Login Login

Watering the Grass Roots

Watering the Grass Roots

Jump to: navigation, search
Discussion Papers > Internet and Security > Watering the Grass Roots

Responses - Stakeholder Technical & Academic Community

Alexander Klimburg, Fellow and Senior Adviser at the Austrian Institute for International Affairs

The concept of “Internet Feudalism”, as elucidated by Bruce Schneier in Power in the Age of the Feudal Internet, paints a stark picture of power in cyberspace. In his opinion, the struggle between “institutional power” (government and corporations) and “distributed power” (fringe groups such as activists, criminals, and hackers) is increasingly being won by the former. A “dangerous world” is increasingly leading to the creation of computational fiefs maintained by institutional powers, who themselves fight over the “peasants” (the common users) whom they exploit in return for the promise of a semblance of security. In between the fiefs, in the forest of the unregulated, lurk the “distributed powers” – likened to Robin Hoods – whose fieldcraft allows them to maintain some level of freedom from the hegemons.

Alexander Klimburg.jpg
Alexander Klimburg is a Fellow at the Austrian Institute for International Affairs. Klimburg has undertaken government national security projects for a.o. the Austrian Federal Chancellery, the Ministry of Defense, and the National Security Council. He has partaken in international and intergovernmental discussions, and acts as an advisor to the Austrian delegation to the OSCE as well as other different bodies.

This fascinating thought experiment is certainly fertile ground for all types of further historical analogies: if, for instance, common users are akin to peasants, is personal data then similar to corvée or “statute labor” (besides the obvious equivalent of “taxation” with “license fees”)? Would the vaunted mercenary groups that played such an important role in European warfare in pre-Westphalian times have their equivalent in large cyber-crime gangs and hacker collectives? And, as a logical and practical consequence, would it be reasonable to assume that pursuant to Article 1 Section 8 of the US Constitution, the US government can (and should) issue letters of marque to empower cyber-“privateers” to attack enemies of the United States?

This last example was not an attempt at flippancy – in the last decade, some members of US Congress repeatedly explored options of using this somewhat antiquated provision in a number of different settings. It is certainly useful to look at historical examples to explore the current macro-picture, but more important than Schneier’s historical analogies is a simple assertion: governments, as a rule, are coming to dominate cyberspace, and the “distributed powers” will suffer as a result. I would disagree that the situation is quite as dire or as irreversible as Schneier implies. Or, it is not that dire yet. For some of the institutional powers are perfectly happy with distributed power – at least in theory.

I would argue that, while it is true that “institutional power” – especially government – is (re)asserting itself in cyberspace, this does not mean that “distributed power” – which for me most importantly includes civil society – must be defeated as a direct consequence. In fact, liberal democracies – as opposed to authoritarian regimes – are, at least in theory, committed to a plurality of power structures. This does not only mean the separation of the three powers of government, or between church and state, but rather that liberal democracies as their essential raison d’être accept that the non-state sector must be strong and healthy for democracy to be said to truly exist.

That is a positive thing, for as Joseph Nye has pointed out In the Future of Power, the macro trend of the “diffusion of power” away from traditional forms of government power towards non-state actors could actually strengthen, and not weaken, open societies and their governments. The very rise of the Internet itself is an example of this, as the US government has continually loosened its control over the Internet Corporation for Assigned Names and Numbers (ICANN) as part of an overall belief that the Internet should not be a creature of governments. Nearly all liberal democracies have come to support this view and, in increasingly bloody diplomatic battles with authoritarian regimes fighting for “cyber sovereignty” (one of which I describe in The Internet Yalta), are supporting the role of the non-state sector within the multistakeholder model of Internet governance. At least, that is, in theory. In practice, civil society is very much being pushed to the margins, as Schneier says, by the government – even by those advocating civil society engagement. Mostly, the problem is one of scale – civil society is being “outworked” by a much better resourced stakeholder group. But the situation is not hopeless. Liberal democracies are, after all, apparently convinced of the need to support civil society – although at the moment, that support has been largely verbal. Practical support, however, is urgently needed.

