Contrary to popular opinion, the Internet is not stateless. It is governed from the US.
The legal basis of this governance is surprisingly fragile. In a case of an international trade conflict spiraling out of control, the Internet could split into two (or more) pieces. This scenario is colloquially called “The Splinternet”. Can your enterprise survive it?
Wojciech Orliński, author of this article, works primarily as a journalist. Engaged in complex love&hate with technology. Author of a number of books, including a biography of Stanislaw Lem, the grand master of Polish science-fiction, and Paul Baran, Polish-born American engineer, who invented the basic design of the Internet. Since 1997 staff writer for “Gazeta Wyborcza” daily.
The Cyberspace that never was
In 1996, Internet activist John Perry Barlow published a very influential essay „A Declaration of the Independence of Cyberspace” - a misguided, silly, and naive vision of how the Internet works. Barlow introduced himself as a citizen (netizen) of the „Cyberspace, the new home of Mind”, and he appealed to the „Governments of the Industrial World”, the „weary giants of flesh and steel”, to leave the Internet alone, as the governments have „no sovereignty where we gather”.
He was wrong. Governments do have sovereignty over the Internet, and they always had.
When he wrote this manifesto, the Internet was governed directly by the US government, via the National Science Foundation. The federal government indeed was divesting itself from this ownership and finally in 1998 the Internet governance was transferred to a special entity, called the Internet Corporation for Assigned Names and Numbers, or ICANN .
ICANN is incorporated in California, USA - so obviously both the federal government in Washington, DC and the state government in Sacramento, California have sovereignty over its activity. Moreover, the first board of directors was personally nominated by the then-president of the USA, George W. Bush.
While the ICANN board is no longer nominated by the US government, it is still a US-based organization. The legal basis for its operation is a memorandum of understanding (MoU) between ICANN and the United States Department of Commerce.
This is not an act of Congress, not even a presidential executive order. A memorandum of understanding can be changed overnight in case of any, well, misunderstanding.
To sum things up: the Internet is governed by a body that was created by the US government, incorporated by the US government under California law, its first board was nominated by the US government, and while in 2016 the government declared ICANN free from oversight, there are no legal safeguards protecting this freedom.
Farewell to the Pax Americana?
You don’t have to be particularly anti-American to ask if it’s the right way to govern a network that was supposed to be global, free and open to anyone. And indeed, the current state of things has been widely criticized from the very beginning.
For an entrepreneur there is also another question to be asked: What happens to my business if some country declares its own independence, but this time for real? The authorities could simply refuse to acknowledge the ICANN’s governance and declare its own cyberspace free from any US interference.
Back in the 1990's this scenario seemed impossible. The US has just won the Cold War. Pax Americana seemed to be justified, eternal and unquestionable.
China was the only country taking its network sovereignty seriously even in the last century. The Chinese Internet is protected by a combination of a legal framework and a hardware and routing protocol, called „The Great Firewall” in the West and „The Golden Shield” in China.
Back in the day, the Chinese approach was considered an anomaly in the globalising world. In common opinion, China was supposed to open its cyberspace along with being more and more economically integrated with the democratic world.
In reality, the opposite happened. More and more countries consider going the Chinese way.
In April 2019, the Russian Duma approved a new law obligating the authorities to prepare the country for the full independence of Runet (Russian cyberspace). The law set a deadline for January 1st, 2021. However, Russian authorities have already boasted about a „successful test” of a country-wide Internet secession in December 2019.
Many other countries seem to be following the Chinese and Russian approach. Islamic countries are frustrated by the ICANN’s laissez-faire approach to pornography and the reluctance to introduce top level domains such as „.islam” or „.halal”. They are already banning popular pornographic websites on their own.
In 2017, Ukraine banned a lot of popular Russian websites and applications due to ongoing conflict over Crimea and Donbass. In September 2020, this ban was extended on Russian iOS applications, which are no longer available on the Ukrainian App Store.
