The Future of Internet Governance: 90 Places to Start

The open, global Internet, which has created untold wealth and empowered billions of individuals, is in jeopardy. Around the world, “nations are reasserting sovereignty and territorializing cyberspace” to better control the political, economic, social activities of their citizens, and the content they can access. These top-down efforts undermine the Internet’s existing decentralized, multi-stakeholder system of governance and threaten its fragmentation into multiple national intranets. To preserve an open system that reflects its interests and values while remaining both secure and resilient, the United States must unite a coalition of like-minded states committed to free expression and free markets and prepared to embrace new strategies to combat cyber crime and rules to govern cyber warfare.

These are the core messages of the just-released CFR report, Defending an Open, Global, Resilient, and Secure Internet. The product of a high-level task force, chaired by former Director of National Intelligence John D. Negroponte and former IBM Chairman Samuel J. Palmisano, the report opens by describing the epochal transformation the Internet has wrought on societies and economies worldwide—particularly in the developing world.

Facilitating this unprecedented connectivity has been a framework based not on governmental (or intergovernmental) fiat but on “self-regulation, private sector leadership, and a bottom-up policy process.” By leaving regulation in the hands of technical experts, private sector actors, civil society groups, and end-users, the pioneers of the early Internet ensured that it would “reflect a broad range of perspectives and keep pace with rapidly changing technology.” They also ensured that rights of free expression and privacy would emerge as dominant norms.

Those halcyon days are over, alas, as more states assert sovereignty in cyberspace, as cybercrime spikes to unprecedented levels, and as nations develop new weapons of cyber warfare. Already, dozens of governments place restrictions on transmitting data and knowledge over the internet. These include not only authoritarian regimes but some democracies in Europe and the developing world (like India and Brazil). At the multilateral level, meanwhile, a majority of states at December’s World Conference on International Telecommunications (WCIT) in Dubai voted to transfer authority for regulating critical aspects of the Internet from ICANN (perceived as U.S.-dominated) to the International Telecommunications Union (ITU), a UN agency. Although some participants were motivated by equity concerns, others—notably Russia, China, and Saudi Arabia—saw the intergovernmental route as a means to assert sovereignty in cyberspace, including a license to crack down on dissent under the guise of fighting cyber crime. The forces arrayed in Dubai will clash again in 2014, at the ITU’s plenipotentiary meeting, intended to revise the body’s constitution.

Meanwhile, cyberspace is increasingly anarchic, as cyber-criminals use sophisticated attacks to steal vast quantities of funds, intellectual property, and trade secrets. Of even greater concern are government-backed cyberattacks. Some forty governments are believed to have developed offensive cyber weapons. The absence of clear rules of cyber warfare, as well as the general problem of attribution, creates a situation of strategic instability, rife with risks of miscalculation and escalation. Still, as the task force notes, the danger is less of a “cyber Pearl Harbor” (as former Secretary of Defense Leon Panetta warned) than a growing loss of confidence by both governments and the private sector in the security and integrity of the Internet.

Given current trends, can the United States possibly preserve the open global internet? Yes, but the first step is getting its own house in order. Distressingly, the U.S. government lacks a coherent strategic vision, an adequate policy coordination framework, and the requisite legislative authorities to develop and implement a national cyberspace policy, undercutting its global leadership.

Beyond this general guidance, the CFR task force offers some ninety (!) recommendations for U.S. policymakers. Let’s group the most important in clusters: