The evolution of the internet and geopolitics – Atlantic Council

This article is part of the monthly CSI5x5 series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the CSI5x5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at[emailprotected].

The internet has been a pivotal force behind thegrowth of the global digital economy and altered the relationship among states,their citizens, and the private sector. These changes have disrupted thegeopolitical balance of power and ushered in a new generation ofglobally-powerful multinational companies. However, new dynamics of conflictare threatening the internet as we know it.

Our Cyber Statecraft Initiative experts go CSI5x5 to take a look at how the changing internet is shaping the conduct of statecraft.

Trey Herr, director, Cyber Statecraft Initiative: Failure to agree on, and widely adopt, an authentication scheme for email. Be it spamming, spoofing, or phishingemail has been rife with malicious abuse since its inception yet serves as the lingua franca of the internet. The cost has been decades of fraud,regular security compromises, and galactic quantities of spam.

Jeff Moss, nonresident senior fellow, Cyber Statecraft Initiative; founder, Black Hat and DEF CON security conferences: When the International Telecommunication Union allowed data lines to be treated differently than voice circuits in regards to fees that countries could charge for landing, termination, etc.This had the positive effect of allowing data lines to flourish all over the world and cheap internet to be the norm. This is also why the internet cost structure is not the same as the (legacy) voice structure.

Justin Sherman, nonresidentfellow, Cyber Statecraft Initiative; fellow, Duke Center on Law &Technology at Duke University School of Law: The assumption that the internet wouldsomehow operate independently from existing political, economic, and socialdynamics and power structureswhether thats social media platformsunderpreparing for the volume of hate speech that would spread on theirplatforms, or citizens thinking corporations wouldnt grow to have an outsizedinfluence on the global web, or liberal democratic governments assuming theadvent of the internet in authoritarian countries would inherently bring withit information openness and democratization.

Sara-JayneTerp,nonresident senior fellow and senior advisor, GeoTech Center, AtlanticCouncil; lecturer, Western Washington University: Nobody who dealt with large-scalegovernance models expected the internet to become this important. And by thetime it did, there was a powerful second human world, with all the issues ofthe physical world, but no real equivalents to Diplomacy, Information, Military,and Economic (DIME) models, and all the added complexities of the 3+1Vs(volume, velocity, variety, veracity). We metamorphosed from friendly hippiesto Eternal September to online hybrid conflict whilst losing the humanitiesmajors who could have helped us with that (yes, back in the 1980s, we hadcomputer scientists with humanities degrees).

Josephine Wolff, assistant professor of cybersecurity policy, Tufts University Fletcher School of Law and Diplomacy: From my perspective working on cybersecurity and liability, I think the most consequential miscalculation has probably been not clarifying the expectations for different stakeholders when it comes to security responsibilitieswhat kinds of security measures we expect from internet service providers versus web hosts versus Domain Name System (DNS) operatorsversuspayment processors versus software manufacturers, etc. Those expectations are hard to crystallize because the threats evolve over time, of course, but even so, we could have done a much better job earlier on of trying to define what particularcapabilities each of these stakeholders has to identify and crack down on certain types of online misbehavior. We could have also thought much more carefully and rigorously about what kinds of responsibilities that should translate into across the larger internet ecosystem.

Herr: The contrarian answerit may be onthe way to improving US national security. Why? Much of this authoritarianinformation controlif not outright surveillanceis carried out or facilitatedby some large US-based technology companies. This has raised concerns in the UnitedStates, provoking conversation between the public and private sector about theresponsibilities of these global technology firms. The product of theseconversations is not always progress but the dialogue itself buildsrelationships and helps bridge a cultural gap. These relationships will paydividends down the road and better they are formed now than in a moment ofcrisis.

Moss: The goal for many is to controlcontent and suppress dissent through real name policiesinternet driverslicensesand other measures to identify who is saying what.This iscoupled with traffic inspection technology, mostly made in the Westunfortunately, and backed up by local laws.This impacts US national securitybecause there is less free flow of ideas, is harder for people in the USinteract with others, and the fragmentation of the internet into differentpieces hurts global economic competitiveness.

Sherman:Censorship and surveillance can have negative impacts on humanrights, democracy, and internet freedom and opennessall of which are reasonfor concernbut there are also potential national security implications.Increased online control can enable authoritarian regimes to consolidate power,many of whom may not align with US national security interests. Increasedonline control may also lead certain actors to perceive themselves as moreinsulated from foreign hacking and other risks and thus increase theiroutward-facing malicious activity as a result.

Terp: Security of the state,or security of the people? And which people? Countries like Chinas use of theinternet and connected technologies to stalk Americans related to it coulddefinitely be viewed as a mass personal security problem, leading to a questionof just how widespread does an security problem have to be before its nationalsecurity? The abuse of the online and internet-enabled commercial surveillancethat weve all become used to as the price of being online (or of our friendsand neighbors being onlinesee under Ring doorbells) by other nation-statescoupled with the surprising amount of information shared by government here(really? I can just look up everyones address and birthdate here?) has mademicro-targeting and fine-tuned disinformation easier, and old-school tradecraftto gather information abroad harder. All the parts of the DIME model have beenchanged by this change in information availability.

