“The spread of information networks is forming a new nervous system for our planet.” In a landmark speech delivered ten years ago at the Newseum—Washington’s shrine to the First Amendment—US Secretary of State Hillary Clinton foreshadowed the internet’s potential to improve human life. Drawing a contrast between the State Department’s work on internet freedom and oppositional efforts around the world to destroy it, Clinton continued, “principles like information freedom aren’t just good policy, not just somehow connected to our national values, but they are universal.”
Yet these words arrived at a starkly different time in
history: before Edward Snowden’s leaks about globe-spanning US surveillance
programs, before a social media-infused Arab Spring prompted authoritarian
internet crackdowns, and before people around the world began to recognize how much
they could be tracked and hacked through the internet. Democracies were much
more hopeful about a fair, free, and open global internet than many are today.
A decade later, the Newseum has shuttered and the ideals
of an open internet are under assault. The new reality is one where democracies
must play a more assertive role to protect an open, free, fair, and secure internet,
utilizing a strategy that recognizes the changes the internet has undergone,
the pernicious influence of authoritarian states, and the role companies have
in both protecting and fragmenting it. The internet can’t be brought back in
time but there is hope, perhaps, that its original core values can be preserved
in a new form through determined effort by its users, some companies, and the
democratic states where the open web was born.
The world faces great challenges in how authoritarian regimes undermine internet principles long heralded by liberal democracies—freedom, openness, interoperability, security, resilience. Efforts by the Chinese state to provide for control, if not outright censorship, of every byte of data flowing across national networks tore at the fabric of a global internet. The effectiveness of this domestic information control prompted copycats to attempt construction of their own cyber control systems in Kazakhstan, Russia, and Iran. The political and digital logic behind this regime of censorship and information control helped articulate an ideological counterweight to the open internet.
The centralization of the internet
But there is more to the story than China; political
and economic decisions made within liberal democracies helped pull this network
apart. The internet as we know is in its fourth generation and with each
successive decade becomes more closed, its ownership more concentrated, and
leaves users with less control over what was once their network.
Borne of a research project, the internet’s first
broadly accessible generation came online in 1983 with many of the same
technical protocols in use today. In its earliest form, the internet was a
text-based information network with a high barrier to entry for novice users. Early
research and non-commercial networks were slowly decommissioned, browsers matured,
and sites like eBay, Amazon, and Yahoo grew as part of the e-commerce
revolution powering the internet’s second generation.
Along with e-commerce platforms came a slow but steady
advance of tracking and advertising delivery networks—surveillance, of a corporate
kind, to profile users and tailor ads and services accordingly. These
technologies, often situated in a Silicon Valley culture of ruthless and
persistent innovation, drove features before security and strained the informal
networks of trust integral to the internet’s gestation. Simultaneously it was
democracies, including France and Germany, that implemented some of the
earliest efforts to link internet addresses with physical locations. Both
states cared a great deal where things like Nazi memorabilia were being sold
and took steps to block these transactions in their jurisdictions. This second
generation of the internet had already begun to fuse the virtual and physical
With the birth of cloud computing in the 2006 launch
of Amazon Web Services, the internet entered a third generation—one which would
be characterized by increasing concentration of computing and networking power.
Cloud provider giants like Amazon, Microsoft, and Google built vast computational
resources and drove massive amounts of traffic flying between their data
centers. Demand for cloud services grew, and so did the power of these
providers. Microsoft and others have built undersea internet cables to handle
the increasing traffic between their facilities, for example, while Google has
even developed a replacement for one of the internet’s core protocols (QUIC),
implementing it years before any global governing body accepted or approved the
standard. The 2018 expulsion of the widely used encrypted communications app,
Signal, from Google and Amazon’s clouds, where it had received protection from
censorship by authoritarian states, underlined a troubling consequence of this
The spread of social media, and subsequent explosion of disinformation and other online harms like hate speech has occasioned the internet’s fourth and current generation—the rise of platform companies. What cloud computing did for the internet’s networking and computing architecture, social media did for information; large companies drove new features and seamless association of ever-greater amounts of information across a global user base. Information freedom increasingly moved into corporate hands.
The democratic cost
Across each generation, the internet’s pool of
stakeholders has shrunk. The network as a whole has become less open. Where
once intelligence sat at the edge of the network, it has slowly become more
centralized. Alongside the censorship and surveillance regimes of authoritarian
states, a small set of companies has begun to exert tremendous influence over
the shape and composition of the internet. None of this suggests the influence
is necessarily malicious; it is a product of broad commercial demand for these
companies’ services. But the result is the same: strengthening a handful of
companies in the middle of the network at the expense of the network’s edge and
a concentration of power into organizations whose decision-making lacks clear democratic
In hindsight, the Secretary’s speech in part missed, and
in part got wrong, the promise of a democratic internet model in the face of
the its growing risks. But there is hope; together users and democracies and
even some companies can reinvest in a free, fair, open, and secure network for
next generation of the internet. Democracies should support non-profit
technical bodies and companies to more expeditiously protect the internet’s
core technical protocols like Border Gateway Protocol (BGP) and Domain Name
System (DNS) from abuse. Governments across the United States, European Union,
and elsewhere can invest resources to work with internet “swing
states” to preserve the content freedoms that Americans from
Stanford and Berkeley saw in the web’s DNA. Through all of this, democracies
must recognize something else mentioned little at the Newseum ten years ago:
the dual role technology companies will play in cyberspace’s future.
For while the internet was once heralded as a
corporate-less democratic utopia, a handful of companies who build and sell
technology have the capacity to influence of much of the internet; at once a
risk to, and critical partner in defending, the positive vision of a network
whose design, access, and content reflects a fair, free, open, and secure
ethos. The internet of today is not what it was even ten years ago, but the
fight is on to save something of its original soul in whatever form it takes a
decade from now.
Trey Herr, PhD, is director of the Atlantic Council’s Cyber Statecraft Initiative under the Scowcroft Center.
Justin Sherman (@jshermcyber) is a fellow with the Atlantic Council’s Cyber Statecraft Initiative.
Tue, Jan 7, 2020
Iran’s government will feel the need to retaliate against the United States, but it does not wish to ignite a prolonged war with the United States. The regime’s near-term aim is to demonstrate to its domestic and regional constituencies that it has the capability and the resolve to avenge Soleimani’s killing and, more strategically, to drum up support for hardliners ahead of legislative elections next month. While Iran has a number of options available, its cyber toolkit not one to be overlooked.
Mon, Dec 16, 2019
While the Internet of Things offers a range of humanitarian, commercial, and national security benefits, its pervasive nature has many concerned over its impacts on safety and security in society. In a new report by the Atlantic Council’s Scowcroft Center for Strategy and Security, Karl Rauscher notes that the world’s two largest powers are at a crossroads with regard to their level and scope of cooperation in continued IoT advances. United States–China Collaboration on the Internet of Things Safety: What’s Next? analyzes possibilities for the United States and China to work together to establish consensus policies and standards to make their societies safer and provide a model for the world.
Wed, Oct 9, 2019
The Kazakh case serves as an example of irresponsible cyber statecraft, when governments use cyberspace and technological tools to achieve specific political goals, placing the rights of citizens, as well as their political legitimacy, on the line.