october 2018 the digital deciders
TRANSCRIPT
October 2018
The Digital DecidersHow a group of often overlooked countriescould hold the keys to the future of the globalinternet
Robert Morgus, Jocelyn Woolbright, & Justin Sherman
Last edited on October 22, 2018 at 9:24 a.m. EDT
Acknowledgments
We would like to thank Jason Healey, Trey Herr,Pavlina Ittleson, Adam Segal, and Ian Wallace for theirthoughtful comments on earlier drafts, as well as allthose who participated in our research survey. Inaddition, we owe a special debt of gratitude to LorenRisenfeld, Ellie Budzinski, and Maria Elkin, withoutwhom’s help the data we collected would be far lessuseful. Finally, Tim Maurer, now of CarnegieEndowment for International Peace, was instrumentalin the formulation of the ideas behind this report.
This paper was produced as part of the FloridaInternational University - New America CybersecurityCapacity Building Partnership (C2B Partnership).
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 2
About the Author(s)
Robert Morgus is a senior policy analyst with NewAmerica’s Cybersecurity Initiative and InternationalSecurity program and the deputy director of the FIU-New America C2B Partnership.
Jocelyn Woolbright was an intern with NewAmerica’s Cybersecurity Initiative and is a recentgraduate of Florida International University.
Justin Sherman was an intern with New America’sCybersecurity Initiative and a student at DukeUniversity.
About New America
We are dedicated to renewing America by continuingthe quest to realize our nation’s highest ideals,honestly confronting the challenges caused by rapidtechnological and social change, and seizing theopportunities those changes create.
About Cybersecurity Initiative
The goal of New America’s Cybersecurity Initiative isto bring the key attributes of New America’s ethos tothe cybersecurity policy conversation. In doing so, theInitiative provides a look at issues from freshperspectives, an emphasis on cross-disciplinarycollaboration, a commitment to quality research andevents, and dedication to diversity in all its guises. TheInitiative seeks to address issues others can’t or don’tand create impact at scale.
About FIU-New America C2B Partnership
The Cybersecurity Capacity Building (C2B) Partnershipis a partnership between Florida InternationalUniversity and New America designed to developknowledge and policies aimed at building thecybersecurity capacity in the workforce, at the state
and local level, within the U.S. government andindustry, and internationally.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 3
5
8
11
13
16
18
20
22
13
24
18
39
Contents
Introduction
Internet Governance and Today’s Context
Two Poles and Three Clusters
Sovereign and Controlled
Global and Open (albeit without consensus on how)
The Digital Deciders
Understanding the Clusters Through Data
Analyzing the Clusters
Sovereign and Controlled
Global and Open
The Digital Deciders
Conclusion
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 4
Introduction
Which futures [for the internet] seem to be more likely today? ... [C]ountless
experts made gloomy projections for the next five years. Cyber risks will
continue to rise significantly in the near future. Technological and process
innovation might help some organizations, but overall there is little on the
immediate horizon that suggests that cyberattacks will become less common.
With the massive profusion of recent tension between major military powers,
the trend is perhaps more towards a Clockwork Orange or Leviathan
Internet.
- Jason Healey and Barry Hughes
In 2015, Jason Healey and Barry Hughes created a model to project the impact
that different versions of a future internet would have, principally focused on the
economy. In their paper analyzing the model, Healey and Hughes describe a
number of alternate futures. Among them were the Base Case—which continued
general trends of the time resulting in an internet that is mostly global and open—
and the Clockwork Orange and Leviathan internets—whose main features were
fragmentation and national borders.
Today, this global and open model is under pressure, and we risk drifting towards
an internet that we do not want—a Clockwork Orange or Leviathan. Amidst a
massive global dialogue about cyber norms—who should not attack what and
how—we are losing sight of the forest in favor of individual trees. Though
important, the grand prize here is not an agreement about not attacking hospitals
or financial institutions. Rather, the prize is the norm that the internet should be a
place that is global and open to the free flow of content, not narrowly sovereign
and closed.
The ultimate trajectory of this process will depend just as much, if not more, on
domestic developments around the world as sweeping debates at international
forums. Put simply, what countries do nationally will have an international
impact, while we often focus on the international governance, the internet as it
affects people is the internet in countries. In parallel to domestic developments,
countries will continue to do what they have done for decades and seek
legitimacy and cover via international agreement and norms.
1
2
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 5
The prize is the norm that the internet should be a
place that is global and open to the free flow of
content, not narrowly sovereign and closed.
In the debate over internet governance, three clusters of states have emerged. On
one end of the spectrum sit a number of countries—spearheaded by the likes of
Russia and China—that advocate for greater sovereign control over as series of
interconnected but nationally distinct internets. On the other end of the
spectrum sits a cluster of states that advocate for an open, global internet.
Traditionally, both sides have argued for a global norm that fits their own
national interest and that which they view to be in the interest of the rest of the
world. The third cluster of states is what we refer to as the Digital Deciders—a
group of states undecided or unconcerned about the best trajectory for the
internet.
If we want to build our version of the internet—one where the internet is free,
open, and global and sovereign internets are an anomaly—we will need to do a
better job of building our coalition more broadly. The fear that a country will not
be able to manage the looming LikeWars is one of the factors most likely to push
individual states away from an open and global internet. As we alluded to in The
Idealized Internet vs. Internet Realities, one of the biggest challenges for
proponents of a global and open internet will be developing a model to manage
security—both likewars and cybersecurity—while maintaining openness.
This paper and the accompanying data tools are a means for diplomats to analyze
these Digital Deciders in the pursuit of a better international strategy for
cyberspace. The different rankings and data sets in this paper can shed light on
things like who to prioritize for engagement and how to engage different
countries. At the end of the day, the purest and openest model may not be the one
to offer for emulation. As Healey and Hughes note:
Deciding how to steer between alternate futures to guide policy often results in a
very basic problem of political philosophy worthy of Hobbes, Locke, and
Rousseau: Is it better to avoid the worst cyber futures or to aim for the best? Of
course, we want the best cyberspace for ourselves and our children, but when
humanity has aimed for heaven, then missed, we have often wound up in hell.
3
4
5
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 6
Being able to clamp down on hate speech, for example, may be in the best
interest of a country and its people. It may be necessary, even desirable, to
compromise some absolute freedoms in order to maintain security.
This paper proceeds as follows. In the next section, we provide a background and
context for this broad debate. In the third section, we describe the three clusters
of states that have emerged. In the following section, we provide a data tool to
explore those clusters and the states in them in greater detail. We finish by
providing our own light analysis of the data and what it means for policymakers.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 7
Internet Governance and Today’s Context
Internet governance is the simplest, most direct, and inclusive label for the
ongoing set of disputes and deliberations over how the Internet is
coordinated, managed, and shaped to reflect policies.
- Milton Mueller
In April 2014, New America conducted a study on swing states in internet
governance. Using the informal vote at the World Conference on International
Telecommunications as a barometer, we identified two camps—one in favor of a
multistakeholder governance model and the other favoring state control over the
internet and the baggage that comes with it. In between these two camps was a
group of potential swing states. Using a series of qualitative and quantitative
metrics, we identified what we believed to be the top 30 most influential swing
states in internet governance.
At the time of that publication, the world was still trying to make sense of new
internet realities. But a lot has changed since early 2014.
Specifically, three trends have come to the forefront, each of which have
impacted the state of internet governance around the globe:
1. Shifts in the broader political context and an uptick in the emphasis on
sovereignty, on the internet and other aspects of international politics;
2. An increase in awareness of online disinformation, the awareness being
something of a novelty in Western Europe and the Americas;
3. The IANA transition, which transferred administrative oversight of core
internet functions out of the U.S. government.
These trends are driven in large part by a series of watershed events between
2014 and 2017. The 2013 leaks of classified material by Edward Snowden resulted
in political leaders around the globe gradually comprehending and pushing back
against the perception of pervasive surveillance. In 2014, this manifested in calls
from many traditionally pro-global internet countries for greater sovereign
control over their local internets and the way their data is stored and transmitted.
