Who owns the Internet?

- Who owns the internet? It's a very simple question until one tries to answer it, because it immediately demands that we ask further questions, not least among them what exactly is the internet? Is it the infrastructure, the hardware, the wires and servers on which our communications run? Is it the tools and services running on that hardware, the websites, the apps, the messaging and social platforms? Is the internet the same as or different to cyberspace, and are the two always distinct? These questions matter because lawyers tell us that we need to establish what something is in order to determine who has property rights over it. Whenever we buy or sell something of value, a house, for example, we define precisely which house by its address, in detailed plans showing the boundaries of the property, and who is responsible for which aspects of its upkeep. Property law ensures that we can claim ownership over this house here as opposed to another house over there. Knowing where something is has also, traditionally, helped us to decide under whose jurisdiction it falls, whose authority. Experts in political science tell us that we are living in a world regulated by Westphalian order. The 1648 Peace of Westphalia ended the 30 Years' War and the 80 Years' War between Catholic and Protestant powers in mainland Europe, it is seen as a defining moment in Western politics, from which sprung the modern principle of state sovereignty, and national governments' control and oversight of whatever happens on its territory. Sovereignty underpins international law, which prescribes how nation states should behave towards one another, so Article 2 of the United Nations Charter declares that all members shall refrain, in their international relations, from the threat or use of force against the territorial integrity or political independence of any state. Sovereignty is what empowers states to govern as they see fit, provided they do not interfere in the governance of other states. This balancing rule is at the very heart of modern foreign policy and diplomacy. Now, we can all think, of course, of exceptions to this rule, countries are invaded, as we all know far too well in 2022, and invasion by land, sea, or air is reasonably simple to prove, especially in an era of rolling broadcast news. It would be understandable, then, for states to assume that the same principle would apply to the internet, that the hardware, servers, wires, and switches of connected digital technologies would be within their jurisdiction, along with the tools and services running on them and the actions of citizens who use them. This is the basis for national regulation, but also for government surveillance of citizens. A search warrant has force of law only in the country in which it is issued. But when we try to visualize the territorial extent of the internet, we rapidly come to the conclusion that it is several different things in many different jurisdictions. This is a scaled representation of the physical internet produced by some very smart master's students at the Polytechnic University of Milan, and it shows the location of three different types of hardware. So in blue, we have internet exchange points, and they enable traffic to move between different service providers, in orange, we have data centers, that house storage, servers, and other components, and in gray, those lines there are undersea cables that connect different countries. So at a very rudimentary level, we can say that more internet hardware is located in the United States than any other country, and we can also see concentrations in Europe, but also in the Asia Pacific region, and it's possible for these states to argue that the infrastructure on their territories is subject to their jurisdiction and control. But when we take a closer look at the undersea cables, the interdependency of nations very quickly becomes clear. States cannot escape their interconnectedness if they want the internet to function effectively and efficiently. Now, for me, as an a nerdy analyst, there are many, many interesting data points on this map, but perhaps two of the most striking are, firstly, how isolated Russia is, it tends to connect to itself quite often, but not to many other countries, and also how many cables there are, or are planned to be, between the US and Asia Pacific countries, including, I would add, China. What's more, states' claims to sovereignty over the internet have been roundly rejected by some of the very people who helped to build it, and perhaps their best known critic to date is John Perry Barlow, an undoubted internet pioneer and founder of digital rights organization the Electronic Frontier Foundation. In 1996, Barlow published"A Declaration of the Independence of Cyberspace,"

"Governments of the industrial world,"you weary giants of flesh and steel,"I come from cyberspace,"the new home of mind."On behalf of the future,"I ask you of the past to leave us alone."You are not welcome among us."You have no sovereignty where we gather."We have no elected government,"nor are we likely to have one,"so I address you with no greater authority"than that with which liberty itself always speaks."I declare the global social space we are building"to be naturally independent"of the tyrannies you seek to impose on us."You have no moral right to rule us,"nor do you possess any methods of enforcement"we have true reason to fear." Barlow emphasizes not only the ideological arguments against simply imposing government control on cyberspace, but also the practical challenges of doing so. He continues,"Cyberspace consists of transactions,"relationships, and thought itself"arrayed like a standing wave"in the web of our communications."Ours is a world that is both everywhere and nowhere,"but it is not where bodies live."Your legal concepts"of property, expression, identity, movement, and context"do not apply to us."They are all based on matter,"and there is no matter here." So we should also consider the internet as its immaterial connections, as in this fabulous movie produced by the Opte Project. At each one of all of these endpoints are networks, devices, and people using them. So if you have a phone with you, and this is, of course, the first audience participation moment of the evening, you are in possession of a component of the internet. So please, if you have a phone with you, phone's up. This is a different way to visualize the internet, is it not? And by the way, I can all see your text messages.