Do the NSA revelations have anything to do with Internet governance?

Editors note: This blog post is based on a talk given at the New America Foundation December 5, 2013. Thanks to Tim Maurer and Kevin Bankston for hosting the talk

The evolution of Internet governance has been characterized by a tension between the Internet’s organically evolved governance institutions and nation-states. The native Internet institutions, such as IETF, IANA/ICANN, the Internet Society, and the regional Internet address registries (RIRs) are transnational in scope and rooted in non-state actors. Governments on the other hand are seeking to reassert traditional forms of territorial authority over communications in the context of the internet. In this struggle, non-state actors had a first-mover advantage. The Internet succeeded in creating a globalized virtual space before states really knew what was happening. But with the World Summit on the Information Society (2003-2005) and later in the ITU’s 2012 World Conference on International Telecommunications (WCIT), there was a confrontation between state sovereignty and the native institutions. The WCIT process polarized the controversy, fragmenting support for a new treaty on International Telecommunication Regulations (ITRs).

The NSA revelations

Into this deadlock came the NSA spying revelations. The information released by Snowden had huge repercussions in Internet governance:

  • It revealed the massively increased scale and scope of state surveillance that has come with increased power of info processing technology and increased reliance on the Internet.
  • It touched upon the role of the state in cyberspace at the most fundamental level – the level of military power and national security. This was not just about terrorism, as the news about spying on Angela Merkel or Dilma Rousseff showed, but also about routine ways of enhancing the power of knowledge of one state relative to all the others.
  • It made clear the pre-eminence of one state and its partners, the USA and the “five eyes,” in the environment of Internet and communications surveillance.
  • It revealed a troublesome relationship between the public and private sector. The NSA achieved its enhanced capabilities by leveraging the services and infrastructures of private Internet service providers. This in turn made it appear as if US economic superiority on the Internet is linked to US military and intelligence superiority.
  • It may trigger reactions from other states that could lead to a more nationally partitioned internet, e.g. through data localization laws or restrictions on transborder data flows.
  • It threatened in a very fundamental way the claim that the US had a special status as neutral steward of Internet governance, which had major implications for US oversight of ICANN. It made it clear that in national security matters, American exceptionalism is dead; if the U.S. can kick Huawei out of the US market and warn South Korea not to use its equipment because of fears of backdoors and spying, why would we not expect other countries to react to NSA use of our Internet infrastructure and private sector Internet services in the same way?

IG and the NSA revelations

So it’s not surprising that the revelations sent ripples through the world of Internet governance. Although there seemed to be no direct connection between the controversies, the native internet institutions – already worried about their alleged competition with the ITU – seem to have felt as if they might be tarred with the NSA brush.. On October 7, 2013, we got the Montevideo statement. In it, the ICANN President, all 5 RIR Directors, the IAB Chair, the IETF Chair, the Internet Society President, and the W3C Chief Executive Officer made two key points:

They expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance.

They called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing.

Only a few days later, the President of ICANN met with the President of Brazil. This led directly to President Rousseff’s call for a Global Multistakeholder Meeting on the Future of Internet Governance, April 23-24, 2013. As Ben Wagner and I have noted in another paper, the Brazil meeting represents a political realignment of sorts in the Internet governance space. Brazil, once an advocate of an intergovernmental model, is promoting a multistakeholder approach to moving forward. ICANN, a private corporation tied to the US government, is engaging in private diplomacy on its own and promising states that they can achieve an “equal footing” in global governance of the Internet. The Brazil meeting presents us with an opportunity to make progress on de-nationalization of IANA, and with an opportunity to reach some kind of an accommodation between advocates of a state-sovereignty model and the multistakeholder model (MSM – enhanced cooperation at last?). It is also clear that the US government is willing to play along with this process as long as it stays within the confines of the MSM. But in an interesting twist, we have been told that surveillance has been ruled out as a topic at the meeting.

New sovereignty?