In March of the following year, the United States Federal Communications
Commission issued the Open Internet Order, a bastion of hope for proponents of
maintaining an open, global internet. To many in liberal democratic societies,
an open and free internet would be instrumental in promoting democratic
6
7
8
9
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 8
interests around the world, but the very concept appeared to be under assault
domestically.
In mid-2016, yet another watershed moment occurred. The seemingly around-
the-clock work of Russian intelligence officers and “patriotic hackers” to distort
reality in American politics opened the eyes of policymakers worldwide to the
potential harms a fully open and free internet could pose to democracy itself.
The parallel rise of populism in the United States and elsewhere, coupled with
concerns about the collapse of liberal international order, saw many of the
traditional open internet sword-bearers retreat into their shells. The U.S. and
others began considering methods for blocking disinformation, mirroring the
techniques of more closed states for stopping the free flow of information, and
populism pushed back against free trade causing agreements that would bolster
the free flow of information and data to suffer. States like Australia, the United
Kingdom, and others have attempted to step in to fill the resultant political
leadership vacuum, but only with mixed success.
An open and free internet would be instrumental in
promoting democratic interests around the world,
but the very concept appeared to be under assault
domestically.
Then, in September 2016, as Russian trolls used the internet to sway an American
election, the U.S. Department of Commerce completed its nearly two-decade
long process of transitioning oversight over the Internet Assigned Names and
Numbers Authority (IANA) to the Internet Corporation for Assigned Names and
Numbers (ICANN). The transition, which was lauded as a victory for
multistakeholder internet governance, did transition oversight to a more
multistakeholder body than the U.S. government, but it also weakened the U.S.
government’s ability to reliably advocate for a multistakeholder model at
ICANN.
In the wake of these experiences, even the staunchest proponents of a free, open,
interoperable, secure, and resilient internet began to construct domestic
governance that emphasizes two concepts—security and resilience—at times to
the detriment of freedom, openness, and interoperability. The U.K., for example,
is in the process of building their own version of a national firewall capable of
sifting out malicious traffic at national borders. Rumors persist about others
10
11
12
13
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 9
following suit. This is not necessarily a bad thing, but it does carry immense
international implications with it.
Domestic and international governance efforts have always run in parallel,
regardless of the politics at play. Authoritarians have long sought to use the
international system and its institutions as means to legitimize or provide cover
for domestic actions. Internet politics are no different from any other politics in
this regard. In our 2014 Swing States report, we wrote about two primary “visions
for Internet governance”—one a bottom-up, multi-stakeholder model, and the
other a top-down model driven primarily by governments. At the time, the battle
lines were relatively stark and certainly international. The burning question then
revolved around the form “global internet governance” would take. In retrospect,
it is the national or domestic governance that truly matters.
The two visions we described in 2014 still represent the prevailing ideologies for
internet governance. What is perhaps different from 2014 is the unit of analysis.
Where the focal point of the debate in 2014 was around the “right” way to model
and govern the internet globally, the battle today is over how states should model
their internets domestically. Rather than resolving, this debate has mutated.
Today, some states have built governance structures and internets that
increasingly gravitate towards one of two poles—Global and Open, or Sovereign
and Controlled—often in alignment with other political interests. However, a
far larger group of countries—the Digital Deciders—have yet to gravitate towards
either end of the spectrum, some undecided and others seeking a third path.
Although corporate and civil society actors influence the trajectory of the global
internet, the focus of this report is states. Despite early technoutopianism and
technolibertarianism, the sovereignty of states remains reality. Companies and
individual developers are not sovereign. States are increasingly setting the
context within which these private actors operate. The opportunity for the
clusters described in the next section lies in how they use that reality.
The Digital Deciders have yet to gravitate towards
either end of the spectrum, some undecided and
others seeking a third path.
14
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 10
Two Poles and Three Clusters
It is tempting to romanticize Internet architecture and governance as
innately embodying democratic values of equality, participatory openness,
and multistakeholder oversight but there are several problems with this
narrative. In a significant portion of the world, Internet governance control
structures do not embody democratic values but involve systems of
repression, media censorship, and totalitarian surveillance of citizens.
- Laura DeNardis
Norms at the international level are likely to reflect actions at the national level
around the globe. To that end, internet governance, as described by DeNardis
above, is not one thing. It is a suite of issues including technical design standards,
data retention and localization policies, and many things in between. Some of
these issues should appropriately involve or even be driven by private
stakeholders—civil society or industry. Others, though, still need to be driven by
the state.
DeNardis’ words ring just as true today as they did in 2014. Two loose models for
the internet and its governance exist. On the one hand, a predominantly free and
open internet driven by a multistakeholder governance model; on the other, a
sovereign and controlled version of the internet, where the state exerts authority
over the architecture, often in the name of some form of security, usually
resulting in a censored or unfree space. These two models represent poles of
attraction. In reality, national-level internet regimes exist on a spectrum between
these two camps with few—if any—fully embodying the extremes of either camp.
In order to depict this phenomenon, we use a simple plot consisting of two
spectrums as the axes: one measuring internet openness and the other capturing
the character of internet governance.
Openness means different things to different people. For the early internet
pioneers, “open” referred to the principle that internet architecture should be
agnostic to the traffic on it. What this would mean, in practice, is that architecture
would not discriminate—block or throttle—different packets based on what was
contained in them. However, openness in the political context has increasingly
come to describe the content environment of a country’s internet. A fully open
internet in this context refers to an internet absent of any censorship, throttling,
or blocking—whether of content or any other type of internet traffic. As
authoritarian countries push to legitimize censorship and democrats laud the
power of the internet for spreading democracy, it is this second version of
openness that has been placed at the center of the internet governance debate. It
15
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 11
is also this version of openness—content openness—that we map on our x-axis.
On the far right, we have a completely open internet. On the far left, we have an
internet whose content is completely moderated.
The character of governance is the extent to which the state has—or should have
—a monopoly over internet governance in its country and is mapped along the y-
axis. Full monopoly—where the government is a solitary decision maker on
internet governance—is the bottom of the spectrum, whereas pure
multistakeholderism—where each relevant stakeholder has a voice in governance
decisions—is the top of the spectrum. A country where the state has a monopoly
over all internet policy decisions, can dictate architectural changes and
configurations, and sets standards would fall on the bottom of the spectrum. A
country where control is partially distributed would fall near the middle of the
spectrum. A country where control is equitably distributed would sit at the top of
the spectrum.
The poles of attraction—sovereign and controlled and open and global—are the
bottom left and top right of the graph, respectively.
The exercise of plotting countries on these spectrums reveals a clear
differentiation between two clusters of countries, with a few countries sprinkled
throughout the middle. In the lower left-hand corner is a cluster of states that
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 12
To view the interactive, visit newamerica.org/cybersecurity-initiative/reports/digital-deciders
take a heavy-handed approach to governing the internet and tightly control the
content on that internet. The opposing cluster is slightly less well defined.
Looking at the far right end of the plot we see a series of countries that generally
favor an open internet, but their governance model is less starkly defined. In
addition, the 2014 and present day comparison reveals that this second cluster of
countries (on the far right end of the spectrum) have begun to creep closer and
closer to the middle—a visual depiction of the challenges to the multistakeholder
and open models we previously described.
No longer do the camps only represent models for
global internet governance. Instead, these two
camps represent distinct—but seemingly
compatible—models for the internet itself.
This plot depicts the steady consolidation of states into two clusters, one in the
Sovereign and Controlled quadrant of the graph and the other in the Global and
Open quadrant, over the last four years. With this consolidation comes greater
clarity of the impact of these models on the functioning of the internet. No longer
do the camps only represent models for global internet governance. Instead,
these two camps represent distinct—but seemingly compatible—models for the
internet itself: one placing freedom and opportunity for individual users front
and center, the other emphasizing sovereign control and managing threats to
political stability. Yet, so long as interconnection continues to work—that is,
filtering and blocking happens at the borders of national networks—these models
may not break one another.