(audience laughs) That's for the cyber security talk in a few weeks' time. You are all in possession of a component of the internet, you are a stakeholder, therefore, in how it is run and how it is regulated. And the same may be said of what is on the internet and in cyberspace. It's become fashionable to say that, on social media, you are the product, and that is quite a helpful way of describing a business model in which platforms sell the option to deliver tailored advertisements to you as users, but it doesn't accurately capture the extent to which users are also producers. Through the content we share, we actively contribute to building that internet, and in that respect, Barlow's manifesto is compelling. We are citizens of cyberspace as much as we are citizens in it. So that vision of a border-less space in which sovereign states do not hold sway is also reflected in how the world's internet architecture is managed. In its architectural principles of the internet, the Internet Engineering Task Force declares that,"Fortunately, nobody owns the internet,"there is no centralized control,"and nobody can turn it off."Its evolution depends on rough consensus"and on running code." The organization that manages the global system of web domain names and addresses, ICANN, draws its membership from governments, the private sector, civil society organizations, but also the public at large. The United Nations Internet Governance Forum is open to everyone, and consciously aims to achieve bottom-up consensus on key internet policy issues. There is nothing to stop any one of us in this room, or listening at home, contributing to these directly and having our voices heard. Now, practically speaking, though, many of the world's data centers, exchange points, and cables are in private hands. Tier one internet service providers own the core networks that form the backbone of the internet, and these include AT&T and Verizon in the US, Deutsche Telekom in Germany, Tata Communications in India, and British Telecom here in the UK. Tier two and tier three providers, that's our home broadband and mobile companies, they pay those backbone companies for our internet access. And satellites in Earth's orbit also support internet traffic. One individual reportedly owns more than 1/3 of all satellites in space, and that individual is, of course, Elon Musk of Space Exploration Technologies, SpaceX for short. This preeminent position in the market has prompted no less than the director general of the European Space Agency to claim that governments are effectively allowing Musk to make the rules in space. Last year, there were two near-misses between SpaceX satellites and the Chinese space station, and in one of these, there were just 2 1/2 miles between the two craft. China complained to the United Nations and sought to blame the US Government, as it might, but instead of an official response from the US, Elon Musk responded in his capacity as SpaceX CEO, so he appears to have assumed a role in the future of digital connectivity that is supranational, bigger than can be contained by any one state. We've seen this play out also in the context of the invasion of Ukraine. Following a personal appeal from Ukraine's deputy prime minister, Musk dispatched Starlink satellite equipment, which has been credited with keeping military communications open and the consumer internet functioning in Ukraine. Most unlike a conventional arms sale, Musk reportedly contributed this equipment for free, directly intervening in the conflict in support of Ukraine. And he's not alone among leading industry figures: Microsoft has been active in defending Ukraine against Russian cyber attacks. In a recent report, the company's President, Brad Smith, stated that,"The cyber aspects of the current war"extend far beyond Ukraine"and reflect the unique nature of cyberspace." When countries send code into battle, their weapons move at the speed of light, and the internet itself, unlike land, sea, and the air, is a human creation that relies on a combination of public and private sector ownership, operation, and protection. Smith sees a role for technology companies in shaping the rules for responsible behavior in cyberspace, what are often referred to as cyber norms. Microsoft has, in fact, been very open about this ambition, and in 2021, they opened an office at the United Nations in New York precisely with the aim of influencing global policy and regulation. So we may be forgiven for thinking that some technology leaders have begun to behave more like statesmen than company executives. Now, there is some merit in Smith's plea that we treat cyberspace differently to land, sea, and airspace, but nevertheless, we can find precedence in the law of the seabed and the law of outer space that are food for thought. The international seabed area covers about 50% of the Earth's surface, and it's designated in the Law of the Sea Convention as a common heritage of mankind, over which no state can exert their sovereignty. The Outer