Let’s turn now to the more fundamental issue at stake, regarding the nature of the state. Philip Bobbitt has written at the right level of analysis. He has already written off the traditional nation-state as all but dead and proclaims the existence of a new kind of state, the market state, and a new kind of sovereignty, which he calls transparent sovereignty. The old form of sovereignty, opaque sovereignty, renders each state as an autonomous individual in the international system, with equal rights to all other states. What happens inside one state is none of the business of any other state. According to Bobbitt, the growing interdependence of the world kills the old concept of opaque sovereignty. Terrorism, the proliferation of weapons of mass destruction (WMD), global environmental issues and human rights violations in failed states requires pre-emptive interventions by the leading market states. These new kinds of security threats obliterate the distinction between external and internal threats, and make old security concepts like deterrence and retaliation obsolete. “If you can’t retaliate against a target, you can’t deter, and then you have to move to something like pre-emption,” he claims. But pre-emption – of terrorism, WMD proliferation and use – requires comprehensive surveillance and information sharing among the big market states. And so, according to Bobbitt, the US and the European Union should form a new G2, committed to a post-Westphalian notion of sovereignty, yet assuring that their interventions are governed by a new instrument of international law.

Miriam Dunn-Cavelty (2008) offers similar insights into the new threat model as it applies more specifically to cybersecurity. She notes that “the introduction of numerous non-state enemies as threat subjects dissolves the distinction between internal and external threats. The threatened system was broadened from government networks and computers to the entire society.” She concludes: “Thus, the prevailing threat frame is very vague, both in terms of what or who is seen as the threat, and of what or who is being seen as threatened.” “Due to their very diffuse nature, these threats defy traditional security institutions and make it difficult to rely on a counterstrategy based on retaliation. Further, because the ownership, operation and supply of the critical [information] systems are largely in the hands of the private sector, the distinction between the private and public spheres of action is dissolved.” (p. 132) Here again, we see modes of analysis which suggest a need to ramp up surveillance. Unstated but tacit in this analysis is an interesting and rather scary polarity: either the information infrastructure becomes militarized or at least fully securitized, ICTs are regulated as if they were weapons, and we live in a 24/7 national security state; or unspecified innovations take place in the institutionalized production of security.

The NSA’s methods perfectly exemplify Bobbitt’s argument about transparent sovereignty and change in the nature of the state, and Dunn-Cavelty’s dissection of the cybersecurity threat frame that has been emerging since the 1980s. In short, the NSA revelations do intersect with issues of global governance, not only with respect to privacy and the Internet, but also concerning the nature of political authority and the geopolitical balance of power.

Yet none of the NSA reform proposals in the US, as far as I know, link the NSA problem to the broader context of the changing nature of sovereignty or the need for new forms of global governance. They remain stuck in a simple dichotomy: civil libertarians reassert the classical due process & privacy protections associated with the democratic nation-state; defenders of NSA claim that the practical exigencies of the new world conditions require indiscriminate data collection and pre-emptive action.

Likewise, few if any discussions of Internet governance engage with this problem. They do not explain how global Internet governance might deal with problems such as the NSA, nor do they forge a conceptual link between Internet governance and strategic and national security concerns. Indeed, It has become commonplace among those involved in the Brazil meeting to deny that the Snowden revelations have anything to do with Internet governance. In some sense this is true: the NSA’s spying capabilities did not rely in any way on US oversight of ICANN, for example. But in another sense we are deluding ourselves if we think that the way the global internet is governed can be detached from the game of power politics among states, and that the openness and freedom of the Internet’s information flows will not be powerfully affected by other countries, and other citizens’, trust (or lack thereof) of the world’s biggest and most powerful state. Domestic institutional reform in the US may not be enough.


  1. Pingback: Do the NSA revelations have anything to do with...
  2. Pingback: Library: A Round-up of Reading | Res Communis
  3. Pingback: tandaabiashara | Do the NSA revelations have anything to do with Internet governance?
  4. Handal Morofsky

    I was hoping U.S. domestic institutional reform would be enough, but it would need to happen quickly and likely more substantive than we’re willing to undertake.