That these two clusters exist is not groundbreaking. What matters is where these
clusters plot—the general trend down and to the left in our scatterplot—and
where countries that do not yet fit into either of these clusters reside in relation to
each cluster. To better understand these dynamics, let us first explore the
principles and practices of each cluster.
Sovereign and Controlled
Whoever masters the Internet holds the initiative of the era, and whoever
does not take the Internet seriously will be cast aside by the times.16
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 13
- Zhuang Rongwen, Chief of the Cyberspace Administration of China
In September 2018, newly appointed chief of the Cyberspace Administration of
China (CAC), Zhuang Rongwen, published an essay outlining the Communist
Party of China’s plan to “exert full control over the information flowing over
China’s portion of the Internet,” according to a translation by DigiChina. For
Zhuang, “Whoever masters the Internet holds the initiative of the era, and
whoever does not take the Internet seriously will be cast aside by the times.”
While some of the means proposed by Zhuang in his essay were novel, the end
was not. This notion, that the state must master the internet to stay relevant, has
been present in parts of the world for the better part of two decades.
This approach was embodied at the international level first in 2011 when a group
of countries, including China, Russia, and several Central Asian Republics
submitted a letter to the United Nations General Assembly (UNGA). The letter,
which was resubmitted in 2014 with minor changes, opined on “the need to
prevent the potential use of information and communication technologies for
purposes that are inconsistent with the objectives of maintaining international
stability and security and may adversely affect the integrity of the infrastructure
within States, to the detriment of their security” and sought to reaffirm “that
policy authority for Internet-related public issues is the sovereign right of States,
which have rights and responsibilities for international Internet-related public
policy issues.” In short, as early as 2011, governments in Russia, China, and a
group of allies sought to legitimize a consolidation of sovereign control over the
internet through international institutions.
So what does this approach look like in practice? For the better part of five
decades, the creators and stewards of the internet have expounded on the
benefits of its statelessness—describing a solitary internet as challenging
territorial borders, needing its own law and legal institutions. The Sovereign
and Controlled approach challenges these notions, placing “more authority in the
hands of the state,” and viewing “cyber activity as occurring within the
jurisdiction of these states, rather than within a stateless data environment.” As
Jack Margolin notes, for Russia at least, the sovereign approach to the digital
space mirrors “the Kremlin’s conception of ‘sovereign democracy,’ a term used to
justify Russia’s right to eschew certain democratic principles in the name of
‘stability’ and sovereignty in its own affairs.” Cyber-sovereignty challenges an
“internationalist approach to norms of digital governance.” For China, arguably
the leader of this pack, “Cybersecurity and informatization are a single body with
two wings, the two wheels of a single drive, and require unified planning, unified
deployment, unified promotion, and unified implementation.” While there is
some variation between Sovereign and Controlled approaches, the model
manifests with a number of generalizable traits with regard to governance
process and character, as well as—particularly—internet openness.
17
18
19
20
21
22
23
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 14
As early as 2011, governments in Russia, China, and
a group of allies sought to legitimize a consolidation
of sovereign control over the internet through
international institutions.
First, with regard to governance process and character the cluster of states that
have gravitated towards the Sovereign and Controlled end of the spectrum tend
towards a statist approach to internet governance. In contrast to the popular
multistakeholder governance movement from the mid-2010s, this statist
approach to internet governance grants the state outsized—if not complete—
decision-making power over governance. Crucially, internet governance impacts
the internet’s architecture as well as the policies guiding corporations,
developers, and users. Decision-making power may come via state-owned and
operated corporations, public infrastructure, laws and regulations that legitimize
state direction of private corporations, quiet agreements, or simple intimidation.
Second, these countries tend to favor a more closed version of the internet.
Through legal and technical means as well as social norms and intimidation, the
market for information on the internet is strictly controlled by the state. In China,
this means the continued iteration on the Golden Shield project, which uses
technical and human means to manipulate the Chinese internet’s architecture to
filter out content deemed malicious by the state. Similarly, the Iranian state is
able to control the few physical points of ingress for the internet in Iran
effectively enough to block information at the borders.
In part because of the nature of its internet architecture, the Russian model for
information control departs from these technical means of censorship and, in a
sense, the flow of online information is freer. Rather than employing heavy-
handed filtering of traffic, the Russian government deploys a system called the
System for Operative Investigative Activities (SORM), which allows the
government to intercept and view all traffic on their networks. The presence of
this pervasive surveillance coupled with strict laws regarding legal and illegal
information and communications achieves a similar censoring effect to that of
the Chinese “Great Firewall” or the Iranian “Halal Net”.
In his book, The Darkening Web, Alex Klimburg aptly outlines the Sovereign and
Controlled model and provides an assessment of some of its pitfalls. To
Klimburg, the “core notion of cyber sovereignty is on its surface beguilingly
24
25
26
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 15
simple: a state should be totally sovereign within its borders,” rendering it free
from foreign influence or interference. According to Klimburg, this implicates
both internet content in the country and the “logical and physical infrastructure
on the local Internet segment,” what we refer to as the internet’s architecture.
Sovereignty in this space, to its champions, is meant to help states “better protect
not only its citizens from bad content but also the critical infrastructure and
government systems from hostile outside forces.” For this to work, contends
Klimburg, the sovereignty of states must be ”immutable and absolute,” and this
is simply not the case. Compounding these fallacies is the notion that sovereign
control over domestic internets could lead to breakdowns in the interconnection
of the global network, impacting the way the internet acts and presents outside of
those sovereign borders—a somewhat paradoxical reality. If your sovereign
internet inevitably interferes with the functioning of mine, are you respecting my
sovereignty?
The Sovereign and Controlled cluster of states plot at the extreme ends of both of
our described spectrums and appear clustered in the bottom left corner of Figure
1.
Global and Open (albeit without consensus on how)
Americans sometimes took for granted that the supremacy of the United
States in the cyber domain would remain unchallenged, and that America’s
vision for an open, interoperable, reliable, and secure Internet would
inevitably become a reality. Americans believed the growth of the Internet
would carry the universal aspirations for free expression and individual
liberty around the world. Americans assumed the opportunities to expand
communication, commerce, and free exchange of ideas would be self-
evident.
- National Cyber Strategy of the United States of America, September
2018
On the opposite end of the spectrum of content control sits a cluster of countries
that gravitate towards the global and open end of the content spectrum, but have
been volatile with regard to governance structures. This is the cluster of states we
wrote about in our Internet Ideals vs. Internet Realities report and consists of a
group of like-minded states that favor a global internet that embodies principles
of openness, freedom, interoperability, security, and resilience. As the 2018 U.S.
National Cyber Strategy observes, many Americans—and many of America’s
allies—”took for granted that the supremacy of the United States in the cyber
domain would remain unchallenged, and that America’s vision for an open,
interoperable, reliable, and secure Internet would inevitably become a reality.”
27
28
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 16
Likewise, this Global and Open cluster, spearheaded by U.S leadership, “believed
the growth of the Internet would carry the universal aspirations for free
expression and individual liberty around the world.”
Within this cluster, there is a general consensus that a global internet is not only
in the best interest of individual states, but in the best interest of the entire globe.
Likewise, there is consensus that openness—though there is some contention
over what that term means—is in the national and global best interest. However,
less consensus exists in how, exactly, to design both domestic and international
governance structures—laws, regulations, standards, and norms—to achieve this
reality.
Within this cluster, there is a general consensus that
a global internet is not only in the best interest of
individual states, but in the best interest of the
entire globe.
The American model for the internet was indeed embraced by many of the U.S.’
friends and allies. In 2017, the French strategy sought an internet driven by
principles of “ouverture” (openness), “neutralite des reseaux” (network
neutrality), and “liberte d’acces garantie par une architecture decentralisee”
(freedom of access guaranteed by a decentralized architecture). The U.K.
similarly calls for a “free, open, peaceful and secure cyberspace.” Thus, as with
the Sovereign and Controlled cluster, the Global and Open share some
generalizable characteristics.
