Expert Speak Digital Frontiers
Published on Oct 26, 2022

It is a mistake to frame the internet as a ‘Wild West’; it is time to demystify and de-obfuscate the role of nation states in the governance of the internet

Cybernorms for a democratic internet

State actors’ presence in the governance of global telecommunications and the internet is not widely visible to the public; and when it is, their behaviour is presented to us alongside the old divisions inherited from the Cold War. At the same time, the technical standards development that underpins the internet itself is rather opaque; the public hears about these developments through headlines that cast a binary approach to a complex landscape that is formed by a myriad components, technologies, markets, and stakeholders.

US and European foreign policy agendas have coordinated against technical proposals coming from China in the ITU, IETF, and elsewhere, from both governments and civil society.

The foreign policy agendas of democratic countries coordinate against technical proposals for the evolution of the internet that are coming from China, Russia, and their allies. Likewise, the latter frame the global, multistakeholder stewardship of the internet itself as a Western project to undermine the sovereignty of nations. When it comes to the technical design and coordination required to preserve the robust, secure, and open global communications, we need nation states. But we also need a different approach. Politicking needs to be replaced with cyber norms, treaties, and a universal commitment to working together for the sake of the most advanced and robust communications system humanity has ever known: The internet.

Personalities: Nation-state rivalries 

Just recently, in the lead up to the quadrennial meeting of the oldest technical standards body and United Nations (UN) agency, the International Telecommunication Union (ITU), mainstream media coverage hooked readers by depicting the Secretary General election as between two candidates from “Washington and Moscow” and showcases it as a digital Cold War.

State actors’ presence in the internet is not widely depicted for public consumption—ostensibly because internet governance itself is rather arcane—but when they are, their behaviour is presented to us as modern iterations of old divisions. For instance, China has been increasing its strategic presence in intergovernmental spaces like the ITU and ISO (International Organisation for Standardisation) over the last 5-10 years to support its industry's foothold in a range of frontier and cutting-edge technologies such as blockchain, machine learning-based biometric systems like facial recognition, Internet of Things (IoT), and smart cities. Most recently,  China expanded this strategy to industry-driven bodies like the Internet Engineering Taskforce (IETF) and Institute of Electrical and Electronics Engineers (IEEE). US and European foreign policy agendas have coordinated against technical proposals coming from China in the ITU, IETF, and elsewhere, from both governments and civil society. This critical analysis was presented under the headline, “The West’s Wakeup Call on Digital Tech Standards,” casting a binary approach to a critical but often misunderstood landscape that, as earlier mentioned, is formed by a myriad components, standard-makers, policymakers, technologists, and market actors.

The decentralised, interoperable internet is governed by standards setting and policy making at open, multistakeholder fora such as the Internet Architecture Board, the IETF, and the Internet Corporation for Assigned Names and Numbers.

Another is Russia’s attempted expansion of the ITU to discuss global internet governance, which was simply noted by the UN, and not taken into action. Largely, the decentralised, interoperable internet is governed by standards setting and policy making at open, multistakeholder fora such as the Internet Architecture Board, the IETF, and the Internet Corporation for Assigned Names and Numbers. This highlights another gap in the public’s perception of the internet space: What seems like a nostalgic image of a “Wild West” is, in some corners, a highly regulated space where international law applies and State-actors are recognised, though not always as superior to other stakeholders.

It is understandable, of course, to use narratives of the past to explain action in digital space. It is convenient because cultures are receptive to such narratives of global antagonism, like the Cold War, or the Great Power Rivalry. However, such quick reading based on a knee-jerk reaction is actually unhelpful and obfuscates deeper issues and frameworks, which are inherent to state behaviour in the internet landscape. It digs deeper the trenches of the global divide, preventing a truly democratic, multistakeholder approach when it comes to deciding on the standards of the internet. Sensationalising the divisions of the old world on a digital stage actually deters authoritarian countries to come to the table and work together, thereby inadvertently creating space for bad actors and rogue activities.

Process: Standards and cyber norms

Not long after the White House took a strong stance to protect Ukraine from invasion by Russia through sanctions, it quietly issued a statement that internet connectivity shouldn't be interrupted by the sanctions. At the same time, the European Union moved to block journalism and media outlets RT and Sputnik, a move that many found highly controversial and undemocratic. It is not often that internet connectivity is itself politicised and that could be why, when there's an actual war afoot, service providers and network operators are quick to lend a hand; but then the state unintentionally neglects the role of the internet in mitigating the greatest harms, which ensues when there is a cutting off of connectivity to media, communications, and health and financial services, which are increasingly reliant on a functioning and unfiltered internet.

Understanding and awareness of cyber norms is increasing but remains low amongst policymakers, industry, and civil society.

