Most users today seem to approach the existence and configuration of the Internet with the same vague appreciation they bring to the supply of, say, electricity.  We generally take it for granted, and assume that its specific parameters and characteristics just sort of happened – as if by some law of nature – in the ways that we experience and take advantage of them today.  From a security perspective, we are also aware that we depend hugely upon the system, and understand or intuit at some level that this entails great vulnerability to the system being degraded or shut down by those who wish us ill.

What is less appreciated, however, is how contingent the Internet’s current organization actually is, how much this arrangement is the product of choices that have in recent years become subject to political contestation, and how much the thing we take most for granted and regard as being the most fundamental characteristic of the modern Internet – its role as a boundary-erosive, information-aggregating, and ubiquitously-accessible global data “superhighway” – is in fact still somewhat up for grabs.  Most users probably fail to appreciate the degree to which, quite apart from issues of “cyber security” as they are usually understood in the West, a struggle has been underway for the last few years over who will control the Internet’s future, and to what end.

I.          The Contingency of the Net

At present, Internet governance is a historical artifact of the American government’s role in inventing and developing the early Internet.  When the United States decided in the late 1990s to remove itself from direct administration of the Internet, it essentially subcontracted out these critical responsibilities by entering into contracts with not-for-profit organizations.  Among these, the most prominent is the Internet Corporation for Assigned Names and Numbers (ICANN), which coordinates the Internet’s naming system.  Also of critical importance is the Internet Assigned Numbers Authority (IANA), which manages the trusteeship system for running registries of Country Code Top-Level Domains (ccTLDs) – the country-designators in much Internet addressing ( e.g., “.za” for South Africa or “.ru” for Russia) – and for overseeing the operation of each domain.

Significantly, as Kenneth Neil Cukier reminded readers of his important 2005 article on the subject in Foreign Affairs , it is not merely that the Internet’s present system of institutional governance is a historical accident.  In fact, the Internet’s notorious openness and boundary-resistant structure – that is, the very degree to which it serves its billions of users as a user-empowering transnational conduit for substantive content – is also no more than a historical artifact.  Today’s Internet is indeed, in Cukier’s words, “a paragon of deregulation and decentralization,” but this was not inevitable.  In fact, he observed, the Internet “requires oversight and coordination in order to operate smoothly.”  It also requires a particular set of operating rules in order to function in the profoundly boundary-free way that it presently does.

Things, in short, do not have to be this way.  The Internet’s freewheeling openness is the result of conscious decisions to run it in such a fashion, made by the particular people who happen to have been put in charge of making such determinations.  As Cukier put it, the operation of the current Internet embodies “American-style political and economic liberalism in its open architecture.”  Different management choices would produce different results.  This makes the issue of Internet control extremely important.

II.             The Brewing Storm over Governance

Despite America’s role as the developer of the Internet, it was central to the Internet policies of both the Clinton and George W. Bush Administrations that the Internet remain unregulated and profoundly open – and indeed, the U.S. Government has indeed played a remarkably “hands off” role.  Washington is apparently quite happy with ICANN’s openness-focused, integrative, and informationally laissez-faire stewardship, and has remained content not to try to “fix” something that doesn’t appear to be broken.  As U.S. Special Representative John Marburger told the 2005 World Summit on the Information Society (WSIS) Summit in Tunis, the United States sees no need to reform “ a system that is working so well. ”  And to ICANN’s credit, as Harold Kwalwasser has noted, pretty much no one seems to have expressed any real complaint about the current system’s performance on technical grounds: the group appears to be doing a fine job.  Rather, the problem is political – and here’s where it gets interesting.

Some governments profess to find American “domination” of Internet governance offensive in principle , and fret about the possibility that the U.S. Government – the sole contract-holder for ICANN – might somehow abuse its power.  Their supporters point out that when a proposal was made to create an “.xxx” domain for Internet pornography, U.S. officials complained, and the idea was dropped.  To self-annointed “watchdog” groups like Icannwatch.org , this episode bespeaks ICANN’s willingness to “ warp[] and corrupt[] ” domain-approvals at the behest of its U.S. paymasters.  Brazil and some European governments – not always with enormous intellectual consistency, given that the ostensible complaint against ICANN in this regard is the danger of political control – cite the “.xxx” controversy as an argument for giving their governments more control of the process.