Space Treaty contains similar provisions, no sovereignty claims can be made over outer space or celestial bodies, and that includes the Moon, which throws a rather different light, doesn't it, on the planting of flags in last century's space race. Some legal experts have argued that the internet should likewise be designated a common heritage of humanity, to use slightly more inclusive 21st century language, with its own special international law, a lex specialis. The internet's intrinsic resistance to sovereignty, however, has also led states to find other ways to exert control over information online and to maintain access to their citizen's personal data, often in the interests of public safety and national security. It's with good reason that China and Russia are considered two of the most restrictive states in this regard, the so-called Great Firewall of China censors the Chinese internet by searching for politically sensitive keywords in digital traffic, and blocking access to sites and apps such as Wikipedia, Facebook, Twitter, and Google, and earlier this year, Russia also used its new Sovereign Internet Law to block access to Facebook, Instagram, and Twitter. Both countries restrict political speech and online support for political dissidents, and they've sought to solve another problem posed by the very structure of the internet, that information about the online activities of people in one country may be processed and stored in an entirely different one. State sovereignty means that governments cannot, or at least should not exert jurisdiction over data on a server outside of their territory, so both Russia and China have passed laws that require all online service providers to store their citizens' user data within their national borders, and to make them available to government authorities. They've also reportedly demanded the removal of apps from stores operated by US companies, Russia of opposition leader Alexei Navalny's app, China of a tool that enabled protestors in Hong Kong to track the movements of police. What you may not know is that plenty of other countries also restrict access to online content that is locally prohibited, and that includes the United Kingdom. The reasons may differ, but the mechanisms do not. How on earth is it technically possible for governments to do that? Well, every time you visit a website or use an app, that service captures the address of your device, whether that's a computer, a tablet, a phone, or a wearable. There are two types of internet protocol address, or IP address for short, currently in common use, and the first is IP version four, and they are decimal representations of 32-bit binary numbers, and incidentally, this address is the address for many home broadband routers in the UK. IP version six addresses are also increasingly common now, and these are 128-bit hexadecimal numbers, and that's why they're alphanumeric. Version four is being phased out in preference for version six for no other reason than that the world very quickly ran out of version four numbers. IP addresses are allotted in ranges to broadband and mobile internet providers, and that means that websites and apps are able to identify which country a user is in, their internet provider, and often their geographical location based on their nearest exchange. So a company like YouTube can identify every user who is visiting the site from a UK IP address, and through a process known as geo-blocking, they can effectively make a piece of content invisible in a country by making it inaccessible on devices that appear to be located in that country. Now, every six months, the large US-based platforms produce transparency reports that include the number of requests they have received from national governments for their users' data, but also for content to be removed, and among these is Meta, which owns Facebook, Instagram, and WhatsApp. By the end of 2021, Facebook alone, the big blue app, had 2.9 billion users active on their platform at least once a month. That is now a population that is larger than any sovereign state, it's more than 1/3 of the world's population, and more than a billion posts are shared on Meta's platforms every day. Last year, the company restricted access to just under 100,000 pieces of content in response to demands from governments, 97,353 to be exact. And if you are anything like me, the very next thing you will want to know is, which countries made the most requests? Well you're in luck, because I've done some number crunching, and these are the top 10 for 2021. Now, I must admit, I didn't expect to find Mexico at the top of the list, with one in five requests worldwide. Meta reports that the vast majority of these concern posts of unlawful cosmetic products, dietary supplements, and medical devices. As for Germany, in second place, in 2017, it passed the Network Enforcement Act, which requires large social media platforms to remove all illegal content or face fines of up to 50 million euros. Requests from Germany related to posts containing Nazi symbols, but also insults and defamation, which are criminal offenses in the country. Pakistan and Indonesia requested removal of posts deemed to be blasphemous or anti-religious. And then there's Russia, Russia's requests related to counterfeit goods, fraud, gang violence, but also separatism, extremism, election law, and content contrary to the patriotic education of young people. Later case studies describe how Meta also rejected requests from the Russian Government to remove content related to the invasion of Ukraine. And what of the UK? Are we surprised that there are almost as many requests from the UK as there are from Russia? Well, according to Meta, these related to consumer protection, advertising standards, regulated