Brazil recently hosted NETmundial, the first global conference on Internet governance, attended by 800 representatives of governments, corporations, civil-society organizations and technologists. Based on the notion of “multi-stakeholderism,” the meeting produced a 12-page “outcomes” document.
Nonetheless, at the end of the conference, there was still no consensus on global cybergovernance. Many governments continued to advocate traditional UN voting procedures for making global decisions and defend their right to control domestic cyberactivities.
In a sense, this is not surprising. After all, though the Internet is a complex, fast-evolving and all-encompassing global resource, it has not been around for very long. While the World Wide Web was conceived in 1989, it has only been in the past 15 years that the number of Web sites burgeoned and Internet technology began to transform global supply chains. Since 1992, the number of Internet users has exploded from 1 million to nearly 3 billion. Just like that, the Internet became a substrate of economic, social and political life.
In its early days, the Internet was often characterized as the ultimate egalitarian conduit of free-flowing information — a harbinger of the end of government controls. However, the reality is that governments and geographical jurisdictions have always played a central role in regulating the Internet — or at least have tried. However, ultimately, the Internet poses a major governance challenge, exemplified in ongoing efforts to understand the implications of ubiquitous mobility and the collection and storage of “big data.”
The governance challenge stems from the fact that cyberspace is a combination of virtual properties, which defy geographical boundaries and physical infrastructure, which fall under sovereign jurisdictions. Control of the physical layer can have both territorial and extraterritorial effects on the virtual layers. At the same time, attacks can be launched from the low-cost virtual realm against the physical domain, where resources are scarce and expensive.
The Internet began as a small village of known users, where an authentication layer of code was unnecessary and the development of norms was simple. However then it grew and everything changed. Though cyberspace offered the advantages of access to information and easy communication to a growing number of people, it became a breeding ground for crime, hacker attacks and threats to governments.
Efforts to limit the risks incurred in this volatile environment have focused on creating private networks and “walled gardens” (closed platforms) — cyberequivalents to the 17th century enclosures that were used to solve that era’s “tragedy of the commons.” However, this raises the risk of fragmentation, which, if allowed to go far enough, could curtail the Internet’s economic benefits.
Given that security is a traditional function of the state, some observers believe that growing insecurity will lead to a greater role for governments in cyberspace. Indeed, accounts of cyberwar may be exaggerated, but cyberespionage is rampant and more than 30 governments are reputed to have developed offensive capabilities and doctrines for the use of cyberweapons. Ever since the Stuxnet virus was used to disrupt Iran’s nuclear program in 2009 and 2010, governments have taken the threat posed by cyberweapons very seriously.