Civil society is facing three resource crunches that, taken together, pose a serious threat to the multistakeholder model as a whole – which depends on the equal participation of government, the private sector and civil society to make Internet governance work in the way it does today. Government and the private sector are slowly but surely (and sometimes unconsciously) crowding out civil society (i.e. academics, technical volunteers, and policy advocates) by constantly raising the bar for participation. The first challenge is the greatly increasing travel requirements for those wishing to be involved in Internet governance. The logarithmic explosion of physical meetings and conferences in highly dispersed locations is a significant resource challenge for civil society – creating a system better suited to professional diplomats rather than academics or volunteer engineers is certainly not conducive towards “equal participation”. A second significant challenge for civil society is the increasing knowledge demands that are being placed on participants. The discourse is constantly widening, with those civil society experts who were previously only concerned with IETF (Internet Engineering Task Force) or ICANN documents now expected to be knowledgeable on a number of diplomatic, international security, and privacy issues – plus an expanding galaxy of technical aspects as different as GUCCI to malware reversal. For many policy and engineering specialists, it can be very difficult to break out of their respective “bubble” and to inform themselves about the main issues within related fields. Time – which often, but not always, translates into money – is usually the greatest resource barrier. Finally, security (in particular that unloved amalgam called “international cybersecurity”) has gone from being a fringe topic to probably one of the most important themes within the present discourse – governments often claim security issues as being one of the main sources of their legitimacy when discussing Internet governance. International cybersecurity discussions draw much of their thematic input from classified sources. Access to esoteric information (both confidential and/or simply obscure) is increasingly becoming a valued currency within agenda-setting circles.

These three resource issues are slowly but surely eroding the role of civil society within the multistakeholder model. While liberal democratic governments have stridently backed the multistakeholder model as described in the 2005 Tunis Agenda (a UN document), they have been caught in a paradox of their own making: the more governments talk about the importance of civil society, the more they are tacitly diminishing it.

But what are the options? Obviously to cease discussions about civil society would be even worse than the present “talking over” (rather than with) it. The only other option would be to diminish the amount of frantic activity so that civil society has a chance to “catch up” – if anything, even more unlikely. That leaves only one option: materially supporting civil society directly. In a phrase: watering the grass roots.

How can this be accomplished? The first and most obvious need is tangible – increased funding is desperately required. Additional funding could help scholars devote more time to the rapidly expanding scope of Internet governance, rather than chasing grants in unrelated fields to help pay the bills. Civil society organizations could hire more staff and expand their level of engagement. Various technical/educational programs could be provided for those volunteers wishing to broaden their skills. And everyone could use additional travel money.

Where should the funding come from? In the United States, civil society is largely synonymous with philanthropy – from foundations, corporations and, increasingly, wealthy individuals. The government does play a role, but largely as the provider of research grants – not as an institutional backer, even if the difference is rather one of semantics, given the role of federal research grants. Outside the US, the role of the state in supporting civil society is widely practiced. Besides the considerable sums spent financing tertiary education in all its forms, many think-tanks and even advocacy groups receive government subventions. Sometimes this has led to US bodies sneeringly categorizing such groups as GRINGOs (Government-regulated NGOs), although their independence can be even more robust than a think-tank completely at the whim of a single benefactor. There is, in fact, little evidence to support the contention that government subventions come with more strings attached than support from the private sector. Indeed, even a cursory examination of this situation reveals the exact opposite.