Wolff: Particularly in the case of China, it seems to have forced the United States to think more carefully about supply chain security and the national security implications of relying on overseas suppliers to provide equipment for internet infrastructure and devicesas well as the national security implications of its allies suppliers given the global nature of the internet.

Herr: Distributedtrust, equitable control, and open architecture.

Moss: Decentralization and communicationsprivacy with no reliance on any centralized components, such as the DNS systemtoday. Privacy to reduce surveillance capitalism, decentralization (at theexpense of raw performance) to increase resiliency.

Sherman: Security: robust, by-defaultsecurity of transmitted internet data, for instance, which can better protectconsumer privacy and safeguard journalists, political dissidents, and citizensagainst surveillance; robust, by-default security of internet protocols, whichcan prevent governments or criminal groups from hijacking and redirecting largevolumes of internet traffic; and so on.

Terp: to build spaces thatcontinue to work for everyone: small and large businesses alike; peopleregardless of gender, color, language, access, and reduce the fears thatharassment and abuse create.

Wolff: This is probably an unpopular opinion, but I think Id actually choose a lot of the same values that were initially baked into theinternet, beginning with the flexibility of the end-to-end principle and the resilience of its decentralization. Because I spend so much time looking at security incidents, Id be tempted toinclude security as a core value but its hard for me to say exactly what thatwould mean in practicethat its harder to spoof information about where packets originate from? I think there would be some benefits to embedding that principle in the design of a new internet but its also difficult for me to predict what all the unintended consequences would be of designing an internet that way since one of the great lessons of the internet we have today is that its very hard to make those predictions ahead of time!

Herr: It was easier before the internetswidespread commercialization but that inflection point is long past. An internetwith these principles is possible but policymakers and users goal should be toevolve the current architecture forward to this state rather than trying torevert to a previous incarnation of the network.

Moss: No, technology has costs, and tryingto keep everything free brought us persistent advertising and profiling. Forexample, I cant pay Facebook to not show me ads. The economic model isadvertising to create the appearance of free, but it is actually at odds withan open and secure internet.

Sherman:Yes, although not perhaps quite as free, fair, open, and secure asonce imagined. The current internet has many flaws and imperfections in itstechnical design, and other problems like weak or nonexistent data privacyregulations in many countries allow for infringements on ideals of fairness.But there is hope for the future, should governments, corporations, citizens,human rights activists, and civil society work together in different ways onthe various issues facing and created by the modern internet.

Terp:Mostly. It is not anabsolute, and it is not an end state: we have to keep working every day to keepthe internet healthy.

Wolff: Sure, I think the larger question is, is it possible for us to reach any consensus about what it means for the internet to be free, fair, open, and secure? If we could answer that question in any consistent way, I have great faith we could make it happen, technologically.

The Cyber Statecraft Newsletter

Herr: Companies. Major technology firmsappear to be winning more battles over the design and deployment of technologythan individuals, and even where states wish to influence the internet, theygenerally have to act through companies to do so. The concentration of cloudcomputing into a handful of hyperscale vendors has centralized an enormousamount of influence over the internet and how it used. For better and worse,these companies will have a major role to play.

Moss: States, they will determine the extentof fragmentation through national laws and regulations. Data localization lawsalready distort who can afford to enter a market. Should countries fight overthe internet then the network operators will respond and try to protect theirinvestments and users, changing how the network operates. Companies and usersmay change their behaviors, but it is under the framework of laws thatcountries impose.

Sherman:States, thoughcertainly including through engagement with companies and individuals. Morecountries around the world are exerting increased sovereignty over the webwithin their borders, from Beijings content controls and Moscows domesticinternet law, to the EUs General Data Protection Regulation and New Delhisdraft Personal Data Protection Bill. They will have a strong influence on theshape of the web in the next decade.

Terp:Companies. States havethe power to bound the internet around their territories; to limit the mobilebandwidth available in countries where that is the main access to the internet,to control traffic to and from servers. Individualssome individuals, oftenwith helphave ways around that (hello steganography) and can form communitiesto push back against some of the stronger constraints (communities should alsobe on that list). But the group thatultimately stands to make most difference is companiesfrom companies launchingsmall satellites and other ways to get internet coverage into previously-darkareas, to companies working with research organizations to change the ways weinteract with each other, as individuals, communities, nations etc., online.

Wolff: My guess would be that states willbe the most influential force, but they will exert that force largely throughcompanies. Or, put another way, states will make many high-level rules abouthow they want theinternet to be run, but the actually nitty-grittyimplementation of those rules will be delegated to companies who will havesignificant discretion in many cases to decide, operationally, what those ruleswill look like in practice.

Simon Handler is a program assistant with the Atlantic Councils Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security, focused on the nexus of geopolitics and national security with cyberspace. He is a former special assistant in the United States Senate. Follow him on Twitter @SimonPHandler.

Read this article:

The evolution of the internet and geopolitics - Atlantic Council