The breakneck growth in internet usage over the past two decades has
forced policymakers to confront a host of challenges, from how to
regulate the sharing economy to who owns the infrastructure behind the “tubes”
themselves. While tempers have flared on a number of these issues, I
tend to give the benefit of the doubt to policymakers. The
transformation of our society has been so complete and rapid, we simply
can’t expect the rebuilding of our laws to be a simple proposition.
Yet, when it comes to national security and cyber policy, the United States is risking not just a few years of confusing policies that make life difficult albeit manageable, but possible destruction of the very essence of what makes the internet such a vital resource in the first place.
At the core of this dilemma is our vision for the internet. Is the internet an open space, a site for commerce and creativity that is lightly regulated, non-militarized, and universal around the world? Or does it become a tool of power, a weapon that can be wielded against other nations and groups with impunity?
The conventional narrative in the United States, particularly in the media, has been that of the U.S. as defender of the free internet, fighting off the national interests of countries that would undermine its open fabric. Washington policy circles often speak of the “internet freedom” agenda, blocking countries like China, Russia, and Syria that are looking to split the internet into controllable factions.
We only need to look to DC think tanks to see these policies clearly. Take, for example, the Center for New American Security, which recently published a report on China’s cybersecurity strategy. The author, Amy Chang, analyzes the intentions of the Chinese as well as their capabilities on the internet, but in doing so also unmasks the conflicted American perspective.
Chang argues that the United States needs to do more to mold the norms of the internet, and encourage the Chinese to follow them. From the report: “The failure of the U.S. indictment to deter Chinese cyber espionage underscores that it will take time to advance norms of appropriate behavior in cyber-space, especially in cases where doing so threatens the interests of the CCP.”
But while military analysts accuse the Chinese of violating norms of behavior, we have to ask, what exactly are these norms?
Certainly looking at the actions of the United States, it is not clear to me at all that the norms we are establishing are for a free and open internet. Quite the contrary in fact.
The United States has already founded a Cyber Command, which is located at Fort Meade along with the National Security Agency, and shares the same leader with that intelligence agency. While its ostensible goal is to defend U.S. cyber interests, it has also developed an offensive cyberwarfare capability to be deployed against other nations.
Furthermore, it is widely believed that the United States and Israel were behind a cyber-attack on Iran’s nuclear enrichment facilities through a computer worm known as Stuxnet. Endgame, a Kleiner Perkins-backed startup, used to sell vulnerabilities to the intelligence community for offensive purposes (although it appears now that it has pivoted to be a big data analytics provider). And, of course, we have Snowden, which is still leading to new revelations.
It is important to be clear on this last point. The dilemma of U.S.
cyber policy is not limited to wiretapping and Snowden. There are many
questions that those revelations pose for policymakers regarding privacy
in an era when much of our data is not physically owned by us. Those
questions need to be answered robustly, but we must not narrow our lens
to such a limited conception of militarization.
Rather, we need to see the full extent of activities that the U.S. is conducting on the web, and then connect those actions with the norms that we are espousing. It doesn’t look good. In short, the U.S. is essentially doing all the actions we find distasteful about China’s cybersecurity activities, although arguably with less emphasis on blatant industrial espionage.
This hypocrisy at the core of our internet agenda is becoming untenable. We cannot continue to advocate for an open web, while at the same time undermining the moral authority of that argument using the same tactics of those we are criticizing. Countries are watching our leadership, and the message we are currently sending will very much lead to the eventual disintegration of a single free internet.
Unfortunately, we have yet to have a wide-ranging debate about internet policy in our political discourse. Few politicians, with the possible exceptions of Rand Paul and Ron Wyden, have connected internet issues together into one holistic policy. That’s unfortunate, because as defense policy continues to drive toward more defensive and offensive capabilities, the fissures in the internet are only becoming more pronounced.
The U.S. has two courses here. If it wants to defend the open web, then it needs to move toward demilitarization, and soon. Such a movement is not without precedent. Under treaties signed with the Soviet Union during the Cold War, the United States agreed to not militarize Antarctica nor outer space. While both treaties have seen some slippage in recent years in a strict interpretation, the same principles that underlie them could also be made for the web.
Such an approach would be very much in the interests of the United States, which has the largest economy and arguably the greatest reliance on the web in the world. Whether China or others would willingly agree to police the web and actually follow through remains to be seen.
The other course for the U.S. is the one we are currently on, where defense officials increasingly militarize the web and force, if perhaps unintentionally, its split along national lines. Given the costs to the American economy of this approach, it would seem prudent to avoid it since we have so little to gain and so much to lose.
