Finding a Foreign Policy for the Internet

February 8, 2021 Topic: Security Region: Americas Tags: InternetCyberspaceForeign PolicyProtocolPandemic

Finding a Foreign Policy for the Internet

At present, the United States foreign policy for the internet is absent, and much of the country’s policy efforts could be summed up as “not what China is doing,” a rejectionist attitude beset on all sides by purposeful adversaries and weakened alliances.

The United States government does not yet have a constructive strategy for the internet. Contrary to what the last four years have messaged—that the United States is in a zero-sum technology competition with China and expelling and excluding Chinese technology is the best response—a vision for the internet that does little more than say “no” to China is not a purposeful strategy. Yet the Chinese government and other authoritarian states remain committed to rewriting the rules of the internet across its governance and its physical and digital infrastructure. Beijing in particular has invested massively in altering the internet’s technical standards, physical backbone, and governing norms.

The absence of a coherent “foreign policy for the internet,” in turn, gives over momentum to authoritarian states, leaves allies without a strong voice to effectuate consensus, and delegates important structural choices to private firms whose decisionmaking is optimized for quarterly competitive pressures, not the long-term public good. As western democracies reawaken to the influence of disinformation campaigns and potential for political influence over technology supply chains, they further call these same companies, like Google, Facebook, and Twitter to task and debate new controls on acceptable content and information virality but without situating those efforts in a broader conversation about strategic objectives for the internet.

The confluence of these trends leaves the internet vulnerable to structural distortion and unprecedented change. The core operating principles that have guided liberal democratic internet policy for the better part of two decades—freedom, openness, interoperability, security, and resilience—are being degraded through both purposeful intent and the weight of apathy. Requiring more than just a firm advocate, the internet needs a collective defense by open societies, based on a principled vision of how the internet should evolve and grow in light of modern digital risks. This vision must first recognize that for all of the wires and wizardry, the internet starts with people, both inventors and users, and its future cannot be separated from broader economic, political, and social forces. Second, this constructive U.S. vision for the internet should start with small policy interventions and seek to iterate on them. Grand bargains are impracticable given the diversity of stakeholders and delicate complexity of the internet; small inputs will have outsized impacts. Third, policymakers and practitioners alike must accept that there is no going back, the internet cannot be returned to an earlier state, and the choice now is to drive principled evolution forward or face a descent into madness. Here, there is an opportunity for the Biden administration to develop a principled foreign policy for the internet, ensuring its long-term health and continued viability. 

State of Play 

Today, the five principles most frequently repeated in liberal democratic internet policy documents—freedom, openness, interoperability, security, and resilience—are in tension with the reality of a web that is increasingly centralized, insecure, and subject to the sovereign control and influence of national governments. Democracies beginning to exert more state control over the internet in their borders recognize this fact. And many other countries recognize these flaws in the democratic internet model too, as they increasingly turn to the sovereign and controlled model to combat online threats and social instability.

For several decades, liberal democratic governments around the world talked about the internet as an inherently democratizing force. John Perry Barlow drove far deeper in this view in his 1996 “Declaration on the Independence of Cyberspace,” where he told the “Governments of the Industrial World” that “[c]yberspace does not lie within your borders . . . Your legal concepts of property, expression, identity, and movement and context do not apply to us.”

A few years earlier, George Shultz argued a related idea of the “dictator’s dilemma”—that technology inherently opens up closed societies and that dictators “will never be able entirely to block the tide of technological advance.” Countries looking to benefit from the global economy must, the narrative goes, relinquish some degree of technological control. This worldview is heavily reflected in the original development of a free and open vision of internet governance. 

The idealized vision of a democratizing internet, however, no longer meshes with reality, if it ever did at all. Countries around the world have found ways to permit the use of these technologies to grow their economies while largely retaining their authoritarian control. Beijing has arguably been doing it since the 1990s. Simply put, the notion that cyberspace cannot at all be controlled by nation-states is wrong. Internet control may not always be easy, but it is certainly possible. As James Lewis wrote, “Sovereignty completely covers cyberspace, even if nations have not always chosen to assert sovereign control (and the reasons for this may be a combination of poorly conceived ideology and concerns over liability and regulation).” That said, these five ideas are worth striving for—whether robustly securing the internet’s data and architecture or better protecting content freedom in an age of increased state censorship around the world.

