The Future of the Network?
The internet is rapidly moving to a vastly different reality from that to which people have become accustomed today. The concept of cyberspace as sovereign territory combined with increasingly divergent political systems across the world will affect dramatic change on the internet and its up-to-now universal nature. The free exchange of ideas and information that has come to characterize the World Wide Web is therefore likely to become increasingly restricted and policed by national accession regulations mirroring those of real-world national borders. Resultantly, the world is likely to lose the seamless interconnectedness of online communication, and instead move toward competing governing models that mirror the unfolding great power competition, primarily between the U.S. and China, but involving other nations too. This great power competition is manifesting itself online through control of information, power over regulations, and their influence on other countries’ internets. Resultantly, developing a “competitive partnership” that maintains the benefits of a universally accessible internet might become increasingly difficult. It will be for policymakers to decide which path ultimately leads to greater prosperity.
The move to disaggregate the internet has been slowly occurring over a much longer period of time than many will realize, however. And in a more muted way than many will appreciate. In 2003, with the purported purpose of strengthening Wi-Fi security, the Chinese government initiated the WLAN (wireless local area networks) Authentication and Privacy Infrastructure (WAPI). WAPI is a Chinese National Standard for WLAN that mandates wireless devices sold in China to include WAPI support. Foreign companies conducting business in China are required to comply and those selling connected devises must ensure their products are compliant with WAPI.
WAPI’s importance is better understood in the wider context of China’s laws. Foreign companies operating in China must sign a co-production agreement with a limited number of specifically designated Chinese companies. These Chinese partner firms can demand full disclosure of foreign technological intellectual property, claiming the law is impossible to implement without access to specific intellectual property. Concurrent with this, the 2014 Counter-Espionage Law and 2017 National Intelligence Law require companies to “support, assist, and cooperate” with the state’s intelligence network, effectively making companies unable to protect any data and information from government demands and making them an indirect intelligence collection asset to the Chinese Communist Party (CCP). The law extends to include employee rosters and customer lists, effectively granting the CCP access to the personal data a company holds on anyone worldwide. China has formulated this law to extract valuable information from all businesses operating within its borders and WAPI is one tool that helps achieve this. Because WAPI would require software compliance on all products produced in China, a foreign vendor who wants access to the Chinese market would have no pushback against such demands.
Conversely, the US has been slowly expanding its list of export controls on semiconductor related products as well as sensitive materials and technology to China via the Department of Commerce’s Bureau of Industry and Security Entity List. The Entity List, which gained the addition of China’s largest semiconductor manufacturing company, Semiconductor Manufacturing International Corp. (SMIC) in September 2020, now includes more than 300 Chinese companies.
Separating Internet Protocols
In April 2020, to end reliance on the U.S for internet stability and security, China announced the opening of a facility that would allow the onshoring of IPv6 addresses, instead of relying on the California-based ICANN. The Future Internet Test Infrastructure (FITI) at Tsinghua University in Beijing will grant control of IPv6 address issuance to China, which has the highest number of IPv6 addresses in the world.
The Chinese government plans to go even further in developing its ‘internet sovereignty’ though. The New Internet Protocol (New IP) being spearheaded by Chinese technology companies and proposed to the United Nations International Telecommunication Union, (ITU), a specialized agency of the United Nations responsible for all matters related to information and communication technologies, last year, will introduce an alternative, top-down design of the internet where access is strictly controlled by the government. Internet access and the ability to run a website will be at the government’s, rather than the user’s discretion. This New IP, therefore, holds the potential to allow authoritarian countries governmental control over just about everything taken for granted on the internet today, notably privacy, freedom of speech, and access to information. Furthermore, many experts fear that under New IP, state-owned service providers will not only reserve the right to block access to the internet, but will also have control and oversight of every device connected to the network.
At the ITU in 2020, Huawei, China Unicom, China Telecom, and China’s Ministry of Industry and Information Technology (MIIT) proposed the New IP. The proposal is supported by Russia, Iran, Saudi Arabia, and other partner nations of the Digital Silk Road. It will likely change what the internet will look like and intensify the balkanizing of the internet while providing authoritarian states more control over internet service providers and internet users.
Decentralizing Internet Governance
Owing to ICANN’s link to the U.S. government, China, Russia, and other countries are proposing the United Nations be in charge of future internet governance via the ITU under a new “International Code of Conduct on Information Security” model that would put states in control of the internet by routing traffic through in-country servers, rather than, as is currently the case, the United States. Combined with New IP, this will present governments with the ability to impose limits on personal privacy and contrasts the U.S. and Europe’s favored continuation of an open internet.
The rationale behind the proposal lies in nations’ desire for sovereignty of cyberspace and ‘data sovereignty’ - the idea that data is subject to the laws of the country where it was collected. The proposed changes would not only significantly enhance the effectiveness of Chinese control of the internet, but also change the international rules governing it and significantly expand its surveillance reach.
Steps have already been taken by China and Russia to realize this ambition. During the World Conference on International Telecommunications in 2012, they, supported by several other nations, drafted a proposal to give greater control of the internet to ITU member states.
