Tag Archives: internet governance

The New WCITLeaks

Today, Jerry and I are pleased to announce a major update to WCITLeaks.org, our project to bring transparency to the ITU’s World Conference on International Telecommunications (WCIT, pronounced wicket).

If you haven’t been following along, WCIT is an upcoming treaty conference to update the International Telecommunication Regulations (ITRs), which currently govern some parts of the international telephone system, as well as other antiquated communication methods, like telegraphs. There has been a push from some ITU member states to bring some aspects of Internet policy into the ITRs for the first time.

We started WCITLeaks.org to provide a public hosting platform for people with access to secret ITU documents. We think that if ITU member states want to discuss the future of the Internet, they need to do so on an open and transparent basis, not behind closed doors.

Today, we’re taking our critique one step further. Input into the WCIT process has been dominated by member states and private industry. We believe it is important that civil society have its say as well. That is why we are launching a new section of the site devoted to policy analysis and advocacy resources. We want the public to have the very best information from a broad spectrum of civil society, not just whatever information most serves interests of the ITU, member states, and trade associations.

At the same time, we’re not backing off from our original position. We think the ITU’s policy of keeping WCIT-related documents secret is becoming increasingly untenable. We received an email from the ITU’s press office yesterday announcing a global press briefing. Here is what it said:

As the conference approaches, there is quite a lot of misinformation being circulated concerning the agenda and process of the conference. Join this global discussion to find out what’s REALLY going to be discussed, and how the process of proposals and debates operates to ensure a global consensus among all countries.

Misinformation, they claim—about documents the ITU keeps secret. If the ITU and its client states have nothing to hide, why are they keeping information from the public? The best way to fight misinformation is with transparency. We call on the ITU and its member states to make all documents associated with global telecommunications available to the public.

We could also use your help. Please help us spread the word about WCITLeaks to anyone who may be interested. In addition, we ask our users around the world to apply pressure to their governments to make their documents publicly available. Finally, please make good use of our new resources section; it is vital for the future of the Internet that the global citizenry be well-informed about potential threats to the free flow of information.

The Post-Westphalian Order and the Age of the Network

In my work on WCITLeaks and on my latest working paper on cybersecurity (paper, blog post, podcast), I’ve had the occasion to think a lot about governance structures. In particular, what happens when there is a mismatch between a governance structure and the problem that people need to be solved? Do, and how do, governance structures evolve?

I came across a great quotation yesterday from Toomas Hendrik Ilves, the president of Estonia. In remarks that he made in June at a conference on “cyber conflict,” Ilves said:

We must choose between two paths – either we can change the nature of the internet by placing a Westphalian regulatory structure on internet governance, or we can change the world.

To my mind, this is an intriguing way to frame the issue of Internet governance, and it is impressive that it comes from the president of a nation-state. I’m not especially familiar with the issues under discussion at the particular conference at which Ilves made this statement, but I can tell you how it relates to WCIT and cybersecurity. To a large extent, the Internet developed without top-down control. As a result, non-Westphalian Internet-native governance institutions emerged to solve the problems that netizens had. For example, on both the issue of accounting for data transfer costs and that of maintaining security, a system of zero-priced at-will peering emerged between networks at the core of the Internet.

Now that the Internet has become so important, the Westphalian order wants to remake the Internet in its own image. We’ll take it from here, it says. But my daydreams are now filled with the idea of an Internet that replies, “No, no. We‘ll take it from here.”

This might be crazy, but is it so crazy? The Peace of Westphalia was concluded in 1648. Westphalian sovereignty has had an impressive run, but why assume that it will be around forever? At some point, the Westphalian system will end, and something new will come after it. That something new will depend on a lot of real variables, not on legal fictions, just as the Peace was a ratification of the distribution of power, not a creator of that distribution.

In my new paper, I link the spontaneous provision of Internet security to the work of Elinor Ostrom, but I’ve realized that in a crucial way, my work contradicts Ostrom. She argues that the governance of large common pool resources needs to be accomplished through a nested system, a federal structure. Essentially, she solves the problem of bigness with a vertical cascade of punishment. This is a form of hierarchy. But Internet security is a large common pool resource, and as I show in the paper, it is provided non-hierarchically. Instead of a vertical cascade of punishment, there is a network cascade of punishment.

This is a big deal. One aspect of it that is especially intriguing to me is that it provides evidence for David Friedman’s critique (ungated) of Tyler Cowen’s argument (ungated) on anarchy. It also can give us a way to anticipate the real variables that may define the post-Westphalian order.

In particular, is the world becoming more network-like? I think so. Globalization means trade networks. War increasingly means non-state actors: “terrorism” networks. The plummeting cost of communication means thicker meatspace networks, not just more computer networks. Think about the rise of hacktivism and Anonymous, a loose network of online prankster-vigilantes.

We may be entering the Age of the Network, but a remaining question is to what extent networks are becoming more prominent only because they have the consent of the Westphalian order. As much as nation-states want to regulate the Internet, they don’t exactly want to shut it down. They want to ensure it remains domesticated, too weak to represent a serious alternative to their power. At some point, we may witness a genuine conflict between “sovereign” institutions and network institutions. If and when the network institutions start to win, I will interpret that as the beginning of the end for the sovereign nation-state.

Is There a Cybersecurity Market Failure?

That is the title of my Mercatus working paper (PDF), released yesterday. Basically, it aims to be a short course in public economics for tech policy analysts. Almost all policy wonks have taken Econ 101, perhaps even a graduate version, in which they learn that externalities can cause markets to get prices wrong, and that this can result in market failure. What my paper stresses is that this link, from externality to market failure, is not automatic.

The paper is heavy on “what Coase really meant” (lots of smart people get this wrong), on non-property institutions and norms à la Ostrom, and on the often-ignored inframarginal externality as discussed by Buchanan and Stubblebine. By applying these ideas to cybersecurity policy, I try to show that it is not at all as obvious as many analysts think that there is significant scope for welfare-enhancing regulatory intervention. The point is not that there is literally zero market failure, but that proponents of cybersecurity regulation have not done the work they need to to show that market failure exists, if it exists. Indeed, many policy analysts may not even realize they are missing something. I hope that this paper will correct that and lead to a more humble and cautious approach to market failure among its readers.

I have plans for more work on tech policy in the future. Internet security and governance is a great research topic for young, tech-savvy economists interested in polycentric governance and institutions. If you’re interested in doing research in this area, let me know, I may be able to help.