Эндрю Пуддефатт Оби, исполнительный председатель Консультативного совета Global Partners Digital, считает, что мир зашел в геополитический тупик в области управления интернетом, а значит дискуссия по этому вопросу почти наверняка перейдет к национальным и региональным инициативам. Среди последних наиболее популярны три: американская, китайская и европейская. Поскольку американская модель – это продвижение личных интересов американских компаний, а китайская – интересов авторитарного правительства, то европейская модель, по мнению эксперта, является наиболее привлекательной для демократических правительств, стремящихся сохранить открытый рынок цифровых услуг при одновременной защите интересов граждан
In February 1958, US President Dwight Eisenhower set up the Advanced Research Projects Agency (ARPA) in response to the Soviet’s Union launch of Sputnik 1 the previous year. The organisation’s mission was to make investments in technologies that strengthened national security. Its research into communication systems that could survive a nuclear attack led in 1966 to the creation of ARPANET. Whereas previous communications relied on circuits – dedicated end-to-end technology, such as telephone lines – ARPANET used packet switching. This allowed the system to break data into packets and transmit it via different channels, before reassembling it at the destination point. ARPA developed the transmission control protocol (TCP) and the internet protocol (IP) to determine how data should be broken up, addressed, transmitted, routed, received, and reassembled. The application of these protocols to radio, satellite, and other networks established a system in which data moved through very different media. The term for the approach, “inter-networking”, was soon shortened to “internet”.
One of the key characteristics of this new technology was that its configuration was determined not centrally but by the network provider. Individual networks connected to one another through a meta-level “internetworking architecture”, despite the fact that they had been separately designed and had their own interfaces. In contrast with earlier state-based mass communication systems (such as newspapers, radio, and television), the internet functioned without the need for national or global coordination. As such, internet governance initially seemed unnecessary. Although the internet operated according to rules, they were widely thought of as functional rather than normative due to their technically complex nature.
By the mid-1980s, the internet supported a growing community of academic researchers and developers. It functioned as an informal arrangement between groups of like-minded people who were willing to cooperate to build and develop the network. However, as it grew beyond a few universities, the network needed some management (to create and allocate new addresses, for example). At this stage, the administration of the registries of IP identifiers (including the distribution of top-level domains and IP addresses) was performed by one person – Jon Postel, who was based at UCLA. As his workload became unmanageable, with more countries beginning to utilise the technology, a new system was required. And, as the internet grew into a global network, it became apparent that there was a need for a minimum level of universally accepted technological standards.
Since its inception, the technical governance of the internet had operated outside direct government control – although, in practice, US-based engineers and US-based companies had de facto authority in developing its engineering protocols. Until 1998, internet governance had not been a political issue in Europe. But this changed when the US government pushed successfully to establish the Internet Corporation for Assigned Names and Numbers (ICANN), a private non-profit organisation that took over Postel’s role in managing domains. Governments across the world began to take a view on the issue.
For the US government, it was crucial that the internet was governed by a set of non-governmental and private organisations through ICANN. Washington preferred a market-orientated solution that involved private sector self-regulation of the internet (which protected US economic interests). By contrast, the European Union argued for a public-private system in which governments had an important role – a multilateral institutional framework. China, Russia, and other countries wanted a solely state-based system of internet governance, preferably one anchored in the United Nations. The EU eventually supported the broad US position but secured a role for governments in the institutional structure of ICANN, ensuring that Europeans joined the organisation’s committees.
However, such technical arrangements were only one aspect of internet governance. Policy issues were more challenging. As the power of a globally interconnected communication network became apparent, governments began to realise that they were fast losing their control over communication technologies. Internet use increased exponentially, but its lack of overarching regulatory framework meant that what became known as “permissionless innovation” held sway over its development. The internet used existing telecommunications infrastructure – the telephone network – to grow organically, without the need for significant new investment (in countries where there was a robust telephone infrastructure). Anyone could plug their computer into the network and become part of the internet – firms required no permission to launch a service and had no regulatory hurdles to overcome. Accordingly, the internet grew more like an organic ecosystem than a planned network. Collaboration and consensus among providers were widely seen as the key drivers of decision-making.
