Global Tech Security & Privacy

Welcome to the Splinternet

This article was originally published at The World Post

“We underscore the importance of respect for nations’ sovereignty in cyberspace” –World Internet Conference final document (the “Wuzhen Initiative”), Dec. 18, 2015

The Internet is edging closer to the Splinternet. The leading Republican candidate for U.S. president, Donald Trump, has referred to “closing” the Internet in areas where the U.S. has enemies, while China’s president, Xi Jinping, reasserted, at the second World Internet Conference (WIC) in China last week, that each state has a sovereign right to control what its citizens can and can’t do in cyberspace. The control by a state of “its” Internet has long been advocated by Russia’s government, while the European Union, following an October decision by the European Court of Justice, has released a General Data Protection Regulation that will determine how non-EU companies can market to or monitor EU individuals. That four such distinct political cultures could, for a mix of political, ethical, commercial and security reasons, all reach the same conclusion — that the map of the political world should become the map of cyberspace  — suggests that the days of a universal Internet are numbered.

This political backlash against cyberfreedom has been a long time coming, but given the national-security roots of computing it was probably inevitable.

The Internet, and much of digital computing, was in essence an American military project, born of the need to anticipate and quickly respond to long-range attack, first from large ships, then long-range aircraft and eventually missiles. In the 1980s, under the umbrella of U.S. military and economic superiority, the technology of linked computers began to pass from the Defense Department to the National Science Foundation (and eventually the Commerce Department) and from the state to private companies, a process that led, in the optimistic post-Cold War years of the 1990s, to the extraordinary achievement of a World Wide Web accessible — anonymously, at first — by anyone with a computer.

This was at once a result of globalization, an instigator of it, and a metaphor for it: free, borderless space.

But it was also dependent on the United States disinterestedly holding the keys to cyberspace on behalf of the rest of the world. That kind of benign hegemony was fragile and did not last beyond the idyll that began in 1989 and ended in 2001. Writing in the new issue of Foreign Affairs, Henry Farrell and Abraham Newman state emphatically: “In the aftermath of the 9/11 attacks, the United States began to exploit interdependence, deliberately using its economic power as an instrument of national security. … Despite publicly promoting an open and secure Internet, it has privately undermined the encryption of online communications and surreptitiously created vast international surveillance systems in cooperation with close allies.”

The reaction of other states to this has been slow, in proportion to their dependence on the U.S. economy and on the American-made (mostly) technology that has underpinned the astonishing global prosperity of the past 25 years. But the reaction has nonetheless occurred, hurried on by the revelations of Edward Snowden. Non-Americans no longer trust the U.S. to put its national interests to one side in the special case of the Internet, nor do they want to have to rely, for their prosperity and even safety, on the altruism and political independence of American technology companies. Americans, similarly, don’t want to accept that 21st-century technological life has to come at the price of total vulnerability to surveillance, nor do they want American technology companies to maintain open global networks at the price of their own personal security. Recent calls for blocking terrorists from posting on social media — from Hillary Clinton, Sen. Dianne Feinstein, and Eric Schmidt — reflect a growing American conviction that the state’s responsibility to protect its citizens should extend to restrictions on cyber speech.

What Xi Jinping calls “Internet sovereignty” is inching forward on many fronts. The first and most important is the insistence that technology companies obey state laws within state borders, including laws on information extraction and sharing and on permissible speech. States increasingly also insist that technology companies cooperate with their own law enforcement or other security agencies in sharing information about possible criminals and political enemies, or even make it possible for these agencies to access such information themselves.  In this sense, the FBI and security agencies in authoritarian countries have been asking for the same thing, they just have different definitions of illegal activity. China, in U.S. Naval War College professor Peter Dombrowski’s bleak assessment, “simply represents an extreme example of a much wider phenomenon.”

The chief obstacles to such surveillance are multinational technology companies, who see a threat to their business models: having to deal with a different regulatory regime (much less locating physical servers) in each country adds considerable cost; more profoundly, consumers can be expected to interact less enthusiastically online if they feel vulnerable. That is why Silicon Valley has been so insistent on protecting encryption.

