When the network of the internet and related systems was first imagined, those who built it had a rose-colored view of humanity. They created a cyber-world without borders and, to a very large degree, without regulation or limitation.
This network sparked the growth of a digital economy that, today, contributes to roughly one-quarter of the growth of the world’s GDP. The internet and digital economy are global in ways that we could have only imagined just a few short years ago. For service providers and most end users, the network knows no boundaries and the practical barriers to making a purchase or providing a service to a customer in another country are minimal.
But this marvel of human enterprise is at risk. The mishandling of private information has undermined trust in providers and led some governments to enact new privacy protections and penalize companies who violate them. Authoritarian states are working to cut off their corner of the internet from the rest of the world or create artificial intelligence-powered surveillance networks to limit free speech and maintain government control. Others have created data residency requirements, requiring providers to physically store their citizens’ data in country to ensure the application of domestic law to their data. Some states have enacted laws allowing government officials to force companies to alter their products to afford law enforcement future access to communications.
While some of these actions have been undertaken with the best of intentions, all, to varying extents, move us closer to the end of the global network as we know it. States seek to apply traditional notions of sovereignty based on territorial limits to a global digital network that erases borders and boundaries. Services, technology, information, personal data, and digital goods move seamlessly across borders and challenge conventional notions of national control and authority. In such an environment, individual sovereign actors can develop new requirements for providers to meet, cause new conflicts of law for companies that operate globally, make it more difficult for users to access information stored in other countries, and create disparate regulatory regimes and levels of protection for end users.
This fundamental disconnect requires us to rethink how we approach the interconnected issues of digital security, privacy, and emerging technologies such as 5G networks and artificial intelligence. No single country can make decisions on any one of these issues without affecting the privacy, security, and technological access afforded to both their citizens and those beyond their borders. Continued, conflicting, unilateral actions help to ensure the breakdown of the global network as countries make increasingly incompatible decisions.
The only way to address the situation is through coordinated action, particularly among free and democratic countries on rules relating to security, transparency, and privacy. The need for such cooperation was the focus of my remarks yesterday at the Atlantic Council’s International Conference on Cyber Engagement, an annual conference organized by Dr. Catherine Lotrionte. Our friends in Europe have also spoken in favor of such cooperation, as European Commissioner Věra Jourová did earlier this month before the Brookings Institution. Broad, truly international consensus may be exceedingly difficult, especially when the interests of authoritarian regimes such as China, Russia, and Iran are so different from those of free and democratic countries in the West. But coordinated action between the United States and its like-minded allies would lead to more consistent requirements, stronger data protection, and continued security for our valued civil liberties. This consensus would also retain as broad and open a network as possible, within the bounds of ordered liberty, as a way of advancing democratic values.
Fortunately, such efforts are already underway. The “Paris Call,” signed by more than 60 governments and more than 100 other organizations (though not the United States) is a worthy start. The Call recognizes that cyberspace is both a place of opportunity and of new threats arising from cybercrime and malicious activity. It urges nations to work together and collaborate with the private sector to secure citizens’ rights and protect them online just as they do in the physical world.
Though the Paris Call lacks any binding commitments, the mere existence of a broad, democratic consensus on the necessity for collective action in support of the network’s continued vitality is, by itself, an achievement of sorts. And if that small beginning leads to greater coordination and consensus among democratic countries then we may yet forestall a complete fracturing of the network and allow consensus on both data privacy and the rules that should govern emerging technologies.
Reaching consensus, even exclusively within the democratic sphere of influence, will not be easy. But we have seen some recent efforts that offer hope for the convergence of democratic values around widely-accepted norms of behavior. Take, as one example, Europe’s General Data Protection Regulation (GDPR). GDPR is complex, and has generated significant controversy, but its adoption has helped to demonstrate the value of liberal, democratic coordination. It is likely to drive a discussion that will result in the convergence of privacy perspectives within the international community – at least that portion of the community that is not avowedly authoritarian in nature.
This type of coordinated effort by free and democratic countries is essential. Such nations need to stop looking at various cyber issues as independent problems, and begin to consider their broader, global implications and how they ultimately impact the global digital economy, emerging technologies, our individual security, and our civil liberties. Only through that sort of unified approach can we help ensure that the global network we know today avoids death by a thousand cuts.
Michael Chertoff is executive chairman and co-founder of The Chertoff Group, a security and risk management advisory firm, and served as secretary of the Department of Homeland Security (DHS) from 2005-2009. He is the author of “Exploding Data: Reclaiming Our Cybersecurity in the Digital Age.”