                \u003C\/span\u003E\n                  \n        \n                  \u003Cspan class=\u0022card-article-large__date\u0022\u003E December 21, 2015\u003C\/span\u003E\n        \n        \n                          \u003Ca href=\u0022\/blog\/net-politics\u0022 class=\u0022card-article-large__series\u0022\u003E\n            Net Politics\n          \u003C\/a\u003E\n              \u003C\/div\u003E\n    \u003C\/div\u003E\n  \u003C\/div\u003E\n\u003C\/div\u003E\n\n\u003C\/span\u003E\u003C\/div\u003E\n\t  \u003C\/li\u003E\n\t\t  \t  \u003Cli class=\u0022views-row\u0022\u003E\n\t    \u003Cdiv class=\u0022views-field views-field-search-api-rendered-item\u0022\u003E\u003Cspan class=\u0022field-content\u0022\u003E\n\n  \n\n\u003Cdiv class=\u0022card-article-large article card-article-large--with-thumbnail\u0022\u003E\n  \u003Cdiv class=\u0022card-article-large__container\u0022\u003E\n    \u003Cdiv class=\u0022card-article-large__content\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__topic-tag\u0022\u003E\n          \u003Ca href=\u0022\/asia\/china\u0022 class=\u0022card-article-large__topic-tag-link\u0022\u003E\n            China\n          \u003C\/a\u003E\n        \u003C\/div\u003E\n            \n                  \u003Ca href=\u0022\/blog\/cyber-week-review-december-18-2015 \u0022 class=\u0022card-article-large__link\u0022\u003E\n              \u003Cdiv class=\u0022card-article-large__title\u0022\u003E\n            Cyber Week in Review: December 18, 2015\n                    \u003C\/div\u003E\n                  \u003Cdiv class=\u0022card-article-large__image\u0022\u003E\n            \n                          \u003Cdiv class=\u0022card-article-large__image-cover\u0022 style=\u0022background-image: url(\/\/cdn.cfr.org\/sites\/default\/files\/styles\/card_landscape_m_380x253\/public\/image\/2015\/12\/RTR4PS4A-Eye-google-FB.jpg.webp)\u0022\u003E\u003C\/div\u003E\n                      \u003C\/div\u003E\n              \u003C\/a\u003E\n\n              \u003Cdiv class=\u0022card-article-large__dek clamp-js\u0022 data-clamp-lines=\u00224\u0022\u003EHere is a quick round-up of this week\u2019s technology headlines and related stories you may have missed. Given the upcoming holiday season, please note that this will be the last week in review post of the year.\n\n\u003Cstrong\u003E1. The European Union agrees to a revamped data protection law.\u003C\/strong\u003E After nearly four years of negotiation, the European Parliament, the European Commission, and EU member states\u00a0have agreed to a data protection legislative package. The package\u00a0will provide EU residents with a right to know when their personal information held by a third party, such as a social network or data broker, has been compromised, a right to require the deletion of information collected about them, and a right to easily transfer data from one provider to another. Companies\u00a0will be required to be more explicit in how they use customer data and seek customer consent every time the company wishes to use the data in a manner the customer has not explicitly authorized. Firms\u00a0that run afoul of the new rules are liable to a fine of up to four percent of their global revenue. According to \u003Cem\u003EArs Technica\u003C\/em\u003E, if ever Google were found to have violated the law, it could face fines of about $2.5 billion. On the bright side, firms that collect personal data now only have to answer to\u00a0one European-level regulator, not data protection authorities in each of the twenty-eight member states. Once the European Parliament provides final approval of the legislation in early 2016,\u00a0EU member states will have two years to incorporate the changes into domestic law.\n\n\u003Cstrong\u003E2. The UN General Assembly adopts WSIS+10 resolution.\u003C\/strong\u003E\u00a0The review of the World Summit on Information Society (WSIS) goals\u00a0concluded this week in New York, with UN member states adopting a resolution noting progress in improving\u00a0access to information\u00a0and telecommunications technologies (ICTs) but highlighting that more needs to be done. Launched\u00a0in 2003 and 2005, the WSIS aims to bridge the digital divide and improve access to ICTs. (For a backgrounder on the WSIS, check out this Council on Foreign Relations interactive). As expected, cybersecurity, human rights and Internet governance were the main\u00a0sticking points. Human rights groups, the United States and its allies were pleased\u00a0that the resolution has strong references to the multistakeholder Internet governance model and reiterates that the same rights that people have offline apply online. According to the \u003Cem\u003ENew York Times\u003C\/em\u003E, China tried but failed to include language \u0022that would have made authority for Internet-related public policy issues \u2019the sovereign right of states\u2019\u0022 despite the fact that world leaders had agreed to identical\u00a0language in 2005. However, China got a win when it obtained recognition that governments have the lead role \u0022in cybersecurity matters relating to national security.