Sonya Sokolova, co-founder of the first Russian music website Звуки.ру

Marilyn Cade, Chair of TechAmerica’s Internet Governance and Online Services Sub-Committee

How Governments Rescue the Web.

Most of us assume that the ICT industry, media companies, and NGOs will continue to be the leading players on the Internet stage, with governments playing just a supporting role. This scenario describes an alternate future, where citizens and industry worldwide demand that their governments take center stage to clean up an Internet that had become infected with dangerous content and criminal conduct.

2010
In 2010, Internet governance was still driven by a private sector that had invested over a trillion dollars to bring connectivity, content, and e-commerce to nearly 2 billion people worldwide. The private sector – including businesses and NGOs – were still doing most of the heavy lifting in setting IT standards, managing the Internet's domain name system, and allocating IP addresses.

Governments, for their part, eagerly adopted Internet tools and put law enforcement on the trail of criminals who took their trade online. Several governments established standards for privacy and data protection. Most governments shared industry's enthusiasm for ‘cloud computing’ for distributed computing and content management. As more of the world's information went online, governments proposed some restrictions on Internet activity and mandated certain equipment and applications. A few governments went so far as to impose content filters on Internet choke-points and required IT operators to censor their own traffic.

While governments pressed for a larger role in Internet governance, the private sector continued to drive the Internet revolution and managed technology standards and infrastructure. Governments were cautious about pressing their hand for greater control, since they appreciated that private sector innovation and investment were critical to economic recovery and renewed productivity growth.

Innovation in 2010 was intense in devices such as mobile phones, pads, and pods. Since the next billion Internet users would come from the developing world, affordable mobile devices and improved connectivity promised to accelerate adoption. And since most of the next billion users don't use the Latin alphabet, the advent of Internationalized domain names was a welcome innovation, too.

By and large, citizens, businesses, and NGOs seemed satisfied with the open architecture of the Internet and with the balance of power in Internet governance in 2010. More governments were participating side-by-side with the private sector in conferences such as the Internet Governance Forum. But many governments questioned the value of a forum that produced no binding agreements, and they pressed for more inter-governmental oversight.

In hindsight, it should have been obvious that the private sector's leadership role was being threatened by dark clouds on the horizon.

Although the Internet was valued for its role in educating children, many countries had growing anxiety over child online safety. Concerns about climate change and the collapse of financial firms stoked demand for more government oversight at a global level. The environmental and economic disaster caused by the 2010 oil spill in the Gulf of Mexico caused many to question whether private sector leadership was in the best interests of the public and of the planet. Nations in the global south harbored doubts about the northern economies commitment to climate change and development aid, which only exacerbated tensions over balance of power in Internet governance.

2011-2015
In the years following 2010, governments around the world began to acquire unprecedented powers to regulate financial markets, energy supplies, and just about anything that could be causing global climate change. These new powers came in small increments and varied widely among nations, but multi-governmental organizations took every opportunity to coordinate and consolidate these powers under mandates for global solutions.

The world's population was anxious for comprehensive solutions to global problems – and that sentiment found a new target amid growing concern over the levels of fraud, dangerous conduct, and threatening content on the Internet.

In 2011, European courts upheld a landmark conviction of business executives for a video someone had posted to their company's public website. This led to other convictions and private lawsuits over liability for user-generated postings and copyrighted material. Even in the US, courts and Congress questioned the policy of giving publishers immunity for third party activity, particularly when it came to endangering minors and violating copyrights. Clearly, momentum was building to force websites and ISPs to proactively police user activity and to assume liability for the actions of users.

By 2012, parents around the world agonized over online risks to children from sexual predators, bullying and harassment, and disturbing images of child pornography. Pornography was simply too easy for kids to find, and home-based filtering tools were no deterrent to a determined teenager seeking racy websites. By 2012, the US and several other governments moved to emulate the nationwide filtering scheme made popular by Australia.

In 2013, a UN conference on communications and spectrum produced a new international treaty for governmental cooperation on cyber crime and cyber security. The conference included a protracted debate about whether to give existing UN agencies formal control over Internet governance, but stopped short of requiring this in the new treaty. However, this debate led to high-level consultations among governments regarding future changes in Internet governance. Business, NGOs and citizens struggled to convince governments to maintain the private sector leadership that had helped the Internet to grow.

