Internet DRAFT - draft-hanliu-ricg
draft-hanliu-ricg
Network Working Group LH. Liu, Ed.
Internet-Draft WJL. Wang, Ed.
Intended status: Informational ZCY. Zhang, Ed.
Expires: 2 July 2024 Tsinghua University
PMT. Zhang, Ed.
Sunderland University
MJ. Ma, Ed.
Oxford University
30 December 2023
Framework for Rule-based International Cyberspace Governance
draft-hanliu-ricg-01
Abstract
Cyberspace involves politics, economy, culture, and technology; it
engages governments, international organizations, Internet companies,
technology communities, civil society, and citizens, forming an
integrated, organic body. In a word, cyberspace is the online
version of a community with a shared future for mankind. This memo
tries to outline a new framework for rule-based international
cyberspace governance regime in the context of IPv6 application,
which looks into the future international cooperation of cyberspace
governance.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 July 2024.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
Liu, et al. Expires 2 July 2024 [Page 1]
Internet-Draft Rule-based International Cyberspace Gove December 2023
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. General Principles . . . . . . . . . . . . . . . . . . . . . 4
3.1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Fundamental Principles and Objectives . . . . . . . . . . 4
3.3. Respect Sovereignty . . . . . . . . . . . . . . . . . . . 5
3.4. Human Rights Protection . . . . . . . . . . . . . . . . . 5
3.5. Rule of Law and Justice . . . . . . . . . . . . . . . . . 5
3.6. Comity and Reciprocity . . . . . . . . . . . . . . . . . 5
3.7. Flexible Governance . . . . . . . . . . . . . . . . . . . 6
3.8. Capacity Enhancement . . . . . . . . . . . . . . . . . . 6
4. Cyberspace Development . . . . . . . . . . . . . . . . . . . 6
4.1. Cooperative Development . . . . . . . . . . . . . . . . . 6
4.2. International Communication Channel . . . . . . . . . . . 6
4.3. Ensure Multi-Participation . . . . . . . . . . . . . . . 7
4.4. Promote Safe and Orderly Data Flow . . . . . . . . . . . 7
4.5. Respecting Patterns of Technological Development . . . . 7
5. Cyberspace Security . . . . . . . . . . . . . . . . . . . . . 7
5.1. Network Infrastructure Protection . . . . . . . . . . . . 8
5.2. Security of Internet Names and Digital Address . . . . . 8
5.3. Prohibition of Network Eavesdropping . . . . . . . . . . 8
5.4. Prohibition of Cyber Attacks and War . . . . . . . . . . 8
5.5. Teenagers Protection OF Teenagers . . . . . . . . . . . . 9
5.6. Cross-Border Collaboration of Electronic Evidence
Retrieval . . . . . . . . . . . . . . . . . . . . . . . . 9
5.7. Protection of Data Security . . . . . . . . . . . . . . . 9
5.8. Protection of Personal Information And Privacy . . . . . 10
5.9. Cooperation in Combating Cybercrime and Cyberterrorism . 10
6. Credit System for Network Governance Enforcement Mechanism . 10
6.1. Network Credit System Construction . . . . . . . . . . . 10
6.2. Credit Status Determination . . . . . . . . . . . . . . . 11
6.3. Credit Information Management . . . . . . . . . . . . . . 11
6.4. Credit Alert Platform . . . . . . . . . . . . . . . . . . 11
6.5. Creditworthy Incentives and Discipline . . . . . . . . . 12
6.6. Credit Repairment . . . . . . . . . . . . . . . . . . . . 12
Liu, et al. Expires 2 July 2024 [Page 2]
Internet-Draft Rule-based International Cyberspace Gove December 2023
7. Operational Mechanisms for Cooperation in Network
Governance . . . . . . . . . . . . . . . . . . . . . . . 12
7.1. Rulemaking . . . . . . . . . . . . . . . . . . . . . . . 12
7.2. Cooperation Platform . . . . . . . . . . . . . . . . . . 13
7.3. Establishing and Cybersecurity Alert Institution . . . . 13
7.4. Funding . . . . . . . . . . . . . . . . . . . . . . . . . 13
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
9. Security Considerations . . . . . . . . . . . . . . . . . . . 13
10. Normative References . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction
As for governance, cyberspace exhibits complexity. From a
technological point of view, cyberspace is layered: it can be roughly
divided into the physical layer, the logical layer, and the content
layer. From the perspective of governance, these strata are
interrelated and interlinked. The difficulty of international
governance of cyberspace lies in the disharmony between the logic of
technological layering and the logic of governance connectivity.