\u0022\u00a0\u003Cem\u003ENet Politics\u003C\/em\u003E will have more analysis on the WSIS outcome next week. Stay tuned.\n\n\u003Cstrong\u003E3. China hosts second World Internet Conference.\u003C\/strong\u003E The Chinese government held a conference promoting their view of the Internet this week in Wuzhen, China. The conference drew an even bigger crowd (and more foreign delegates) than last year, which China will likely use as evidence of the conference\u2019s success. Chinese President Xi Jinping used parts\u00a0of his remarks to rebutt\u00a0the cyber norms promoted by the West\u00a0and foreign delegates got\u00a0swanky Xiaomi phones pre-loaded with credentials to bypass the Great Firewall. Last year, China tried to get conference attendees to sign onto\u00a0a last-minute joint declaration\u00a0that endorsed China\u2019s views of \u0022cyber sovereignty.\u0022 So far, it seems like the organizers have learned their lesson as there haven\u2019t been any last minute shenanigans this year. You can find my take on the Xi\u2019s speech\u00a0here.\n\n\u003Cstrong\u003E4. The Cybersecurity Information Sharing Act (CISA) sneaks its way into an omnibus bill.\u003C\/strong\u003E CISA, the subject of much hand wringing over the past year despite being mostly a red herring, made its way into a must-pass budget bill that keeps the U.S. government running. Paul Rosenzweig at \u003Cem\u003ELawfare\u00a0\u003C\/em\u003Ehas the essential details. In a nutshell, the Department of Homeland Security (DHS) becomes the hub for information sharing, meaning that companies looking to share cyber threat information with the U.S. government will have to go through them, not the NSA or the FBI. Information DHS receives could only be shared within government for cybersecurity purposes or preventing a specific threat of \u0022death or serious bodily injury\u0022 or \u0022serious economic harm.\u0022 That last provision has some advocacy\u00a0groups\u00a0and some legislators up in arms. They would have preferred only allowing DHS to share information for cybersecurity purposes and requiring the private sector to implement\u00a0more stringent requirements to strip out personally identifiable data from information being shared with government.\n\n\u003Cstrong\u003E5. Facebook, Google and Twitter agree to a mechanism to remove hate speech in Germany.\u00a0\u003C\/strong\u003EAs a result of the deal, the U.S. companies\u00a0will\u00a0remove hate speech from their websites within twenty-four hours of being flagged, using the hate speech standard established by German law, not the companies\u2019 terms of service. German authorities believe the deal will help stem the tide of hateful and xenophobic speech directed at the over 1 million refugees that have settled in Germany this year. The deal with German authorities comes at a time when some U.S. legislators want to create legal requirements for social media companies to report terrorist activities to the FBI.\u003C\/div\u003E\n      \n      \u003Cdiv class=\u0022card-article-large__metadata\u0022\u003E\n                              \u003Cspan class=\u0022card-article-large__authors\u0022\u003Eby                   \u003Ca href=\u0022\/expert\/adam-segal\u0022 class=\u0022card-article-large__authors-link\u0022\u003EAdam Segal\u003C\/a\u003E\n                \u003C\/span\u003E\n                  \n        \n                  \u003Cspan class=\u0022card-article-large__date\u0022\u003E December 18, 2015\u003C\/span\u003E\n        \n        \n                          \u003Ca href=\u0022\/blog\/net-politics\u0022 class=\u0022card-article-large__series\u0022\u003E\n            Net Politics\n          \u003C\/a\u003E\n              \u003C\/div\u003E\n    \u003C\/div\u003E\n  \u003C\/div\u003E\n\u003C\/div\u003E\n\n\u003C\/span\u003E\u003C\/div\u003E\n\t  \u003C\/li\u003E\n\t\u003C\/div\u003E\n\n    \n\u003Cul class=\u0022js-pager__items pager\u0022 data-drupal-views-infinite-scroll-pager\u003E\n  \u003Cli class=\u0022pager__item\u0022\u003E\n    \u003Ca class=\u0022button\u0022 href=\u0022?page=1\u0022 title=\u0022Load more items\u0022 rel=\u0022next\u0022\u003ELoad More\u003C\/a\u003E\n  \u003C\/li\u003E\n\u003C\/ul\u003E\n\n\n  \n  \n\n  \n  \n\u003C\/div\u003E\n\u003C\/div\u003E\n","settings":null}]