Battle lines for the future of the internet

U.S. President Joe Biden smiles

When the late Grateful Dead lyricist John Perry Barlow penned his “Declaration of Independence of Cyberspace” in 1996, proclaiming “our virtual selves immune to your sovereignty,” he railed against “the great invertebrate in the White House” and the “Governments of the Industrial World, you weary giants of flesh and steel.” So what would Barlow have thought when, on April 28, 2022, 60 governments, mostly from the industrial world, met (in person or in their virtual selves) at the White House to sign a “Declaration on the Future of the Internet,” initiated by the United States along with Australia, Canada, the European Union, and the United Kingdom?

Despite the irony, this international declaration articulated an optimistic and participatory vision under the heading “reclaiming the promise of the Internet.” It celebrated the Internet as “a single interconnected communications system for all of humanity” with benefits for innovation and entrepreneurship, for creators, and for every person. It reaffirmed long-standing principles, referring several times to an Internet that is “open, free, global, interoperable, reliable, and secure” and to the importance of multistakeholder governance of the Internet rather than government fiat. Sovereignty may endure, but with a flavor of Barlow.

Rather than simply a restatement of these policy principles, though, the Declaration of the Future of the Internet frames a global divide that presents “serious challenges” to this hopeful vision. In particular, it calls out “efforts to splinter the global Internet” and “some authoritarian governments,” as well as use of platforms and technology for repression, surveillance, and disinformation. It also adds to this list concentrations of market power, the “quantity and security of personal data collected,” and the role of platforms in spreading disinformation and other harmful content.

How we got here

The declaration follows from a topic at the December 2021 Summit for Democracy, and the geopolitical component was evident in the chairing of the hybrid ministerial meeting by U.S. National Security Advisor Jake Sullivan. Although the document is ostensibly “country agnostic,” and an explicit reference to Russia and China in drafts evidently was deleted, the references to splintering the Internet and authoritarian governments are plainly aimed at China and Russia above all. Despite the aspiration for a single, seamless global network, the pointed discussion of the growing divide reflects the darker reality that the Internet is effectively forked already. Reflecting this change, the words “free” and “global” are new additions to the longstanding mantra of “open, interoperable, reliable, and secure.”

The declaration provides a distinct counterpoint to the China-Russia Joint Statement, issued February 4, 2022, as Xi Jinping was launching the Beijing Winter Olympics and Vladimir Putin was preparing to invade Ukraine. This statement affirmed the two countries’ “strong mutual support for the protection of their core interests, state sovereignty and territorial integrity,” a declaration that takes on chilling undertones considering Russia’s launch of its invasion within three weeks of the release of the document and China’s overt acquiescence toward this blatant intrusion on state sovereignty and territorial integrity.

The Beijing joint statement also addressed Internet governance:

“The sides support the internationalization of Internet governance, advocate equal rights to its governance, believe that any attempts to limit their sovereign right to regulate national segments of the Internet and ensure their security are unacceptable, are interested in greater participation of the International Telecommunications Union in addressing these issues.” [sic]

The Russia-China Joint Statement presents a starkly different vision of the Internet than the 60-government Declaration of the Future of the Internet, and articulates the security-and-control-focused “cyber sovereignty” that both countries espouse. “National segments of the Internet” endorses forking the global network and, with “ensur[ing] their security,” promotes national firewalls. “Internationalization” and the ITU mean putting governments in control, rather than distributed and decentralized governance across sectors and borders that parallels the technical systems of the Internet.

Russia’s assault on Ukraine and international rule of law was very much on the minds of signers of the Declaration on the Future of the Internet. Ukraine, along with Georgia, is a signatory, and Ukraine’s representative was the final speaker in the ministerial meeting. Before him, many of the speakers alluded to the invasion as evidence of the stakes for democracies. Things have changed since 2014 when, amid the fallout from the Edward Snowden leaks, I cautioned that the U.S. had work to do to broaden its commitment to nongovernmental multistakeholder governance of the Internet even among close allies.

The U.S. has shored up and expanded its pool of allies, but together they have at least as much work cut out for them ahead. A total of 60 signatories* is considerable, but is nonetheless a minority out of 195 nations in numbers and an even greater minority in population (a point that Russia and China make about the world order they seek to supplant). Of these 60, 27 make up the member states of the EU. And more than half (32) are members of the group of the advanced economies in the Organization for Economic Cooperation and Development (OECD). A total of 14 signers are from the global south: four from Africa (Cabo Verde, Kenya, Niger, and Senegal), out of 55 members of the African Union; another six from Latin America and the Caribbean (Colombia, Costa Rica, Jamaica, Peru, Trinidad and Tobago, and Uruguay); and four from the Pacific Rim and South Asia (Maldives, Marshall Islands, Micronesia, Palau). There are some conspicuous absences among large democracies that are G20 or OECD members: Chile, Mexico, Norway, South Africa, and South Korea. The autocracy-curious Brazil, India, Indonesia, Philippines, and Turkey are also holdouts which encompass more than two billion people.

It will take continued U.S. diplomacy at high levels and across the government to promote the ideas of the Future of the Internet declaration. While it can be difficult for digital issues to compete for high-level policy attention with existential threats like war and climate change, in recent years such issues have taken a more prominent role in international forums like the G7, G20, and United Nations. Indeed, a month before the declaration, in the midst of a crisis meeting on Ukraine, President Biden and European Commission Ursula von der Leyen took a podium together to announce a new framework for transatlantic transfers of personal data. It will take less reactive and more sustained engagement at similar levels to encourage Future of the Internet signers to stand by the declaration and to bring additional countries on board.

What’s next

The job of diplomacy will also require working-level ongoing engagement domestically and around the world with technical groups that support the layers, protocols, and standards that enable the Internet, as well as with multilateral organizations like the International Telecommunications Union. A press briefing on the Future of the Internet declaration recognized the complementary role of these interactions. The offices that handle these contacts within the departments of State and Commerce have historically been under-resourced. Secretary of State Anthony Blinken has recognized the need for the State Department to up its game on technology and cyber issues and, three weeks before the declaration signing, stood up a new bureau for cyberspace and digital policy. However, the administration has yet to name either an ambassador-at-large to head this bureau or a planned new special envoy for critical and emerging technology. Effective follow-through on the declaration will require filling these gaps.

There are additional steps the U.S. government can take that are more within its control than the actions and policies of foreign states or international organizations. The future of the Internet declaration contains a series of supporting principles and measures on freedom and human rights, Internet governance and access, and trust in use of digital network technology. The latter—trust in the use of network technology— is included to “ensure that government and relevant authorities’ access to personal data is based in law and conducted in accordance with international human rights law” and to “protect individuals’ privacy, their personal data, the confidentiality of electronic communications and information on end-users’ electronic devices, consistent with the protection of public safety and applicable domestic and international law.” These lay down a pair of markers for the U.S. to redeem.

On government access, the U.S. has a well-established body of law, supplemented by procedures governing law enforcement and intelligence, and adopted additional safeguards and radical transparency following the Edward Snowden leaks. The U.S. joined OECD members in draft principles for law enforcement access and work is under way toward similar principles for intelligence collection. An executive order to enable the new U.S.-EU data transfer framework is expected to add to U.S. safeguards by linking them to the international standard of necessity and proportionality and creating a mechanism for judicial redress for individual complaints. The U.S. has a strong story to tell, but codifying these changes into statutory law when the Foreign Intelligence Surveillance Act comes for reauthorization in 2023 would help make them clearer to the world.

The U.S. has much further to go when it comes to privacy in the commercial arena. Among the signers of the Declaration on the Future of the Internet, it stands out as the only large and advanced democracy that has no comprehensive privacy law. Filling the exploding gap between our existing privacy laws and today’s digital world fits the declared goal of “trust in the digital ecosystem:” a Commerce Department study in 2021 showed that 73% of Americans express major concerns about online privacy, and 23% hesitate to do online commerce because of such concerns. Congress has devoted serious legislative energy to reach agreement on a comprehensive privacy law to address the exploding gap, and President Biden mentioned the need for privacy protections in his State of the Union address. Congress and the White House have a small, rapidly-shrinking window in the current session within which to finish the job.

Winning adherents to the Declaration on the Future of the Internet will take soft power. President Biden is fond of saying that America leads by “the power of our example.” America established many of the foundations of privacy, and it’s past time to lead by example on privacy again and stop ceding digital policy leadership to the EU. It would add meat to the message of the declaration about the promise of the Internet and the challenges to that promise.

* The signers to the Declaration are Albania, Andorra, Argentina, Australia, Austria, Belgium, Bulgaria, Cabo Verde, Canada, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Dominican Republic, Estonia, the European Commission, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Jamaica, Japan, Kenya, Kosovo, Latvia, Lithuania, Luxembourg, Maldives, Malta, Marshall Islands, Micronesia, Moldova, Montenegro, Netherlands, New Zealand, Niger, North Macedonia, Palau, Peru, Poland, Portugal, Romania, Senegal, Serbia, Slovakia, Slovenia, Spain, Sweden, Taiwan, Trinidad and Tobago, the United Kingdom, Ukraine, and Uruguay.