What we see reported are highly politicised discussions when what’s at stake is actually cybersecurity. When they are conflated, there is a tendency to veer away from what is important towards what is politically dramatic. What is important are strong security standards, policies that secure networks, mitigating vulnerabilities and malware, restraint in government hacking and the expansion of aggressive cyber capabilities, transparent disclosures, and more engagement of the technical community. Sheetal Kumar of Global Partners Digital has said, “This makes everyone, the public included, confused about what the problem actually is, and allows States to get away with pushing boundaries of what is acceptable, thereby contributing to heightened tensions, which in turn creates incentives to invest in more offensive, militarised responses.”

Understanding and awareness of cyber norms is increasing but remains low amongst policymakers, industry, and civil society. It is a mistake to frame the internet as a ‘Wild West.’ From Afghanistan to Zimbabwe there exist agreements, global norms and treaties for responsible behaviour in cyberspace. Some need elaboration; all need proper and transparent implementation.

It is also true that these blatant rivalries being played out in both diplomacy and standard setting spaces have consequences; and all over the world, states are investing in ‘cyber offensive capacities’, hacking operations, and engaging in espionage. One thing is certain: We don’t know what ‘cyber offensive capacities’ means in practice. With little transparency, we can only guess that powerful institutions are investing in the growing market—legitimate and illegitimate—of hardware, software, and services that play up their dual use (civilian and military) and leverage vulnerabilities/exploits. This certainty of uncertainty is due to widespread commitment to opacity, perhaps, the one thing every state agrees upon.

The role of States in cyber stewardship 

The antagonistic “Cold War rhetoric” has negated cybersecurity treaty proposals simply based on who has made them, rather than the dangerous aspects of their design and eventual deployment. It is, therefore, critical to separate truth from fiction, especially after bumpy attempts, stretching back to 2004, to reign in State-level cybersecurity threats are desperately needed.

With little transparency, we can only guess that powerful institutions are investing in the growing market—legitimate and illegitimate—of hardware, software, and services that play up their dual use (civilian and military) and leverage vulnerabilities/exploits.

There can be no escaping the need for States to steward the internet as it evolves and is governed, whether it be through engaging in standards setting in open fora or the development of global norms through multilateral processes. Furthermore, in the implementation of global commitments to human rights in the digital age or state-of-the-art standards in national infrastructure, States have greater power and unique responsibilities. Those responsibilities should be visible in cyber norms.

We just need basic security. The first step to a healthy internet society is to ensure that we are not vulnerable in the ways we know that we are vulnerable. In the piece “In Cyberware, There are No Rules, Tarah Wheeler writes, “Cybersecurity should be akin to a routine vaccination, a line item in the infrastructure budget like highway maintenance.”

It is essential to have transparency. The antidote to States accusing one another of cyberattacks or competing in cybersecurity measures, demands for transparency should be baked into policy proposals, policy process, and implementation plans. Non-transparent states do not have global public interests at heart.

Export controls keep domestic industry in check during the design and deployment of new technologies. It puts an onus on States to do what they can, in good faith, for the rest of the world. Export controls are essentially exemptions in global trade for when one State cannot properly confirm that another State isn’t getting their hands on dual-use technologies to violate human rights.

The Achilles’ heel of adopting global norms is monitoring them. Firstly, to monitor norms, we must get used to leaning on evidence-based assessments of threats and solutions. Buzzwords and marketing pitches from security companies lead us away from evidence.

Export controls are essentially exemptions in global trade for when one State cannot properly confirm that another State isn’t getting their hands on dual-use technologies to violate human rights.

The complexity of technology should not stand in the way of States doing the needful to steward an internet that respects human rights in the digital age. Malicious state actors should not use tech mysticism to deter policymakers from clear and competent treaties. Gaslighting thrives on confusion. We need more tech specialists in these spaces to de-obfuscate. More inclusivity of technical policy experts will lead to technical competency and neutralise bad faith arguments that the internet is too complex to regulate, as well as help neutralise its use as a battleground for political agendas. Likewise, it is important to map the constellation of internet governance fora and appropriately delegate to technically competent standards bodies as necessary.

Holding to these principles allow democratic ideals to shape cyberspace, rather than Cold War rhetoric. The “flashbam,” buzzwords, and rhetoric only feed bad faith actors who thrive in a world of chaos. A principled approach also means that the mandate to hold bad actors accountable does not rest with the UN alone.

Strong and clear democratic processes (such as those in the technical community), and principles (such as those that rest on the human rights framework), will continue to govern the internet best. For that, we need to model the best parts of internet governance: A commitment to basic security, reinforced by evidence-based monitoring; multistakeholder cooperation built upon transparency and accountability; and more inclusion of tech specialists in diplomatic spaces. In short, we need more reality, less drama.

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.

Contributor

Mallory Knodel

Mallory Knodel

Mallory Knodel is CTO Centre for Democracy &amp: Technology

Read More +