This week, diplomats, academics and policy activists will convene in Bali to discuss the future of Internet governance. Exactly what will come out of the 2013 Internet Governance Forum is hard to say, but we believe it will not go well for the delegation from the United States.
For more than a decade, parties interested in the problem of computer, information or cyber security have warned of a digital doomsday, the electronic Pearl Harbor event. The general prognostication around such event, most recently invoked at the highest levels of the U.S. government at a speech by departing defense secretary Leon Panetta last year, is that society should be concerned by mass disruption of the communications infrastructure and all of the other infrastructure pieces connected to it. If Pearl Harbor was the greatest intelligence failure in U.S. history, then allow us to offer that the Snowden leaks are the greatest intelligence failure our country has seen in the digital age.
This is because the Snowden leaks make it no longer permissible for the United States to exert global leadership regarding the governance of the Internet, as it has since the Internet’s departure from the labs of government and academia to become the de facto global communications system. President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation.” Unfortunately, the Snowden leaks call that commitment into question.
This is not naïveté regarding what Snowden revealed and the machinations of the intelligence community. The American taxpayer expects America’s spy agencies to spy on foreign entities while upholding U.S. law. As more than one intelligence officer has told us, “We’re in the business of breaking foreign laws to achieve our goals, not U.S. laws.”
What has gone wrong is a failure of oversight in intelligence aimed at cyberspace, the tapping of the Web. With the rise of the Internet and its proliferation to more than two billion of the world’s inhabitants, there is clear value in aiming signals intelligence capability at it. Hacking the computers of foreign leaders and vacuuming up data from threatening regimes is something we should expect the National Security Agency to do. Undermining the computer security of the products of the U.S. IT industry and attempting to subvert the science of cryptography is not.
Why leaks through the actions of a low-level contract systems administrator like Snowden should be considered a uniquely important event is because of their ramifications to how the Internet will be run moving forward.
Although countries opposed to the Internet freedom agenda of the United States, such as Russia and China, have long waged a campaign urging movement of Internet governance from the U.S.-based International Corporation for Assigned Names and Numbers (ICANN), other important powers once generally supportive of the ICANN status quo now appear to be ready, post-Snowden, for change. The days of American soft power hegemony covering the governance of the Internet appear to be waning. Countries like Brazil and India were surprised and upset by the level of digital espionage undertaken by the NSA against them — it exceeded whatever threshold they believed was acceptable of an ally willing to supply them with sophisticated armaments and intelligence.
Brazil and India were generally supportive of the multi-stakeholder governance model, with ICANN at its center, during the 2012 World Conference on International Telecommunications in Dubai. Brazil forwarded 10 principles for the governance and use of the Internet at that meeting and will no doubt revise them in line with the strong rebuke sent by Brazil’s president, Dilma Rousseff, following the alleged targeting of Brazil’s national oil concern by Canada’s signals intelligence service, CSEC. Up until the Barack Obama-Xi Jinping summit in June (which kicked off while Snowden was incommunicado in Hong Kong), the U.S. made great hay over Chinese economic cyber-espionage activities. No more.
Snowden’s leaks add up to a fairly significant invalidation of two core tenets of the intelligence operations undertaken by the United States and its “Five Eyes” partners, Australia, Canada, New Zealand and the UK: first, that the individual privacy of citizens of those nations isn’t infringed upon by their intelligence activities (see “metadata” and “PRISM”), and second, that those countries are above conducting some form of economic espionage via cyberspace. This is an enormous reverse for the United States, the chief setter-of-norms for cyberspace, an area of economic and social activity largely constructed and built out by firms in Silicon Valley. While we should worry about a cyber attack that makes the lights go out, we should accept the magnitude of the Snowden leaks and the degree to which the desire for intelligence at any cost has damaged the United States’ capacity to continue as the ultimate steward of the Internet.
Christopher Bronk is the Baker Institute fellow in information technology policy. He previously served as a career diplomat with the U.S. Department of State on assignments in Mexico, overseas and Washington, D.C. Follow him on Twitter at @techpologist.
Wm. Arthur Conklin is an associate professor at the University of Houston, where he directs the cybersecurity program.