Such concerns feed easily into broad strains of anti-American resentment around the world.  Should the international community trust arrogant U.S. officials not to cut entire countries off the Internet by discontinuing a national domain name, as Cukier recounted some governments purporting to fear with regard to Iran’s “.ir” domain?  To the extent that such critiques really do derive from more than simply garden-variety anti-superpower emotionalism – in which America’s role is offensive not because of any ill effects but simply because it is American , or because America happens simply to be powerful – such anti-ICANN arguments are made from an ostensibly libertarian standpoint.  Though they have yet to offer much with regard to how any alternative system of governance could possibly make the Internet freer , some critics seem to suggest that cyberspace is not yet free enough from the specter of substantive political oversight.

Other governments, however, seem less worried about U.S. manipulation per se.  Instead, their problem seems to be precisely that the U.S.-based ICANN system is too permissive when it comes to the Internet’s freedom from political management.  They would like more political control over Web content; they just want it to be their control.  There clearly are regimes who perceive the very openness of the current Internet system to present some kind of political threat, and who imagine themselves both beset by and worryingly vulnerable to “information weaponry” defined to include not merely malicious code but in fact substantive Web content that departs from their rulers’ ideas of what their people should be reading or thinking.

As Kwalwasser has observed, the present U.S.-centric system of Internet governance would probably have been impossible had it been proposed even a few years later than it was.  Somewhat surprisingly, when the ICANN system was set up in 1998, relatively few governments seem to have grasped the potential socio-political importance of the Internet as a powerful force for mass information access.  Had the current governance system been suggested once this impact became more clear, the laissez-faire American approach might have elicited opposition from some other governments.  Indeed, subsequent disputes over Internet governance seem to represent an effort, as it were, to re-litigate the question.

Not for nothing, therefore, are U.S. officials reported privately to have warned the President of the European Union in November 2005 that “ a new intergovernmental structure would most likely become an obstacle to global Internet access for all our [countries’] citizens. ”  It is important to remember this.  With a detached air of seemingly almost anthropological interest, then-U.N. Secretary-General Kofi Annan once described these governance disputes as representing

“a dialogue between two different cultures: the nongovernmental Internet community, with its traditions of informal, bottom-up decision making, and the more formal, structured world of governments and intergovernmental organizations.”

In fact, however, the emergence of Internet governance as a focus of international attention may be a reflection of something rather less benign than mere “cultural” diversity.  Some enthusiasms for Internet regulation actually represent a diplomatic counter-offensive against informational openness and global integration, led by authoritarian regimes that seek security against the dangers to their rule and their view of the world presented by data-flows that facilitate the development and maintenance of an informed citizenry.

Diplomats from some governments began raising concerns about American “dominance” of Internet governance as early as 2002, at the WSIS meeting that July in Geneva. There, the Brazilian delegation spoke out about the need to prevent “cultural imperialism” as the Internet evolves, Tunisia called for governments to work together to “balance” modernization against the need for cultural preservation, and China called for improved international cooperation in handling “security” in the world of information and communications technology.   In February 2003 , at a follow-up WSIS convocation in Geneva, the Russian representative emphasized the degree to which Internet access facilitated the discovery not just of priceless nuggets of information but in fact also of highly undesirable things.

Perhaps for this reason, one of the main questions debated at the February 2003 meeting was whether more should be done to “uphold[] the sovereign equality of all States”  in cyberspace, and to shore up understandings of countries’ sovereign rights in the Internet domain – a concept that seemed clearly to include sovereign governments’ right, in the interest, inter alia , of national security, to police the Internet as they saw fit.  A number of delegations called for a new intergovernmental (or international) and “transparent” mechanism for Internet governance – one, it was suggested, that should be tasked with developing a coherent international framework for cyber security.   Brazil and South Africa spoke up against the U.S. role in overseeing the Internet, joined unsurprisingly by Bashar al-Assad’s Syria, Fidel Castro’s Cuba, and Robert Mugabe’s Zimbabwe.  Then in the throes of its determined campaign to prevent the Americans from overthrowing Saddam Hussein, even Jacques Chirac’s France got in on the action, adding its voice to calls for a new system of Internet governance.  Delegates could not agree on precisely how to describe such an international oversight mechanism for the Internet – China’s call for a new international treaty organization for this purpose not meeting with universal acceptance – but the question of regulation by political authorities had clearly become the “hot” emerging issue for WSIS.