In June 2020, after border clashes with China, India banned over 200 Chinese applications and services, including TikTok. Donald Trump announced his intention to ban two popular Chinese services in the USA. As of writing, the legality of this step is being tested by the courts of California.
Can you survive the Splinternet?
What does this mean for an entrepreneur? If your business relies on the Internet (and you must have a quite peculiar line of work if you don’t need email, online banking, or a website), you might one day find yourself locked out because of politics.
What happens to your business if, say, China, Russia and the Islamic countries declare independence from ICANN and anything governed by any US-based institution? This may not even be their own decision - they might themselves be locked out by an executive order of the president of the USA.
If you are based in Russia or China, and you trust your government, the core services (banking, email etc.) should still work just fine. Anyway, that’s what they declare.
However, if you are based in European Union, the only honest answer is: nobody knows. It was not tested.
Five or more years ago, the question of „digital sovereignty” was not treated seriously in democratic countries. Even the Snowden scandal was not the wake-up call we needed - it was discussed as if it was another Cold War spy thriller.
If China (or Russia, or Turkey, or India, etc.) goes offline, will your business go offline as well? This could literally be the million dollar question for your enterprise. And this could happen tomorrow - for certain leaders, it’s a matter of one good Twitter meltdown.
In some cases, the answer is very simple. If you are a professional TikTok content creator, you really should consider using some other platform as a backup solution. Notify your current fans where they can find you if TikTok disappears in their country.
In most cases it is mind-bogglingly complex. If you run a serious enterprise, you are probably using some cloud service provider. Did you ask them about their disaster recovery schemes? What happens to your data in case of war, coup d’etat, the Internet splitting into two (or more) separate networks, or an asteroid hitting Earth?
If your cloud provider avoids clear answers, it’s time to migrate. Seriously. The industry leaders, such as the Big Four: Amazon, Google, Microsoft, IBM, are more than willing to discuss all kinds of disaster scenarios.
For instance, Microsoft Azure has a very interesting approach of regional pairing the „main region” with a „disaster recovery region”. Let’s say you operate in Paris. Your region is therefore „France Central” and your disaster recovery region will be „France South”.
Should Godzilla enter Paris, then - ou la la, quel horreur!, but you can immediately restore your business from their backup location in Marseilles. As a rule, Azure regions are separated by at least 300 miles (even Godzilla couldn’t destroy them at the same time!), but they are also grouped by political connection.
Whatever happens in France, there will be no hard border between Paris and Marseilles. Regrettably, we cannot say this for sure about Dublin and Belfast, or even London and Glasgow, but “France South” seems a reasonable backup area for “France Central”.
Therefore, even if the Internet splits into pieces, if you are using Microsoft Azure, your data will most likely remain in one piece.
Choose your disaster scenario
Of course, the other „big four companies” also have their own BCDR („business continuity and disaster recovery”) solutions that might suit your particular needs. The Azure pairing is here only as an example.
There are numerous companies offering cloud testing, cloud audits, and cloud service comparisons.
The venerable research & advice company Gartner recently started to publish their own report on „Cloud Infrastructure & Platform Services”. Depending on the size on your enterprise, you should either download the general report (in a nutshell: Amazon Web Services gets the overall best ranking) or order a custom report just about your own company.
Your own in-house IT experts could also perform stress tests using publicly available tools. Some of them are even available for free and can be used to answer questions such as “how safe is my operation if I suddenly lose connection with a specific country”. But there are also IT security companies that will perform a specific check just for you.
Finally, many countries launched their own state-backed cloud services, guaranteed to work locally even if the whole world outside is out of reach. In Poland this service is aptly called “chmura krajowa” (“national cloud”).
If such a service is available in your country, you should consider it for your crucial backups. Should your country end up locked-out by the entire world, at least you will remain open for business.
Photo: Adrian Tync, Wikimedia Commons, Creative Commons license