Global Internet, Global Regulations
Zahra Niazi, Third Prize, Undergraduate Category, Essay Contest 2019
January 31, 2020
Zahra Niazi is an undergraduate student from Pakistan with a keen interest in writing. Her research interests include arms control, disarmament, and any study of peace and security in international relations.
As I being a Pakistani begin to write my essay, I am once again reminded of the established "nuke threat" in the South Asian subcontinent. Within this theme, the worst case scenario that I can imagine is that of the 1983 film "war games" sort of a situation where a cyber-attacker hacks into the military installation operating a missile command supercomputer, something that has the potentiality of triggering an accidental nuclear war. The term cyberwarfare, cyberwar, or cyberattack encompasses the penetration of another nation's computer networks with the intent of causing disruption and vandalization through botnets, viruses, and DoS with the insecure and vulnerable nature of the Internet design being the major facilitator. And today, the technological advancements on such an unprecedented scale have allowed for their exploitation and thereby the sharpening of the weapons by cybercriminals that has ultimately stepped up the calls for regulatory measures in this domain.
However, before embarking upon a detailed discussion as for the regulation of cyberspace or the Internet, one needs to look into the relatable conflicts of opinion among states concerning the sovereignty over the cyberspace. On the one extreme are those who argue that cyberspace or the Internet is an international commons comparable to the common territories, the exclusive exceptions to the Westphalian sovereignty that has overlong governed international relations. The reason being the fact that although various firms and institutions that are responsible for issuing the Internet protocol addresses own Internet access but this by no means imply an ownership of the Internet itself. Having said that, the cyberspace also stands in need for regulatory solutions likewise as has been the case with other international commons. However, on the opposite end are the states which believe that regulation of cyberspace ought to be governed by the general principle of sovereignty but the aforementioned category rightfully opposes the idea on the premise that this could be a stumbling block to the free flow of information. States belonging to this latter category however have approbated the applicability of the existing international law—principles such as the principle of distinction, proportionality, necessity, etc.—to cyberspace. Nevertheless, as long as there is no explicit mentioning of cyberspace in the subsisting regimes, they will fail to entirely govern this domain no matter the amount of consent.
The reverberation of the difference of opinion has been a deadlock towards the creation of a new legal regime governing the cyberspace—a deadlock that has been inimical to the collective interest to all of humanity. The opposers of lex specialis although could be deemed as protecting their sovereign rights but at the expense of the sovereign interests of the entire international community.
For my purpose, I would second the viewpoint of those who cognize this major characteristic of the Internet as being a global commons. For me, It is then the ethical responsibility of the most influential agents within the system that comprise the sovereign nation states to put in place mechanisms for the collective administration of the Internet. However, given the impracticality of collective management without the existence of a governing body, the proposal then is to allow for the establishment of a legal regime governing the cyberspace and within it a special governing body that performs the requisite purpose of shared management of the Internet commons so as to avert the potential "tragedy of the commons." This latter concept stems from Garret Hardin's noteworthy composition titled as "The Tragedy of the Commons," according to which individuals who by acting independently according to their self-interest exploit the resource and behave in ways that are detrimental to the good of the entire group. Similarly, it is in the realm of Internet as well that the exploitation and self-interest begets a damage in the physical environment. Hence, given the fact that the potential Internet tragedy of the commons is a shared problem, entrusting the responsibility to a single stakeholder such as the Internet service providers is nothing short of a folly.
Although the Internet Corporation for Assigned Names and Numbers (ICANN)—a non-profit organization—is one such agency that currently performs a limited administrative role, an exhaustive body is still non-existent. The prior and the foremost prerequisite however is a consensual acknowledgement of the Internet as being a global commons.
Additionally, there is a widely held belief that a state has the moral duty to protect its citizens from all kinds of threats be it internal or external as per Jean-Jacques Rousseau's social contract theory. This theory is the view that where the citizens pledge to obey an authority and surrender a part or the whole of their freedom, the authority ought to guarantee everyone the protection of their life, property, and to an extent liberty. For me, a natural corollary of this duty is an ethical responsibility of the states to come together to devise ways that best protect the citizens of those individual states from the communal threats and in this case-the common Internet threats. And hereby the states ought to recognize that the principle of sovereignty and the reliance on this principle in the context of the management of cyberspace only tends to impede its regulation given the fact that today the incidents of cyber-attacks could have cross border implications. The Estonian case, or the Stuxnet, have been the perfect manifestations of the cyber-attacks where civilians had to bear a sizeable brunt considering that the disruption of social services largely impacted upon the public welfare.
Moreover, regulation shall also entail making advances in the domain of artificial intelligence so as to allow for an immediate detection of the imminent threats and a timely response to the malicious activities. And the collective administration would not only confine its benefits to the technologically advanced states but would also allow for a shared benefit from the advancements made in the field of AI and cybersecurity.
Additionally, any new legal regime covering the regulatory body shall also clarify as to when a cyber attack reaches to the level of an armed attack and shall provide for the enforcement mechanisms.
For many, privacy shall be the prioritized cyber ethic entailing the Internet regulation. At first blush, as much as the terms "Internet privacy," "online privacy," or the "freedom of expression" entice me, I am sure they appeal to you as well. However, as being a citizen of a state which has been facing several national security threats, I am forced to ruminate on the much debatable topic of "privacy versus security" or to put it differently, "human security versus national security." And having weighed it up, I have reached the conclusion that I wouldn't really mind if am being secured at the cost of the invasion of my privacy by any of the Internet regulatory bodies given the fact that the cyber-attacks today could pose significant effects on national security and the economy of the state and ultimately, the livelihood and safety of individuals. As a matter of fact, as long as you are not doing something wrong, any limited invasion of your privacy shouldn't really bother you. And the paradox itself is that the lesser the amount of control, the higher the possibility of the unauthorized invasion of the data by the attackers.
However, I also agree that more needs to be done so as to safeguard the personal information once received by those regulatory bodies so as not to allow an easy accessibility by other members possessing malicious agendas. Any new endeavors shall therefore put the attribute of confidentiality or data privacy at the forefront. For surveillance purposes thereby, there shall be data regulators in the individual states under the collective administrative set-up. And it needs to be understood that this would not diminish the Internet's character as a global space but would only act to strengthen it.
Furthermore, as for the argument that the Internet covers the realm of the common heritage of mankind, the ethical obligation then also naturally extends to me, to you and to each one of us, for behaving appositely while using the commons. For it is only the selfish interests of the participants while using the commons that begets its tragedy. However, I also reckon that although, we as being the users of the commons are ethically responsible to unilaterally regulate our use of the Internet but these non-aligned and self-regulatory endeavors will remain futile unless all or most of the participants are cognizant of the requisite duty. This somehow also tends to dilute the responsibility on the part of the individual participants for the unilateral regulation. Having said that, the foremost responsibility currently remains in the hands of the states to allow for the coordination of shared management to administer the Internet commons. And as they say, better late than never.