medicines, gambling products, and the like. And what all of this data tells me, and I have to describe it as fascinating'cause I do find this data fascinating, what all of it tells me, and in fact, simply by looking at tech company reports like this, we see that different countries can have very different preoccupations over what is acceptable and unacceptable online. These different priorities translate to wider efforts to restrict access to information on the internet. Some countries are noticeably absent from this list: where is China on this list? I think that China doesn't appear because it completely blocks access to Facebook. Now of course, that doesn't mean that people in China aren't using Facebook under the radar, but because the tools that they are going to be using disguise their IP addresses, it's more difficult for the government to prove that content that is illegal in China is being posted within China. There's also no mention of the United States in the top 10, which we might find surprising given that Meta has its headquarters in California and is very much within the government's jurisdiction. In truth, the United States doesn't need to submit requests because, generally speaking, compliance with US law is the very basis for US tech companies' operations, their terms of service, the global rules for using their products are grounded in US notions of acceptable behavior and content. US sovereignty over US companies means that other countries have no legal basis to force these platforms to completely remove content, but that hasn't stopped some states from having a go. In 2021, Brazil's Supreme Court ordered Facebook and Twitter to completely remove pages and accounts used by supporters of the country's president for sharing fake news and making threats against judges. In demanding removal from the whole of Facebook and Twitter worldwide, Brazil reached beyond its borders, it claimed jurisdiction outside its territory, it sought to restrict the information available to citizens of other sovereign states, and in fact, all of us. So what platforms allow and don't allow isn't just a domestic issue of sovereignty, it's a foreign policy matter, it risks the perception that US tech companies represent US national interests against those of other countries. Russia and China in particular interpret the global dominance of these companies as a threat to their national security. And this particular brand of internet diplomatic hardball

Chinese IT is likewise perceived as a threat to the United States and its allies. In 2020, President Trump issued an executive order that sought to ban apps like TikTok and WeChat that are Chinese owned. And although President Biden replaced this in 2021, his administration still assesses that apps with links to foreign governments present a heightened risk. Now, this sounds rather like a return to the Cold War, doesn't it, with IT and the internet as weapons in the arms race instead of nuclear warheads and space rockets.

very few people have access to nuclear weapons and space technology; 5 billion of us have direct access to the internet. We are all on the frontline for these key foreign policy and security issues. And you'll be unsurprised to hear that this is something to which I will return in this lecture series. The daily lives of all of us are impacted by the decisions made by governments and tech companies about how we access the internet and what we can do on it. So this prompts another key question, and it is, who should protect you on the internet? According to political philosophers like Thomas Hobbes, John Locke, Jean-Jacques Rousseau, there is a social contract between governments and citizens, the terms of which place a duty on governments to protect citizens, and grants citizens the right to that protection in exchange for some of their freedoms. But since so much of the internet is in private hands, clearly, the private sector has some responsibility for our safety and security. Holding those tech companies accountable for users' safety is one objective of the UK's proposed Online Safety Bill, the current draft of which prescribes fines of up to 10% of global revenue, and the power to block social media and messaging services that fail in their duty of care with respect to to illegal content, but also to content that the government identifies as legal but harmful. As in the case of Brazil's order to remove social media accounts, the proposed law claims legal force outside UK territory. It seeks to impose a UK vision of internet safety on online communities wherever they may be on the basis that they have large numbers of UK users or that they are capable of being used in the UK. One of the stated aspirations of the bill is to make the UK the safest place in the world to go online. But by applying its provisions to services outside the UK, it also seeks to set the rules for the delivery of these services in other countries. The responsibility to protect us also extends to providing a response when things go wrong. Now, when we're physically assaulted by someone, or when someone steals our physical property, we typically appeal to the police and the criminal justice system to hold the offenders to account. When we're victims of online crimes, we likewise expect someone to do something about it, but the burden of that responsibility is shared, to varying degrees, between the police and the platforms, and there's evidence for this in the results of a poll that we asked YouGov to conduct on a representative sample of UK adults. There is some good news here, I promise you, there's some good news here, and it is that the vast majority of people, an average of 89% across the five crime types, said that they would report to someone, whether the