Most notably, these countries favor internets that enable the free flow of internet
content, freedom of speech, and global e-commerce. In the past, many of these
countries sought—at least in principle—to construct systems of internet
governance that allotted governance power equitably to stakeholders, including
government stakeholders, but also industry, academia, and civil society. At the
same time, these countries sought to build internets that embodied the early
internet principle of openness. What this meant in practice was that internet
infrastructure would be designed and governed to treat all internet traffic equally,
thereby not throttling or filtering any of the packets flowing through it.
However, in recent years, both the practicality of a pure multistakeholder system
of internet governance and the desirability of the free flow of all data over global
networks, have come into question. The governments of the U.K. and Israel are
29
30
31
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 17
exploring ways to filter out certain malicious traffic at their borders. Data
localization and other laws restricting internet content are becoming more
commonplace. In addition, governments are increasingly intervening on their
internet’s architecture in order to bolster national cybersecurity. These
interventions have the often unintended and unstated consequence of
consolidating control and influence over the internet’s architecture in the hands
of states, leaving Milton Mueller to ask: “Is cybersecurity eating internet
governance?” Yet, today this Global and Open cluster is still—according to both
doctrine and action—in favor of a more open version of the internet, though the
shape of this vision, the meaning of open, and the best governance structure to
achieve it are all in flux. Indeed, as portrayed by the movement of this cluster
towards a more statist and closed approach to the internet—down and to the left
in Figure 1—the sovereign and controlled pole has some attraction.
The Global and Open cluster of states plots at the extreme end of the openness
spectrum, but tends to be scattered between the middle and the equitable end of
the governance spectrum. A sampling of Global and Open states plots in the top
right quadrant of Figure 1, especially in the present day.
The Digital Deciders
I think the most likely scenario now is not a splintering, but rather a
bifurcation into a Chinese-led internet and a non-Chinese internet led by
America.
- Eric Schmidt
Despite the attraction of these poles, not every state around the world possesses
either the capacity or interest to pursue or commit to either model. Indeed, many
states have not yet codified one model or the other, and some might even argue
that, quietly, a third model—one that cedes control over the internet to corporate
actors—has emerged and is thriving in parts of the world. The "Digital Deciders"
are those states that remain largely undecided and possess the capacity to
influence the global conversation.
In part to avoid confusion in an era where election cybersecurity is a hot topic, we
do not refer to this group as swing states, as we did in 2014. Nonetheless, in a
one-state-one-vote context, as would be the format for the negotiation of a treaty
at the UN, these states act much like swing states and we use similar criteria to
isolate the Digital Deciders. According to Richard Fontaine, swing states in the
American political context “are those whose mixed political orientation gives
them a greater impact than their population or economic output might warrant.”
In 2014, we defined a swing state in foreign policy as “a state whose mixed
32
33
34
35
36
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 18
political orientation gives it a greater impact than its population or economic
output might warrant and that has the resources that enable it to decisively
influence the trajectory of an international process.” This reality means that
states can take on new responsibilities, complicate solutions to significant
challenges, or free-ride on established countries’ positions if they find alignment.
In the context of internet governance and the internet’s architecture, it is these
Digital Deciders that will determine the prescience of Schmidt’s projection.
37
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 19
Understanding the Clusters Through Data
This tool is intended to provide policymakers and researchers with a means to
analyze the profiles of states around the world in an effort to better understand
how and why they may be attracted to either the Sovereign and Controlled or
Open and Global poles.
This data tool is meant as a means for diplomats to analyze these Digital
Deciders in the pursuit of a better international strategy for cyberspace. The
different rankings and data sets in this paper can shed light on things like which
countries to prioritize for engagement and how to engage them.
A high overall score indicates that a country is both influential and more likely to
favor a Global and Open approach to the internet. This does not mean that
countries that score poorly are not worthy of engagement, particularly countries
that score poorly on the two values scores and the reliance score. In some ways it
does not matter where countries stand on the list, but where the Digital Deciders
sit on the scatterplot in relation to the major clusters. Sometimes it is those on the
far fringe most worth engaging.
Our overall scoring system is based on five factors:
• Internet Values Score: A score that rates states on the values that drive their
internet. A score approaching 1 embodies more liberal and democratic
tendencies, like freedom and openness. A score demonstrates 0 embodies
more authoritarian tendencies. Those who score highly will have values
for governing the internet and information most similar to the Global and
Open cluster.
• Political Values Score: A score that rates states on their overarching political
values. A score approaching 1 embodies more liberal and democratic
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 20
To view the interactive, visit newamerica.org/cybersecurity-initiative/reports/digital-deciders
tendencies, like freedom and openness. A score demonstrates 0 embodies
more authoritarian tendencies. Those who score highly will have political
values most similar to the Global and Open cluster.
• International Internet Policy Participation Score: A score that rates states on
their involvement in international internet policy processes and debates,
to date. A score approaching 1 signals a high level of participation. A score
approaching 0 signals a low level of participation.
• International Influence Score: A score that rates states based on how
influential they are internationally and regionally on all political and
policy issues. A score approaching 1 signals a high degree of influence. A
score approaching 0 signals a low level of influence.
• Internet Reliance Score: A score that rates states based on how reliant they
are on the internet for commerce, governance, and broader societal
interaction. A score approaching 1 indicates a high degree of reliance. A
score approaching 0 indicates a low level of reliance.
The default setting for the map and ranking places equal weight on each of these
five factors and presents just the Digital Deciders. However, the tool is designed
to allow users to both isolate different groupings and place greater or lesser
importance on the different factors. Increasing the slider for a factor to 10 does
not mean the values in that particular factor are higher, rather that the factor is
given greater weight in calculating the ranking.
For a detailed description of the metrics collected, their methodologies, and our
methodology for our scoring system, see Appendix I: Methodology and
Description of Indicators.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 21
Analyzing the Clusters
Figure 2: How Different Camps Score on Average (out of 1)
NumberofCountries
LiberalInternetValuesAverage
LiberalPoliticalValuesAverage
InternationalInternet PolicyParticipationAverage
InternationalIn�uenceAverage
InternetRelianceAverage
Global 193 .53 .45 .60 .44 .52
Global minusLDCs andsmallcountries
114 .67 .54 .74 .51 .61
SovereignandControlled
27 .34 .26 .56 .45 .52
Global andOpenAverage
37 .88 .78 .80 .69 .80
The DigitalDeciders
50 .69 .51 .69 .53 .51
Sovereign and Controlled
Our Sovereign and Controlled camp consists of countries that scored as “Not
Free” on the Freedom House Freedom in the World Index and “Authoritarian” in
the Economist Intelligence Unit’s Democracy in the World Index. Their internets
largely mirror their political systems. For example, every member of the coalition
to submit the proposal for a regressive Code of Conduct for Information Security
to the United Nations General Assembly sits in the Sovereign and Controlled
group.
In terms of values, both the internet values and the political values largely fall
below global averages and the average of the Global and Open group. This does
not, however, prevent this group of states from wielding influence on internet
issues and more broadly in international settings. Particularly influential actors
39
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 22
falling into the Sovereign and Controlled camp include the logical candidates,
China and Russia, but also countries like Turkey, Belarus, and Egypt.
Their model for the internet differs in subtle and not-so-subtle ways from the
version idealized by liberal democrats, and this difference appears to have
yielded different results regarding the extent to which these countries, on
average, are reliant on the internet. Our data suggests that some countries in this
group, like the United Arab Emirates, Qatar, Bahrain, Russia, and a few others,
are as reliant on the internet for the functioning of their governments,
economies, and social systems as the rest of the world. However, on average it
appears that the Sovereign and Controlled group has built less reliance on the
internet. This could be construed as a positive—lower dependence means less of
a shock should the internet become less reliable—but to many the benefits of the
internet likely outweigh this prospective risk. Indeed, in purely economic terms,
business usage of the internet—which can unlock new efficiencies and markets—
is staggeringly low in comparison to the Global and Open cluster.