The internet was born of a libertarian dream. Its early creators and advocates imagined it as a stateless space, outside of government control. Indeed, many believed that any kind of governance would destroy its character. In the early phase of the internet’s development, the engineers, technicians, companies, and users who drove the process were content to create a communicative capacity without concern for how that capacity would be used. They did not appear to imagine the harms that could arise from anonymised unrestricted free speech – such as child abuse, trolling, the harassment of minorities, and the propagation of terrorism. The culture surrounding the First Amendment of the United States, which fosters free speech and limits the liabilities of carriers, was crucial to the internet’s development. Many of the early innovators and creators of the digital world came from the US, where they could experiment without concern for future liabilities. As an English-language medium that (in most parts of the world) was only available to elites, the internet initially went under the radar of many governments that were inclined to censor and control communications.
By the early twenty-first century, a new era had begun. Governments across the world became alert to the potential disruption caused by access to digital communications, whether from text messaging using mobile phones, the creative use of social platforms such as Facebook and Twitter, the streaming of video direct to the web, or the use of the internet to bypass censorship. Governments increasingly looked for new ways to control and monitor the online space. At the same time, there were growing calls around the world for this unregulated environment to be brought under government control – calls motivated in democratic states by fear of crime and terrorism, and in authoritarian ones by governments’ desire to preserve their power.
As the internet grew in size and capability, there was a sharp rise in the capacity of states and non-state actors to use digital technologies to disrupt and control communications, and to thereby undermine democratic processes. Criminal networks exploited these capabilities and corroded trust in the online environment. Repressive regimes used hackers to disrupt pro-democracy and human rights groups. And new communication companies became increasingly powerful. As Timothy Wu has documented, all the dominant media of the twentieth century – whether it be radio, television, film, or telephony – came into existence in an open and free environment. All had the potential for unrestricted use, but all fell under the control of monopolies in time. A similar pattern emerged in the digital world. The internet faced a challenge from both public and private power – and, sometimes, a deadly combination of the two.
Although many governments decry the apparent lack of rules on the internet, there is governance online. Such governance is provided by major companies through their terms of service, community standards, and screening procedures. And corporate algorithms sort, rate, rank, and recommend users’ choices, constituting a type of market governance. So, the issue for many governments is not that the internet is lawless but that its laws are made by private companies through their codes and algorithms.
Countries such as China – which attempts to exercise total control over its domestic communications environment – reject any notion of an independent communications network outside of state supervision. The overarching goal of Chinese diplomacy is to promote the notion of cyber (or internet) sovereignty. In the words of President Xi Jinping, this means “respecting each country’s right to choose its own internet development path, its own internet management model, [and] its own public policies on the internet.” The Chinese model of the internet prioritises control through a broad range of tools and technologies that block, filter, or manipulate online content. It has rules for storing data on servers in-country, which – though Beijing portrays this as a way of limiting the power of US companies – helps the authorities access users’ information.
China’s desired goal is a long way from the US vision of a global internet run by the private sector. Beijing wants to see a series of interconnected national internets rather than a global infrastructure, with each national internet governed by the laws and values of its home state. It sees the private-led, adoptive model that has shaped the initial growth of the internet as expressive of Western, particularly US, dominance – something that is reflected in the support it receives from a coalition of technology companies and civil society groups. Chinese policymakers want the UN to play a larger role in internet governance, as they believe that they can strengthen their influence through the organisation or other multilateral, state-based forums.
Europe sits between these poles – though, diplomatically, it has usually aligned itself with the US. Internally, the EU and its member states have begun to play a major role in shaping platforms’ content rules. In Europe, a vast body of “soft law” (comprising self-regulation, dialogues, and memorandums of understanding), multi-stakeholder initiatives, and co-working forums have helped develop online content policies and practice. But there is no systematic means of incentivising platforms to assess and address problems of harm and illegality that may emerge in their ecosystems – where their commercial incentives to do so are insufficient – or of assessing the effectiveness of their responses.
Approaches to governance
The establishment of ICANN did not settle the question of global internet governance. Concerns about US domination of the internet grew with the significance of the technology. As the internet grew following the invention of the World Wide Web – to include an increasing diversity of languages and content – a small number of US companies began to dominate the services it provided (such as Facebook in social media and Google in search).
The International Telecommunications Union (ITU), a UN body whose origins lay in the development of the undersea telegraph in the nineteenth century, began to lead efforts to govern the internet in the early 2000s – which, at this stage, was mostly carried by existing telecommunications infrastructure. In response to member states’ requests, the ITU convened the World Summit on the Information Society (WSIS) to consider the future of global internet governance, among other things. The WSIS met in Geneva in 2003 and in Tunis in 2005. The latter event came under authoritarian influence: Tunisian government employees who posed as members of fictitious organisations dominated meetings that civil society groups had organised on its fringes. The rancour generated by this overt repression of independent voices in Tunisia undermined efforts to place governments in control of the internet. As discussed above, Washington was determined to avoid anything that suggested such control, a position that EU member states ultimately supported.
