At present, the United States foreign policy for the internet is absent, and much of the country’s policy efforts could be summed up as “not what China is doing,” a rejectionist attitude beset on all sides by purposeful adversaries and weakened alliances.
The United States government does not yet have a constructive strategy for the internet. Contrary to what the last four years have messaged—that the United States is in a zero-sum technology competition with China and expelling and excluding Chinese technology is the best response—a vision for the internet that does little more than say “no” to China is not a purposeful strategy. Yet the Chinese government and other authoritarian states remain committed to rewriting the rules of the internet across its governance and its physical and digital infrastructure. Beijing in particular has invested massively in altering the internet’s technical standards, physical backbone, and governing norms.
The absence of a coherent “foreign policy for the internet,” in turn, gives over momentum to authoritarian states, leaves allies without a strong voice to effectuate consensus, and delegates important structural choices to private firms whose decisionmaking is optimized for quarterly competitive pressures, not the long-term public good. As western democracies reawaken to the influence of disinformation campaigns and potential for political influence over technology supply chains, they further call these same companies, like Google, Facebook, and Twitter to task and debate new controls on acceptable content and information virality but without situating those efforts in a broader conversation about strategic objectives for the internet.
The confluence of these trends leaves the internet vulnerable to structural distortion and unprecedented change. The core operating principles that have guided liberal democratic internet policy for the better part of two decades—freedom, openness, interoperability, security, and resilience—are being degraded through both purposeful intent and the weight of apathy. Requiring more than just a firm advocate, the internet needs a collective defense by open societies, based on a principled vision of how the internet should evolve and grow in light of modern digital risks. This vision must first recognize that for all of the wires and wizardry, the internet starts with people, both inventors and users, and its future cannot be separated from broader economic, political, and social forces. Second, this constructive U.S. vision for the internet should start with small policy interventions and seek to iterate on them. Grand bargains are impracticable given the diversity of stakeholders and delicate complexity of the internet; small inputs will have outsized impacts. Third, policymakers and practitioners alike must accept that there is no going back, the internet cannot be returned to an earlier state, and the choice now is to drive principled evolution forward or face a descent into madness. Here, there is an opportunity for the Biden administration to develop a principled foreign policy for the internet, ensuring its long-term health and continued viability.
State of Play
Today, the five principles most frequently repeated in liberal democratic internet policy documents—freedom, openness, interoperability, security, and resilience—are in tension with the reality of a web that is increasingly centralized, insecure, and subject to the sovereign control and influence of national governments. Democracies beginning to exert more state control over the internet in their borders recognize this fact. And many other countries recognize these flaws in the democratic internet model too, as they increasingly turn to the sovereign and controlled model to combat online threats and social instability.
For several decades, liberal democratic governments around the world talked about the internet as an inherently democratizing force. John Perry Barlow drove far deeper in this view in his 1996 “Declaration on the Independence of Cyberspace,” where he told the “Governments of the Industrial World” that “[c]yberspace does not lie within your borders . . . Your legal concepts of property, expression, identity, and movement and context do not apply to us.”
A few years earlier, George Shultz argued a related idea of the “dictator’s dilemma”—that technology inherently opens up closed societies and that dictators “will never be able entirely to block the tide of technological advance.” Countries looking to benefit from the global economy must, the narrative goes, relinquish some degree of technological control. This worldview is heavily reflected in the original development of a free and open vision of internet governance.
The idealized vision of a democratizing internet, however, no longer meshes with reality, if it ever did at all. Countries around the world have found ways to permit the use of these technologies to grow their economies while largely retaining their authoritarian control. Beijing has arguably been doing it since the 1990s. Simply put, the notion that cyberspace cannot at all be controlled by nation-states is wrong. Internet control may not always be easy, but it is certainly possible. As James Lewis wrote, “Sovereignty completely covers cyberspace, even if nations have not always chosen to assert sovereign control (and the reasons for this may be a combination of poorly conceived ideology and concerns over liability and regulation).” That said, these five ideas are worth striving for—whether robustly securing the internet’s data and architecture or better protecting content freedom in an age of increased state censorship around the world.
At present, the United States foreign policy for the internet is absent, and much of the country’s policy efforts could be summed up as “not what China is doing,” a rejectionist attitude beset on all sides by purposeful adversaries and weakened alliances. As Laura Rosenberger has argued with respect to the global information contest, the United States and its allies “have been reactive, focused on what they are trying to defeat; they have not developed a strategy for success.” The conversation about China’s role in undermining the internet has hit a fever pitch in the last three years—witness the rashly issued executive orders banning TikTok and WeChat—as commentators acknowledge there are competing visions for the internet between democratic and authoritarian states.