At present, the United States foreign policy for the internet is absent, and much of the country’s policy efforts could be summed up as “not what China is doing,” a rejectionist attitude beset on all sides by purposeful adversaries and weakened alliances. As Laura Rosenberger has argued with respect to the global information contest, the United States and its allies “have been reactive, focused on what they are trying to defeat; they have not developed a strategy for success.” The conversation about China’s role in undermining the internet has hit a fever pitch in the last three years—witness the rashly issued executive orders banning TikTok and WeChat—as commentators acknowledge there are competing visions for the internet between democratic and authoritarian states.

The more recent U.S. approach to China, like export controls on Huawei, have been ill-considered. There is a legitimate basis to be concerned about the scope of Chinese government authority over their technology champions and Beijing’s power to transitively exercise a measure of influence wherever Chinese firms’ products and services are found. But the collateral damage of a single-minded pursuit of Huawei and its associated universe of subsidiaries, vendors, and counterparties has been an acceleration of European discontent with the state of American cyber-diplomacy and a meaningful loss of trust in operational U.S. cybersecurity policymaking in key allies and private sector partners. The gains, by contrast—nonbinding declarations and a slow drip of national governments posturing to reject Huawei products—are hardly commensurate. Robert Knake makes a valuable point on this issue: rather than building positive incentives to shape or improve Beijing’s behavior, plans like the State Department’s Clean Network Initiative boil down to an exclusion of Chinese technology above all else.

Meanwhile, the internet is under siege by a spate of new internet control efforts. Some of these are a response by societies no longer willing to tolerate the internet’s particular status quo balance toward free speech and decentralized control. Germany implemented the infamous NetzDG law, staking out a stronger position on hate speech than many other liberal democracies. France passed an online speech-limiting law, though it was later picked apart by a constitutional court. Incidents of domestic terrorism have also driven democracies to shift their hands-off approach to online content, such as the terrorist attack in Christchurch, New Zealand that was live-streamed on social media.

Other efforts, like the PACT Act, demand a more assertive approach to online content moderation and are more a response to the outcome of the 2016 election, a typically orphaned failure whose cause was in all likelihood attributable to parties both foreign and domestic. The year 2016 brought an American reawakening to misinformation and strategic influence operations. The ensuing backlash produced a series of policy changes and proposed new information controls, including several different bills to repeal the Section 230 safe harbor. While many of the policy changes were limited to individual platforms (like Twitter’s labeling allegations of widespread voting fraud as misinformation), some of these platforms are so large—Facebook and Alphabet’s YouTube notable among them—as to constitute ‘layers’ of their own in the internet’s application and content layer.

Still other of these changes, however, are moves of oppression against ever-less open societies, efforts to control a technology that can bring disparate communities together, enable social organization and information-sharing, and even lead to a loss of confidence in faltering institutions. In 2019, India declared Kashmir a connectivity free zone, blocking internet and cell phone access to the region for “71 days of silence.” India also banned fifty-nine Chinese apps following a shooting on the border, later adding one-hundred-and-eighteen more—shoving Chinese software out of the lucrative, rapidly growing Indian technology market. Turkey has introduced legislation to further extend the government’s power to punish social media firms for publishing state-critical content. Belarus simply turned off the internet to its citizens alongside a violent state crackdown on peaceful demonstrators in 2020. Countries around the world, in this vein, are only doubling down in recent years on state control of the web in their borders. 

In response to this reality, a U.S. strategy for the internet should promulgate a set of values tightly aligned with the internet’s original design philosophy. By default, it should start with allies and integrate two decades of private sector experience working to defend and rebuild the internet’s core protocols. The United States has long supported the internet—from its early inception as academic projects funded by the military, through the economic revolutions of the e-commerce bubble, to the current reign of cloud computing and social media companies whose headquarters pockmark the landscape of the American West Coast.