police, the platform on which the crime occurred, or both. For grooming of children and young people, that you can see in that second column, and for fraud or theft, at the end, people most often said that they would contact only the police, but for hacking, the largest number said that they would contact the platform alone. When we factor in those people who said that they would report to both the police and the platform, we find that, in total, just 50% of people would report hacking to the police, and 55% online harassment. This is a relatively small sample of 1,750 people, but it does seem to indicate that, at least for some crimes, people now look to tech companies for the first response, traditionally provided by the police. Increasingly, though, government authorities in democratic countries, with less restricted internets, find themselves less able to police online because so much of the data required for a criminal investigation is outside of their direct control. There are sound legal reasons for this, not least the fundamental right to privacy and that prohibition on one state overreaching into companies and data in another state. Conversely, in countries where the authorities have greater control of infrastructure and service providers, detecting and investigating crime online may be more efficient precisely because of that direct access. All-seeing government eyes may promise you greater protection from criminals while increasing the risk of your being branded a criminal yourself, so what emerges is a trade-off in which one aspect of personal safety is sacrificed for another. Up to this point, I've focused on the challenges of governing the internet and protecting people on it, particularly when its ownership is so disputed. If I were to stop here, I would leave you all feeling fairly pessimistic about the future, and arguably, rather short-changed, so rest assured, I do have some suggestions for how the world might develop governance regimes that could actually work, and in which everyone can play their part. Firstly, if we want to slow down the world's progress into hundreds of so-called splinter nets, consensus is still very important, precisely because there are so many different ideas from governments, corporations, and civil society about how the internet should be governed. Achieving consensus is not necessarily easy, as the United Nations will tell you. Right now, states are negotiating a comprehensive international treaty on cyber crime. It was originally proposed by Russia and supported by China. The US, the UK, and the European Union all opposed it, but the General Assembly of the 193 member states voted to proceed, and so far, countries' opinions on what should be included in the treaty illustrate their different national priorities. The US, the UK, the EU, they all want to strictly limit the scope to international cooperation on serious cyber crimes. Russia, meanwhile, has proposed greater control of online content and information. Indonesia has suggested a worldwide ban on pornography. Perhaps the most expansive and ambitious vision has come from India, which has recommended that the convention include rules and principles for responsible behavior of states and measures for building confidence between them and capacity to fight cyber attacks. So these very different ideas will be whittled down, hopefully, to something that all states can agree on, and even if it doesn't meet everyone's expectations, there promises to be a binding international law to which all states will be expected to conform. That act of achieving consensus is itself highly symbolic. The very fact that states will have been able to agree on something, some form of rules for countering misuse of the internet will itself make further cooperation more likely in future. Because the internet is a network of networks, cyber attacks can have unintended consequences, and result in large amounts of collateral damage. Russia's reported attack earlier this year on satellite provider Viasat, it had Ukrainian military communications as its primary target, but it also disrupted communications elsewhere in Europe. The WannaCry ransomware attack that locked UK National Health Service computer systems in 2017 wasn't aimed specifically at the NHS. Cyber attacks can be notoriously hard to contain, and this interconnectedness has inspired a number of community approaches to cyberspace governance, and one such is the Global Commission on the Stability of Cyberspace. It's sponsored by governments, technology companies, civil society organizations, it comprises senior-level experts from all over the world, and the commission has identified the following principles

firstly, responsibility, everyone, remember that word, everyone, is responsible for ensuring the stability of cyberspace; restraint, no state or non-state actor should take actions that impair the stability of cyberspace; requirement to act, state or non-state actors should take reasonable and appropriate steps to ensure the stability of cyberspace; and respect for human rights, efforts to ensure the stability of cyberspace must respect human rights and the rule of law. To me, these four R's look fairly sensible and thoughtful, and if you're wondering whether that everyone here includes you, or just the powers that be,