The more recent U.S. approach to China, like export controls on Huawei, have been ill-considered. There is a legitimate basis to be concerned about the scope of Chinese government authority over their technology champions and Beijing’s power to transitively exercise a measure of influence wherever Chinese firms’ products and services are found. But the collateral damage of a single-minded pursuit of Huawei and its associated universe of subsidiaries, vendors, and counterparties has been an acceleration of European discontent with the state of American cyber-diplomacy and a meaningful loss of trust in operational U.S. cybersecurity policymaking in key allies and private sector partners. The gains, by contrast—nonbinding declarations and a slow drip of national governments posturing to reject Huawei products—are hardly commensurate. Robert Knake makes a valuable point on this issue: rather than building positive incentives to shape or improve Beijing’s behavior, plans like the State Department’s Clean Network Initiative boil down to an exclusion of Chinese technology above all else.
Meanwhile, the internet is under siege by a spate of new internet control efforts. Some of these are a response by societies no longer willing to tolerate the internet’s particular status quo balance toward free speech and decentralized control. Germany implemented the infamous NetzDG law, staking out a stronger position on hate speech than many other liberal democracies. France passed an online speech-limiting law, though it was later picked apart by a constitutional court. Incidents of domestic terrorism have also driven democracies to shift their hands-off approach to online content, such as the terrorist attack in Christchurch, New Zealand that was live-streamed on social media.
Other efforts, like the PACT Act, demand a more assertive approach to online content moderation and are more a response to the outcome of the 2016 election, a typically orphaned failure whose cause was in all likelihood attributable to parties both foreign and domestic. The year 2016 brought an American reawakening to misinformation and strategic influence operations. The ensuing backlash produced a series of policy changes and proposed new information controls, including several different bills to repeal the Section 230 safe harbor. While many of the policy changes were limited to individual platforms (like Twitter’s labeling allegations of widespread voting fraud as misinformation), some of these platforms are so large—Facebook and Alphabet’s YouTube notable among them—as to constitute ‘layers’ of their own in the internet’s application and content layer.
Still other of these changes, however, are moves of oppression against ever-less open societies, efforts to control a technology that can bring disparate communities together, enable social organization and information-sharing, and even lead to a loss of confidence in faltering institutions. In 2019, India declared Kashmir a connectivity free zone, blocking internet and cell phone access to the region for “71 days of silence.” India also banned fifty-nine Chinese apps following a shooting on the border, later adding one-hundred-and-eighteen more—shoving Chinese software out of the lucrative, rapidly growing Indian technology market. Turkey has introduced legislation to further extend the government’s power to punish social media firms for publishing state-critical content. Belarus simply turned off the internet to its citizens alongside a violent state crackdown on peaceful demonstrators in 2020. Countries around the world, in this vein, are only doubling down in recent years on state control of the web in their borders.
In response to this reality, a U.S. strategy for the internet should promulgate a set of values tightly aligned with the internet’s original design philosophy. By default, it should start with allies and integrate two decades of private sector experience working to defend and rebuild the internet’s core protocols. The United States has long supported the internet—from its early inception as academic projects funded by the military, through the economic revolutions of the e-commerce bubble, to the current reign of cloud computing and social media companies whose headquarters pockmark the landscape of the American West Coast.
Jared Cohen and Richard Fontaine recently argued for more democratic cooperation worldwide on technology issues, internet policy included. However, their call rings hollow—cooperation to what end? Indeed, simply moving out without a more coherent strategy may well do more harm than good. They are certainly correct that “Washington has struggled to develop a coherent vision to guide its global technological role,” but any coalition-building must be premised on a renewed and realistic assessment of the internet, one that links democratic principles to political and technical objectives. To produce this, American policymakers must be willing to reevaluate U.S. wishes and assumptions about the global internet itself. In sum, such a strategy must rebuild, for the internet age, what the Massachusetts Bay Colony governor John Winthrop and, later, author of the Long Telegram, George Kennan, referred to as a city on the hill, articulating and resourcing a positive vision for what the internet must become amidst competing demands for change. For the incoming Biden administration, it will be vital to assert and revitalize a democratic internet model without imitating the last four years’ mistakes or resorting to the same state control that is fracturing the internet today.
Throughout the last thirty years, the five principles of freedom, openness, interoperability, security, and resilience have putatively formed important, if not immutable, parameters for the U.S. government’s approach to internet policymaking. But there is no readily articulated democratic internet model and most potential examples remain full of contradictions, e.g. failing to reconcile an internet that is both open and secure. All the while, the Chinese government has a far more coherently messaged model of the internet, one where the response to perceived problems and collateral harms is clamping down on the internet’s digital and physical infrastructure. The coherence of Beijing’s internet model, and the comparatively diffuse and discordant democratic alternatives, are only contributing to the global drive towards greater internet control and fragmentation.
