Becoming Binary Amidst Multipolarity: Internet Governance, Cybersecurity, and the Controversial Conclusion of the World Conference on International Telecommunications in December 2012

Arms control experts know that national security policies are embedded in larger concerns about the balance of power in international relations. The contentious outcome of the World Conference on International Telecommunications (WCIT) in Dubai in December 2012 demonstrates that cybersecurity is similarly tethered to geo-political competition over power and influence. The WCIT ended in acrimony because of disagreements on issues fundamental to the Internet’s place in national and international politics. These disagreements reflect deep differences among states on Internet and cyberspace governance–differences that produce incompatible notions of cybersecurity and a difficult environment in which to pursue international cooperation on this security problem.

The UN’s International Telecommunication Union (ITU) convened the WCIT to negotiate changes to the International Telecommunication Regulations (ITRs), a treaty adopted by ITU member states in 1988 to foster more effective cooperation on provision of international telecommunication services (e.g., telegraph and telephone). Since 1988, the global emergence of the Internet has revolutionized international telecommunications, making the ITRs essentially irrelevant to issues raised by the Internet’s astonishing growth and profound economic and political implications. The initiatives and processes that produced the global Internet took place outside the ITU and other intergovernmental institutions in “multi-stakeholder” forums, such as the Internet Engineering Task Force (IETF) and the Internet Corporation for Assigned Names and Numbers (ICANN).

Since at least the early 2000s, a number of countries, including China, Russia, and many developing nations, have expressed concerns about these multi-stakeholder processes and have sought to increase the role of governments, intergovernmental institutions, and international law in such governance. An important element in this challenge has been the perception that the status quo gives the United States a dominant position not justified in the context of a global Internet. The United States and its like-minded allies opposed efforts in ITU forums, such as the World Summit on the Information Society (2003-2005), to move from multi-stakeholder approaches to more intergovernmental influence and control.

The WCIT became the latest diplomatic venue for this clash of interests and ideas. Although the ITU Secretary-General repeatedly said that the WCIT would not be about Internet governance, ITU members proposed changes to the ITRs that put Internet governance, whether narrowly or broadly conceived, on the negotiating table. These proposals fueled arguments that the WCIT constituted a threat to a free and open Internet. The WCIT opened in a highly politicized environment and was not able to achieve sufficient compromises to produce consensus. In the end, 88 countries–including many African states, Brazil, China, Iran, and Russia–signed the revised ITRs, and 55 nations–including the United States and members of the European Union (EU)–did not sign the revised treaty. (For more legal analysis of the revised ITRs, see my American Society of International Law Insight on the WCIT and the revised ITRs.)

The United States was the most prominent opponent of the revised ITRs, and its opposition centered on Internet-related issues, namely expanding the scope of the ITRs to reach providers of Internet services, adding provisions on network and information security and on spam to the revised regulations, and attaching a non-binding resolution addressing Internet governance. For the United States, the revised ITRs threatened the multi-stakeholder approach and opened possibilities for countries to use the revised regulations to justify censorship in cyberspace, disrupt innovation, and harm the economic potential the Internet supports.

Looking more specifically at cybersecurity, the WCIT and its outcome did not create controversies in this policy space because problems have existed for years concerning how to improve cooperation on this issue. In brief, countries have disagreed about what “cybersecurity” or, as other countries prefer, “information security,” means. In addition, distrust among countries has increased, national moves to strengthen cyber defenses and capabilities have heightened worries, and high-profile incidents of cyber attacks, especially Stuxnet, have deepened anxieties. International cooperation has developed more in regional contexts than at the multilateral level, as illustrated by the Shanghai Cooperation Organization’s agreement on information security, NATO’s development of a cyber defense policy, and the EU’s recent announcement of its cybersecurity strategy.

However, the WCIT worsens the already questionable prospects for multilateral cooperation on cybersecurity for the foreseeable future. The two sides of the Internet governance debate hardened and entrenched their respective positions through the WCIT and the revised ITRs. China, Russia, and other supporters of the revised ITRs will, in all likelihood, use the ITU and the revised ITRs to press their ideas and interests on Internet issues, including what they perceive as security threats in this realm. The United States has announced that it will continue to oppose changes to Internet governance attempted through the ITU and the WCIT and will move to strengthen its cyber diplomacy through leveraging its allies in Europe (e.g., the EU and NATO) and intensifying bilateral cooperation with other countries, especially on cybersecurity.

This binary context of opposing factions adversely affects more than hopes for internationally agreed controls on cyber weapons (to the extent such hopes have survived to this point in time); it also challenges the role of Internet-relevant norms–binding and non-binding–in an international political environment that is experiencing confrontation and contestation about the Internet and cyberspace. Revelations subsequent to the WCIT’s conclusion–including allegations of Chinese hacking of major US newspapers and reporting on scaled-up US military cyber capabilities and secret “rules of engagement” for US cyber operations–have deepened the sense that power politics in cyberspace has entered a new and potentially more dangerous phase.