Strengthening the backbone

Russians take part in the March for Free Internet in Moscow on July 23, 2017. (Mladen Antonov/AFP via Getty Images)

The digital realm, once heralded as a paragon of freedom and innovation, today faces existential challenges. The specter of accelerating fragmentation looms large over the internet as China, Russia, Iran, and other authoritarian countries wield their influence to reshape cyberspace according to their interests. The United States and its allies, meanwhile, seem to be lost in navel-gazing angst. This is not the time for self-doubt, however. The democratic world needs to double down on defending the internet as it was originally conceived: namely, a voluntary, collaborative, permissionless network of networks, one that all are free to join and build on and through which they can connect with the world. Defending this vision will require amping up the democracies’ diplomatic machinery – and honestly confronting the internet’s vulnerabilities.

The authoritarian alternative

Few people who use the internet today could imagine what life would be like without it. It has completely transformed the ways we communicate, conduct business, interact socially, and even think. (Why remember anything when you can Google it?) The internet’s decentralized nature and open architecture have been critical to stimulating unparalleled economic growth, cultural exchange, and entirely new forms of self-expression. Ever since China’s leadership came to understand the threat this openness poses, however, it has sought to build an ideologically secure alternative. And today it is increasingly helping others who seek to limit the free flow of information do the same.

China’s aggressive pursuit of cyber-sovereignty and digital authoritarianism poses not only a direct challenge to the principles of a free and open internet but an increasingly viable – and for some, attractive – alternative. Through state-sponsored cyberattacks, censorship, and surveillance, Beijing is accomplishing two goals: protecting its interests at home and exploiting the vulnerabilities of open systems abroad. From its Great Firewall to its expansive surveillance apparatus and so-called 50 Cent Army (ordinary citizens the government pays 0.5 yuan for each pro-government social media post), China’s model of internet control represents a clear and ongoing danger to the open internet as we know it.

That is especially so because China’s model is increasingly being emulated by other powerful states, most notably Russia and Iran. Like the Chinese Communist Party, for example, the mullahs in Tehran see the internet as a threat vector they’re determined to block. On the heels of the abortive Green Revolution in 2009 and the subsequent Stuxnet attack, which set back its nuclear weapons program, the Iranian government dramatically stepped up its efforts in 2010 to create a National Information Network: a domestic and “pure” internet that would safely uphold religious and revolutionary values. Since then, Tehran has managed to build a robust, internal, and stable intranet, which has only a single connection – through a government-controlled network – to the global internet. In times of domestic unrest, as during the Women, Life, Freedom protests in 2022, the state can block this connection, despite its importance as an avenue for transmitting financial payments, cutting the population off from the rest of the world while allowing domestic services to continue to function as normal. This system also provides the government the capacity to surveil and censor any information passing over its digital borders.

Russia harbors aspirations to build a system similar to China’s. So far, the sheer scale of Russia’s system – second in size only to that of the United States – has stymied President Vladimir Putin’s hopes. The Kremlin sees YouTube, for example, as both a benefit and a curse. Russia’s leaders don’t want to shut it down, because it’s the opiate of the people, but they can’t censor it effectively either.

President Putin isn’t sitting on his hands, however. Moscow is aggressively trying to solve its problem through innovation and technology, and it’s nearing a solution. Recent assessments suggest that Russia has figured out a new technical approach to secure centralized control of its highly decentralized network, via the large-scale strategic installation of “middleware boxes” throughout its system. Referred to as TSPUs, which is a Latinized acronym for a long Russian phrase that translates to “technical measures to combat threats,” these boxes are capable of blocking access to information using at least six different methods. While most countries, including China, focus their censorship efforts close to the domestic digital backbone, TSPU boxes have been deployed close to the end users. Analysis by Censored Planet in 2022 revealed that Moscow has deployed these TSPUs at incredible scale; across the Russian internet, most boxes are now just two hops away from end users. Despite being widely distributed, the system enables coordinated censorship across the entire country. It is also hard to evade. Modern VPN technology – the tunneling software that allows users in Russia and other authoritarian countries to access the open internet – relies on specific protocols to sneak past government barriers. If you block the protocol, the VPN ceases to work.

A worker cleans a surveillance camera in Nairobi, Kenya on January 18, 2019. (Yasuyoshi Chiba/ AFP via Getty Images)

Selling [in]security

Russia long lagged behind much of the autocratic world in its technical censorship capabilities, and it has not accomplished its recent rapid advances on its own. Analysis by the Russian independent media outlet The Insider indicates that TSPUs rely in significant part on components sourced from the Chinese firm Huawei. That helps highlight another threat facing the open internet: the prospect of China and Russia forming a commercial duopoly, a sort of “Digital Autocracy, Inc.,” to borrow and modify the writer Anne Applebaum’s apt phrase. (Applebaum’s original term refers to the broader effort of authoritarians worldwide to secure their regimes through vice, kleptocracy, and international money laundering.) The new Digital Autocracy, Inc. is a threat not only to the societies where it arises but to the citizens of all countries whose governments see such technology as an attractive way to enhance their security.