America should commit to restoring and defending these five core principles, written into the very networks of the internet, as a means of asserting moral leadership. To do so, Washington needs a foreign policy for the internet that advances a vision for the internet that speaks to the language of trust and embraces the need to focus on the role of individuals, grasps the utility of iterating small changes instead of grand bargains, and embraces the reality that the clock cannot be turned back. This strategic product must do more than reject the sovereign and controlled authoritarian internet model, based on principles of tight state control over internet data routing, tight state control over data storage, and limited content freedom. A foreign policy for the internet must build on not just U.S. government agencies but allies and partners overseas, and leverage the influence that the American tech industry has over internet infrastructure. It must realistically address the shortfalls and risks of a free and open internet but seek to maximize and revitalize that internet’s benefits—across everything from speech to commerce. A foreign policy for the internet should rest on three assumptions; there are myriad others but these three are systemically significant.
First, policymakers must center on the fact that individuals play a vital role in the internet. This means bringing individual engineers, academic teams, and civil society organizations more tightly into the implementation of any foreign policy for the internet. This also means not conflating companies and individuals, where the private sector is not a stand-in for unaffiliated individual designers, network operators, and researchers. The internet is shaped by protocols determined by hand signals in the Internet Engineering Task Force (IETF), core technologies developed and once maintained by academics, and a community of network operators whose rough consensus and running code determine the outcome of DDoS attacks and the bandwidth available for Game of Thrones.
The private sector dominates the technical influence over and understanding of the internet at the same time as the state owns clear responsibility to protect and advance the public good. In the IETF, having individuals that can advocate for free, open, interoperable internet standards is vital for shaping the internet’s overall state. Similarly, it is the individual diplomats in the United Nations and other multilateral bodies whose contributions underpin the defense, or lack thereof, of free and open internet norms worldwide. Yet the internet is constituted by individuals, a number of whom were crucially responsible for its design, maintenance, and security. Ultimately, it is the social layer that provides the most useful signals of need, intent, and value; it is users who represent the ultimate equity.
Second, a constructive U.S. foreign policy for the internet will yield a more equitable and effective impact where changes start small and iterate rapidly. The United States government cannot and should not suddenly force U.S. firms to secure core internet protocols overnight, but by incrementally using procurement powers and public-private engagements, Washington can leverage Silicon Valley’s infrastructural control to boost global internet security in step with allies. An example of this is leveraging protections for the Border Gateway Protocol, the internet’s “GPS,” as enumerated in the Mutually Agreed Norms for Routing Security. While strong state control of online content is likewise undesirable, carefully calibrated, incremental changes to platform governance law may be more effective in the long-run than waiting to develop one silver bullet regulatory response. The internet is a big place, and there are few true points of systemic leverage across the global ecosystem. But the flip side is that the internet is remarkably adaptive. Witness the unprecedented volume of traffic sent rocketing from house to house during the pandemic lockdown of 2020: over the span of a few weeks, a significant percentage world’s population moved their workspace to the end of an internet connection. The internet is in a constant state of change and successful reform, and even widespread ones (like adopting more robust cryptographic standards or secure routing protocols) find greater effect in a multitude of nudges.
Third, both policymakers and industry must recognize that we are not going back. The internet of today is generations removed from its birth as a commercial network, the dot-com bubble, or even the early days of cloud computing. The present reality is an internet that is more concentrated, more frequently under assault, and substantially more consequential as traffic now heads to medical devices and city-scale power generators as well as to laptops and smartphones.
There is no taking the internet back to an earlier state—we must identify a principled vision of how the internet can evolve and move forward. These principles must be embedded in the current policy context and anticipate geopolitical and technical disruptions to the extent possible, to form the starting point of a foreign policy for the internet. Edge intelligence, where decentralized nodes in a network can intelligently make decisions without referring to some centralized “brain,” remains a tremendous defense against the kind of centralized control that can enable tyranny and hinder innovation. Practitioners in the United States and those in allied countries must weigh the imposition of information controls and content filters against their precedent-setting effect on both authoritarian states and private sector firms.
The internet reflects the chaos of the human soul; there is maddening darkness alongside the light in its wires. Proponents of an open internet increasingly grapple with the price of that freedom and openness online. This moment in history offers an opportunity for the United States and its allies to revitalize the internet along the lines of five principles—free, open, interoperable, secure, resilient—for the modern era. Together with partners across the globe, America “must formulate and put forward for other nations a much more positive and constructive picture of sort of world we would like to see” much as it did some seventy years ago. There is no going alone on this and the United States must advance a vision for the internet together with allies and partners in the private sector. The consequences of failure may only be exceeded by the failure to act at all.
Justin Sherman (@jshermcyber) is a fellow at the Atlantic Council’s Cyber Statecraft Initiative. Trey Herr, PhD, is the director of the Atlantic Council’s Cyber Statecraft Initiative.