One thing is clear though: time on these issues is running short. As I argued a few weeks ago, the internet is quickly becoming the internets as countries develop their own approaches and attempt to protect the security of their interests. Only proactive political and diplomatic action at internet speeds will prevent an unfortunate outcome here, the dissolution of the most important experiment in human progress in modern history.
Yet, when it comes to national security and cyber policy, the United States is risking not just a few years of confusing policies that make life difficult albeit manageable, but possible destruction of the very essence of what makes the internet such a vital resource in the first place.
At the core of this dilemma is our vision for the internet. Is the internet an open space, a site for commerce and creativity that is lightly regulated, non-militarized, and universal around the world? Or does it become a tool of power, a weapon that can be wielded against other nations and groups with impunity?
The conventional narrative in the United States, particularly in the media, has been that of the U.S. as defender of the free internet, fighting off the national interests of countries that would undermine its open fabric. Washington policy circles often speak of the “internet freedom” agenda, blocking countries like China, Russia, and Syria that are looking to split the internet into controllable factions.
We only need to look to DC think tanks to see these policies clearly. Take, for example, the Center for New American Security, which recently published a report on China’s cybersecurity strategy. The author, Amy Chang, analyzes the intentions of the Chinese as well as their capabilities on the internet, but in doing so also unmasks the conflicted American perspective.
Chang argues that the United States needs to do more to mold the norms of the internet, and encourage the Chinese to follow them. From the report: “The failure of the U.S. indictment to deter Chinese cyber espionage underscores that it will take time to advance norms of appropriate behavior in cyber-space, especially in cases where doing so threatens the interests of the CCP.”
But while military analysts accuse the Chinese of violating norms of behavior, we have to ask, what exactly are these norms?
Certainly looking at the actions of the United States, it is not clear to me at all that the norms we are establishing are for a free and open internet. Quite the contrary in fact.
The United States has already founded a Cyber Command, which is located at Fort Meade along with the National Security Agency, and shares the same leader with that intelligence agency. While its ostensible goal is to defend U.S. cyber interests, it has also developed an offensive cyberwarfare capability to be deployed against other nations.
Furthermore, it is widely believed that the United States and Israel were behind a cyber-attack on Iran’s nuclear enrichment facilities through a computer worm known as Stuxnet. Endgame, a Kleiner Perkins-backed startup, used to sell vulnerabilities to the intelligence community for offensive purposes (although it appears now that it has pivoted to be a big data analytics provider). And, of course, we have Snowden, which is still leading to new revelations.
Rather, we need to see the full extent of activities that the U.S. is conducting on the web, and then connect those actions with the norms that we are espousing. It doesn’t look good. In short, the U.S. is essentially doing all the actions we find distasteful about China’s cybersecurity activities, although arguably with less emphasis on blatant industrial espionage.
This hypocrisy at the core of our internet agenda is becoming untenable. We cannot continue to advocate for an open web, while at the same time undermining the moral authority of that argument using the same tactics of those we are criticizing. Countries are watching our leadership, and the message we are currently sending will very much lead to the eventual disintegration of a single free internet.
Unfortunately, we have yet to have a wide-ranging debate about internet policy in our political discourse. Few politicians, with the possible exceptions of Rand Paul and Ron Wyden, have connected internet issues together into one holistic policy. That’s unfortunate, because as defense policy continues to drive toward more defensive and offensive capabilities, the fissures in the internet are only becoming more pronounced.
The U.S. has two courses here. If it wants to defend the open web, then it needs to move toward demilitarization, and soon. Such a movement is not without precedent. Under treaties signed with the Soviet Union during the Cold War, the United States agreed to not militarize Antarctica nor outer space. While both treaties have seen some slippage in recent years in a strict interpretation, the same principles that underlie them could also be made for the web.
Such an approach would be very much in the interests of the United States, which has the largest economy and arguably the greatest reliance on the web in the world. Whether China or others would willingly agree to police the web and actually follow through remains to be seen.
The other course for the U.S. is the one we are currently on, where defense officials increasingly militarize the web and force, if perhaps unintentionally, its split along national lines. Given the costs to the American economy of this approach, it would seem prudent to avoid it since we have so little to gain and so much to lose.
One thing is clear though: time on these issues is running short. As I argued a few weeks ago, the internet is quickly becoming the internets as countries develop their own approaches and attempt to protect the security of their interests. Only proactive political and diplomatic action at internet speeds will prevent an unfortunate outcome here, the dissolution of the most important experiment in human progress in modern history.