This led to the creation of the Internet Governance Forum (IGF) – a multi-stakeholder, UN-based organisation designed to provide advice or, at most, set norms. The IGF has a five-year mandate that has been continually renewed. It principally operates through its annual meeting, albeit while coordinating with working and advisory groups on other occasions. The IGF has established regional and national branches, which meet with varying degrees of participation from local organisations and companies in different countries. Its lack of formal authority was never going to satisfy authoritarian states that have pressed for a system that allows them to control the internet. Accordingly, these states rarely sent representatives to the IGF. And, over the years, high-level attendance by Western governments has dwindled. Major corporations no longer invest significant resources in the IGF, while most of its attendees are from civil society groups.
There are ongoing attempts to promote a more state-based system of global internet governance. The Shanghai Cooperation Organisation – an intergovernmental organisation created in 2001 by China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, and Uzbekistan – has consistently acted as a vehicle to challenge existing internet governance models. In 2015 the organisation submitted a recommended a code of conduct on information security to the UN General Assembly. Its aim was to promote the rights and responsibilities of states in the information space, and to enhance intergovernmental cooperation by addressing common threats and challenges (which included the those posed by free speech in authoritarian states). This met with opposition from the US and its allies, including the EU.
Geopolitics has increasingly bedevilled attempts to create a global framework for managing the internet. Even on subjects such as cybersecurity – where there is common ground on the need to counter threats such as terrorism, child exploitation, and other serious crimes – it has proved impossible to reach a consensus.
Nonetheless, the concept of internet governance is far from redundant. It has mutated into a series of issues that various actors tackle in different forums. While it might have once made sense to advocate a global framework for governing it, the internet has become part of so many people’s daily lives that it affects every area of policy (a trend reinforced by the social distancing policies that have followed the covid-19 pandemic). As the internet underpins most parts of people’s working and social lives, such governance issues appear everywhere. In some areas – such as intellectual property – it may be possible to establish a global consensus. In others, geopolitics will block progress, with governance systems devolving to regional and national blocs.
One of the problems with the term “internet governance” is that it holds different meanings for different governments. For some, “governance” means “government” – a ubiquitous communication medium and a strategic asset that requires state control. For others, governance is a purely technical issue – concerning the protocols necessary to ensure that infrastructure works and evolves. For others still, governance should simply focus on mitigating the harms that arise from what is essentially a private sector medium. And then there are those who see it as a way of curbing the power of US (and, increasingly, Chinese) companies that are beholden only to domestic governments.
The EU experience
The EU has a long history of developing internet policy, albeit not in governance. Since the mid-1990s, the EU has been concerned about the potential harms caused by the internet. The EU initially emphasised soft law in its digital policy but, in the last two or three years, has shifted to a more proactive and interventionist approach. Today, the EU has the most developed policy, legal, and regulatory framework on internet issues anywhere in the world.
The EU’s power rests upon its economic might. Its single market had a GDP of €15.9 trillion ($18 trillion) in 2018, the largest in the world. Although the United Kingdom’s exit from the EU will reduce this to some extent (depending on its degree of market alignment), the bloc will still exert significant authority over companies that wish to do business in its territory. The EU has a lucrative market for internet companies: as of March 2019, an estimated 90 per cent of the EU population used the internet, ranging from 98 per cent in Denmark to 67 per cent in Bulgaria.
The EU initially responded to the internet by recognising its social, educational, and cultural importance, while also acknowledging its potential to disseminate harmful and illegal content, and its capacity to facilitate serious crime. The EU’s approach to internet policy evolved to deal with internet service providers that create and run the infrastructure rather than the platforms that emerged in the twenty-first century. In its early years, EU internet policy had two guiding principles developed with the ISPs in mind. One was net neutrality, which required ISPs to treat all online data equally. The other was limited liability, which meant that no ISP could be held liable for hosting illegal content, provided that it removed such content after becoming aware of it. This limited liability provision is contained within the e-Commerce Directive. Articles 13 and 14 of the directive state that, to be shielded from liability, providers that host content must act “expeditiously to remove or to disable access” to information where they have “actual knowledge” of its illegality, and providers that cache content must do so after receiving or an order to that effect.
