The SIGNAL project will critically assess the role of intergovernmental organizations (IGOs) and international law in establishing security frameworks for critical internet infrastructure and cloud computing.
IGOs and Internet Security
This research prong will map the roles and policies of selected IGOs – primarily the International Telecommunications Union (ITU), Organisation for Economic Cooperation and Development (OECD), Council of Europe (COE), EU and World Trade Organisation (WTO) – in the field of internet security. It will further carry out a critical legal analysis and develop a framework (de lege ferenda) for future roles and policies of these IGOs – also in their interaction with other international organizations and non-governmental organizations.
This prong thus focuses on the interface between the law of international organizations and the study of international relations.
The law of IGOs is part of public international law and addresses issues such as the powers and decision-making procedures of IGOs and their relations to states. These powers are to a certain extent dependent on the respective organization’s mission and purpose.
Several IGOs have claimed a mandate for legal security requirements directed at critical internet infrastructure and cloud computing services. The limits to their powers are not clear-cut, despite the fact that traditional issues, such as telecommunications and trade, are clearly assigned to specific organizations. No individual organization has a specific mandate for internet security, but several organizations have shown an interest in it.
Part of the difficulty of delimiting the power of international organizations in the field of internet security may stem from the fact that this is an emerging and cross-cutting issue, which could be framed as a telecommunications problem or a question of international economic collaboration. In addition to this, a great deal of policy work to ensure internet security is done outside the framework of IGOs.
IGOs, such as the ITU, have not enjoyed an especially privileged role in the key organizations that deal directly with CII governance, such as the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Engineering Task Force (IETF). And there is considerable resistance to giving IGOs a more privileged role here.
As mentioned above, a central issue that this prong of research will investigate is whether IGOs’ ability to shape CII governance is growing in an era that is increasingly preoccupied with internet security.