Contrary to popular belief, the Internet, since its creation, has always been subject to some form of global governing standards. Packet protocols, naming and numbering systems, and peer to peer communication agreements were necessary for the Internet to be operational and function across state lines even if the primary users were primarily just researchers and others in the Science, Technology, Engineering, and Mathematics field (Raymond and Smith 2013).
The global governance challenges began to emerge more noticeably as internet usage became far more common as an everyday function in everything from social media and journalism to shipping and critical infrastructure. Stemming from the vast exploitation of the Internet, every user expects that the systems and networks they are utilizing will have adequate protection to preserve the confidentiality, integrity, and availability of the data they are sending and receiving. Privacy and freedom of speech, availability, and security, as well as piracy and cyber warfare, all rapidly became points of contention and concern with no substantive agreements between states being established or respected by either private individuals, governments, or non-governmental organizations (Bradshaw et al. 2015).
Cyberwarfare brings a unique dynamic to the discussion of global governance of web-based and digital technologies and the weaponization of the Internet. Many international conventions prohibit the targeting of civilian infrastructure and other societal elements that would cause undue suffering on non-combatants; however, cyber warfare largely discounts or is not included in these regimes. Moreover, there are no defined confines to its employment (Arquilla and Ronfeldt 2001).
An example of this might be if a hostile actor targeted a hydroelectric dam’s SCADA (Supervisory Control and Data Acquisition) with a malware (malicious software) attack that supplied power to a military manufacturing district in addition to providing electricity to numerous towns and villages throughout the region. Another hypothetical example is if the STUXNET virus that targeted the Natanz Uranium Enrichment Facility in Iran had inadvertently caused a nuclear accident that resulted in widespread radioactive contamination that may have even crossed international borders. These examples are on the far end of the cyber warfare spectrum. They do not include information warfare, such as disinformation campaigns, state-sponsored cybercrime like intellectual property theft, or denial of service attacks that primarily impact non-combatant populations.
Hacktivists, radical extremists, lone-wolf militants, or those just with criminal intent have also taken advantage of the global governance disarray to perpetrate their crimes with relative impunity. Cyber-criminals, activists, and terrorists exploit the Internet to attack institutions, public and private, to push an ideological agenda. Many take advantage of weak or non-existent state laws and regulations as a venue to launch their attacks and avoid prosecution (Raymond and Smith 2013). As with state actors, these non-state actor groups engage in propaganda campaigns, publish damaging information, profit from publicity or disclosure, collect intelligence, recruit new members, and coordinate activity.
However, most states are limited in mitigation methods without violating the privacy and rights of their citizens (Denning 2001). The prevention, protection, mitigation, response, and recovery planning and operations in response to the aforementioned non-state actor activities have led to many disagreements within the international community regarding effective strategies while ensuring the preservation of human rights regimes.
Other NGOs play an even more significant role in establishing internet global governance regimes, specifically the technology industry. Tech giants like Facebook, Google, Microsoft, and Apple have a tremendous influence on determining the “rules and rulers of the internet” and exploit the ever-increasing economic and social reliance on web-based and digital technology products and services across the globe, but particularly with post-industrialized states. Many of these private tech firms are in a position that they can themselves determine the level of access, privacy, and security of the services they provide regardless of state laws or regulations. However, many currently abide by those limitations. Another hypothetical example would be if Facebook told Russia and China that they would no longer be censoring content and penalize internet service providers if the content is blocked or restricted.
Conversely, Facebook could deny service to the U.K. or U.S. to manipulate anti-trust and privacy lawsuits currently being pursued. In both cases, the respective states’ populations would help facilitate policy change. In the former case, it would mean giving access to information inciting regime change, and in the latter, denial of service might instigate the same. Again, these are extreme cases and not likely in the foreseeable future. Still, the power and influence that private industry has on the technology market represent yet more challenges to instituting global governance of the Internet (Drezner 2004).
In closing, there is a myriad of challenges to instituting global governance over the Internet.
Stakeholder states such as those in the E.U., Eastern Asia, and the U.S. often dictate terms of internet governance to the rest of the international community, much to the consternation of more authoritarian governments and weaker but influential states (Carr 2015); these regulations and regimes often revolve around privacy, freedom of expression, and security. Cyber-warfare capabilities and effects also make enacting restrictions on web-based and digital attacks challenging as there is both an element of plausible deniability and whether it constitutes an actual assault on non-combatants is unclear and is as of yet undefined.
Cyber terrorism and hacktivism can be just as influential in developing global governance internet regimes. Still, they will continue to run counter to those interested in preserving individual freedoms on the World Wide Web. Finally, public and private partnerships will be integral to protecting the confidentiality, integrity, and availability of internet services. These entities wield incredible power in dictating who and how to govern the Internet — this will necessitate including those organizations in any future discussions on regulating the Internet (Carr 2016).
Arquilla, John, and David Ronfeldt. 2001. “The Advent of Netwar Revisited.” In Networks and Netwars: The Future of Terror, Crime, and Militancy, 1-25. Santa Monica, CA: RAND Corporation.
Bradshaw, Samantha, Laura DeNardis, Fen Osler Hampson, Eric Jardine, and Mark Raymond. 2015.
“The Emergence of Contention in Global Internet Governance.” CIGI Global Commission on Internet Governance 17, July: 1-19.
Carr, Madeline. 2015. “Power Plays in Global Internet Governance.” SSRN Electronic Journal 43, no. 2 (2015), 640-659.
Carr, Madeline. 2016. “Public-Private Partnerships in National Cyber-Security Strategies.” International Affairs 92 (1) (01): 43-62.
Denning, Dorothy. “Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy.” In Networks and Netwars: The Future of Terror, Crime, and Militancy, 239-288. Santa Monica, CA: RAND Corporation, 2001.
Drezner, Daniel W. 2004. “The Global Governance of the Internet: Bringing the State Back In.” Political Science Quarterly 119, no. 3 (2004): 477-98.
Raymond, Mark, and Gordon Smith. 2013. Reimagining the Internet: The Need for a High-level Strategic Vision for Internet Governance. Ontario, Canada: The Centre for International Governance Innovation.
This first appeared in The Havok Journal on August 24, 2021.
Ben is a former U.S. Army Mountain Infantry Platoon Sergeant and served in domestic and overseas roles from 2001-2018, including, from 2003-2005, as a sniper section leader. Besides his military service, Ben worked on the U.S. Ambassador to Iraq’s protective security detail in various roles, and since 2018, he has also provided security consulting services for public and private sectors, including tactical training, physical and information security, executive protection, protective intelligence, risk management, insider threat mitigation, and anti-terrorism. He earned a B.A. and an M.A. in Intelligence Studies from American Military University, a graduate certificate in Cyber Security from Colorado State University and is currently in his second year of AMU’s Doctorate of Global Security program.