������Ƶ

This post is the last in a series from the International Telecommunication Union’s (ITU) 2014 Plenipotentiary Conference in Busan, South Korea. Read the previous posts and as well as OTI’s preview of at the conference.

If you were expecting fireworks at the latest meeting of the International Telecommunication Union (ITU), you were bound to be disappointed by the outcome of the recent in Busan, South Korea. But for advocates of the free and open Internet, a smooth and relatively uneventful intergovernmental meeting can be considered a .

On Friday, the ITU’s highest-level policy conference came to a close with the signing of the , a compendium of all of the new and revised texts adopted by the plenary of the 2014 Plenipotentiary Conference. In total, over the course of three weeks the 2500 delegates at the conference produced five decisions, 51 revised resolutions, and 19 new resolutions on a wide range of topics including the IPv6 transition, global flight tracking, the use of ICTs to fight ebola, and child online protection. Yet the ITU member states agreed to make only minor changes to the key Internet and cybersecurity-related resolutions, which means that the ITU’s role in Internet public policy issues will largely remain static in the coming years. Meanwhile, several important steps were taken to enhance transparency and openness at the ITU, steps that civil society and many like-minded governments have long advocated for. Some observers have therefore already begun to declare the 2014 Plenipotentiary both a success and a turning point for the ITU.

Outcome of the Debate on Internet-Related Resolutions

In the end, the plenipotentiary adopted only to the four key Internet-related resolutions, which include Resolution 101 on “Internet Protocol-Based Networks,” and Resolution 102 on “ITU’s role with regard to international public policy issues pertaining to the internet.” After days of intense negotiations, delegates at the beginning of the final week that resulted in the removal of the vast majority of the controversial language and only small concessions from the U.S. and European countries. None of the significant proposals to expand the ITU’s role in international Internet governance were adopted, nor did foreign governments succeed in their bid to place a greater emphasis on the rights of states above other stakeholders. All meaningful references to the content layer — including Over-the-Top (OTT) services, which could bring applications like Netflix and Skype under the remit of the ITU — were removed. And attempts to turn the ITU into an Internet registry or mandate regulation of international interconnection agreements to “balance” costs between developing and developed countries were unsuccessful, although Resolution 101 now contains language in the preamble explicitly referencing the need for “affordable international Internet connectivity” in developing countries.

Notably, all four of the proposed new resolutions discussed as part of the Internet cluster were ultimately withdrawn or incorporated into existing resolutions. This includes India’s on “ITU’s Role in Realizing Secure Information Society,” which would have made significant changes to IP allocation and Internet routing in an attempt to improve equitable distribution and traceability. India’s resolution generated both immediate concerns about its feasibility and long term questions about its if adopted at the 2014 Plenipotentiary. When it became clear that even after revisions the proposal could not get enough support in the room, the Indian delegation agreed to withdraw it. In exchange, the final report of the Chairman of the Working Group of the Plenary includes a statement about the resolution, which welcomes “all participants to study issues of concern in the appropriate forum for Internet-related issues, including the ITU, each within their remit.”

The ITU’s Role in Cybersecurity Discussions

Cybersecurity was another high-profile discussion topic at the Plenipotentiary conference. The ITU has traditionally played a limited role in cybersecurity discussions, focusing mostly on helping member states with technical and legal capacity-building and coordination. But a number of proposals submitted to the plenipotentiary conference would have greatly expanded the ITU’s role in this area — which immediately reignited concerns about whether the ITU is the appropriate place to discuss cybersecurity given expertise at other UN agencies and in existing regional and multilateral fora. Traditionally, many governments and civil society groups have been skeptical of the ITU’s involvement in security-related matters and questioned whether proposals put forth by countries like Russia and the Arab States are actually aimed at justifying network monitoring and content control.