Information technology, however, demarcated the boundaries of
governance and coevolves with governance structure. In the IPv4 era,
regulations on DNS resource allocation, as the core issue, is
characterized by unclear governance subject, weak rules and chaotic
mechanism. In the IPv6 era, technological progress has brought new
opportunities and new perspectives for improving governance.
International cyberspace governance requires the participation of
various parties, each performing its own duties and making full use
of its capabilities, and making concerted efforts to build a new
system of rules.
This draft tries to outline a new, rule-based international
cyberspace governance regime in the context of IPv6 application,
which looks into the future international cooperation of cyberspace
governance.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Terminology
Data: any electronic or other means of information on the record.
Liu, et al. Expires 2 July 2024 [Page 3]
Internet-Draft Rule-based International Cyberspace Gove December 2023
Data Processing: the collection, storage, use, processing,
transmission, provision, and disclosure of data.
Data Security: taking the required steps to ensure that data is
effectively protected and used lawfully, as well as having the
ability to guarantee a continual state of security.
Network Data Processing: the collection, storage, use, processing,
transmission, provision, and disclosure of network data.
Personal Information: a variety of information related to identified
or identifiable natural persons recorded mainly in electronic form,
not limited to the use of the network generated or processed in the
personal information, but does not include the anonymization of the
information after processing.
Network Credit: an IP address (hereinafter referred to as the credit
subject), in the cyberspace activities to comply with the legal
obligations, the state of fulfilling the agreed obligations.
Network Credit Information: the objective data and information that
can be used to identify, analyze and judge the credit status of the
credit subject.
3. General Principles
3.1. Purpose
In accordance with the basic spirit of the Charter of the United
Nations and the fundamental principles of international law, the
following rules are formulated so as to safeguard state sovereignty
and promote human rights protection in cyberspace, improve the
security and credibility of the global Internet and capacities of
comprehensive governance, encourage innovation and change in network
information technology, industry and applications, and promote,
encourage governance in cyberspace sharing and cooperation among
countries as well as high-quality Internet development in each
country, and to strengthen the orderly open sharing of data resources
and the level of information security protection.
3.2. Fundamental Principles and Objectives
Cyberspace governance SHOULD follow principles of sovereign equality,
peace and cooperation, fairness and justice, openness and
inclusiveness, mutual benefit and progress; and SHOULD aim to create
a community of common destiny, interests and responsibilities based
on mutual political trust, economic integration, and cultural
integration, and endeavor to construct a well order in which mankind
Liu, et al. Expires 2 July 2024 [Page 4]
Internet-Draft Rule-based International Cyberspace Gove December 2023
shares the achievements of global development.
3.3. Respect Sovereignty
Governance in cyberspace SHOULD respect the sovereignty of all
countries. State sovereignty in cyberspace is independent and equal.
Rights of jurisdiction and defense are the embodiments of a country's
sovereignty and SHOULD be respected and maintained by all countries.
Countries MUST obey the fundamental principles and general rules of
international law, refrain from infringing on the sovereignty of
other countries through the Internet and interfering in the internal
affairs of other countries, and bear the responsibility for prudent
prevention and security of cyber activities within the scope of
sovereign control.
3.4. Human Rights Protection
Governance in cyberspace SHOULD fully protect human rights.
