Below is a guest post by Andrew Reddie, research associate in the International Institutions and Global Governance program.
The nation could be forgiven its current case of technological whiplash. Last week it learned that the U.S. Foreign Intelligence Surveillance Court had ordered Verizon to collect all of its customers’ data between January and April of this year. Then came Ed Snowden’s claims of the massive breadth of the NSA’s PRISM program, and the news that Microsoft has, along with the FBI, neutralized over ten thousand botnets in “Operation Citadel.” These revelations suggested that the boundaries between privacy and the surveillance state had shifted fundamentally, with profound legal, security, and social ramifications.
It was in this context that the Council on Foreign Relations released its’ most recent Independent Task Force Report, “Defending an Open, Global, Secure, and Resilient Internet.” The report makes a strong case for preserving internet freedom. But it also highlights the lurking dichotomy between security and the protection of civil liberties, as the Internet matures and states inevitably (in the view of the task force) play a larger role in its governance.
The task force underscores how vital the Internet has become for “communication, commerce, trade, culture, research, and social connections” as well its potential contribution to “disaster relief, diplomacy, conflict prevention, global education, and science.” This reliance, however, brings risks, as “societies are becoming more dependent and more vulnerable to disruption.” The objective, in the task force’s repeated mantra, is to promote an “open, global, secure, and resilient Internet.”
Unfortunately, the report itself fails to adequately define these terms—or to make clear the potential tensions and contradictions among these four goals. These trade-offs should be brought out into the open, so policymakers can navigate them. The following sections explore these trade-offs, in particular, and the findings of the report, in general.
The report makes several fundamental, but contestable, assumptions about global Internet governance challenges. To begin with, the task force suggests that the Internet is no longer capable of addressing existential threats “organically” (either through changes in the behavior or users or via technical changes to network processes), and thus growing state involvement in Internet regulation is inevitable. However, the engineers and technical experts who have long been responsible for managing Internet exchanges, protocols, and technologies worldwide continue to debate whether this is the case.
To be sure, states like China and Russia have repeatedly called for sovereign control of the Internet. But the task force’s recommendation that the United States work “with the International Telecommunications Union more consistently and persistently” is a risky one, potentially subjecting global Internet governance to the same dysfunctional dynamics that have made intergovernmental climate change negotiations excruciatingly difficult.
More persuasive is the report’s recommendation that the Commerce and State Departments strengthen their commitments to the state-based Global Advisory Council of ICANN and Internet Governance Forum. Done properly, this would alleviate some foreign dissent surrounding the activities of ICANN, as well as blunt efforts to shift toward sovereign control of the Internet via the ITU’s governance mechanisms. Extending the affirmation of commitments between ICANN and the U.S. government to the rest of the Government Advisory Council might also offer a tangible, costless shift in policy that would strengthen ICANN’s ability to continue its essential role maintaining the Internet’s infrastructure. Such a development would also offer transparency to the “multi-stakeholder” process supported by the task force.
The task force also correctly highlights the importance of the U.S. government formulating a coherent approach to global Internet governance as the necessary first step toward approaching the broader sovereignty issues of the Internet. Only after it develops a clear vision and a strategy to implement it can the United States hope to foster new standards that protect intellectual property, copyright, privacy, and freedoms already afforded on the Web.
The report also concludes that current policies related to critical infrastructure and cybersecurity are inadequate. Its recommendation that a government “czar” be appointed to manage this process, however, seems ill-advised. A more promising approach, as former Deputy Secretary of State James Steinberg notes in additional comments appended to the report, would be for each relevant government department to incorporate cyber-related concerns into its work.
The report’s suggestion that the United States seek alternative fora to discuss Internet governance issues is also problematic. While dialogue involving evolving powers is important, there is a significant risk that fragmentation of existing Internet governance mechanisms will delegitimize the current multi-stakeholder model (that the task force supports). In any case, it is unlikely that agglomerations like the Major Economies Forum or Global Counterterrorism Forum would achieve any more success than the contentious World Conference on International Telecommunications in Dubai.
More work also needs to be done to address the extension of the laws of war into cyberspace. The report fails to broach the international and legal implications of “white-hat hacking” or “hacking back” that have become an increasingly common practice. While providing false data in “honeypots” has become an accepted practice, the legal ramifications of destroying individual computers that are part of larger botnets remain unclear. Further work is needed to analyze the appropriateness of responses to cyberattacks, espionage, and “white-hat hacking” both domestically and internationally.
After a golden era of presumed neutrality, the Internet is quickly becoming a venue for international political disagreement and competition—with the added wrinkle that a multitude of private actors play key roles in its governance. CFR’s Task Force report begins to outline some of these issues and the challenges, but more work is needed to resolve complex legal, geostrategic, economic, and political trade-offs.