This debate continued at the WSIS Summit in Tunis in November 2005, where heated discussions took place about who should set the rules for managing key Internet resources such as domain names and Internet protocol addresses.  Many delegations – among them Brazil, China, India, Iran, Russia, and South Africa – spoke up to decry the United States’ role in Internet governance, declaring that it was neither acceptable nor sustainable to permit any single player to enjoy such a position.   As South Africa’s then-President Thabo Mbeki put things, it was important to make Internet governance “legitimate, transparent and accountable” by building “multilateral and multi-stakeholder institutions and systems rooted within the U.N. system.”  This ostensible emphasis upon mere commonsense fairness provided the opening needed for Hugo Chavez’s Venezuela to propose “international management of the Internet” – that is, an explicitly political system of multinational control.

According to Kwalwasser, some countries all but explicitly threatened to go their own way by creating entirely separate national sub-Internets under sovereign control – as China, in a sense, already had.  Whether it was to occur through a vaguely U.N.-style global body of member states or through a Chinese-style legal and technical re-territorialization , in other words, the unifying theme of this growing campaign seemed to be the importance of engineering a retreat from ICANN’s style of nonpolitical and informationally laissez-faire regulation.

Being unable to come to agreement on the question of “internationalizing” Internet management, the 2005 WSIS Summit opted merely to create a new Internet Governance Forum (IGF) for discussions of such matters.  The Forum has met on multiple occasions since then, but with no particular result.  It has, however, provided more opportunities for Russian diplomats (and others) to reiterate their own ideas of placing the Internet under the supervision of some international body.  At the IGF meeting in Brazil in November 2007, for instance, the Russian representative called upon the U.N. Secretary-General to create

“an ad hoc working group to develop practical steps for transition of the Internet governance system to bring it under the control of the international community, including the administration of critical Internet resources.”

One of the international political organizations that some suspect may be angling to assume such control is the International Telecommunications Union (ITU).  The ITU’s secretary-general has called upon ICANN to work more closely with his organization, has reportedly pronounced the IGF itself to be “a waste of time,” and has promoted the idea that organizations such as the ITU must have more “muscle” in Internet governance.  This is music to the ears of some anti-ICANN activist governments – not least that of Brazil, which informed an ICANN meeting in Cairo in November 2008 that ICANN needed to observe “any public policy advice” it received from national governments.   (The governments of Saudi Arabia and Iran have also supported giving the ITU an enhanced role.)

Remarkably, even the European Union’s own Commissioner for Information Society and Media, Viviane Reding, joined the political-regulation bandwagon, proposing a “G-12 for the Internet” – that is, a body made up of key governments’ representatives that would make “recommendations to ICANN where appropriate.”   In 2005, Kofi Annan also entered the fray, urging that Washington’s role in overseeing Internet management be “shared with the international community,” supporting “efforts to make the governance arrangements more international,” and urging respect for “other governments[’] … public policy and sovereignty concerns.”

III.         Where Next?

Make no mistake: it would be wrong to imply that the IGF and WSIS are in any way solely fora dedicated to anti-American political correctness or to protecting authoritarian regime from the openness of the Internet.  The pronouncements agreed in such fora, in fact, are replete with comments emphasizing the importance of informational openness.  The representatives of eight Southeast Asian countries met in Hong Kong in June 2010 , for instance, and declared that

“[o]penness is key to a democratic and open society. Restrictions on freedom of opinion and expression online, such as state censorship which blocks Internet intermediaries, is one of the threats to open societies. Intimidation and state censorship facilitate self-censorship, a hazardous social phenomenon that further undermines democracy and openness. … The Internet is for everyone; it is a public good.”

A perusal of the wide-ranging discussions at IGF meetings, moreover, makes clear that its participants are on the whole earnest, serious, and committed in good faith to exploring important issues of Internet access, privacy, security, and technical innovation as well as governance.