Splintering of Content, Data Privacy, and Data Use Standards
The nefarious reasons for these propositions can be seen in other actions already taken. Since 2015, all domestic and foreign internet companies in Russia have been obliged to ensure the recording, systematization, accumulation, and storage of the personal data of citizens on servers physically located within the country. Further, in 2016, Federal Law Number 242-FZ has required that all databases containing personal data of Russian citizens be located in Russia. And since the introduction of Yarovaya’s Law (374-FZ and 375-FZ), telecommunication companies have been mandated to store the content of text messages, phone conversations, images, and videos for six months, as well as their metadata for three years within Russian territory. They must provide this information to security services upon request. These steps towards balkanization were accelerated by Russia’s invasion of Ukraine, after which access to western websites, especially social media, was strictly curtailed, banned, or withdrawn by the website owners.
Likewise, China is introducing a social credit system designed to reward ‘good’ behavior and deter ‘bad’ behavior by tracking the movement and actions of its citizens. The system will rely on the ability to collect the personal data and habits of each Chinese citizen, including purchasing habits, location, socializing habits, and fidelity to the law. It will, furthermore, require the control of access to the internet in order to effectively manage, making New IP a central component of its operation.
US Innovation and Competition Act
As the digital economy and internet of things become increasingly ubiquitous in everyday life, this trend could intensify. The US Innovation and Competition Act (USICA) of 2021 contains provisions within it that are likely to further pull the internet apart. USICA will increase U.S. engagement in international standards-setting bodies (SSBs), encouraging the participation of the U.S. private sector in these bodies, and better understanding China’s growing influence in international organizations of all types. This ambition includes increased participation in technical standards as a matter of strategic importance.
The Chinese government is, meanwhile, creating a Chinese digital currency, controlled by the People’s Bank of China, which will add an increased layer of oversight over businesses’ operations in China.
Compounding the emerging siloes of various legal frameworks is the balkanization of the supporting infrastructure and equipment. The US has launched the Clean Network initiative, resulting in the US, the UK, the EU, and Australia all restricting products from Chinese companies, such as Huawei and ZTE, from their 5G infrastructure for security reasons. In retaliation, China is threatening to ban the Swedish company Ericsson’s operations in China in a move that may become representative of the future. Other countries and technology firms may be forced to choose between supplying Chinese or Western markets in what is becoming a mutually exclusive decision.
The introduction of 5G and the Internet of Things (IoT) that it engenders will add an additional layer of disintegration to this challenge that could have serious ramifications for the globalized nature of not only the internet, but swathes of finished goods. The interconnectedness of smart homes and smart cities makes their vulnerability in a cyber-attack, and thus, place in national security incompatible with sourcing from adversarial nations. This will likely necessitate strict sourcing standards for traditionally benign goods – fridges, watches, TVs, streetlamps, parking meters, for example - including the barring of certain manufacturing sources.
The implications for how businesses comply with this mix of different hardware and regulatory standards in future is likely to have far-reaching implications. From an efficiency perspective, it could eventually crush the economies of scale we have come to know in terms of technology development and the ease of doing business that it has engendered. A product currently requiring 2,000 engineers to scale to an international level may instead come to require 20,000 engineers developing the same product 10 different times to satisfy the varying regulations across different jurisdictions. Consequently, both the pace and cost of progressing the internet and its associated technologies may be compromised.
What this balkanized information ecosystem portends in practice is a citizenry that could potentially have access to completely different sets of information about current affairs and perhaps a very splintered worldview of reality. Countries with authoritarian governments are already creating environments where censorship is easier achieved and occurs with far greater frequency. Already a complex network of national laws and regulations, and centrally administered firewalls is facilitating the removal, by some governments, of access to disruptive material, silencing of dissidents, and crushing of free expression online. This is likely only to intensify as the internet balkanizes even more.
How the Internet Is Structured Today
In its most simplistic sense, the internet is structured around internet protocols. Internet protocols are the function of the internet tasked with transporting a message from the source to its destination in an interpretable way to end users across different networks and operating systems. They act in a similar fashion to a digital postal system connecting the source and destination of information through an address unique to each side of the communication.
Internet Protocol version 6 (IPv6) is the most recent version. IPv4, the previous protocol, faces exhaustion of the finite number of addresses it was developed with. Because the original Internet architecture had fewer than 4.3 billion addresses available, depletion has been anticipated since the late 1980s, when the Internet started experiencing dramatic growth. This depletion is one reason for the development and deployment of its successor protocol, IPv6, which allows much higher theoretical limits on the number of IP addresses than IPv4.
At a more detailed level, there are a variety of inter-connected networks composed of four layers:
- the “link” layer that delivers local packets over different operating systems;
- the “network” layer that delivers global packets across different interconnected networks;
- the “application” layer, providing protocols that present the data as an interpretable presentation, for example, the webpage design; and
- the “transport” layer, providing reliable data transfer services to the other layers.
Additionally, the Domain Name Service (DNS) is the Internet's system for mapping alphabetic names to numeric Internet Protocol addresses.
Recent Rulemaking that Illustrates the Trend
In April 2021, the EU released its proposal for Artificial Intelligence (AI) regulations. The proposal bans some uses for AI like “social scoring” as seen in China and regulates uses considered high-risk such as facial recognition in public settings. The jurisdiction of the regulation covers AI systems providers in the EU regardless of where the provider is located, as well as AI systems users located within the EU, and providers and users located outside the EU where the output produced by the system is used in the Union.
The proposed law would, therefore, extend the EU’s jurisdictional reach to companies without a market presence in the EU that use AI systems to process data about EU citizens. Despite issues, the proposal
is a comprehensive start to the legislative process in Europe and might prove to be the basis for trans-Atlantic cooperation towards a common regulatory net over a consequential emerging technology, as outlined by White House National Security Adviser Jake Sullivan.