One of the most interesting financing models in the area of Internet governance does not involve conventional philanthropy at all. The Internet Society (ISOC) finances itself largely through the sale of .org domains, and there is no reason that in the new generic Top Level Domain (gTLDs) world (such as .newspaper or .computer) similar arrangements couldn’t be possible. For instance, it may be interesting to revisit the ban on “.country” gTLDs (such as “.mexico” or “.germany”), as long as the proceeds are earmarked to support civil society engagement. Having said that, ICANN has already accumulated at least USD 130 million in order to protect itself against possible litigation over the new gTLDs – maybe some of that cash could be put to more immediate use.

Government can help address a second resource barrier for civil society, namely a limited understanding of “international cybersecurity” issues. This term is a catch-all concept that includes a wide range of topics – from debating the applicability of international law to the organization of specific national cybersecurity bodies and the use of various technical tools in intelligence and cyber-attack. International cybersecurity is rapidly becoming an important narrative for governments engaged in Internet governance. To this day, however, much of civil society has tried to resolutely ignore security issues – ICANN has recently even inexplicably decreased the role of its security team. This is a major mistake – there are serious security issues related to cyberspace, and, equally importantly, governments derive much of their legitimacy from national security concerns related to cyberspace. Obviously most of the actual cybersecurity work is undertaken by non-state actors rather than government. However, government has a useful role to play as a point of interlocution in this often nebulous world with its very multifaceted, and often seemingly esoteric, concerns.

Government support could even extend to offering members of civil society classified briefings on incidents, and with the corresponding security clearance. This could prove particularly valuable in instances where civil society has an assigned arbitration or advocacy function. For instance, one of the proposals related to the reform of the US Foreign Intelligence and Surveillance Court (FISC) foresees a “special privacy advocate” – coming from civil society – who would challenge the NSA on specific collection efforts. One issue is, however, that for some countries (especially the United States) only the highest clearances would be useful, and those often come with a level of scrutiny that few civil society actors are willing to tolerate.

Another way for civil society actors to get a feel for international cybersecurity concerns is to become directly involved in multilateral or bilateral government cybersecurity discussions. Here, in contrast to the Internet governance context, the state clearly dominates. This often leads to one-sided debates when discussing “confidence building measures” or “norms of state behavior” – where the fundamental role of civil society bodies such as the IETF or others is often blissfully ignored by governments. It is not strictly speaking necessary for civil society actors to actually be present at these discussions – just being aware that they are occurring, and formulating and presenting position papers to the agencies responsible, could provide a much needed diversity of perceptions and solutions. This would, however, require proactive engagement on behalf of civil society to redress this entrenched imbalance, as very few civil servants actually actively reach out to civil society in the context of those discussions.

The lack of government outreach was recently expressed by a seasoned official in the context of the 2012 WCIT conference in Dubai: “I want to support civil society – not talk to them. That’s always a waste of time[1].” Effectively, many civil servants have decided that while they will fight to the death to “defend” the right of civil society to engage in the multistakeholder model, at the same time they really do not want to listen to them. They value civil society as a symbol of democratic freedoms, but not as an entity that is actually practical or particularly useful. This is largely incorrect, and in any case beside the point. Besides the obviously vital function that parts of civil society have played in the rise of the Internet, their undoubted practical contributions are outmatched by their overall importance for democracies as a whole. Perhaps the greatest difference between the world’s authoritarian regimes and true liberal democracies is the healthy functioning of civil society – this may even be the only real “unique service proposition” of freedom. As Alexis de Tocqueville once said: “The health of a democratic society may be measured by the quality of functions performed by private citizens.”[2] Perhaps the same holds true for the Internet.


  1. ascribed to Alexis de Tocqueville presenting on “Democracy in America” (1835).
  2. Private communication.

MIND-Multistakeholder Internet Dialog
MIND stands for Multistakeholder Internet Dialogue. The discussion paper series is a platform for modern polemics in the field of internet governance. Each issue is structured around a central argument in form of a proposition of a well-known author, which is then commented by several actors from academia and the technical communities, the private sector, as well as civil society and government in form of replications. all MIND-publications

Gordon Süß
comments powered by Disqus