The following is a guest post by Kyle L. Evanoff, research associate for international institutions and global governance at the Council on Foreign Relations.
The internet has become a political lightning rod and tinderbox, thanks in no small part to lackluster governance. That much is clear from the results of the Council of Councils (CoC) 2018-2019 Report Card on International Cooperation, an assessment of international efforts to address the world’s most pressing challenges. The top policy minds who made the assessment, the heads of more than two dozen leading think tanks worldwide, awarded cooperation in “Managing Cyber Governance” a drab C in 2018, suggesting a surfeit of room for improvement.
Efforts in 2018
The passing grade, a small improvement over the previous year’s C–, was a lukewarm appraisal of an issue area still in its relative infancy as a global agenda item. Such tepid success has not been from lack of effort: Last year alone, the EU General Data Protection Regulation entered into force; Microsoft launched a Defending Democracy Program; Group of Seven leaders made a Commitment on Defending Democracy From Foreign Threats [PDF] at their summit in Charlevoix, Canada; UN Secretary-General Antonio Guterres created a High-Level Panel on Digital Cooperation; the Global Commission on the Stability of Cyberspace released its Singapore Norms Package [PDF]; and French President Emmanuel Macron launched the Paris Call for Trust and Security in Cyberspace [PDF]. And these were only some of the highlights.
Impressive exertions in the area of cyber governance, however, have produced less than impressive results. Despite a veritable cornucopia of norms, principles, and declarations that have come to exist on paper (or in digital form), state behavior online remains unconstrained relative to state behavior in many other domains. As Volker Perthes of the German Institute for International and Security Affairs writes, “the plethora of initiatives reflects both the widely felt need for international cooperation and the lack of global coordination.” Cyber governance, in other words, seems to be more spam than substance.
The internet, of course, has garnered significant international political attention as its importance in world affairs has grown. The leaders of the CoC institutes ranked managing cyber governance sixth (of ten) in terms of global priorities, a slight increase from last year’s seventh-place showing. As Amos Yadlin of the Institute for National Security Studies (Israel) writes, “in 2018, there has been increased understanding of the risks posed by cyberspace as an arena of conflict and the need to address these risks in a cooperative way.” Numerous online incidents (including last year’s revelations of data analytics firm Cambridge Analytica’s role in influencing the 2016 U.S. presidential election), ballooning e-commerce, and the advent or advance of technologies such as blockchain and artificial intelligence (AI) are among the factors driving states to seek cyber clarity in multilateral institutions and other fora.
At the same time, their recognition of the importance of cyberspace is driving them to compete over it, both through targeted intrusions and dueling governance proposals. A prime example of the latter lies in the two UN General Assembly resolutions forwarded by competing blocs that created separate work-streams on cyber norms last year. The overall picture, as Ong Keng Yeng of the S. Rajaratnam School of International Studies (Singapore) describes, is one in which “no one is leading the effort to instill discipline in cyber governance,” and countries are “still trying to find ways to dominate . . . instead of working on mutually beneficial rules and standards.”
Prospects for 2019
The onset of what some pundits have deemed a “technology Cold War” has not helped matters. As U.S.-China relations have soured and technologies such as AI and 5G have become a major focal point for geopolitical competition, prospects for meaningful cyber governance have dimmed. Xue Lei of the Shanghai Institutes for International Studies (China) contends that “with more western countries, led by the United States, embracing the securitization of cyber issues, the chances of reaching consensus on coordinated global cyber governance is even bleaker than in previous years, with the relevant norms and rules still in heated debate.” Fyodor Lukyanov of the Council on Foreign and Defense Policy (Russia) offers a similarly frank assessment: “this area continues to become more explosive and dangerous, while no international efforts are made to cooperatively address challenges in this field.”
Unfortunately, this more adversarial approach to digital technologies comes at a time when the integrity of the internet is already under threat. As Rohinton Medhora of the Centre for International Governance Innovation (Canada) writes, “the risk of fragmentation of the internet is real. It has already happened in the data sphere, with three mutually incompatible blocs—the firm-centric U.S. form of data governance, the state-centric China form, and the individual-centric European Union General Data Protection Regulation bloc.” Richard Haass, president of the Council on Foreign Relations, concurs: “it looks increasingly likely that the world will have two or three ‘internets’ that are governed by different rules.”
Underscoring the troubling state of cyber governance, CoC institute heads saw the issue area as presenting little opportunity for breakthrough, ranking it seventh of ten—near the back of the pack. Although initiatives such as the UN High-Level Panel on Digital Cooperation have produced tangible outputs—the panel released its findings in a report [PDF] earlier this week—they are apt to gain little traction in an icy geopolitical environment.
Coming to grips with the litany of cyber governance issues, some intractable, will require a multifaceted approach. In the words of José María Lladós and Juan Battaleme of the Argentine Council on Foreign Relations, “it is difficult to deal with this challenge with one sole policy measure. First, cyber governance is troubled by misaligned incentives and the rapid pace at which technology evolves. Second, because certain advantages exist in cyberspace that a state should not lose or limit, no state wants to take the first real step to manage the existing problems in cyber governance.”
The recommendations of the CoC reflected the complexity of the specific issues involved, as well as the rampant uncertainty in the broader issue area. They included “a global accord on cyber espionage,” a suggestion of Medhora’s, and a “Digital Group of Twenty modeled on the Group of Twenty,” a recommendation from Sunjoy Joshi and Samir Saran of the Observer Research Foundation (India). Sergey Kulik of the Institute of Contemporary Development (Russia) left the door open to a variety of approaches, writing that “any reform for strengthening the multistakeholder model would be beneficial, compared to the alternative of fragmentation and polarization of the cyberspace.” For now, at least, the general outlook for managing cyber governance ranges from uncertain to bleak.
About the CoC Report Card
The Council of Councils (CoC) Report Card on International Cooperation evaluates multilateral efforts to address ten of the world’s most pressing global challenges, from countering transnational terrorism to advancing global health. No country can confront these issues better on its own; on the contrary, combating the threats, managing the risks, and exploiting the opportunities presented by globalization all require international cooperation. To help policymakers around the world prioritize among these challenges, the CoC Report Card on International Cooperation surveyed the Council of Councils, a network of twenty-eight foreign policy institutes around the world between December 2018 and January 2019.
View the full CoC Report Card on International Cooperation to see how global think tank leaders graded the world’s performance and prospects for 2019 on ten global challenges.
Other CoC Report Card Blogs