Countries SHOULD protect the security of personal information and
privacy, and cooperate to combat cyber attacks, cybercrimes and cyber
terrorism. They SHOULD guarantee equal access and smooth
communication in the Internet, prohibit discrimination and other
unreasonable differential treatments. They SHOULD jointly promote
the development of Internet infrastructure, ensure the safe flow of
data, aim to close the digital divide, and protect and promote the
rights and interests of the broadest range of Internet development.
3.5. Rule of Law and Justice
All activities and acts in cyberspace MUST comply with the law and
MUST NOT contravene the regulations, principles, and basic spirit of
international law. Governments SHOULD NOT use their dominating
position in the cyber domain in terms of facilities, technology,
systems, and data to interfere with other countries' exercise of
cyber sovereignty and to pursue cyber hegemony, cyber isolation, and
other unfair activities.
3.6. Comity and Reciprocity
Countries exercising cyber sovereignty SHOULD follow the principles
of self-restraint, comity and reciprocity, so as to reduce friction
and confrontation, avoid mutual constraints, and promote economic
cooperation and security collaboration.
Liu, et al. Expires 2 July 2024 [Page 5]
Internet-Draft Rule-based International Cyberspace Gove December 2023
3.7. Flexible Governance
Countries SHOULD strengthen mutual trust, actively collaborate,
comprehensively improve Internet governance capacity, cooperate to
establish a credit-based flexible governance system, achieve
incentives for trustworthiness and constraints for breach of trust,
and establish a secure, good faith, and honest cyberspace.
3.8. Capacity Enhancement
Governments SHOULD actively engage in dialogues and encourage multi-
field, multi-level, and multi-faceted cooperation to improve the
overall security and defense capability of the cyberspace, as well as
to promote socio-economic development.
4. Cyberspace Development
4.1. Cooperative Development
Countries SHALL intensify their cooperation in the fields of
information network technology, product and service innovation, and
talent training, as well as to collaborate to overcome technical
problems that threaten cybersecurity, develop cybersecurity products
collaboratively, innovate network economic development models, and
build a high-level, high-quality network talent team.
Countries SHALL encourage collaboration in developing a network
security alerting platform and the establishment of a shared security
alerting mechanism to compensate for disparities in network
management capacities.
Countries SHALL enhance research and development of inclusive health
care, inclusive education, and inclusive network products and
services that promote minors' healthy development.
4.2. International Communication Channel
Countries SHALL endorse multi-field, multi-level, and multi-faceted
exchanges and collaboration, support trade organizations,
enterprises, educational and scientific research institutions,
relevant professional institutions and personnel of various countries
to carry out exchanges and sharing activities on the development and
utilization of network data security technologies, and promote
education and training on cybersecurity.
Liu, et al. Expires 2 July 2024 [Page 6]
Internet-Draft Rule-based International Cyberspace Gove December 2023
4.3. Ensure Multi-Participation
Countries SHOULD actively promote the formation of a well environment
for governments, enterprises, relevant social organizations, and the
public to participate in governance, and promote mutual recognition
of cybersecurity and data processing rules and standards made by
other countries and international organizations.
4.4. Promote Safe and Orderly Data Flow
On the premise of ensuring data security and protecting personal
information , privacy rights and interests, countries SHALL promote
the safe and orderly flow of data, jointly explore the new growth of
data economy, promote the innovation and development of network
information technology, and facilitate the establishment of cross-
border factor flow rules and risk prevention mechanisms.
4.5. Respecting Patterns of Technological Development
Governance in cyberspace SHOULD respect and adapt to the objective
patterns of technological development, and promote the coexistence
and progress of mankind and technology.
Countries SHOULD respect the nature of connectivity in cyberspace,
maintain the unity of the Internet and avoid fragmentation of the
Internet. Countries SHOULD NOT maliciously exclude other countries'
suppliers, information technology and products, fiber optic cables
and other facilities, nor SHOULD they take advantage of their own
technological, economic, or political advantages to unfairly
distribute or block important cyber resources and jeopardize the
security of global supply chains.
Countries SHOULD strive to overcome the problems of Internet Protocol
Version 4 (IPv4), such as the depletion of network addresses, the
difficulty of ensuring service quality, and the inefficiency of
transnational collaborative governance, and give full play to the
advantages of Internet Protocol Version 6 (IPv6) in network
addresses, innovation space and governance, so as to improve the
carrying capacity and service level of their own network.
Countries with technological advantages MAY provide necessary
assistance to countries in need.
5. Cyberspace Security
Liu, et al. Expires 2 July 2024 [Page 7]
Internet-Draft Rule-based International Cyberspace Gove December 2023
5.1. Network Infrastructure Protection
Countries have the right to protect their network infrastructure in
accordance with domestic laws. No country, military, government,
government-authorized organizations or individuals SHALL attack or
damage network infrastructure of other countries.
An attack on another country's network infrastructure constitutes a
violation of that country's sovereignty.
A state MAY restrict or protect Internet access in accordance with
the principle of sovereignty. Access to the Internet does not mean
that the country gives up its sovereignty.
In case of damage, loss of function or data leakage, key information
infrastructure that MAY seriously endanger national security and
public interests, a country MAY carry out critical measures of
protection and defense, and MAY request assistance from other
countries when necessary.
5.2. Security of Internet Names and Digital Address
Internet root servers, communication protocols and IP addresses and
other key Internet resources are global public resources. Countries
SHOULD actively promote the fair allocation and management of
Internet key resources and the international reform of the Internet
name and digital address allocation authority, and effectively
improve its representativeness and the openness and transparency of
its decision-making and operation.
5.3. Prohibition of Network Eavesdropping
Network eavesdropping and wiretapping activities are prohibited among
countries. To ensure the safe operation of the Internet in each
country, countries have the right to regulate their networks, impose
access licenses for unlawful websites, and discontinue providing
services to websites that do not conform to management, etc.
5.4. Prohibition of Cyber Attacks and War
Launching of cyber attacks and cyber war are prohibited.
Consultations, discussions, and other peaceful methods of resolving
disputes SHALL be sought first, and if necessary, relevant agencies
and organizations established by these rules MAY be requested to
collaborate in order to resolve disputes at the minimum cost.
Liu, et al. Expires 2 July 2024 [Page 8]
Internet-Draft Rule-based International Cyberspace Gove December 2023
5.5. Teenagers Protection OF Teenagers
Countries SHOULD punish according to law the use of the Internet to
engage in activities that endanger the physical and mental health of
minors, and provide a safe and healthy Internet environment for
minors. They SHOULD cooperate to combat Internet use of child
pornography and violent crime.
Where an online data processor processes the personal information or
other online data of a minor under the age of 14, it SHALL obtain the
consent of the minor's parents or other guardians. Where there are
provisions in the domestic laws of each country, such provisions
SHALL prevail.
Cyberspace governance bodies of all countries MAY, in accordance with
domestic laws, consciously undertake the obligation to review, screen
and intercept content that harms or MAY harm the physical and mental
development of minors, and punish the production, dissemination and
provider of harmful information according to law. If conditions
permit, channels for reporting illegal content SHOULD also be
provided to individuals and organizations in their own countries and
other countries.
5.6. Cross-Border Collaboration of Electronic Evidence Retrieval
For cybercrimes committed within the territory of a country or
against that country, if the law enforcement authorities of that
country request the public authorities, enterprises or individuals of
another country to provide relevant electronic evidence for
assistance, the country requested MAY, in accordance with the
provisions of its domestic law, provide necessary assistance on the
premise of not harming its national security, public interests and
significant rights and interests of individuals.
5.7. Protection of Data Security
Data conveying a country's economy, culture, national defense
security, and other key public interests, as well as citizens' rights
and interests, SHOULD be processed under the premise of data
security.
