5 September 2019

Governing Cyberspace: State Control vs. The Multistakeholder Model

Eric Rosenbach

The U.S. and China do not and will not agree on key issues in the international arena. In the opaque and volatile domain of cyberspace, however, we should keep lines of communication open to constructively disagree and proactively find areas where we have shared interests. There will never be complete trust between the U.S. and China: the nations’ values and systems of government differ too starkly. But by searching for areas of mutual interest, we bolster the likelihood of greater strategic stability in cyberspace. 

The divide between nations that support governance models based on cyber sovereignty, primarily China and Russia, and those that believe in the multi-stakeholder model, including most liberal democracies, is one of the most prominent ideological conflicts dividing cyberspace. Enhancing understanding on both sides of these philosophies is an important step toward preventing further fragmentation of cyberspace and necessary for avoiding conflict. 


Identifying areas of mutual interest is a key part of our Track II Dialogue with the China International Institute for Strategic Studies. We would like to thank Rtd. Maj General Hao Yeli for presenting, explaining and discussing her own theory of cyber sovereignty with us over the past year. We appreciate her efforts to bridge differences in opinions with regard to cyberspace governance and are looking forward to further discussions.

As part of our effort to illuminate Chinese perspectives on Internet governance, we are pleased to share an abridged and translated version of Rtd. Major General Hao Yeli’s theory along with an essay outlining our initial response. This is part of an ongoing discussion with our Chinese partners and we look forward to sharing future findings with you.

—Eric Rosenbach, Co-Director Belfer Center

—Julia Voo, Research Director China Cyber Policy initiative

A Three-Perspective Theory of Cyber Sovereignty

by Rtd. Major General Hao Yeli
December 2017

I am indebted to the Chinese and foreign friends and colleagues that I have met with during previous China-US, China-Russia and China-Europe Track II Dialogues. My friends and colleagues have inspired me with their diverse perspectives. There is an old Chinese saying, “the greatest truths are the simplest” (大道至简). I believe that any complicated problems can be clarified if we return to the simple but correct path. It is this sentiment that has driven me to design a theoretical framework and dialectical approach to understanding and resolving the contradictions described below.

—Hao Yeli

(Gen. Hao’s “A Three-Perspective Theory of Cyber Sovereignty” is an edited version of a piece published Dec. 21, 2017 in PRISM, a publication of National Defense University.)

Executive Summary

Today cybercrime and cyber terrorism are the most visible symptoms of a pervasive cyber security problem. The question of how to establish a fair and just governance regime in cyberspace and establish international rules is also controversial. 

This controversy reflects the competing interests and demands of three distinct actors in cyberspace: the state, the citizen, and the international community. The establishment of order in cyberspace requires consideration of the perspectives of all three actors.

The “three-perspectives” theory outlines the three actors as “three points” which can be visualized as a triangle. The boundaries of the triangle are the core interests of the three actors and the triangular common zone are the areas that can be negotiated between the three. 
Cyberspace can be characterized into three layers; the infrastructure, the application, and the core. At different levels, cyberspace shall be treated distinctively and shall require different understandings between each actor which differs at each level. As a methodology, three-perspectives could be applied to understand the flexible and non-flexible state sovereignty issues to reach a common understanding.

Three Disputes Over Cyber Sovereignty

Cybersecurity is a global challenge and a tier one security threat for many sovereign states. Heated debate rages among countries concerning the rules of cyberspace, and the systemic and revolutionary challenges to global governance. Cyber sovereignty has inevitably become the focus of great controversy. Although a certain degree of consensus was achieved in 2013, at the 6th UN General Assembly by the Information Security Group of Governmental Experts (A/68/98), deep divergence and doubts continue to divide the international community, particularly on the following three issues:

The contradiction between cyber sovereignty and the spirit of the Internet: the exclusivity of classical state sovereignty is contrary to the spirit of the Internet which rests on the concept of unrestricted interconnectivity. If the emphasis is placed on cyber sovereignty, this may result in each country creating a separate cyberspace of their own, thus resulting in the fragmentation of the Internet.