Figure 3: Sovereign and Controlled
Country Aggregate Score
Qatar 0.654
Turkey 0.614
United Arab Emirates 0.581
Belarus 0.574
Russia 0.563
China 0.536
Kazakhstan 0.502
Oman 0.491
Bahrain 0.490
Azerbaijan 0.488
Vietnam 0.466
Saudi Arabia 0.455
40
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 23
Country Aggregate Score
Egypt 0.451
Zimbabwe 0.447
Venezuela 0.440
Swaziland 0.434
Cuba 0.419
Iran 0.411
Algeria 0.404
Libya 0.362
Angola 0.362
Uzbekistan 0.343
Cameroon 0.328
Turkmenistan 0.291
Tajikistan 0.222
Syrian Arab Republic 0.151
Democratic People's Republic of Korea 0.028
Global and Open
Our Global and Open camp consists of countries that largely embody the
principles of freedom and openness online. This is perhaps explained by the
importance of the internet for the functioning of these countries’ economies,
political, and social systems. Nearly every country in this group scores highly on
our Internet Reliance score. Nineteen of the top 20 scorers on Internet Reliance
come from the Global and Open cluster (see Figure 4). Only 15 of the Digital
Deciders or Sovereign and Controlled states scoring higher than Romania, the
lowest from the Global and Open group (see Figure 5).
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 24
Figure 4: Top 20 Internet Reliant
Country Internet Reliance Digital Decider Global and Open
Sweden 0.92 x
Norway 0.91 x
Finland 0.91 x
United States 0.91 x
Netherlands 0.90 x
Denmark 0.90 x
Singapore 0.89 x
Switzerland 0.89 x
Japan 0.88 x
United Kingdom 0.88 x
Republic of Korea (South Korea) 0.87 x
Germany 0.87 x
New Zealand 0.87 x
Luxembourg 0.86 x
Australia 0.86 x
Canada 0.86 x
Belgium 0.85 x
Estonia 0.84 x
Austria 0.84 x
France 0.84 x
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 25
Figure 5: Romania and Internet Reliance
Country Internet Reliance Digital Decider Sovereign & Controlled
Singapore 0.89 x
United Arab Emirates 0.84 x
Qatar 0.81 x
Bahrain 0.80 x
Saudi Arabia 0.70 x
Kuwait 0.70 x
Russia 0.70 x
South Africa 0.70 x
Belarus 0.69 x
Oman 0.67 x
Uruguay 0.67 x
Serbia 0.67 x
Turkey 0.66 x
Azerbaijan 0.65 x
Republic of Moldova 0.65 x
Romania 0.64
Most states gravitating to the Global and Open of the spectrum appear to share a
set of liberal values for the internet. Indeed, 20 of the 30 members of the
Freedom Online Coalition, a group of states “committed to work together to
support Internet freedom and protect fundamental human rights—free
expression, association, assembly, and privacy online—worldwide,” fall in the
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 26
Global and Open camp. Of the remaining 10, nine are in the Digital Deciders
and one was disqualified from our analysis due to its small population. Analysis
of the majority of these countries’ publicly available international internet
strategy documents reinforces the notion of shared internet ideals. In addition,
all but two are signatories of the Council of Europe’s Budapest Convention on
Cybercrime, further suggesting a shared set of principles for defining and
enforcing cybercrime. These internet values are likely derived from a shared set
of liberal political values, as each Global and Open country scored higher on our
liberal political score than every Sovereign and Controlled state.
Interestingly, while the average score between the Global and Open and
Sovereign and Controlled camps is extremely close on two cybersecurity
indicators intended to depict how well a country is doing on cybersecurity
broadly, the Global and Open camp actually scores slightly lower on aggregate.
This data point could be interpreted in one of three ways: (1) The Sovereign and
Controlled approach does produce better cybersecurity as measured by these
metrics, (2) cybersecurity concerns should not be viewed as a legitimate reason
for closing one’s internet, as the two camps appear to have very similar
cybersecurity scores and the discrepancy could be explained away by
confounding variables, or (3) it is not empirical cybersecurity outcomes that drive
the desire for more internet closedness, but ill-defined perceptions of cyber
insecurity. Each of these interpretations merit greater exploration to elucidate
the relationship between different governance and architectural models and
national cybersecurity performance.
Figure 6: Global and Open Cluster
Country Aggregate Score
United Kingdom 0.97
Canada 0.94
Australia 0.94
Germany 0.93
Japan 0.93
Sweden 0.92
Netherlands 0.90
United States 0.90
41
42
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 27
Country Aggregate Score
Norway 0.88
France 0.87
Finland 0.87
Switzerland 0.86
Estonia 0.86
Spain 0.83
Poland 0.82
New Zealand 0.81
Republic of Korea (South Korea) 0.79
Austria 0.77
Ireland 0.77
Czech Republic 0.77
Portugal 0.76
Denmark 0.75
Italy 0.75
Latvia 0.75
Lithuania 0.75
Luxembourg 0.75
Belgium 0.72
Slovenia 0.72
Greece 0.71
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 28
Country Aggregate Score
Chile 0.71
Cyprus 0.68
Slovak Republic 0.68
Israel 0.66
Croatia 0.66
Bulgaria 0.66
Hungary 0.63
Romania 0.57
The Digital Deciders
The ultimate trajectory of the future internet will depend just as much, if not
more, on domestic developments in the Digital Deciders as international
negotiations and developments. If we want to bolster our version of the internet
—one where the internet is free, open, and global and sovereign internets are an
anomaly—we will need to do a better job of building a broad coalition.
In our 2014 report, we sought to identify a top 30 set of swing states, ranked in
order of importance. Today, such a ranking—even one backed by empirics—
would be highly subjective. Instead, we decided to focus on identifying the
Digital Deciders and evaluate these states based on: (1) how well a country’s
values align with a given camp, (2) how much influence a country has globally,
regionally, and within global cyber policy circles, and (3) the importance of the
internet to the country for things like governance, the economy, and society more
broadly. Our data tool has default settings, which give equal weight to five
different factors and produce a ranking based on that setting, but the tool is
designed to allow users to alter these weights. The subjective importance of
different members of the Digital Deciders will vary depending on how much
weight one puts on each of these categories. Readers can use our tool to assign
their own weights to value, influence, and importance categories.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 29
The full list of Digital Deciders is below, along with their evenly weighted
aggregate score. The higher the score, the more our data suggests a state is
influential and more closely aligned with the Global and Open approach.