every individual connected to cyberspace must take reasonable efforts to ensure their own devices are not compromised, and perhaps used in attacks, that means you. And this puts us in mind of two equally important facets of ownership. If we all claim a stake in cyberspace, we don't only have rights, we also have responsibilities. Unpacking these rights and responsibilities is one of the aims of my lecture series this year, precisely because knowledge brings you greater power in decision making on the future of the internet. Time will tell whether the Global Commission's recommendations are anything more than a thought experiment, but they do give us a glimpse of how internet and cyberspace governance could evolve if states are willing to take a more inclusive view of who owns the internet, and who has a responsibility to protect it. I happen to think that this balance is right, and in particular, I have a preference for say that everyone owns the internet over the alternative framing that no one owns it. My reasoning for this is that a perception of lack of ownership can engender a lack of responsibility, a perpetual state of the internet being somebody else's problem. It also risks giving more powerful stakeholders permission to seize what they may see as unguarded territory. Conversely, a paradigm in which everyone owns the internet encourages action and the direct involvement of all of us. You certainly don't have to agree with me, but you should have an opinion on it. Just because the internet is technically complex, that doesn't mean that its governance has to be exclusive or alienating. The future outlook, honestly, is uncertain, although I think it's fair to assume that nations and companies will pursue their own interests and the perceived interests of their citizens and customers. Sometimes, these are the same, but not always. And I'm very conscious that I haven't given you definitive answers to the questions we've asked in this lecture, that's very deliberate. It's not for me to tell you what to think about how the internet and cyberspace should be governed, my ultimate wish, actually, is that at least some of you here this evening and listening at home will want to take an active part in shaping that future. And in fact, those of us who are exercised with these issues on a daily basis sorely need to hear your views, so we are inviting all of you to do just that. We have a poll open, it's live right now, so that you can have your say on the two key questions of this lecture, who owns the internet, and who should protect people on the internet. You can register your responses by going to slido.com and entering the number on screen, you can follow the permalink, or you can scan the QR code on this and the next slide, and yes, please do take photos, because we plan to include the results in a published article on the role of citizens in cyberspace governance. If you're not able to vote right now, don't worry, we will keep the poll open for a while, but please do vote, because the internet is far too important to all of us to be a puzzle solely for programmers, police, and politicians. Thank you very much.(audience applauds)- This is from Andrzej Bobatow, who says,"If internet users, us,"have rights and responsibilities,"as you'd like them to have,"should there also be accountability?"- Ooh, goodness, I think the Global Commission would like there to be accountability. One of the things I'm going to be talking about in the lecture on defeating digital viruses is how we might be able to apply a public health model to cybersecurity. If I think back to my childhood, and even to pre and post-Second World War days, we had the mantra of, coughs and sneezes spreading diseases. I'm particularly heartened, as much as may be somewhat disheartened by people that we saw not wearing masks, or not keeping a social distance, et cetera, during the pandemic, we saw plenty of people who did, and chose to, and chose to protect other people in their community and their family members. I think it's entirely possible for us to engender that sense of community spirit and apply a public health model for cybersecurity, whereby, for instance, not falling for a phishing link that makes you part of a botnet, that is used in a cyber attack on a country, or somebody else, that you could actually take responsibility for that, you could take pride in applying that kind of citizen responsibility to cybersecurity. And that's more of a carrot than it is the stick, and I'm conscious that the question is more about your liability if you don't take responsibility.- If you take that argument a bit further, then you're going to require someone to role-model the right behavior, rather like having parties at Downing Street, for example, would that what we might do?- We did talk about the threshold for politics in this talk, didn't we.- The question's serious though, if you're trying to encourage a public health model through that, who, in the context of an open ownership of the internet, is the role model for correct behavior?- We do have some good law enforcement agencies around the world, and I'm conscious that we have an international audience, that put out some great preventative, and educational, and awareness material, we have the National Cybersecurity Centre here in the UK, we have SCISSOR, the cybersecurity center in the US, they put out some great stuff, actually, during the pandemic, securing health services' cybersecurity. So I think we have lots of role models out there, I think we struggle, sometimes, to get that message to people, and I think, if you come to my later, I keep plugging my later lectures, I'm sorry, if you come to my later lectures, you will see that, I think, we haven't necessarily done a great job of communicating how exactly people can protect themselves, I think we've mystified cybersecurity, I think, sometimes, and I say this as someone who used to be in the industry, and is still in the industry, sometimes we do it deliberately, and that's often not a great thing, and so we need to start giving people trust that they can protect themselves, rather than just buying a product, actually explaining to them how clicking on that link has an impact, how not clicking on that link could actually protect them, and their family, and their small business, and their community. It's really giving information that people can actually use, rather than just information that scares them, I think, is a really, really important thing that we need to start doing.