The contradiction between cyber sovereignty and human rights: there is a tension between the Internet principle of freedom of speech, and state intervention in the name of cyber sovereignty which restricts the free flow of information. Such criticisms mostly target China’s firewall.

The contradiction between cyber sovereignty and the involvement of multiple stakeholders in governance, which rests on the assumption that sovereign government-led, multilateral cyber governance will challenge the existing pattern of multi-stakeholder governance.

Cyber sovereignty is the critical issue at the heart of establishing the international rules of cyberspace. Only when we clarify and resolve the differences on the issue of cyber sovereignty and reach consensus can we achieve international cooperation. 

The question is how can we resolve this issue? How can we adapt the traditional concept of sovereignty to the globalized world in the cyberspace era? Is there a framework that can be applied to enhance understanding of this issue?

I believe we can find common ground. In-depth analysis of the three major contradictions highlighted above demonstrates the tension between the interests of the nation state, the citizen, and the international community. Focusing only on one’s own interests and ignoring others does not lead to compromise.These are the actors we should focus on when we examine each contradiction:

Cyber sovereignty and the spirit of the Internet: state, international community

Cyber sovereignty and human rights: state, citizen

Cyber sovereignty and multi-stakeholder governance: state, the citizen and the international community

The actors behind the contradiction of cyber sovereignty and the spirit of the Internet are the state and the international community. Behind the contradiction of cyber sovereignty and human rights are the state and the citizen. The contradiction of cyber sovereignty and multi-stakeholder governance involves the state, the citizen, and the international community.

Zero-sum games based on binary opposition usually lead to deadlock or the less than satisfactory outcome where one succeeds, but all sacrifice. To better understand the concept of the three actors and three perspectives in cyberspace envision a dark space with three lamps: lighting a single lamp enables us to see a point; two lamps reveal a flat, two-dimensional surface; three lamps enable us to see the three-dimensional whole. 

With three-perspective thinking, we can have a better understanding of each actors’ interests in cyberspace, where the roles and demands of each actor, as well as their internal relations and impacts, converge to form diverse and contradictory opposites.

Theoretical Framework

The significance of the “three perspective” framework is that we can set three boundary conditions for each of the three actors, which is more inclusive, facilitating dialogue.

Traditional understandings of national sovereignty imply natural exclusivity. It emphasizes the supreme authority internally, and stresses the inviolable independence, of the sovereign state externally. Because of the openness and global nature of cyberspace, however, the voices of two other actors must be heard. When speaking of national sovereignty, it is necessary to expand on the perspectives of the international community and the citizen.

The citizen (or netizen in this case) pursues personal freedom. This year, the total number of netizens has reached 4 billion globally; in China alone, the figure reaches 830 million. To some extent, we can equate netizens to citizens. It is in the nature of netizenship to pursue individual net freedom. However, under a disorderly environment, the fact is that individual self-governance based on self-discipline will not work, and freedom sought will have no guarantor. To preserve the real freedom of every netizen, it is necessary to balance with order so it means cyberspace cannot be outside the law. To establish and form order requires external forces. Therefore, national or governmental entities should administer cyberspace and protect the legitimate rights and interests of netizens. Technology itself does not provide order or security; so, it needs sovereignty to provide appropriate legal protection.

A state must ensure its safety while seeking development, and likewise must manage cyberspace while making use of it. At this point, the relationship between state and citizen is actually not antagonistic, but interdependent. President Xi Jinping said, “Cyberspace is people-centered. We should make the Internet better benefit the people. When people get online it means public opinion is online.” President Donald Trump is especially well-known with his unique “twitter governance strategy,” so it is no exaggeration to say that the regime is built online now. The freedom and vigor of the Internet also contributes to national prosperity and development.

The Internet represents the mainstream of technological development and the profound innovation of civilization. The international community must seek openness and inclusiveness, because in addition to competition between the major powers and a collision of Eastern and Western cultures there is also a need to share digital benefits between developed and developing countries.

