Expert Commentary

Piecemeal Measures Regulate Cyberspace

James Lewis
Senior Vice President and Program Director, CSIS

It is a problem for the U.S. that many of the core concepts that guide internet policy date to the 1990s. One such concept is that the internet is a virtual alternative to the Westphalian state, without borders and where sovereignty does not apply. The problem with this concept is that it is demonstrably wrong. The internet is a physical construct. It depends on a physical infrastructure located within national territories. The speed of data movement gives the illusion that there are no borders, but they exist, defined by this physical structure, and nations have discovered that they can control their borders in cyberspace – hence sovereignty.

The UN General Assembly endorsed the conclusion of the 2013 Report of the UN’s Group of Government Experts that international law, the UN Charter, and national sovereignty apply to cyberspace, and with it, all the rights and responsibilities accorded to national governments. This changed the politics of the internet. There is a reluctance to acknowledge this change in the internet’s ancient regime, and while the demise of the Westphalian state is frequently announced, most countries seem unaware of this and impose regulations on cyberspace when they think regulation is necessary.

No country, except perhaps China, outright says it is extending sovereign control over the internet, and this lack of explicit pronouncements helps preserve the illusion that the internet is free and open.  Instead, countries impose regulation for data protection and localization, to restrain hate speech or intellectual property theft, creating a piecemeal extension of sovereignty.

The return of sovereignty comes at a moment when larger political forces buffet the internet.  Created by the United States, it has been an American cultural and political construct.  Governance relies not on states, but on a multi-stakeholder community composed of western civil society groups, technical bodies, and American companies. This was at first unobjectionable, but as the internet’s importance for security and economics has grown, and as powerful new nations assert themselves in global issues, actual governance circumvents the 1990s model.

The extension of sovereignty is tied to a diminution of the Western ideal of progress, that the world is on an erratic but ultimately steady path towards market democracy, rule of law, and respect for individual rights. These ideals come from the enlightenment, but one unexpected consequence of globalization is that other, non-Western voices have their own views of progress that do not necessarily align with the West.

Fears of “balkanization” are groundless. Balkanization is a pejorative rhetorical device created by defenders of the status quo. Nations will avoid breaking global connectivity because of the potential for harm to their economies. They will instead seek to preserve connectivity for commercial purposes, while using rules and technologies on networks within their jurisdiction to safeguard their own political and cultural preferences. The most powerful foreign entities in this will be the European Union and China, and their primary tool will be the steady extension of regulation into a weakly governed space.

What nations do within their own territories and on the networks located in those territories is their own business, subject of course to their international commitment on human rights and trade. Countries did not derogate their rights when they connected to the internet, they simply did not exercise them. China is of course the foremost example of expanding sovereignty, but it is not alone. Germany, Australia, France, and others are extending control through national regulation. The wild west days of an unregulated internet, where anyone could post what they wish, are ending. Before denouncing this, remember how the internet and its many trolls helped breed all kinds of malevolent behavior. States find these behaviors unacceptable and so do most of their citizens.

Governments extend sovereignty to protect the public good, and governments will eventually agree on how to cooperate in doing this. The story of the last century has been states agreeing to give up sovereign rights to formal, multilateral organizations. Formal cooperation is the norm in global infrastructures, but there are problems for cyberspace. Before 1945, sovereignty meant that whatever nations did within their borders, was their own business, and no one should interfere with their internal affairs. After two world wars, nations adopted universal protections for human rights. Universal rights increase stability, but also create political risk for authoritarian regimes.  They argue that sovereignty deserves greater respect, universal rights are really “Western,” and the internet should not be a conduit for injecting these alien rights into their internal affairs.

Second, the internet creates a new kind of cross border “trade” for which there are few rules. In this vacuum, nations are tempted to seek extraterritorial application of their national rules – for privacy, security, data, or content. Cyberspace does not fall neatly under the purview of any existing international body, and governments are struggling to define the appropriate arena and agenda for negotiation and agreement.

Most non-Western nations have traditional views of sovereignty and believe the UN is the body best suited to deal with international issues. In response, the multi-stakeholder model is attempting to become more inclusive and less Western, but a serious effort to include non-Western states will require accommodating different views on sovereignty, development, and the role of government. Finding this accommodation will be difficult but not impossible. Brazil’s NetMundial shows it can be done, but accommodation does mean a continuation of the status quo. The U.S. needs to lead this conversation on enhanced sovereignty in cyberspace, but this requires relinquishing cherished concepts from the 1990s. It is too early to say what a more Westphalian internet will look like, but it is not too early to begin talking about how it should be governed.

The Author is James Lewis

James Lewis is a Senior Vice President and Program Director at the Center for Strategic and International Studies (CSIS).  Before joining CSIS, he worked at the Departments of State and Commerce.  He was the advisor for the 2010, 2013 and 2015 United Nations Group of Governmental Experts on Information Security and has led a long-running Track II dialogue on cybersecurity with the China Institute of Contemporary International Relations.

Learn more about The Cipher's Network here