Data processing activities SHOULD adhere to international treaties,
norms, and legal principles, and SHALL NOT jeopardize national
security, public interest, or the legitimate rights and interests of
citizens of other nations.
Liu, et al. Expires 2 July 2024 [Page 9]
Internet-Draft Rule-based International Cyberspace Gove December 2023
Countries SHOULD urge domestic data processors to consciously assume
international and domestic social responsibilities, respect social
justice, business ethics and professional ethics, and fulfill the
corresponding data security protection obligations in their network
data processing activities.
5.8. Protection of Personal Information And Privacy
If it is truly necessary for states to collect personal information
of citizens of other countries in the course of commercial
cooperation, judicial cooperation or other processes, they SHALL do
so for clear and reasonable purposes and in accordance with the
principles of legality, legitimacy, necessity and good faith. On the
basis of obtaining the consent of the relevant subject, the
obligation of protection SHALL be properly fulfilled in respect of
the collection, storage, use, processing, transmission, provision,
disclosure, deletion and other links of personal information. If the
country where the data is collected has relevant regulations, such
regulations SHALL be complied with.
5.9. Cooperation in Combating Cybercrime and Cyberterrorism
Countries SHALL explore to establish a new cybercrime convention that
is more inclusive and transparent. To address the new threats posed
by new technologies such as artificial intelligence and cloud
computing, and to take aim at new forms of complex and diverse
cybercrimes and new threats of cyber terrorism, countries SHALL
explore to establish a new convention that covers the legitimate
appeals and major concerns of all contracting parties, with
transparent procedures and reasonable mechanisms.
6. Credit System for Network Governance Enforcement Mechanism
6.1. Network Credit System Construction
Countries SHOULD cooperate in establishing a credit system in
cyberspace, comprehensively improve the network credit information
management capabilities, promote the unification of credit status
determination standards, realize credit-based prior risk prevention
and security warning mechanism, create a safe and reliable cyberspace
for economic development and provide guarantee for economic
development and information exchange.
Liu, et al. Expires 2 July 2024 [Page 10]
Internet-Draft Rule-based International Cyberspace Gove December 2023
6.2. Credit Status Determination
Countries SHALL, in accordance with the principles of legality,
objectivity, prudence and relevance, identify the credit status of
the credit subject and load it into the credit file according to the
network credit information directory and network credit status
identification criteria.
The network credit information directory aims to standardize the
credit information included in the scope. The collection of credit
information SHALL NOT exceed the scope stipulated in the catalogue of
network credit information.
The standard of network credit status identification aims at
standardizing the principle, basis and rating standard of credit
status identification and credit file recording. The identification
of network credit status and the recording of credit files SHALL
strictly comply with the identification standards of network credit
status.
The catalogue of network credit information and the standards for the
identification of network credit status SHALL be determined by the
countries through consultation. Each country MAY, in accordance with
its domestic laws and regulations, compile supplementary catalogues
of online credit information and detailed rules on standards for the
identification of online credit status applicable to its own country.
6.3. Credit Information Management
Countries SHALL establish credit files of credit subjects with a
uniform or mutually identifiable logo and open the inquiry portal to
member countries within rules stipulated in this Framework Rules.
Sharing of credit files and other credit information is encouraged.
Credit exchange of information SHALL respect each country's
sovereignty and protect basic human rights, not to jeopardize
national security or to breach personal rights to information or
privacy.
6.4. Credit Alert Platform
Countries SHALL jointly establish a unified credit early alert
platform. Countries SHOULD take the initiative to conduct early risk
alert on that platform for the credit subjects with serious trust-
breaking behaviors in their own countries. If a country finds that a
credit subject of another country has committed serious dishonesty,
it SHALL submit the relevant information to the credit early warning
Liu, et al. Expires 2 July 2024 [Page 11]
Internet-Draft Rule-based International Cyberspace Gove December 2023
coordinating body, which SHALL decide to issue the early alert
information.