The exclusivity of national sovereignty and the openness of the international community while seemingly in conflict can be reconciled. On the one hand, the state must assume responsibility for emancipating minds, changing concepts, and promoting an objective and balanced understanding of the relationship between security and development. A state integrates into the international system by transferring some portion of its national sovereignty, while international connectivity and interoperability will deliver greater developmental opportunities, promote cultural exchanges, economic cooperation, and collaborative security efforts. Therefore, the relationship between the state and the international community is one of interdependence, which contributes to the unity of opposites.

On the other hand, from the perspective of the international community, Internet technology offers the promise of global interconnectivity. But as long as states exist, we cannot ignore national boundaries and national sovereignty. We ought to avoid the excessive pursuit of unregulated openness, in order to not cross a tipping point beyond which global cultural diversity is subordinated to a single dominant culture. Those states with great cyberspace capacity should take the initiative to bridge the digital gap and actively transfer and share cyberspace resources and management experience, restraining their impulse to use asymmetric means in pursuit of narrower and short-term, national interests. 

We would all benefit from more conjunction points of interest through one global network to help all the countries achieve economic growth, cultural prosperity, and security. This “interconnection and shared governance” is consistent with the spiritual essence of the Internet, as highlighted at the first Wuzhen Internet Conference in 2014. 

In conclusion, the relationship between development and security, freedom and order, openness and inclusivity are all sets of a static and dynamic balance. The competing demands of these three actors are not in absolute conflict, nor are they absolutely contradictory, though through a narrower lens they will show a certain degree of antagonism. Through the exchange of ideas and the evolution of perspectives, we can resolve many disputes.

Cyber Sovereignty

Although traditional sovereignty is naturally exclusive it must accept or at least consider a reasonable transfer of control in the era of globalization. Each state should carefully determine what elements of sovereignty it must retain and what can be transferred, and to what degree. 

The debate on cyber sovereignty is often over whether or not sovereignty in cyberspace should be an extension of traditional sovereignty.

As highlighted in President Obama’s speech, cyberspace is the fifth domain of conflict after land, sea, air, and space. In fact, both the United States and NATO have defined cyberspace as the fifth domain and as such have created cyber combat troops. Although there are different formulations of cyber sovereignty, countries still regulate their own cyberspace to protect against external interference and damage without exception at a practical level. Differences are not over whether or not we practice cyber sovereignty, but over which sectors cyber sovereignty will cover. States have different cyber sovereignty “pain points”, and the international community must respect and understand the different “pain points” of states.

One method is to examine the divisibility of cyber sovereignty using a layered approach, and identify which elements of sovereignty must remain exclusive, and which are transferable.

Diagram of the Three Perspectives Theory (Hao, 2016)


In the figure above, the bottom layer contains physical and technical infrastructures. The key at this layer is the pursuit of standardization to ensure interconnectivity. At this layer states should be willing to collectively transfer authority to the international community in the interest of standardization and interconnectivity. States with well-developed cyber capacity must take the initiative to extend standardization and connectivity to the less capable states; developed countries must share their expertise with developing countries to bridge the digital divide.

The middle layer represents various applications including the many Internet platforms in the real world that have integrated technology, culture, economy, trade, and other aspects of daily life. At this level, the degree of cyber sovereignty should be adapted to local conditions, with the aim to achieve dynamic equilibrium, multilateral, and multi-stakeholder joint administration, as well as balance between freedom and order.

The top which is the core level comprises regime, law, political security, and ideology, which needs evidence and includes the governing foundations (执政根基) and embodies the core interests of the country. Legitimate differences do exist between states as a result of unique national conditions, religious, and cultural backgrounds. Diversity is the norm of human existence and cannot be formatted according to any single culture and should be respected. 

