Those working on the diplomatic challenges of cyberspace stability and internet governance have their work cut out.
Internet governance steered clear of geopolitics for quite some time. The internet’s rise to global dominance really took off after the invention of the World Wide Web which coincided with the end of the cold war in the 1990s and a period of limited global strife. Geopolitics is now centre stage again with implications for internet governance and the stability of cyberspace. The stakes are much higher — ingrained as the internet is in everyday life — and international tensions are growing. In this short essay I highlight three developments that are vital for the development for the international debate about internet governance and cyber diplomacy (thus also sidelining many other relevant developments): the politicisation of technical internet governance, the mismatch between the state of ‘unpeace’ <1> in cyberspace and the legal frameworks that aim to bring stability, and, the parallel diplomatic future for ‘responsible state behaviour in cyberspace’ of the UN GGE and OEWG processes.
For a long time, the governance of the technical infrastructure of the internet was something that happened while governments were busy making other plans. The internet expanded in scope and size, grew exponentially in terms of numbers of users and the formats of information it could support (text, audio, video) and with the rise of IoT the number of connected devices is set to grow in mindboggling numbers. For much of its existence the technical internet was relatively untouched by geopolitics. However, both geopolitics and the global internet are changing. As the internet became more ingrained within our societies and economies and therefore vital for everyday life, governments began to take more notice. Moreover, different countries had different concerns. Early points of contention in internet governance focused on ICANN and the IANA transition. This was more about international political legitimacy than about the question whether the naming and numbering of the internet was adequately expanded and administered by ICANN. As the weight of the global user base of the internet shifted from its original transatlantic axis to both the East and the South of the globe, the political aspects of this specific institutional setup became contested. The fact that naming and numbering was under nominal control of the US government and the prospect of settling disputes in a Californian court was challenged by many states, even though actual disputes have been scarce. The IANA transition was a dispute about how global internet resources could be de-Americanised, in light of geographical shifts on the internet. Now, geopolitical strife between the USA and China also follows the path of mounting technological competition. Against a background of general great power competition over global dominance and the US-Sino trade war, Artificial Intelligence (AI) has become an area of fierce and open competition between the two superpowers. While Kai-Fu Lee maintains that the US holds the better cards for finding a new qualitative leap in the evolution of AI, he maintains that we are now in an age of AI implementation for which China is much better placed. <2> As AI will be a pervasive technology — that will be integrated into many other systems from the mundane to the military — it will have infrastructural qualities and will lead to new and politicised governance questions.
With the advent of 5G networking, the securitisation of the technical internet infrastructure has entered the main global stage. With the all-out resistance of the US against Huawei providing the global infrastructure for 5G internet, the technical infrastructure — and with it technical internet governance — has become thoroughly politicised. The US is worried about the security aspects of having the 5G infrastructure provided by Huawei and has been trying — with varying success — to convince allies and others to shun the Chinese bid to provide new crucial aspects of the internet’s infrastructure. Again, it is no so much the quality of the technological hardware but rather the security implications as a result of the suspected privileged access of the Chinese state (espionage) to Chinese soft- and hardware — which of course echoes the earlier episode of privileged access of the American state that was revealed by Snowden.
The chances for depoliticisation of technical internet governance in this era of geopolitical strife are slim. However, all countries still depend on the global internet infrastructure to function and support their digital economies, societies and governments, suggesting that there must be something of a lowest common denominator that serves the interests of most, if not all, states. For example, the call to protect the public core of the internet, <3> has been gaining traction and is now part of the 2018 French initiative of the Paris Call for Trust and Security in Cyberspace <4> — signed by over 60 states and many companies and NGOs — and the EU Cybersecurity Act adopted in 2019. <5> If possible, technical internet governance should be as depoliticised as possible and be something that largely happens while states are busy making other plans again.
States are not blind to the fact that stability in cyberspace would benefit their digital economy and would mitigate the risks of escalation of conflict. However, agreeing on core aspects of responsible behaviour in cyberspace is, and has been a cumbersome process. While the fear of the weaponisation of cyberspace has been the underlying rationale for the UN GGE process, which is now in its sixth iteration, the possible strategic and military advantages that cyberspace opens up to states may stand in the way of taking big diplomatic steps in this domain. Most states are reluctant to give up possible (military) capabilities by restraining themselves when they cannot be sure that other states will do the same. The result has often been framed as a militarisation of cyberspace, which in turn has facilitated an ongoing debate about if and how International Humanitarian Law applies to cyberspace, both in UN and regional diplomatic fora and through non-state initiatives such as the Tallinn process.