Figure 7: 50 Digital Deciders (alphabetical order)
Country Aggregate Score
Albania 0.69
Argentina 0.75
Armenia 0.60
Bolivia 0.43
Bosnia and Herzegovina 0.52
Botswana 0.69
Brazil 0.73
Colombia 0.65
Congo (Republic of) 0.34
Costa Rica 0.74
Cote d'Ivoire 0.54
Dominican Republic 0.59
Ecuador 0.55
El Salvador 0.61
Georgia 0.69
Ghana 0.64
Guatemala 0.57
Honduras 0.49
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 30
Country Aggregate Score
India 0.63
Indonesia 0.66
Iraq 0.41
Jamaica 0.62
Jordan 0.59
Kenya 0.60
Kuwait 0.51
Kyrgyz Republic 0.52
Lebanon 0.60
Macedonia 0.51
Malaysia 0.57
Mexico 0.73
Mongolia 0.68
Morocco 0.46
Namibia 0.62
Nicaragua 0.33
Nigeria 0.52
Pakistan 0.35
Panama 0.64
Papua New Guinea 0.51
Paraguay 0.65
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 31
Country Aggregate Score
Peru 0.61
Philippines 0.59
Republic of Moldova 0.65
Serbia 0.69
Singapore 0.74
South Africa 0.68
Sri Lanka 0.57
Thailand 0.46
Tunisia 0.64
Ukraine 0.53
Uruguay 0.71
In�uence
Figure 8: The Top 20 Digital Deciders Ranked by Influence
Country Aggregate In�uence Score
Brazil 0.91
Indonesia 0.90
Mexico 0.89
India 0.86
Singapore 0.84
Botswana 0.81
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 32
Country Aggregate In�uence Score
Albania 0.78
Paraguay 0.77
Serbia 0.77
Jordan 0.76
Argentina 0.75
Colombia 0.75
Armenia 0.69
Lebanon 0.69
Uruguay 0.67
South Africa 0.66
Costa Rica 0.65
Mongolia 0.63
El Salvador 0.62
Malaysia 0.62
The Influence Score combines the international internet policy participation
score and the international political influence score and is meant to provide
insight into which countries may have an outsized impact or influence over
international internet policy. As a reference point, .52 is the global average
Influence Score and .61 is the average Influence Score for the Digital Deciders. To
that end, our data points to several expected regional leaders as potentially
crucial—Brazil, India, Indonesia, Mexico, and Singapore. Notably, Botswana and
South Africa both score well in Africa, while Serbia and Albania score highly in
Europe, each of their scores driven up by their consistent participation in global
internet policy processes. The scores of these countries suggest that engaging
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 33
them on internet governance issues has potential to scale as geographical and
cultural neighbors are likely to look to these influential countries for leadership.
Notably, of the Digital Deciders, Nicaragua and Bolivia are the only two countries
to score 0 on Internet Policy Participation, having not participated in the WCIT
vote or any of the UNGGEs and lacking ICANN GAC membership. This reality
sees them score at the bottom with regard to influence in this debate.
Whereas the Influence Score provides insight into which countries may be
particularly important to engage, the other scores, Value Scores and Internet
Reliance Score, provide insight into how to engage Digital Deciders countries.
Value Alignment
Figure 9: The Top 20 Digital Deciders Ranked by Value Alignment
Country Aggregate Values Score
Costa Rica 0.89
Georgia 0.82
Ghana 0.82
Argentina 0.81
Mongolia 0.78
Uruguay 0.77
Tunisia 0.75
Republic of Moldova 0.73
Botswana 0.72
Kenya 0.71
Jamaica 0.70
Namibia 0.70
South Africa 0.70
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 34
Country Aggregate Values Score
Mexico 0.68
Panama 0.68
Peru 0.66
Philippines 0.65
Albania 0.64
El Salvador 0.63
Serbia 0.63
The Value Score captures the extent to which a country rates highly on both
liberal internet values and liberal political values. The global average Value Score
is .49, while the Digital Deciders average Value Score is .60, the Global and Open
average is .83, and the Sovereign and Closed average is .30. Of the Digital
Deciders, 41 score above the global average on our Value Score, but only one
(Costa Rica) scores above the average of the Global and Open group.
What this means is that a values-based approach to engagement with this set of
countries on the issue of internet governance and control is likely to bear fruit. In
particular, the nine Digital Deciders members of the Freedom Online Coalition
(see Figure 7) are highly likely to be receptive to an approach that emphasizes the
benefits of a free and open internet, with two possible exceptions of Tunisia and
Mexico, both of whom score worse than the rest on current measurements of
internet openness and freedom. Of the Digital Deciders that rank highly on the
Value Score, Costa Rica, Ghana, and Tunisia have particularly strong civil society
presence, which may represent a similar opportunity to work with stakeholders
outside of the government.
Figure 10: The Nine Freedom Online Coalition Members of the Digital
Deciders
Country Aggregate Values Score
Costa Rica 0.89
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 35
Country Aggregate Values Score
Georgia 0.82
Ghana 0.82
Argentina 0.81
Mongolia 0.78
Tunisia 0.75
Republic of Moldova 0.73
Kenya 0.71
Mexico 0.68
Internet Reliance
Figure 11: The Top 20 Digital Deciders Ranked by Internet Reliance
Country Internet Reliance Score
Singapore 0.89
Kuwait 0.70
South Africa 0.70
Uruguay 0.67
Serbia 0.67
Republic of Moldova 0.65
Argentina 0.64
Brazil 0.63
Costa Rica 0.63
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 36
Country Internet Reliance Score
Georgia 0.63
Malaysia 0.63
Panama 0.62
Thailand 0.61
Mongolia 0.59
Albania 0.58
Ukraine 0.57
Armenia 0.57
Colombia 0.57
Bosnia and Herzegovina 0.57
Lebanon 0.56
The Internet Reliance Score provides an indication of the extent to which a
country relies on the internet to function. To measure this, we aggregate six
different sub indicators that measure internet penetration, social media use,
the robustness of local internet infrastructure and content, the extent to which
local businesses use and rely on the internet, the use of the internet for the
delivery of public services, and the country’s international internet bandwidth.
Like the Value Score, the Internet Reliance Score can indicate not only who to
engage in evangelizing the benefits of a more open and equitable internet, but
how to engage certain countries.
The starkest point that emerges from an exploration of our data is that Singapore
is far ahead of all other Digital Deciders in terms of internet reliance. Indeed,
Singapore scores the highest in the Digital Deciders on each of our sub indicators
and nearly 20 points higher on the aggregated score than the second highest
scoring country, Kuwait.
Of the Digital Deciders, Singapore, Malaysia, Indonesia, and South Africa are the
only countries to score higher than the global average on business usage,
43 44
45
46
47
48
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 37
suggesting that an appeal to industry and the current benefits of the global
internet may be inefficient with the majority of the Digital Deciders. However, an
appeal to untapped potential as they look around the world and see far more
connected businesses among peers and competitors may prove productive. A
study empirically drawing the correlation between increased business usage of
the internet and economic growth would aid such an endeavor.
While the Digital Deciders appear to lag behind the rest of the world with regard
to business usage of the internet, their populations’ reliance on social media and
virtual social networks appears to be roughly on par with the rest of the world.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 38
Conclusion
This report is meant to provide a framework for empirically analyzing the state of
internet governance around the globe. The metrics—and therefore the analysis—
will require periodic updates as new information becomes available. However,
the timing of this particular iteration is no coincidence.
It is impossible to ignore the context at the time of publication in late October
2018. ICANN is currently hosting ICANN63, its annual meeting, where it will
draft its next Five-Year Strategic Plan. In mere days, the ITU’s Plenipotentiary
kicks off in Dubai, where government officials will likely once again argue about
whether the internet falls under the ITU’s mandate. In early November, the
Internet Governance Forum will host its annual meeting in Paris, where some
governments, industry, and civil society will seek to rekindle interest in a
multistakeholder “Internet of Trust”. All the while, in the background, rumors
swirl of an impending proposal for a treaty codifying greater internet governance
authority in the hands of states from Russia and possibly others.
The conflict described in this paper will continue to play out in these
engagements, but all of this comes at a time when the internet is changing as
rapidly as it is growing. The next generation of telecommunications equipment
(5G), artificial intelligence, the cloud computing revolution, advances in
computing power, and the prospect of quantum computing just over the horizon
usher in an era of vast change and growth potential. But they also usher in an era
of intense competition for ideas, market access, information, and innovation.
Proponents of a global and open internet will need
to provide the tools, confidence, and pathway to
allow those in the Digital Deciders to drift towards
the global and open end of the spectrum and resist
the anchor pull of the sovereign and controlled
approach.
Those countries that have not reached a path dependent state with regard to the
character and governance of their internets—what we refer to in this paper as the
Digital Deciders—are in a moment of immense importance. Their actions now
49
50
51
52
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 39
and into the future are influenced by one another, by great powers, and—in many
cases—by corporate or civil society stakeholders.
Amidst the turbulence, are some constants. How the internet functions and is
controlled implicates the future of democracy and freedom of individuals. It
enables or constricts the ability of liberal democrats to message to the public—
both their own and that of the globe. It dictates the opportunity for companies
around the world and the security with which we conduct commerce and
communication over the internet.
