It’s only been five weeks since the organisations that manage the Internet’s technical infrastructure dropped the bombshell that they want the oversight of ICANN and IANA to be done by all governments and stakeholders, and not just the US. In a statement made in Montevideo, ICANN, ISOC, the IETF, all the world’s regional Internet registries, the Internet Architecture Board and the World Wide Web Consortium all called out the Snowden revelations as having ‘undermined the trust and confidence’ of users so much that it’s now time to get on and build truly ‘global multi-stakeholder Internet cooperation’.
What does all that mean? Basically, the people who built and run the global Internet no longer trust the US government to be its sole public-interested global steward. Despite a six-month scrum of self-satisfied lobbyists falling over each other to say ‘everyone knew what was going on’ and nothing fundamental has changed since Snowden; everyone only thought they knew what was going on and something fundamental has changed since Snowden.
Whether you think real ethical and legal issues are raised by mass surveillance or that the uproar is just an opportunistic response to one country spying merely too successfully on all the others, it is very clear that the US security services stepped far, far over the line when they took part in IETF technical working groups to purposely undermine the security of the Internet. It’s one thing to play an ‘all’s fair in love and war’ game to exploit networks and business relationships to surveil the population, quite another to knowingly introduce vulnerabilities that your enemies can also exploit. This, and disquiet at how some large US corporations act – forced or willingly – as arms of that state, is the basis of the breach of trust.
You don’t get to invent the Internet, export it around the world as a force for free markets, innovation and human progress, oversee the volunteer organisations that make it work, host the most important companies that deliver and use it, and then say it’s not fair that other countries think you are unfairly exploiting a home advantage. You also don’t get a pass on what Milton Mueller calls out as a strange blindness to the privileged role of your own government when you go around the world proselytising that ‘governments should stay out of running the Internet’.
Before Snowden, Russia’s and China’s paranoia and distrust of Internet freedom as a merely tool of US foreign policy designed to weaken their states could be dismissed as the kind of twisted thinking you expect from authoritarian states that simply can’t imagine not abusing a global common pool resource under their control. That’s how they would behave, so of course they think it’s how we would.
After Snowden, we live in a world where country after country has taken steps to distance itself from the current status quo on who oversees the Internet, and to condemn the US for abusing its role. But neither the US nor its junior partner in electronic surveillance, the UK, has made a concerted public effort to counter the claims of moral equivalence made by our rivals in the battle for Internet control; Russia, China, Iran and Saudi Arabia.
The silence of what are, after all, democratic governments about what legal constraints the UK and US’s spying systems operate within – and how those frameworks can and should be improved – means that rival states are controlling the narrative. Controlling the narrative means getting to decide its ending. Lots of us saw this coming. At a national meeting in September we urged the UK to develop a positive response to its role in global surveillance. Snowden wasn’t even on the agenda. But our governments seemed to slope off to the annual global Internet Governance Forum in Bali with no story to tell about itself, merely the plan to slip a few words in the right ears in the corridors outside public meetings, and to hope for the best.
Meanwhile, the business lobbyists swarmed everywhere repeating the mantra that ‘everyone knew; nothing has changed’, hoping their claim of knowing and worldliness would make anyone who disagreed feel like an ignorant rube, hoping repetition would drown out incredulity. That was both stupid and wrong.
By September, there was a fundamental breach of trust between the US government and the global technical communities, between the US and UK and pretty much every envious middle-income country on earth. But instead of facing up to the problem, the West and its international business community put their fingers in their ears and pretended everything was the same as before, or, at worst, just a little bump on the yellow brick road.
Let’s look at what happens when parts of a powerful institutions go bad and the whole institution ignores, denies and then attacks the accusers; for example, the Catholic Church. First, the people who accused the Church of systematically protecting abusers were written off as kooks. Remember the response to Sinead O’Connor ripping up the picture of the Pope. (Tinfoil hat brigade, anyone? How smoothly those ‘in the know’ transition from laughing at conspiracy theorists to claiming everyone always knew what only paranoids used to claim. But of course we’ve always been at war with Oceania.)
Then came the denials – refusals to cooperate with investigations, claims of special privilege, attacking the victims and accusers and writing them off as ne’er do wells, misfits, the terminally damaged. All that was predictable enough. But the point where the Church really lost its flock – and I’m thinking here specifically of the moment church attendance in Ireland dropped right off the cliff – was when, even though they seemed to be facing up to the need for due process and redress, they just couldn’t fathom the depth of the breach of trust. There was and still is a complete disconnect between what the Church did wrong and what it thinks it did wrong. Many elements of the Church still feel truly hard done by because they fundamentally do not understand why they lost the trust of the people they served. And now it’s too late. People voted with their feet and they’re never coming back.
What the US did to the Internet isn’t the same as the Catholic hierarchy protecting paedophiles, not even remotely. But what is eerily similar is its utter refusal to face up to the fact it they lost the people, it lost the battle, it may just have lost the war.
Getting proxies to run around international meetings saying nothing had changed – and that everyone who thought it had was either knavishly opportunistic or ridiculously naive – was a stupid mistake, a tactical error rooted in an inability to accept that the strategic environment had fundamentally changed. It was a car crash in slow motion. Someone had to do something. Someone did.
More on that anon.