The failure to agree upon any replacement structure for the Internet at the 2005 WSIS Summit in Tunis, moreover – thanks to firm American opposition to trying to fix what clearly  wasn’t broken – also seemed to take some of the wind out of the sails of those who would politicize Internet governance, at least for a time.  The creation of the IGF as a discussion forum may have provided a useful opportunity for anti-American emotions to vent and then to cool, and indeed the Summit itself managed to agree that

“the existing arrangements for Internet governance have worked effectively to make the Internet the highly robust, dynamic and geographically diverse medium that it is today, with the private sector taking the lead in day-to-day operations.”

While the IGF compromise may have bought some useful time, however, it did not resolve the governance issue – nor has it been resolved today.  In July 2010, a U.N. panel on this subject – convened in 2005 by the United Nations to help break what the New York Times called “an impasse of more than a decade between the United States and Russia over how to deal with threats to the Internet” – finally issued its long-awaited findings.  The recommendations therein, however, seem to have broken little new ground: the group simply called for more diplomatic discussions about the ways different nations view and protect computer networks, about the use of computer and communications technologies during warfare, about how to develop common terminology for having such discussions, and in order to share information about national approaches to computer security legislation.

Those recommendations seem sound, but they real issues are obviously nowhere near being resolved, persisting in IGF and other discussions as well as the emergence of “cyber arms control” proposals from countries such as Russia and China – ostensibly in response to widespread and growing concerns about cyber threats to modern economies and military systems, but also partaking of ideas about “information security” that encompass protection against politically subversive ideas made available through the Internet.

The future direction of such debates may also be fed, moreover, by the genuine tension between security and privacy in cyberspace.  Cyber threats have made security hawks more solicitous of proposals to “ reengineer the Internet ” to improve “attribution, geolocation, intelligence analysis and impact assessment” in the face of cybercrime and cyber-terrorist threats.  Though prompted by genuine fears of catastrophic cyber attack, however, some such re-engineering could itself threaten the openness of the Internet – leading some Web freedom advocates to blinkered hyperbole themselves,  dismissing worries about cyber warfare as mere “hype” designed to legitimize restrictions – and play into the hands of those regimes that would restrict ideational content, making a good balance exceedingly hard to achieve.

As this example illustrates, countries seek to block Web content or obtain information about users for a variety of reasons – some good and some bad.  As recounted recently in The Economist, for instance, Australia has ambitions to construct a sort of Chinese-style “Great Firewall” of its own, albeit this time oriented toward blocking child pornography rather than controlling the political information available to Australian citizens.  The United States is said frequently to ask Internet Service Providers such as Google for information about Internet users for law enforcement and counter-terrorist purposes.

On the other side of the ledger, as noted, Russia and China seem to conceive of “information warfare” in ideational terms, and fear the open Internet as a transmitter of politically subversive ideas threatening to authoritarian control.   Iran, Cuba, Saudi Arabia, and Vietnam have also engaged in some degree of Chinese-style Internet content restriction, and it is perhaps not hard to guess why.

Other countries’ motives are less clear.  Brazil, one of the most aggressive proponents for “internationalizing” management of the Internet, tops the list of countries that have asked Google to block Web content.  Another partisan of “internationalization” is South Africa, the ANC government of which recently proposed a controversial new media content control law.  What underlies their interest in placing Internet governance under the control of some international political organization?

The inter-related issues of Internet governance and cyber security are clearly thorny, politically charged, and not going away anytime soon.  Especially in democratic, open societies, there exists a real tension between Internet liberty, which is in many ways the key to the extraordinary benefits that electronic interconnectivity has brought to mankind, and basic law enforcement and national security equities; this tension is complicated further – especially in international fora and where issues of multilateral regulation arise – by the degree to which authoritarian regimes prize content management for their own reasons of political control.  Unless one is a Web-freedom absolutist or a heavy-handed dictator, however, the “right” answer is not obvious – and may indeed change over time with the evolution of cybercrime, cyber-terrorism, computer espionage, and cyberwar threats.  These matters will challenge the public policy community for years to come.

-- Christopher Ford