- That leads on very nicely to a question from somebody called Eli,"What can the average user do"to prevent their freedoms being removed"by external bodies?" I note the fourth category of that governance body suggesting the importance of maintaining human rights, which is not exactly what's going on in significant proportions of the world.- No, that's right. There are some great global monitors of the erosion of human rights on the internet, so it's certainly worth looking, I'm going to forget some organizations, and I apologize to them, but certainly worth looking at the Electronic Frontier Foundation, the organization that John Perry Barlow helped to co-found, Amnesty does great reports on internet freedoms, Privacy International, et cetera, the World Wide Web Foundation, there are lots of great civil society organizations working on this, so that's a great way to become informed without, dare I say, having to go through the terms of service of all of the tech companies and all of those services that you've signed up for. I think there is a general recognition that they're not particularly user-friendly, and some of those organizations go through those with a fine-tooth comb so that you don't have to.- If we want to gang up together to own the internet and make it function in a way which works, are there moves by governments to gang up together to fight against that?- Gosh. I would say that, in my research over the last few years, I would say that citizens have not been particularly present, and that's why I'm trying to drum up a bit more enthusiasm for citizens to get involved in civil society organizations, for instance. What I've tended to see are governments telling us what kind of internet we need and tech companies telling us what kind of internet we need, and both of those claiming to speak on our behalves. So when I come to talk about, my fourth lecture, on encryption, actually, it's going to be more widely on privacy, what we see, and I've actually done some textual analysis of this, treated open letters from governments to tech companies, from tech companies to governments, treat them as textual artifacts, as pieces of literature and rhetoric, and what see is that both the governments, those Five Eyes nations, UK, US, New Zealand, Australia, Canada, and the big tech companies claim to speak on our behalves, they say, this is what our users want. The government says, we have to protect our citizens, they voted for us, this is what they want. I honestly don't think we've been asked.- And we're not asked very often, very easily. We all struggle with the terms and conditions pages, and mostly, and certainly I can speak for myself, never read them properly, and tick the little box because I want to get on and do the job. So if the language used by these organizations and governments is either complex, or long, or dense, we're not going to be able to participate, are we?- One of the fun things I did in lockdown was I looked at tabloid media representations of some of these tech policy issues and online safety, and you may not know, but certainly in the UK, we have a tabloid newspaper called "The Sun," and in their online version, they like to run polls, and they will ask questions like, is Facebook doing enough to keep people safe, yes, no, I don't know, and they ran one which was, should Facebook be allowed to see all of our chats, or should they be private, and I think the intention was to back up the government, and say that encryption wasn't a good thing on our communications, but actually, it backfired, so I think 52% answered, hell no, nobody should be able to see my communications, they're private, and then the rest of the people, mostly, said, I'm not sure, you'd need to tell me more about this'cause I can't make an informed decision. So, I think, looking at some of those vox pop tabloid polls is a really, really interesting thing to do. And all credit to "The Sun," they asked the question, I'd like to see more newspapers and media outlets doing that.- [Questioner] To what extent do you think that DNS lookup tables, or control of DNS lookup tables, actually equates with control of the internet?- Oh gosh. So we have the domain name servers, and I mentioned very briefly about ICANN, which is the organization that assigns, let's say, they're called the Internet Corporation of Assigned Names and Numbers. Until very recently, they were effectively controlled by the US Government, but they're now a non-governmental organization, but of US heritage, and there was certainly a perception that ICANN was a US-based, or US-affiliated organization. It aligns somewhat with what we were saying about the physical internet, isn't it, that you have physical infrastructure in your territory, which means you're potentially the most powerful nation in the world in that regard. It also is borne out, to some extent, or has been until that transfer, in who gets to decide who gets what, who gets the web addresses, who gets to use a particular country code, even, who gets to use .com, who gets to use .kid. And I would say that the domain name server lookup is a similar consideration, that if you control the reins, you still have the power about who gets what on the internet. And there is a conscious move to take this away from, there certainly has been a conscious move to take this away from the US, but it's an ongoing process, it's an evolution, I would say.