Many metaphors have been applied to the Internet—information superhighway, World Wide Web, cyberspace, etc.—each evoking its different aspects. A more comprehensive view is that the Internet – overlapping global networks of people, technology, and ideas – shares key features with a rainforest or a coral reef; a community of living organisms and their surrounding environment, interacting as a system.
Over the past 50 years, the Internet and the technologies that support it have evolved into an ever more complex ecosystem, expanding their reach into every corner of human activity and every part of the planet. Life as we know it today would be impossible without the global Internet.
Part of what has let the Internet grow at so rapid a pace has been the almost complete freedom that characterized its development and deployment to date. This freedom fueled the rapid innovation that brought us electronic banking, telemedicine, online education, and, yes, Pokémon Go!
While the ecosystem is complex, it remains immature. One aspect of its immaturity is the increasingly dangerous and rapidly proliferating arsenal of hardware and software tools that can be used to commit crimes, promote terrorism, or conduct warfare. As the Internet expands, the potential consequences from offensive uses of the technology become significant.
Today’s global Internet carries 100 times as much value as the global air freight network. Yet, while it is against international law to shoot down a commercial aircraft, there is today no agreement among nations as to the applicability of international law to acts of aggression in cyberspace. A group of governmental cyber experts has worked at the United Nations for over 10 years to come up with an initial set of non-binding norms of behavior in cyberspace, including that nations should not attack each other’s critical infrastructure in peacetime using cyber weapons. This progress must be accelerated in order to prevent major accidental or intentional disruptions to global economic and political stability.
One aspect of the ecosystem that complicates reaching agreement on norms is cultural and political differences among the major cyber powers. Take the U.S. and China, for example. Because of their history, these two great powers have differing views regarding the nature of the state and its responsibility for securing the welfare of the people. The business cultures of the two societies also differ greatly, a lesson many companies have learned when they entered the other’s market. Finally, the U.S. position as the dominant global supplier of information and communications technology (ICT) products and services is seen in a rising China as a threat to national values and economic progress.
These stresses are exacerbated by the Internet’s inherent nature of ignoring boundaries of all kinds. The Internet has little respect for the traditional hierarchical barriers within organizations or the physical borders of nations. The global reach of technology and information into every village creates a crisis of legitimacy for national governments, which are increasingly challenged in their ability to secure the safety and livelihood of their citizens.
Thus, the Internet is posing two disruptive challenges to the established international order. First, the proliferation of cyber armaments threatens peace and stability by creating opportunities for miscalculation and missteps between nations. Second, it is undermining the role of the nation-state as the principal guarantor of international safety and security.
As Antonio Gramsci wrote 100 years ago, “The crisis comes when the old order is dying and the new order is not yet ready to be born. During this period, many toxic forms arise.” While the demise of the post-World War II consensus is hardly proven, it may prove useful to consider what alternative approaches may supplement the effectiveness of nations in managing danger, at least on the Internet.
Such an approach should take into account the diversity of the global Internet ecosystem, particularly the importance of global ICT companies. These companies, while mostly U.S.-based, serve public and private sector customers around the world. They share an interest with government, business, and indeed, with people everywhere, for a global Internet where all legitimate users can work and live in safety and security.
These companies are beginning to step up to the responsibility that comes with their great power in cyberspace. For example, Microsoft recently issued a set of “industry norms” that companies should follow in their business practices, such as creating more secure technologies and not withholding security patches from any customer, no matter where they are located.
Governments, especially China and the U.S., should work with global ICT companies and civil society to advance the rules of the road that apply to states and to companies. The current set of U.S.-China bilateral talks, occasioned by last year’s Xi-Obama agreement to limit state-sponsored economic espionage activities, is beginning to deliver modest results, but its effectiveness is limited by the absence of the agility and creativity of the private sector in the deliberations.
A much broader dialogue is needed if progress is to be accelerated – one that involves all the major cyber powers, both public and private. China and the U.S. should support such a dialogue after the U.S. elections.