But while state-led localization appears as an unwanted business cost to a multinational, it can look like an opportunity to local entrepreneurs. States with the necessary resources can back captive companies that will do their bidding, thus “nationalizing” the commercial Internet space. Importantly, this then increases the regional power of major states, whose national Web champions can use their advantages to control Internet services for neighboring, smaller countries as well, bringing the terrestrial concept of spheres of influence into cyberspace.

The second front for asserting Internet sovereignty is international, in organizational settings like the International Telecommunications Union and the United Nations’ World Summit on the Information Society (WSIS), which had its first decennial review in New York last week. The (non-binding) outcome of that review was a document that, reportedly at Chinese urging, introduced the words “multilateral” and “governments” at several junctures in order to establish the role of individual states in Internet governance, as in “we recognize the leading role for governments in cybersecurity matters relating to national security” and “we call on Member States to intensify efforts to build robust domestic security of and in the use of ICTs [information and communications technologies], consistent with their international obligations and domestic law,” and in reference to “governments, the private sector, civil society, international organizations, the technical and academic communities, and all other relevant stakeholders.”

Ever since the U.S. government began to loosen state control of the Internet in the mid-1990s, other governments, particularly those of Russia and China, have wanted to increase it. The U.S., in sometimes uneasy alliance with the amorphous Internet community (“civil society…the technical and academic communities, and all other relevant stakeholders”), has resisted what it calls government “capture.”

But how long will that resistance last?

The Internet at its core is still administered under contract to the U.S. Commerce Department. The contractor is the Internet Corporation for Assigned Names and Numbers (ICANN), which, per the contract, provides “the services necessary for the operation of the Internet Assigned Numbers Authority (IANA).” The Internet’s technology as such — the system of protocols by which machines can talk to each other — is open and replicable.  The only “proprietary” part is the names (rendered as numbers) that give a minimal global structure to the Internet’s information. Those names and numbers are the province of IANA and ICANN. Any body that controls access to the Internet — most importantly, telecommunications companies — can block a machine from being able to reach information at a particular numerical address. That is how a government can block access to a website.  But a government cannot eliminate the number itself.  IANA protects the numbers.

The IANA contract was set for expiry on September 30, 2015, but the U.S. elected to renew the Commerce Department’s ultimate control of IANA for another year. The contract itself has options that enable renewal through to 2019. In theory, it is not beyond imagining that the U.S. would renew the contract indefinitely; after all, it has been 20 years now since the U.S. first promised an eventual relinquishing of Internet control and it still hasn’t happened.  However, there is significant momentum and pressure within the world of “governments, the private sector, civil society, international organizations, the technical and academic communities, and all other relevant stakeholders” to have the U.S. cut the IANA cord.

An interesting comparison can be made to the global positioning system (GPS), which is ultimately under control of the U.S. Department of Defense through the Air Force. Like the Internet, GPS is a service used around the world.  And as with the Internet, major states have chafed at American control of it. The result is that Russia, China, India and the European Union are developing their own versions to eliminate their dependence on the U.S.

They have not done that with the Internet in part because the Internet does not go quite so directly to the deep security interest involved in knowing that your command and control of military force projection can withstand a confrontation with the United States.  GPS does: a modern military cannot travel far without satellite positioning.

A further reason why there are not many Internets is that the Internet community in effect allows government control of the Internet at the edges — for example, though blocking websites — in exchange for non-interference at the core. That is the fundamental bargain of IANA and ICANN.

As the government of China made clear at its World Internet Conference, held as a kind of counterpoint to the WSIS review in New York, it intends to continue to pursue national-sovereignty powers in cyberspace, or what Nathan Gardels wittily calls “cyberspace with Chinese characteristics”. (The prime minister of Russia was the other major-power attendee at the WIC.) And the WSIS outcome document contained a profusion of references to national laws and notably to the struggle against terrorism.

So the outlines of an emerging compromise present themselves: governments will feel free to assert greater control over their citizens’ cyber lives while maintaining a watchful distance from the Internet’s core functioning.  Technically the Internet will remain universal; practically, it will be subject to increasing government control. Governments will no longer have to contest vestigial American control of the Internet core because they will already, in terms of what really matters to them, have the Internet they want.

Scott Malcomson is a political-risk and communications consultant and author of five books, including the forthcoming “Splinternet: How Geopolitics and Commerce Are Fragmenting the World Wide Web.” 

Tags: , ,