Who’s in Charge?

Regulation Versus the Open Internet: Who’s in Charge?

While the underlying technical infrastructure is very tangible, the Internet as a network of networks grew into its current form because it did not have to take physical borders into account. This was facilitated by the fact that there was no central controlling or decision-making body that hindered its expansion or the services that were created to run over it. One could, therefore, argue that these characteristics are also crucial to safeguarding the future of the Internet. Whether it comes to its capacity to handle more IP traffic and support next-generation services, or its outreach to new end-users.

However: is there a risk that the continuation of this rapid and seemingly spontaneous evolution could be hampered? The scope, scale, and importance of the Internet have changed dramatically in recent years. As a result of its success, commercial as well as public interests are becoming more visible and dominant. Powerful players could therefore try to direct - or hold back - further development of the Internet for their own benefit.

Different motives: trust

In itself, it is only naturally that different stakeholders are driven by different motives. As long as the stakes involved balance out, consensus can be reached based on informed participation: everyone who feels included, will realise cooperation is necessary to come up with solutions, and as a result the Internet remains open and neutral for end-users to express themselves without the risk of being penalised by those who seek control. Trust is established for businesses to operate, and creativity can blossom. And, of course governments then have an important role in safeguarding competitive markets as well as basic human rights online, and protecting their citizens from the adverse consequences of cybercrime.

Governmental control

During the Internet’s infancy, governments were largely oblivious to what was happening. Creative technicians, academics and entrepreneurs could work together undisturbed, developing standards and connecting equipment, without being restrained by traditional telecoms regulation. By now, many governments are confronted with the widespread influence of the Internet, and feel uncomfortable: they neither comprehend nor control it, but don’t grasp the fact that no one else does, either.

Though not all national policy makers fear the influence of the Internet on their citizens, they do tend to consider the Internet more and more as a critical infrastructure of national interest, which has to be protected, i.e. regulated and monitored. However, if legislative measures go to far, as the 2013 revelations about the surveillance activities of several intelligence agencies illustrated, trust could be damaged. Again, this trust among stakeholders is an essential element for a self-organising ecosystem such as the Internet.

Public interest and private responsibility

From a public policy perspective, national security is an important responsibility. It is legitimate to ask who is responsible for mitigating certain risks and who is to be held accountable during an incident or outage. After all, most of the Internet infrastructure is owned by the private sector.

In 2013, there was a severe impact of ‘Distributed Denial of Service’ (DDoS) attacks. Operators such as CloudFlare and Dutch banks were affected, which resulted in unavailability of their online services. Discussions among politicians, regulatory authorities, law enforcement and the industry itself, strongly focused on choosing an appropriate reaction. The private sector took responsibility and responded to this type of concern. For now, the preferred approach in the Netherlands is still a so-called ‘public-private partnership’ (PPP) model: trust is created to collectively share information, and responsibilities and solutions are discussed. The private sector remains responsible for the voluntary implementation of security measures.

Regulatory mindsets can change, depending on political urgency, which is often influenced by incidents and how the media respond to these. This requires a more proactive and collaborative stance from industry towards policy makers. Not only to inform and educate them, but also to show responsibility is felt and acted upon, and additional (unnecessary) legislation is to be avoided.

Bastiaan Goslings has been Governance and Policy Officer at AMS-IX since 2009.