As Eric Schmidt observed, "I think the most likely scenario now is not a
splintering, but rather a bifurcation into a Chinese-led internet and a non-
Chinese internet led by America.” Fragmentation, to the extent that we’ve
witnessed it thus far, has taken place mostly at the “Governance Tier” of the
internet or has consisted of alterations on rather than of the architecture itself.
This is positive for those who wish to—depending on your perspective—protect,
retain, or regain the global Internet. These forms of fragmentation are reversible.
However, while the underlying architecture of networked computing has not
been altered at a national level, the possibility that it will be cannot be ruled out.
The Russian government’s commitment to build its own Domain Name System
comes closest to doing so to date.
In 2015, Jason Healey and Barry Hughes used the International Futures
forecasting system to project the potential impact of different internet futures. In
their models, the Leviathan Internet—the scenario in which a series of national or
regional networks are dominated by national governments—has a “modest”
impact on the economy. In parallel, ICT inequality would increase, as smaller
nations with fewer resources would “struggle to build enough sovereign
infrastructure,” while larger nations have “enough scale to succeed.”
The global and open model is under pressure. One of the biggest challenges for
states going forward, regardless of which cluster they fit into, will be managing
security—both in relation to LikeWars and cybersecurity—while maintaining
openness. Proponents of a global and open internet will need to provide the tools,
confidence, and pathway to allow those in the Digital Deciders to drift towards
the global and open end of the spectrum and resist the anchor pull of the
sovereign and controlled approach. Furthermore, these proponents must prove
and present the merits of their approach. Every day they do not, Schmidt’s
splintering and Healey and Hughes’ Leviathan inch closer and closer to reality.
53
54
55
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 40
Notes
1 Jason Healey and Barry Hughes, Risk Nexus:Overcome by cyber risks? Economic bene�ts andcosts of alternate cyber futures (Washington, DC:Atlantic Council, 2015), 24, http://publications.atlanticcouncil.org/cyberrisks/risk-nexus-september-2015-overcome-by-cyber-risks.pdf.
2 Jason Healey and Barry Hughes, Risk Nexus:Overcome by cyber risks? Economic bene�ts andcosts of alternate cyber futures (Washington, DC:Atlantic Council, 2015), 12-20, http://publications.atlanticcouncil.org/cyberrisks/risk-nexus-september-2015-overcome-by-cyber-risks.pdf.
3 Peter Singer and Emerson Brooking, LikeWar: TheWeaponization of Social Media (Boston, MA:Houghton Mi�in Harcourt, 2018).
4 Robert Morgus and Justin Sherman, “Analysis:Tensions,” The Idealized Internet vs. Internet Realities(Version 1.0) (Washington, DC: New America, 2018),https://www.newamerica.org/cybersecurity-initiative/reports/idealized-internet-vs-internet-realities/analysis-tensions/.
5 Jason Healey and Barry Hughes, Risk Nexus:Overcome by cyber risks? Economic bene�ts andcosts of alternate cyber futures (Washington, DC:Atlantic Council, 2015), 24, http://publications.atlanticcouncil.org/cyberrisks/risk-nexus-september-2015-overcome-by-cyber-risks.pdf.
6 Milton Mueller, Networks and States: The GlobalPolitics of Internet Governance (Cambridge, MA: MITPress, 2010), 9.
7 Tim Maurer and Robert Morgus, Tipping the Scale:An Analysis of Global Swing States in the InternetGovernance Debate (Waterloo, Canada: The Centrefor International Governance Innovation and the RoyalInstitute for International A�airs, 2014), https://www.cigionline.org/sites/default/�les/gcig_paper_no2.pdf.
8 Tim Maurer, Robert Morgus, Isabel Skierka, andMirko Hohmann, Technological Sovereignty: Missingthe Point? (Berlin, Germany: Transatlantic DigitalDebates on Security and Freedom in the Digital Age),https://s3.amazonaws.com/www.newamerica.org/downloads/Technological_Sovereignty_Report.pdf.
9 Robert McMillan, “The FCC’s Vote To Protect NetNeutrality Is A Huge Win For The Internet,” WIRED,January 26, 2015, https://www.wired.com/2015/02/fcc-votes-yes-net-neutrality/. And The US FederalCommunications Commission, Open Internet Order,Adopted: February 26, 2015, https://www.fcc.gov/document/fcc-releases-open-internet-order.
10 Robert Morgus, “Russia Gains an Upper Hand inthe Cyber Norms Debate,” NetPolitics, December 5,2016, https://www.cfr.org/blog/russia-gains-upper-hand-cyber-norms-debate.
11 Credit for these points goes to Adam Segal of theCouncil on Foreign Relations.
12 David G. Post and Danielle Kehl, ControllingInternet Infrastructure: The “IANA Transition” and WhyIt Matters for the Future of the Internet, Part I,(Washington, DC: New America), https://static.newamerica.org/attachments/2964-controlling-internet-infrastructure/IANA_Paper_No_1_Final.32d31198a3da4e0d859f989306f6d480.pdf. And National Telecommunications andInformation Administration, “Fact Sheet: The IANAStewardship Transition Explained.” September 14,2016, https://www.ntia.doc.gov/other-publication/2016/fact-sheet-iana-stewardship-transition-explained.
13 David Bond, “‘Great British �rewall’ helps block54m cyber attacks,” Financial Times, February 4, 2018,https://www.ft.com/content/ece41146-081c-11e8-9650-9c0ad2d7c5b5.
14 Speci�cally, we assert that 37 countries havegovernance structures that favor a free and openinternet and 27 have governance structures thatemphasize sovereign control and political stability.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 41
15 Laura DeNardis, The Global War for InternetGovernance, (New Haven, CT: Yale University Press,2014), 16.
16 Rogier Creemers, Paul Triolo, and GrahamWebster, “Translation: China’s new top Internet o�ciallays out agenda for Party control online,” DigiChina -New America, Sepbember 24, 2018, https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-chinas-new-top-internet-o�cial-lays-out-agenda-for-party-control-online/.
17 ibid.
18 ibid.
19 United Nations General Assembly, Letter Dated 9January 2015 from the Permanent Representatives ofChina, Kazakhstan, Kyrgyzstan, the RussianFederation, Tajikistan and Uzbekistan to the UnitedNations addressed to the Secretary-General, 69thSession, Agenda item 91, January 13, 2015, Availableat: https://opene�ect.ca/code-conduct/
20 See, for example: David Johnson and David Post,“Law And Borders-The Rise of Law in Cyberspace,” Stanford Law Review 48 (1996): 1367-1390.For a discussionon the fallacies of borderlessness, see: Jack Goldsmithand Tim Wu, Who Controls the Internet? Illusions of aBorderless World, (Oxford, UK: Oxford UniversityPress, Inc., 2006).
21 Jack Margolin. “Russia, China, and the Push forDigital Sovereignty,” Global Observatory, December 6,2016, https://theglobalobservatory.org/2016/12/russia-china-digital-sovereignty-shanghai-cooperation-organization/.
22 ibid.
23 Elsa Kania, Samm Sacks, Paul Triolo, and GrahamWebster, “China’s Strategic Thinking on BuildingPower in Cyberspace, DigiChina - New America,September 25, 2017, https://www.newamerica.org/cybersecurity-initiative/blog/chinas-strategic-thinking-building-power-cyberspace/.
24 Pingp, The Great Firewall of China: Background,(Palo Alto, CA: Stanford University, 2011) https://cs.stanford.edu/people/eroberts/cs181/projects/2010-11/FreedomOfInformationChina/the-great-�rewall-of-china-background/index.html.
25 Collin Anderson, “How Iran is Building itsCensorship-Friendly Domestic Internet,” WIRED,September 23, 2016, https://www.wired.com/2016/09/how-iran-is-building-its-censorship-friendly-domestic-internet/. And Collin Anderson and Karim Sadjadpour, Iran’s Cyber Threat (Washington, DC: CarnegieEndowment for International Peace, 2018), 39-48,https://carnegieendowment.org/�les/Iran_Cyber_Final_Full_v2.pdf.