The rapid growth of US service companies (such as Amazon, Facebook, and Google), their phenomenal market capitalisations, and the lack of any similar European companies that were able to compete with them prompted the EU to rethink its policy. As the value generated by the internet appeared to accrue more and more to US companies, European policymakers began to question limited liability. Platform companies do not just act as neutral hosts of content provided by others, as they use algorithms to track users’ behaviour, and select or adjust content to reflect the needs of these users. In this respect, platform companies resemble editors who are responsible for the content they work on rather than a telephonic services firm, which is not accountable for discussions on its lines. And the opacity of US service companies’ algorithms – which they regard as commercial secrets – has made it difficult for outside observers to judge whether they shape or merely reflect the world that users experience on the internet.
The EU is not a major geopolitical player that can impose itself on superpowers. Nor has it created globally significant service platforms capable of exercising influence across the world. But it has one tool that enables it to shape internet governance – the regulations it applies to its market and the requirements it places on companies that wish to trade in the EU. Due to the size and value of the EU market, multinationals want to trade in Europe. In doing so, they are forced to comply with EU regulations.
Other countries observe the bloc’s approach to internet governance and replicate the aspects of it that appear to be successful. And, finding that they have to introduce new internal procedures to do business in the EU, companies change their behaviour.
The EU is currently focused on the ambitious goal of creating a single digital market. This is set out in the European Commission’s Digital Single Market Strategy, which it estimates could increase EU GDP by €415 billion. The strategy is considerably more interventionist than previous approaches to policy, aiming to establish a harmonised regulatory framework that provides business and consumers with unrestricted access to digital goods and services across the EU. Although its goals are domestic, the strategy has governance implications for any company that wishes to do business inside the bloc.
An example of this is the P2B Regulation, which is designed to promote fairness and transparency for businesses that use online platforms. The regulation comes in response to long-held concerns about the way platforms favour their own services. Although it has not yet been formally adopted, the P2B Regulation reflects a range of concerns about the behaviour of large US platform companies, which it will require to conform to specific standards when operating in the EU market. The European Commission has already fined Google for abuse of its dominant position in the digital-advertising and comparison-shopping markets, as well as for placing restrictions on manufacturers of Android devices. The commission is now conducting investigations into both Amazon and Apple.
Another policy that has attracted global attention is the General Data Protection Regulation (GDPR). This came into force on 25 May 2018 with the goal of protecting EU citizens from online privacy and data breaches. It draws on offline data protection principles but addresses the implications of technological advances. It is designed to protect all EU citizens’ data privacy and reshape the way that data controllers in companies across the region approach the issue. Importantly, the GDPR applies to any organisation that holds the personal data of people who reside in the EU, regardless of its location. Under the regulation, the EU can fine organisations up to 4 per cent of their annual global turnover or €20m – whichever is higher – for serious infringements; and up to 2 per cent of annual global turnover or €10m for infringements of their data protection obligations.
Many countries outside the EU are observing the GDPR’s development and considered similar legislation. It has even had an impact in the US, with state legislatures considering provisions to protect privacy that closely resemble aspects of the regulation. The EU’s Digital Single Market Strategy – which will involve further regulatory controls on digital businesses – is likely to have similar global implications.
Some observers have suggested that the world may soon have three internets. These would be a US internet where the rules set by companies provide de facto governance; a Chinese internet that is nationally controlled, serving the interests of the state and facilitating comprehensive digital surveillance; and a European internet in which the EU acts in the public interest to regulate the operations of digital markets and companies.
Given the geopolitical impasse on internet governance, the debate on the issue will almost certainly shift to national and regional initiatives. The US model is widely seen as furthering the self-interest of American companies (an impression reinforced by statements made by both Democrat and Republican administrations) and the Chinese model is mostly appealing to authoritarian governments. As such, the European model is emerging as one that democratic governments – keen to preserve an open market in digital services while protecting the interests of citizens – find increasingly attractive.
Internet governance will not primarily develop in the IGF, or the UN First Committee, or even the ITU (as important as each of these forums are). It is likely to emerge from detailed, bureaucratic, and painfully negotiated efforts to shape the market and incentivise corporate behaviour – an approach backed by the threat of sanctions. These are qualities that, for good or ill, the EU has in abundance and that are lacking elsewhere.