The question is whether the frame of militarisation fits the reality at this moment. Even though many states have in recent years founded military Cyber Commands in varying degrees of professionalism and readiness, the main cyber operations the world worries about are the so-called ‘below-the-threshold operations’ — i.e. they do not add up to ‘war’ — and are mostly executed by (military) intelligence agencies or proxies. <6> The first are not in any direct sense regulated by international law, while the second per definition operate outside of international law. The cyber operations of intelligence agencies — rather than militaries — and proxy actors have created a state of permanent ‘unpeace’ with an intensity that sits well below the threshold that would qualify it as a military conflict. Some countries thrive in this permanent state of digital unrest and are able to project power far beyond their ‘physical’ means. There is debate on the question whether or not — and under which conditions — these lowlevel conflicts are prone to escalation of conflict, but tensions surely have been rising. <7> Moreover, this is not just the domain of espionage and cyber sabotage anymore, but with the increase of mis- and disinformation operations it is also, and increasingly, the domain of the integrity of our information environment, which influences the nature and the quality of the domestic political debate. Cyber operations now also reach the heart of the domestic political process.
Crucially, however, if the nature of cyber conflict is not (yet) military in nature, we may be barking up the wrong legal tree when it comes to the international debate about international humanitarian law as a means to promote responsible state behaviour. <8> Intelligence agencies are the proverbial elephants in the diplomatic room: everyone knows they are there, but all states are unwilling to discuss their operations, let alone regulate them by international law. Formal public attribution now seems the main way of addressing these rising tensions, but that is largely a ‘western affair’ (i.e. most formal attributions have been made by western states) and comes with its own difficulties. However, if much of the international diplomatic effort — in the UN GGE and in other fora — is poured into defining the applicability of the Law of Armed Conflict, the world may end up ignoring the conflicts and ‘unpeace’ — and the actors behind it — that most states seem to worry about most. Herein lies another challenge for the political governance of cyberspace.
After the 2017 round of the UN GGE failed to produce a consensus report many declared the UN track for discussing responsible state behaviour in cyberspace dead. However, the reports of the GGE’s death seem to have been greatly exaggerated, as the sixth round of the process is to start in December of 2019. The fact that 25 UN member states will meet to discuss the application of international law to the cyber domain and cyber norms again is in itself not a guarantee for success, although sources say that the 2017 round found quite a lot of common ground as well as the disputes that eventually blocked consensus. But when in November 2018, the General Assembly of the UN voted through the American resolution that installed a new UN GGE <9> it thickened the diplomatic cyber plot by also voting through the Russian resolution that called for the installation of an Open-Ended Working Group (OEWG) on the same issues. <10> So there are now two parallel diplomatic tracks looking at roughly the same issues. Russia has claimed the moral high ground and played the card of international political legitimacy. The Russian delegation built its case for the OEWG on the principle that it is open to the participation of all states and renounced the UN GGE as “the practice of club agreements that should be sent into the annals of history”. <11> As one of the permanent members of the Security Council Russia is also assured of a seat in the UN GGE club, but given their sponsorship of the OEWG resolution the stakes are high. The parallel tracks have ushered in a state of Mutually Assured Diplomacy: it is more than likely that either both processes yield a result or that both will fail. If one fails on account of one political camp, the other camp is likely to respond in kind and derail the other process. This will complicate an already difficult process. Getting agreement on how existing international law applies to cyberspace — generally agreed to be the stumbling block of the 2017 GGE round — now has to be navigated in two processes that are at once separate and joined at the hip. Add in the new geopolitics of technical internet governance and rising tensions about the permanent state of ‘unpeace’ in cyberspace and those working on the diplomatic challenges of cyberspace stability and internet governance have their work cut out for them.
This essay originally appeared in Digital Debates — CyFy Journal 2019.<1> Lucas Kello (2017) The Virtual Weapon and International Order. New Haven and London: Yale University Press.
<2> Kai-Fu Lee (2018) AI Superpowers. China, Silicon Valley and the New World Order. Boston: Houghton Mifflin Harcourt.
<3> See Dennis Broeders (2015) The Public Core of the Internet. An International Agenda for Internet Governance. Amsterdam: Amsterdam University Press and the 2017 Call to Protect the Public core of the Internet of the Global Commission on the Stability of Cyberspace.
<4> The Paris Call for Trust and Security in Cyberspace, 12 November 2018.
<5> The EU Cyber security Act, 17 April 2019. See paragraph 23 and Article 5.3.
<6> Sergei Boeke and Dennis Broeders (2018) The Demilitarisation of Cyber Conflict’, Survival, Vol. 60 (6): 73-90; Tim Maurer (2018) Cyber Mercenaries. The State, Hackers and Power. Cambridge: Cambridge University Press.
<7> Jason Healey, The implications of persistent (and permanent) engagement in cyberspace, Journal of Cybersecurity, Volume 5, Issue 1, 2019, tyz008.
<8> Sergei Boeke and Dennis Broeders (2018) The Demilitarisation of Cyber Conflict’, Survival, Vol. 60 (6): 73-90.
<9> https://undocs.org/A/C.1/73/L.37
<10> https://undocs.org/A/C.1/73/L.27/Rev.1
<11> Statement of the Russian delegation to the UN General Assembly First Committee, 8 November 2019, Cited in Xymena Kurowska (2019) The politics of cyber norms: Beyond norm construction towards strategic narrative Contestation. EU Cyber Direct: Research in Focus, p.9.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Dennis Broeders is an Associate Professor of Security and Technology and Senior Fellow of The Hague Program for Cyber Norms at Leiden Universitys Institute- of ...
Read More +
PREV