The key cybersecurity text, on “Strengthening the role of ITU in building confidence and security in the use of information and communication technologies,” was contentious enough that it merited its own ad hoc working group that met repeatedly throughout the second and third weeks of the conference. While the United States and its allies argued from the beginning that there was no need to change the text at all, there were a wide-range of substantial revisions on the table in Busan to strengthen the ITU’s role. Notably, Brazil also proposed inserting references to protecting user privacy and big data, which was largely seen as a reaction to the NSA surveillance leaks. Although many of the final changes to Resolution 130 were editorial, it now contains references in the preamble to the UN General Assembly as well as on network security and unsolicited bulk communications from the 2012 revisions to the International Telecommunications Regulations. But most of the changes — especially those made to the operative clauses of the resolution, which actually instruct and invite the ITU and member states to do things — are limited to improving coordination and encouraging further study of cybersecurity issues.

Similarly, all references to initiating discussions about a global cybersecurity treaty or charter at the ITU were of the final revisions to Resolution 174 on illicit use of ICTs, which will focus on the ITU’s existing mandate instead. Cybersecurity experts remain divided about whether such a treaty is even necessary — not to mention whether the ITU is the right place to begin talking about it.

The Definition of “ICT”

As many at the 2012 World Conference on International Telecommunications (WCIT), one way to expand the ITU’s authority is to change the definition of key terms, which would subsequently affect the scope of the agency’s mandate wherever those terms are mentioned in resolutions and decisions. The controversial words at the plenipotentiary were “Information and Communications Technologies” (ICTs) and whether the delegates in Committee 5 would be able to agree on a working definition of the term. Formally defining ICTs could broaden the ITU’s role in Internet-related policy issues because it is used across a wide-range of foundational ITU documents. Although they were unable to reach a consensus this time around, the Committee chair indicated that work on this definition will continue in the next four years, and a final decision could be expected at the next plenipotentiary conference in 2018.

(For more insight into the challenges of defining terms like ICT, see OTI’s .)

Creating a More Transparent and Inclusive ITU

Given the amount of criticism that the ITU has received in recent years for its lack of transparency and multistakeholder participation, it’s perhaps no surprise that the plenipotentiary took steps to promote greater openness and inclusion at the ITU. As I described in a , the general consensus at the meeting was that opening up access to documents and ITU meetings would be a positive development. However, member states were divided over what should be made available, to whom, and on what timeline. Although Committee 5 did not decide on a final policy for access to documents, it that all input and output documents from ITU conferences and assemblies should be publicly available starting in 2015. It also instructed the Council Working Group on Financial and Human Resources to draft a more detailed policy to present to the ITU Council for consideration, which can be implemented on an interim basis and then finalized at the next plenipotentiary conference.

In addition to greater document access, it’s likely that we’ll see more participation in the ITU from non-government stakeholders in the coming years. The 2014 plenipotentiary officially established a permanent membership category for academia, which had been allowed on a trial basis. Although efforts to fully open up the meetings of all the Council Working Groups (CWGs) to allow were unsuccessful, member states did agree to revise Resolution 102 to allow online and in-person consultations prior to each meeting of the CWG-Internet, which specifically deals with international Internet-related public policy issues.

A Turning Point for the ITU?

In the end, despite some of negotiations on 452 proposals during the three weeks in Busan, the final days of the conference proceeded . As memories of the dramatic end to the 2012 WCIT begin to fade, some observers have been quick to suggest that this conference therefore represents a turning point for the ITU, with like “UN takeover of the Internet postponed indefinitely.” But it’s far too early to really gauge the impact of the 2014 plenipotentiary or declare “victory” with regard to proposals that were struck down in Busan. In fact, it’s highly likely that many of the proposals we saw at this plenipotentiary conference related to cybersecurity and interconnection in the coming years. The Indian delegation, for example, has already made it clear that they intend to continue discussions about their controversial routing proposal at both the ITU and in other arenas. Looking ahead to 2015, where key issues including the and the 10-year will be up for discussion, things are sure to remain interesting in the Internet governance space for a while.