At the middle and bottom layers of the triangle, cyber sovereignty can be transferred to a certain degree, allowing a greater number of stakeholders to participate in governance, leading to a multi-stakeholder governance model. At the top layer however, cyber sovereignty remains the remit of the government. According to the consensus affirmed by the United Nations Group of Governmental Experts “the right to make public policy on the Internet is part of a country’s sovereign role, and each country naturally has judicial power over the information conveyed by the domestic information infrastructure.” A basic premise for international cooperation is to respect countries’ choice of cyberspace developmental path and management model.

Comprehension of these three layers enables deeper understanding of the differences between multilateral and multi-stakeholder governance models. The two models do not conflict; they have different applicability in different areas and layers of cyberspace. With respect to ideology, policy, law, institutional and governmental security issues, national governments should maintain cyber sovereignty in multilateral governance, while foregoing certain elements of cyber sovereignty and accepting multi-stakeholder governance in other layers.

Resolving the Contradictions

Earlier we noted the apparent contradiction between cyber sovereignty and the unrestricted spirit of the Internet. There is no doubt that we live in one world with one cyberspace. Exerting limited cyber sovereignty is consistent with the spirit of the Internet; indeed cyber sovereignty is the necessary tool to help states participate equally in the global governance of the Internet, contributing not only to interconnectivity, but also shared responsibility.

We also noted the tensions between cyber sovereignty and cyberspace freedom. For example, developing countries who have erected firewalls as a result of facing the deteriorating security situation in cyberspace as a result of “color revolutions”. We would not expect any country facing the everyday threat of terrorist attacks to dissolve its armed forces. Likewise, we oppose any cyberspace power taking advantage of their national capability to traverse the firewalls put in place by other countries. As the cyberspace security situation improves, and with the deepening of mutual trust, maturity of democracy, and the development of technology, China will continue to improve its accuracy in blocking harmful information and will scale down the firewall. As we can see, the top level of the three perspectives theory covers the smallest area, and excessive expansion of or preoccupation with the top level is not conducive to achieving consensus on cyber sovereignty among other parties, which remains our ultimate objective.

With respect to the tension between multilateral and multi-stakeholder governance in cyberspace, advocating cyber sovereignty does not imply rejection of the multi-party or multi-stakeholder governance model. Governments are also among the multiple stakeholders: they should play appropriate roles in multi-party governance, but also respect and encourage other entities to participate in governance, including enterprises, non-governmental organizations, experts, and think tanks. Collectively we should prevent any stakeholder from excluding the participation of governments or denying governments’ appropriate role in key issues. At the core and application levels, the leading role of state governments must be ensured. When dealing with ideological, political, legal, institutional, and security issues the state role must be respected. The government must act fast before it is too late. It is obligatory for the government to assume the responsibility and decide when to let go or to control.

In the cyber era, cyber sovereignty can be characterized into layers. The core layer is inviolable, while the infrastructure and the application layers are characterized by shared transferability. The “color revolution” and public opinion chaos which are now more easily instigated through the Internet threaten a state’s core interests. State versus state abuse of Internet connectivity should be prohibited. The proportion of sovereign transferability to exclusivity is flexible and ever changing in response to the development of international rules.

Conclusion

Based on the principles of international law, cyber sovereignty should reflect national rights and responsibilities. A state should not reject or obstruct any other countries’ reasonable demands concerning sovereignty and global co-governance. Respect for cyber sovereignty is a prerequisite for international cooperation in this domain, and the basis for the construction of a beneficial cyberspace order. 

To understand cyber sovereignty in the context of globalization we need to break through the limitations of physical space and avoid binary oppositions. Instead, we should upgrade our vision to stand at the position of common destiny, and see the bigger picture, so we can scientifically reconcile the tensions between exclusivity and transferability to reach a unity of opposites. 

In the new time of cyber, the law of the jungle should give way to solidarity and shared responsibilities. Intolerance should be replaced by understanding. Unilateral values should yield to respect for differences while recognizing the importance of diversity.

Appropriate multi-stakeholder governance should not be opposed but we must not deny government’s proper role and responsibilities regarding major issues. The multilateral and multi-stakeholder models are complementary rather than exclusive. Governments and multi-stakeholders can play different leading roles at the different levels of cyberspace.

No comments: