Cybersecurity Internet
New Atlanticist January 27, 2020

Warring for the soul of the internet: Ten years on

By Trey Herr and Justin Sherman

“The spread of information networks is forming a new nervous system for our planet.” In a landmark speech delivered ten years ago at the Newseum—Washington’s shrine to the First Amendment—US Secretary of State Hillary Clinton foreshadowed the internet’s potential to improve human life. Drawing a contrast between the State Department’s work on internet freedom and oppositional efforts around the world to destroy it, Clinton continued, “principles like information freedom aren’t just good policy, not just somehow connected to our national values, but they are universal.”

Yet these words arrived at a starkly different time in history: before Edward Snowden’s leaks about globe-spanning US surveillance programs, before a social media-infused Arab Spring prompted authoritarian internet crackdowns, and before people around the world began to recognize how much they could be tracked and hacked through the internet. Democracies were much more hopeful about a fair, free, and open global internet than many are today.

A decade later, the Newseum has shuttered and the ideals of an open internet are under assault. The new reality is one where democracies must play a more assertive role to protect an open, free, fair, and secure internet, utilizing a strategy that recognizes the changes the internet has undergone, the pernicious influence of authoritarian states, and the role companies have in both protecting and fragmenting it. The internet can’t be brought back in time but there is hope, perhaps, that its original core values can be preserved in a new form through determined effort by its users, some companies, and the democratic states where the open web was born. 

The world faces great challenges in how authoritarian regimes undermine internet principles long heralded by liberal democracies—freedom, openness, interoperability, security, resilience. Efforts by the Chinese state to provide for control, if not outright censorship, of every byte of data flowing across national networks tore at the fabric of a global internet. The effectiveness of this domestic information control prompted copycats to attempt construction of their own cyber control systems in Kazakhstan, Russia, and Iran. The political and digital logic behind this regime of censorship and information control helped articulate an ideological counterweight to the open internet.

The centralization of the internet

But there is more to the story than China; political and economic decisions made within liberal democracies helped pull this network apart. The internet as we know is in its fourth generation and with each successive decade becomes more closed, its ownership more concentrated, and leaves users with less control over what was once their network.

Borne of a research project, the internet’s first broadly accessible generation came online in 1983 with many of the same technical protocols in use today. In its earliest form, the internet was a text-based information network with a high barrier to entry for novice users. Early research and non-commercial networks were slowly decommissioned, browsers matured, and sites like eBay, Amazon, and Yahoo grew as part of the e-commerce revolution powering the internet’s second generation.

Along with e-commerce platforms came a slow but steady advance of tracking and advertising delivery networks—surveillance, of a corporate kind, to profile users and tailor ads and services accordingly. These technologies, often situated in a Silicon Valley culture of ruthless and persistent innovation, drove features before security and strained the informal networks of trust integral to the internet’s gestation. Simultaneously it was democracies, including France and Germany, that implemented some of the earliest efforts to link internet addresses with physical locations. Both states cared a great deal where things like Nazi memorabilia were being sold and took steps to block these transactions in their jurisdictions. This second generation of the internet had already begun to fuse the virtual and physical domains.

Cyber Statecraft Initiative Updates

Sign up for the Cyber Statecraft Initiative newsletter to stay up to date on the program’s work.

  • This field is for validation purposes and should be left unchanged.

With the birth of cloud computing in the 2006 launch of Amazon Web Services, the internet entered a third generation—one which would be characterized by increasing concentration of computing and networking power. Cloud provider giants like Amazon, Microsoft, and Google built vast computational resources and drove massive amounts of traffic flying between their data centers. Demand for cloud services grew, and so did the power of these providers. Microsoft and others have built undersea internet cables to handle the increasing traffic between their facilities, for example, while Google has even developed a replacement for one of the internet’s core protocols (QUIC), implementing it years before any global governing body accepted or approved the standard. The 2018 expulsion of the widely used encrypted communications app, Signal, from Google and Amazon’s clouds, where it had received protection from censorship by authoritarian states, underlined a troubling consequence of this concentration.

The spread of social media, and subsequent explosion of disinformation and other online harms like hate speech has occasioned the internet’s fourth and current generation—the rise of platform companies. What cloud computing did for the internet’s networking and computing architecture, social media did for information; large companies drove new features and seamless association of ever-greater amounts of information across a global user base. Information freedom increasingly moved into corporate hands.

The democratic cost

Across each generation, the internet’s pool of stakeholders has shrunk. The network as a whole has become less open. Where once intelligence sat at the edge of the network, it has slowly become more centralized. Alongside the censorship and surveillance regimes of authoritarian states, a small set of companies has begun to exert tremendous influence over the shape and composition of the internet. None of this suggests the influence is necessarily malicious; it is a product of broad commercial demand for these companies’ services. But the result is the same: strengthening a handful of companies in the middle of the network at the expense of the network’s edge and a concentration of power into organizations whose decision-making lacks clear democratic legitimacy.

In hindsight, the Secretary’s speech in part missed, and in part got wrong, the promise of a democratic internet model in the face of the its growing risks. But there is hope; together users and democracies and even some companies can reinvest in a free, fair, open, and secure network for next generation of the internet. Democracies should support non-profit technical bodies and companies to more expeditiously protect the internet’s core technical protocols like Border Gateway Protocol (BGP) and Domain Name System (DNS) from abuse. Governments across the United States, European Union, and elsewhere can invest resources to work with internet “swing states” to preserve the content freedoms that Americans from Stanford and Berkeley saw in the web’s DNA. Through all of this, democracies must recognize something else mentioned little at the Newseum ten years ago: the dual role technology companies will play in cyberspace’s future.

For while the internet was once heralded as a corporate-less democratic utopia, a handful of companies who build and sell technology have the capacity to influence of much of the internet; at once a risk to, and critical partner in defending, the positive vision of a network whose design, access, and content reflects a fair, free, open, and secure ethos. The internet of today is not what it was even ten years ago, but the fight is on to save something of its original soul in whatever form it takes a decade from now.

Trey Herr, PhD, is director of the Atlantic Council’s Cyber Statecraft Initiative under the Scowcroft Center.

Justin Sherman (@jshermcyber) is a fellow with the Atlantic Council’s Cyber Statecraft Initiative.

Further reading