For years now, Huawei has marketed itself in Africa and elsewhere as the world’s most innovative security-first telecom firm. Of particular appeal is a program the company calls Safe Cities, which marries powerful surveillance equipment to equally sophisticated back-end monitoring. According to a recent report examining Ghana, Malawi, Morocco, Nigeria, and Zambia, these five countries alone are now spending more than $1 billion per year on such technologies. One researcher I interviewed in 2023 and who requested anonymity to discuss sensitive government deliberations recounted that the contracts being signed by these and other countries, including South Africa, allow Huawei to provide not just the equipment but also Chinese technicians who come to Africa to oversee the systems’ installation and stay on to monitor how well they work. (And, no doubt, report back to Beijing.) According to that researcher and others, in Kenya, the mere presence of the face recognition cameras and other surveillance technology in the streets of Nairobi has had a chilling effect on the citizenry as a whole. And to add insult to injury, the program doesn’t even work. The Kenyan government went to Huawei because it had a problem with violent crime and terrorism. But the violent crime rate in Nairobi today is higher than it was before Huawei’s Safe Cities system was deployed. Kenyans have lost their freedom with no meaningful gain in security.

Despite such problems, should China, Russia, and Iran manage to combine their technologies and offer them for sale to governments across Latin America, Africa, Asia, and central Europe, the temptation could prove too great for even putative democracies like Brazil or South Africa to resist. These societies are already facing deepening divisions over the concepts of liberty and freedom, and in each of them, the line is shifting toward the state. These new technologies could accelerate that shift, making it very difficult to reverse, and thus deepening what’s coming to be known as the splinternet.

A protestor holds a sign in Toronto, Ontario, Canada, on January 6, 2018. (Photo by Creative Touch Imaging Ltd./NurPhoto via Getty Images)

A hands-on approach

So what is to be done? The United States and other governments that care about democracy and an open internet need to go beyond sanctions to compete, commercially and diplomatically, with Digital Autocracy, Inc. A good first step would be finding ways to incentivize U.S. and European tech companies to deploy privacy-protecting security measures at scale. Such measures should be built and deployed to reinforce standards proposed by open-internet activist groups such as the Citizen Lab. Governments should also find ways to better leverage and strengthen the work of the 39-member Freedom Online Coalition, making its work more central and relevant to the online competition with authoritarian states.

One of the challenges the democracies have is that historically, the United States has been extraordinarily laissez faire and not given to interfering with the market when it comes to competition over so-called soft-power issues. In Africa over the past two decades, that has meant abandoning the field to those who don’t have such qualms, like China. This has also been true in other large markets in Latin America and Asia, including Brazil and India. Without the United States offering a true alternative, it’s tough to compete. As the old saying goes, you can’t defeat something with nothing.

To remedy this problem, the United States and its allies should engage more robustly with governments around the world to share ways they can meet their legitimate security needs without violating their citizens’ privacy. One part of that effort should include highlighting the bad experiences countries like Kenya have had with Chinese firms like Huawei. The West should also do more to evangelize the principles advocated by the Freedom Online Coalition and other like-minded organizations. All countries want to protect their people in the internet and AI age, but there are better ways to do it than risk handing over your citizens’ data to the Chinese government. The United States and its allies should educate other countries about the alternatives. They should also continue to provide subsidized financing to help poorer countries avoid turning to cheap Chinese suppliers like Huawei.

Next, Washington and its friends must continue to block efforts by China and its partners to shift control over the setting of internet standards from technical bodies, such as the Internet Engineering Task Force, to more political organizations, such as the U.N.’s International Telecommunication Union. Unlike IETF, the U.N. organization is made up exclusively of governments and excludes civil society and business, making it easier for Beijing to influence.

Finally, the United States should do more to ensure that American technology does not fall into the hands of bad actors. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has become an important tool to help enforce sanctions on countries like Iran and Russia. In recent years, for example, OFAC has made it increasingly difficult for Iran to secure the hardware it needs for various technological systems its government remains intent on developing. Despite these efforts, it has been reported that Russia’s new TSPUs include a number of U.S.-made parts. If that’s true, OFAC should explore whether any of the U.S. manufacturers are violating existing sanctions against Russia. If they’re not, advocacy groups should pressure Congress to ensure that those firms are covered going forward. The United States should also encourage friendly governments to require that their companies secure export licenses – or face sanctions themselves – before selling surveillance tech to known human rights abusers. Indeed, all countries should require that anyone applying for such a license conduct a human rights audit as part of the application process.

The defense of the internet is not merely a technical or geopolitical challenge; it has increasingly become a battle over the future of human freedom. As the world grows ever more interconnected and reliant on digital technologies, the United States and other democracies must lead the way in protecting the foundational principles that have made the internet a catalyst for progress and prosperity. The internet has not fulfilled the libertarian goal that many of its early pioneers hoped it would. And those pioneers did not adequately foresee the negative side effects that would emerge 35-plus years after the first connection was made. Nevertheless, the United States and its allies must defend what remains of the free and open internet and develop new regulatory and technical solutions that both protect privacy and democracy and enhance security. Only by doing so can they help shape a future in which the internet remains a truly global commons that is accessible to all and governed by the values that contributed to its founding: freedom, democracy, and human rights.