- [American Questioner] Hi, thank you. Where Facebook is based, in the United States, we have, within our First Amendment, the explicit banning of prior restraint, and the US Government has heavily leaned on Facebook multiple times to effectively carry out prior restraint. And with it being a monopoly, it has done so quite effectively. The idea of prior restraint is actually an English one, from Milton, in "Areopagitica," so in both countries, it is perceived to be highly irregular and surely illegal for the government to do so, and I was wondering what your thoughts are on that?- I'm not a legal expert, and I'm certainly not a legal expert on the US Constitution, so could you explain for me and for others what prior restraint is.- [American Questioner] Prior restraint is the idea that you can't ban something before it has reached the public, with the notable exception of terrorism, or child images, that sort of thing.- Right, yeah, understood. So really, my understanding of all of that, and also how it's been globalized, what you say is prior restraint manifests itself in what's called notice and take down in the rest of the world, the idea being that companies, platforms aren't liable until they receive a notice that there is illegal content on their platforms. Once they're on notice, generally speaking, they have to take it down, and there's hell to pay if they don't. But yes, you're absolutely right, there hasn't, until now, apart from for things like terrorist content, for child abuse material, there hasn't been an expectation that there would be proactive monitoring of a system just in case some of that material, or other harmful material is there. I would say that, over the last five years, globally, but certainly in the UK, the EU, and other parts of the world, I've seen more of a move towards that expectation, that there will be proactive monitoring, and that it won't just be a system of companies waiting until a government tells them, as with the stats that we had in the table, that's that notice and take down procedure that we've been talking about. But there's certainly more pressure to prevent material that is deemed to be harmful, legal, or otherwise unacceptable making it onto platforms. And that requires, I think, what you would define as prior restraint.- [American Questioner] Which is explicitly illegal under the US Constitution.- But equally, I've noticed that there are moves afoot in Texas, aren't there, at the moment, to prevent Facebook from removing any political content, so there's a tension pulling the other way as well, isn't there.- [Questioner] You touched on the subject of China banning Facebook, and Russia not allowing certain content to be accessed by its citizens in relation to the Ukrainian War, et cetera, I think, but how do you stand on the fact people can access Facebook in China, and they can access the material that Russia is trying to prevent citizens from seeing? If they do, they're breaking the law, presumably they're criminals. How do you stand on the moral, I know you're not a legal expert, you've explained that, but how do you stand on the moral principle of citizens breaking the law to do just that?- Well, any answer that I will give you is entirely based on my own personal opinion, I am not a qualified ethicist or moral philosopher, although, maybe having done a classics degree can allow you into all sorts of places these days, it would seem, so this is based entirely on my own personal feeling. I am still one of those people, and maybe I'm a dwindling number, that thinks that the internet is an incredible tool for people all over the world to have access to information that they didn't have access to before, that, quite frankly, we had to buy the "Encyclopedia Britannica," didn't we, to get that kind of information pre the internet. What can happen, of course, if you have access to information about what's going on in the rest of the world, and North Korea is a great example of this, there's an intranet in North Korea, you can only really access information in North Korea about North Korea, and it's state-sanctioned, only a very, very small number of people in North Korea can access the global internet, it's heavily, heavily controlled, it's effectively blocked. That means people in North Korea don't have access to information on what's going on in the rest of the world except what is officially sanctioned by their government and their state media outlet. So for me, there's a moral imperative for people to at least have access to information, and that control of information that China, Russia, Iran, North Korea, some other countries so aggressively engage in is actually limited people's knowledge, because knowledge is considered to be dangerous, of course, that if you can see what the rest of the world thinks about the invasion of Ukraine, well if it doesn't tally with what Russian state media is telling you about the invasion of Ukraine, this is problematic for the government. So my interest is always people first rather than governments first. That said, I do understand, as an ex security professional myself, I do understand why some of those more restrictive governments conceive of this as being a national security issue. People are breaking the law, people are going to prison for accessing the internet by unsanctioned means, by disguising their IP addresses, as we've just said, and by expressing themselves on the internet in a way that the governments don't like.- You've all been very kind. I'm sure there's going to be plenty more opportunity to ask Victoria questions during the rest of her series of lectures, I suspect this is just the beginning of a torrent of interesting things to do. I'd like you all to thank Victoria Baines again for her opening lecture of what's going to be a wonderful series. Victoria.(audience applauds)