In my work on WCITLeaks and on my latest working paper on cybersecurity (paper, blog post, podcast), I’ve had the occasion to think a lot about governance structures. In particular, what happens when there is a mismatch between a governance structure and the problem that people need to be solved? Do, and how do, governance structures evolve?
I came across a great quotation yesterday from Toomas Hendrik Ilves, the president of Estonia. In remarks that he made in June at a conference on “cyber conflict,” Ilves said:
We must choose between two paths – either we can change the nature of the internet by placing a Westphalian regulatory structure on internet governance, or we can change the world.
To my mind, this is an intriguing way to frame the issue of Internet governance, and it is impressive that it comes from the president of a nation-state. I’m not especially familiar with the issues under discussion at the particular conference at which Ilves made this statement, but I can tell you how it relates to WCIT and cybersecurity. To a large extent, the Internet developed without top-down control. As a result, non-Westphalian Internet-native governance institutions emerged to solve the problems that netizens had. For example, on both the issue of accounting for data transfer costs and that of maintaining security, a system of zero-priced at-will peering emerged between networks at the core of the Internet.
Now that the Internet has become so important, the Westphalian order wants to remake the Internet in its own image. We’ll take it from here, it says. But my daydreams are now filled with the idea of an Internet that replies, “No, no. We‘ll take it from here.”
This might be crazy, but is it so crazy? The Peace of Westphalia was concluded in 1648. Westphalian sovereignty has had an impressive run, but why assume that it will be around forever? At some point, the Westphalian system will end, and something new will come after it. That something new will depend on a lot of real variables, not on legal fictions, just as the Peace was a ratification of the distribution of power, not a creator of that distribution.
In my new paper, I link the spontaneous provision of Internet security to the work of Elinor Ostrom, but I’ve realized that in a crucial way, my work contradicts Ostrom. She argues that the governance of large common pool resources needs to be accomplished through a nested system, a federal structure. Essentially, she solves the problem of bigness with a vertical cascade of punishment. This is a form of hierarchy. But Internet security is a large common pool resource, and as I show in the paper, it is provided non-hierarchically. Instead of a vertical cascade of punishment, there is a network cascade of punishment.
This is a big deal. One aspect of it that is especially intriguing to me is that it provides evidence for David Friedman’s critique (ungated) of Tyler Cowen’s argument (ungated) on anarchy. It also can give us a way to anticipate the real variables that may define the post-Westphalian order.
In particular, is the world becoming more network-like? I think so. Globalization means trade networks. War increasingly means non-state actors: “terrorism” networks. The plummeting cost of communication means thicker meatspace networks, not just more computer networks. Think about the rise of hacktivism and Anonymous, a loose network of online prankster-vigilantes.
We may be entering the Age of the Network, but a remaining question is to what extent networks are becoming more prominent only because they have the consent of the Westphalian order. As much as nation-states want to regulate the Internet, they don’t exactly want to shut it down. They want to ensure it remains domesticated, too weak to represent a serious alternative to their power. At some point, we may witness a genuine conflict between “sovereign” institutions and network institutions. If and when the network institutions start to win, I will interpret that as the beginning of the end for the sovereign nation-state.