26 Andrei Soldatov and Irina Borogan, Inside the RedWeb: The Struggle Between Russia’s Digital Dictatorsand the New Online Revolutionaries (New York, NY:PublicA�airs, 2015). See and excerpt from the bookhere: https://www.theguardian.com/world/2015/sep/08/red-web-book-russia-internet.
27 Alexander Klimburg, The Darkening Web: The Warfor Cyberspace (New York, NY: Penguin Press, 2017)110.
28 The White House, National Cyber Strategy of theUnited States of America, September 2018, https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf.
29 ibid.
30 Government of France, Stratégie Internationale dela France pour le Numérique (French InternationalDigital Strategy), December 2017, 14, https://www.diplomatie.gouv.fr/fr/politique-etrangere-de-la-france/diplomatie-numerique/strategie-internationale-de-la-france-pour-le-numerique/.
31 Government of the United Kingdom, NationalCyber Security Strategy 2016-2021, November 2016,63, https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 42
32 William Alan Reinsch, “A Data Localization Free-for-All?” Center for Strategic & International Studies,March 9, 2018, https://www.csis.org/blogs/future-digital-trade-policy-and-role-us-and-uk/data-localization-free-all.
33 Milton Mueller, “Is cybersecurity eating internetgovernance? Causes and consequences of alternativeframings,” Digital Policy, Regulation and Governance19, no. 6 (2017): 415-428, https://www.emeraldinsight.com/doi/pdfplus/10.1108/DPRG-05-2017-0025.
34 This trend is illustrated by the movement towardsthe center of every Open Internet country in FigureFigure 1 from 2014 to present day.
35 Lora Kolodny, “Former Google CEO predicts theinternet will split in two—and one part will be led byChina,” CNBC, September 20, 2018, https://www.cnbc.com/2018/09/20/eric-schmidt-ex-google-ceo-predicts-internet-split-china.html
36 Richard Fontaine and Daniel M. Kliman,“International Order and Global Swing States,” Washington Quarterly 36, no. 1 (2013): 93, https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_�les/�les/publication/TWQ_13Winter_FontaineKliman.pdf.
37 Tim Maurer and Robert Morgus, Tipping the Scale:An Analysis of Global Swing States in the InternetGovernance Debate (Waterloo, Canada: The Centrefor International Governance Innovation and the RoyalInstitute for International A�airs, 2014), https://www.cigionline.org/sites/default/�les/gcig_paper_no2.pdf.
38 See: Robert Morgus, Jocelyn Woolbright, andJustin Sherman, “Appendix: Methodology andDescription of Indicators,” The Digital Deciders: How agroup of often overlooked countries could hold thekeys to the future of the global internet (Washington,DC: New America, 2018), [insert link to methodologyannex]
39 United Nations General Assembly, Letter Dated 9January 2015 from the Permanent Representatives ofChina, Kazakhstan, Kyrgyzstan, the RussianFederation, Tajikistan and Uzbekistan to the UnitedNations addressed to the Secretary-General, 69thSession, Agenda item 91, January 13, 2015, Availableat: https://opene�ect.ca/code-conduct/
40 It’s worth noting that Qatar also scores well in thein�uence categories, but this is likely no longer thecase today due to tensions in the Persian Gulf.
41 Freedom Online Coalition, ”About Us,” FreedomOnline Coalition, https://freedomonlinecoalition.com/about-us/about/.
42 The ITU’s Global Cyber Index and Cyber Green’sRisk Exposure Score. See:The InternationalTelecommunications Union, Global CybersecurityIndex (GCI) 2017, (Geneva, CH: The InternationalTelecommunications Union, 2017) https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf.And CyberGreen, “DDOS,” CyberGreen, https://stats.cybergreen.net/risk/ddos.
43 internet live stats, “Internet Users by Country(2016),” internet live stats, July 2, 2016, http://www.internetlivestats.com/internet-users-by-country/.
44 World Economic Forum, “Indicator 6.07: Use ofVirtual Social Networks,” Networked Readiness Index2016 (2016), http://reports.weforum.org/global-information-technology-report-2016/networked-readiness-index/?doing_wp_cron=1538600332.6636118888854980468750.
45 World Economic Forum, “3rd Pillar - Infrastructureand Digital Content,” Networked Readiness Index 2016(2016), http://reports.weforum.org/global-information-technology-report-2016/networked-readiness-index/?doing_wp_cron=1538600332.6636118888854980468750.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 43
46 World Economic Forum, “7th Pillar - BusinessUsage,” Networked Readiness Index 2016 (2016),http://reports.weforum.org/global-information-technology-report-2016/networked-readiness-index/?doing_wp_cron=1538600332.6636118888854980468750.
47 United Nations, “E-Government DevelopmentIndex,” United Nations Department of Economic andSocial A�airs, https://publicadministration.un.org/egovkb/Data-Center.
48 World Bank, “Int’l Internet bandwidth, kb/s peruser,” World Bank, https://tcdata360.worldbank.org/indicators/entrp.inet.bandwidth?indicator=3405&viz=line_chart&years=2012,2016.
49 ICANN, “Update on ICANN’s Strategic PlanningProcess,” The Internet Corporation for AssignedNames and Numbers, August 8, 2018, https://www.icann.org/news/blog/update-on-icann-s-strategic-planning-process.
50 Dominique Lazanski, “What to Expect at the 2018Plenipotentiary Meeting,” Net Politics, October 1,2018, https://www.cfr.org/blog/what-expect-2018-itu-plenipotentiary-meeting.
51 Internet Governance Forum, “IGF 2018: Internet ofTrust,” Internet Governance Forum, 2016, https://www.intgovforum.org/multilingual/.
52 David Ignatius, “Russia is pushing to controlcyberspace. We should all be worried.” WashingtonPost, October 24, 2017, https://www.washingtonpost.com/opinions/global-opinions/russia-is-pushing-to-control-cyberspace-we-should-all-be-worried/2017/10/24/7014bcc6-b8f1-11e7-be94-fabb0f1e9�b_story.html?noredirect=on&utm_term=.70be63bd5a02.
53 Lora Kolodny, “Former Google CEO predicts theinternet will split in two—and one part will be led byChina,” CNBC, September 20, 2018, https://www.cnbc.com/2018/09/20/eric-schmidt-ex-google-ceo-predicts-internet-split-china.html.
54 Robert Morgus and Justin Sherman, “GovernanceTier,” The Idealized Internet vs. Internet Realities(Version 1.0) (Washington, DC: New America, 2018),https://www.newamerica.org/cybersecurity-initiative/reports/idealized-internet-vs-internet-realities/framework-background/#governance-tier.
55 Jason Healey and Barry Hughes, Risk Nexus:Overcome by cyber risks? Economic bene�ts andcosts of alternate cyber futures (Washington, DC:Atlantic Council, 2015), 20, http://publications.atlanticcouncil.org/cyberrisks/risk-nexus-september-2015-overcome-by-cyber-risks.pdf.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 44
This report carries a Creative Commons Attribution4.0 International license, which permits re-use of NewAmerica content when proper attribution is provided.This means you are free to share and adapt NewAmerica’s work, or include our content in derivativeworks, under the following conditions:
• Attribution. You must give appropriate credit,provide a link to the license, and indicate if changeswere made. You may do so in any reasonable manner,but not in any way that suggests the licensor endorsesyou or your use.
For the full legal code of this Creative Commonslicense, please visit creativecommons.org.
If you have any questions about citing or reusing NewAmerica content, please visit www.newamerica.org.
All photos in this report are supplied by, and licensedto, shutterstock.com unless otherwise stated. Photosfrom federal government sources are used undersection 105 of the Copyright Act.
newamerica.org/cybersecurity-initiative/reports/digital-deciders/ 45