6.5. Creditworthy Incentives and Discipline
Countries MAY give incentives to credit subjects with good credit
standing in accordance with their domestic laws. Countries MAY, in
accordance with their domestic laws, impose credit punishments on
credit subjects that break faith. The subject of credit who receives
incentives to keep faith and punishments for breaking faith SHALL be
recorded in credit files.
Countries MAY impose restrictions on other countries' seriously
dishonest credit subjects, and the restrictive measures SHALL be
determined by consensus of all countries through consultation.
Binding measures SHOULD NOT violate the Charter of the United Nations
and the basic principles of international law.
6.6. Credit Repairment
Credit information recorded in error SHOULD be corrected. Countries
SHOULD make credit repair legislations, implement credit repair
procedures, and provide credit subjects with feedback, complaints,
and other forms of relief.
If the credit information on the credit alert platform is erroneous,
it is the responsibility of the credit warning coordinating agency to
fix it. The credit alert coordination body SHALL establish remedies
and corrective standards.
7. Operational Mechanisms for Cooperation in Network Governance
7.1. Rulemaking
Countries SHOULD actively formulate rules for cyberspace governance
that are inclusive, feasible and developable on the basis of
respecting cyber sovereignty and consultations on an equal footing.
Under the guidance of this Framework Rules, countries SHOULD actively
formulate rules on cyberspace security, rules on digital economy
cooperation, rules on credit information evaluation and sharing, and
rules on consultation and mediation of cyberspace disputes.
Liu, et al. Expires 2 July 2024 [Page 12]
Internet-Draft Rule-based International Cyberspace Gove December 2023
7.2. Cooperation Platform
Countries SHOULD cooperate in establishing a network security alert
platform and credit alert platform, and explore for a digital economy
cooperation platform and a cyberspace technology research,
development and exchange platform.
7.3. Establishing and Cybersecurity Alert Institution
Countries SHOULD establish a cybersecurity early warning institutions
on the basis of respect for national sovereignty, in accordance with
the principles of equality, justice, democracy, openness and
scientificity.
An advisory committee to provide assistance to alert institutions on
decision-making SHALL be established. Members of that committee
SHALL comprise of Scientific and technological institutes, commercial
institutions, other organizations and relevant experts.
A decision-making committee to exercise final decision-making
authority based on advisory opinions SHALL be established. The
members of that committee SHALL be composed of governments from all
countries.
7.4. Funding
The funds required for activities such as the formulation of
normative documents, the establishment of platforms and the
establishment of institutions under this Framework Rules SHALL be
prepared by all countries through consultation in accordance with the
principle of equity.
The share of funds MAY be reasonably adjusted according to the actual
situation such as the level of economic development of each country.
8. IANA Considerations
This memo includes no request to IANA.
9. Security Considerations
This document only defines a framework for network resources
categorization. This document itself does not directly introduce
security issues.
10. Normative References
Liu, et al. Expires 2 July 2024 [Page 13]
Internet-Draft Rule-based International Cyberspace Gove December 2023
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
Authors' Addresses
Han Liu (editor)
Tsinghua University
Beijing
100084
China
Email: liuhan@tsinghua.edu.cn
Jilong Wang (editor)
Tsinghua University
Beijing
100084
China
Email: wjl@tsinghua.edu.cn
Chengyuan Zhang (editor)
Tsinghua University
Beijing
100084
China
Email: chengyua21@mails.tsinghua.edu.cn
Pardis M Tehrani (editor)
Sunderland University
Sunderland
SR1 3SD
United Kingdom
Email: pardis.tehrani@sunderland.ac.uk
Ji Ma (editor)
Oxford University
Oxford
OX1 2JD
United Kingdom
Email: ji.ma@mansfield.ox.ac.uk
Liu, et al. Expires 2 July 2024 [Page 14]