In what is sure to be the first of many cyberbattles, a clash of Internet civilizations is unfolding. The conflict has been hastened by the recent decision by the Federal Communications Commission to classify Internet service providers as public utilities, which effectively prevents cable and telecommunications companies from controlling Web content by blocking sites or auctioning off faster traffic speeds to the highest bidder.
Although FCC Chairman Tom Wheeler praised the newly approved policy on net neutrality for preserving a “fast, fair and open Internet,” there's more to it than meets the eye. That's because it fails to address the more important evolving Internet debate — how to manage the Internet as it becomes more intertwined with our daily lives.
This debate pits two opposing philosophies against each other — one pushing for the continued evolution of the Internet as an open information superhighway, the other asserting that the Internet's evolution needs to take more account of the many ways it is and will be used.
One side, represented by hardware and software technology companies, argues for steps, such as the recent FCC ruling, to ensure that the Internet remains true to its information-sharing roots. The other side, which includes companies that provide Internet services, are proponents of a vision that protects the emerging Internet, including the Internet of Things (IoT), which emphasizes connecting everyday objects to the Internet and allowing them to communicate with other devices.
Unfortunately these two views will become less compatible over time.
The Internet of today is largely an ungoverned space, a medium that evolved over nearly a half century with little or no central planning or overarching systems architecture. What little governance exists concerns the technical aspects of communications between computers, naming conventions and the movement of data. The few guidelines available for moderating Internet behavior are provided by international organizations such as the United Nations, individual nations and coalitions, and law enforcement organizations — all of which use policies adapted from other disciplines and rely on loosely agreed-upon norms rather than specialized cyberprinciples, regulations and laws.
Over time, cyberthreats have continued to expand and grow more complex. Hacktivism, including denial of service attacks and phishing, has become commonplace. State-sponsored hackers stealing intellectual property and cybercriminals absconding with financial and credit card data are increasingly demonstrating the vulnerability of the Internet. The threat mounts when you consider that hackers could gain access to the IoT, grabbing control of in-home devices or even automobiles. State- or terrorist-sponsored attacks have become a major concern, with an expanding list of examples that includes the massive Russian cyberattack that targeted Estonian government and financial systems in 2007, an attack in 2012 on the Saudi Aramco oil company that destroyed more than 30,000 computers, the 2013 North Korean cyberattack that paralyzed South Korean financial networks, and last year's massive breach at Sony Pictures Entertainment.
The lack of governance coupled with the broad and growing range of threats to the Internet will exacerbate this clash of civilizations. Today, an estimated 3 billion people use the Internet, and another 4.9 billion devices — the IoT — are reportedly connected. By 2020, the number of IoT connections is expected to be in excess of 25 billion devices. As more systems join the IoT, mundane information such as tire pressure in cars and the contents of refrigerators will reside in cyberspace as well as critical infrastructure control systems for utilities. Machine-to-machine communication will become by far the dominant form of information sharing on the Internet. And as the percent of individual users — actual people communicating — diminishes compared to the numbers of IoT users, this clash of Internet civilizations will become more pronounced.
As the Internet evolves from predominantly a means of information-sharing to an IoT platform, requirements for governance, privacy and security will grow as well. The cyberdomain originally designed for and optimized as an information-sharing platform will not be able to be reconfigured to equally satisfy the demands of the IoT. The very openness that has come to be associated with the original Internet will run headlong into the need for structure within the IoT. In such an evolution, backers of the information-sharing model will surely be dissatisfied with the turn away from openness, while IoT proponents will see an Internet that fails to meet their needs for governance, privacy and security.
Signs of the friction between these different views of the Internet are already apparent. Some nations, such as China, have started to discuss a Balkanization of the Internet, essentially an attempt to create contained networks to control the content available to its citizens. In a sense, the U.S. military already practices a form of Balkanization for several of its networks, which use commercial backbone communications circuits equipped with secure equipment to form classified networks.
Others have also begun to rethink certain aspects of the Internet, including decentralizing the way Internet service is provided to users. For instance, a recent Washington Post article notes that cities around the country have been interested in developing government-run Internet services that would be faster and cheaper to operate. The FCC has taken notice of these strides made by local authorities and has backed several cities seeking to get around cumbersome state laws and regulations that have prevented them from offering Internet services to their citizens.
As the Internet continues to evolve, neither those who seek a wide-open Internet, nor the IoT proponents and others who demand security and control will be entirely satisfied. To resolve this clash of Internet civilizations, these issues must be considered as part of a larger, more comprehensive effort rather than as a series of battles with individual resolutions. To do otherwise places both visions of the Internet at risk.
Daniel M. Gerstein works at the nonprofit, nonpartisan RAND Corporation. He was the undersecretary (acting) and deputy undersecretary in the Science and Technology Directorate of the Department of Homeland Security from 2011 to 2014.
This commentary originally appeared on Government Technology on April 9, 2015. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.