In 2014, a mysterious computer virus was secretly lurking in over 100 million computers and mobile devices around the world. On April 1 of that year, the 'Conficker' worm came to life – with a vengeance. Simultaneously, infected computers phoned home to their masters in organized crime with credit card data they had been collecting for years. At the same time, Conficker wiped-clean all hard drives on host computers and connected devices. Credit card fraud was rampant for several weeks, while users around the world struggled to cancel their accounts and restore their computers.

By 2015, it was increasingly clear that consumers and banks were losing the war against the lucrative criminal enterprise of online credit card fraud and identity theft. Phishing emails had become incredibly sophisticated; one particularly effective scam used a distributed denial-of-service attack to disable a bank website, then sent bank customers a convincing email directing them to an alternate website during the outage. Fraudulent websites grew ever more convincing as criminals found ways to trick browsers into displaying genuine URLs.

2016-2020
Consumer fraud was growing exponentially, and the accumulated losses forced credit card companies and banks to dramatically increase their fees to process online transactions. Some fees topped 10% by 2017, cutting deeply into the margins of online services and retailers. Many startup companies could find no merchant bank to process their online payments, crippling new business models that sought to charge for content and services.

By 2018, three trends converged in a 'perfect storm' that brought profound changes to public attitudes about the role of governments in regulating online communications and commerce:
First, consumers were rapidly losing confidence and trust in e-commerce and online banking. Industry self-regulation, particularly notice and choice regimes, were seen as weak protections against increasing frequency of database hacks and security breaches that exposed citizens to fraud and identity theft. Despite the best efforts of banks and businesses, consumers felt they could no longer trust the authenticity of emails and websites.

A second force in this perfect storm arose from the global business community, facing escalating security costs and crippling losses from Internet fraud. Moreover, businesses were saddled with huge lawsuits over privacy, data protection, and incidents involving user-generated content. Social networking sites had to drastically shrink their services in the face of legal challenges over content and privacy. Small startup businesses were particularly hurt since they could not afford the security systems or marketing campaigns needed to earn the trust of consumers and payment processors. Even charitable organizations abandoned online fundraising when it became too difficult for donors to distinguish between genuine appeals and scams.

The third element of the perfect storm was a growing awareness that governments had developed extensive online surveillance and monitoring tools, and coordinated with other governments to prevent large-scale terrorist attacks. Even opinion leaders generally critical of government seemed to revel in thrilling media accounts of communications intercepts and thwarted attacks on computer networks and physical targets.

The convergence of these forces brought citizens and businesses to believe that global governments should take active steps to protect online services and e-commerce. This message originated from business-focused think-tanks, and was echoed in public opinion polls, town hall meetings and Congressional hearings. Legislative proposals moved swiftly through Congress and survived initial court challenges over constitutional questions. The US Administration found that most other governments and inter-governmental organizations were eager to build on their successful anti-terrorism cooperation and join forces to defend the Internet from criminal enterprise and abuse.

Credit card companies and banks rode the wave of public concern to require biometric authentication for online transactions, driving adoption of accessories and protocols for computers and mobile devices. Internet users quickly adopted biometric authentication, helped by subsidies and incentives from banks, merchants, and online services.

While these user authentication services were originally designed to serve online purchasing, they were quickly adopted by online services looking for ways to reduce exposure to lawsuits and prosecution for user-generated content. Social networks, blog sites, and video services soon required authenticated identities before publishing content – bringing an end to anonymity on the Internet. Many commercial and public sector websites mandated authenticated identity access to protect sensitive data. Even minors were required to obtain government-issued online identity tokens before using websites catering to kids and teens.

Eventually, government-issued licenses were required for any provider of online services, and former telecom regulatory agencies and ministries were in the business of due diligence and issuance of licenses. Even end-users were required to have ‘Internet licenses’, granted only after passing an Internet safety exam and background check. In 2019, the first random ‘sweeps’ of personal computers were performed by licensed Internet intermediaries, as required by national law and global treaty.

At many points in the process, there were public protests and legal challenges from advocates of free expression and groups suspicious of 'big brother' government surveillance. But the tide of public opinion and industry enthusiasm carried the day. By 2020, governments and law enforcement had become deeply embedded in all aspects of Internet communications, content, and e-commerce.

 Back to programm