The Plot to Block Internet Freedom

Autocrats are trying to limit free speech online. Here's why we need to make sure they fail.

The Internet has created an extraordinary new democratic forum for people around the world to express their opinions. It is revolutionizing global access to information: Today, more than 1 billion people worldwide have access to the Internet, and at current growth rates, 5 billion people -- about 70 percent of the world's population -- will be connected in five years.

But this growth trajectory is not inevitable, and threats are mounting to the global spread of an open and truly "worldwide" web. The expansion of the open Internet must be allowed to continue: The mobile and social media revolutions are critical not only for democratic institutions' ability to solve the collective problems of a shrinking world, but also to a dynamic and innovative global economy that depends on financial transparency and the free flow of information.

The threats to the open Internet were on stark display at last December's World Conference on International Telecommunications in Dubai, where the United States fought attempts by a number of countries -- including Russia, China, and Saudi Arabia -- to give a U.N. organization, the International Telecommunication Union (ITU), new regulatory authority over the Internet. Ultimately, over the objection of the United States and many others, 89 countries voted to approve a treaty that could strengthen the power of governments to control online content and deter broadband deployment.

In Dubai, two deeply worrisome trends came to a head.

First, we see that the Arab Spring and similar events have awakened nondemocratic governments to the danger that the Internet poses to their regimes. In Dubai, they pushed for a treaty that would give the ITU's imprimatur to governments' blocking or favoring of online content under the guise of preventing spam and increasing network security. Authoritarian countries' real goal is to legitimize content regulation, opening the door for governments to block any content they do not like, such as political speech.

Second, the basic commercial model underlying the open Internet is also under threat. In particular, some proposals, like the one made last year by major European network operators, would change the ground rules for payments for transferring Internet content. One species of these proposals is called "sender pays" or "sending party pays." Since the beginning of the Internet, content creators -- individuals, news outlets, search engines, social media sites -- have been able to make their content available to Internet users without paying a fee to Internet service providers. A sender-pays rule would change that, empowering governments to require Internet content creators to pay a fee to connect with an end user in that country.

Sender pays may look merely like a commercial issue, a different way to divide the pie. And proponents of sender pays and similar changes claim they would benefit Internet deployment and Internet users. But the opposite is true: If a country imposed a payment requirement, content creators would be less likely to serve that country. The loss of content would make the Internet less attractive and would lessen demand for the deployment of Internet infrastructure in that country.

Repeat the process in a few more countries, and the growth of global connectivity -- as well as its attendant benefits for democracy -- would slow dramatically. So too would the benefits accruing to the global economy. Without continuing improvements in transparency and information sharing, the innovation that springs from new commercial ideas and creative breakthroughs is sure to be severely inhibited.

To their credit, American Internet service providers have joined with the broader U.S. technology industry, civil society, and others in opposing these changes. Together, we were able to win the battle in Dubai over sender pays, but we have not yet won the war. Issues affecting global Internet openness, broadband deployment, and free speech will return in upcoming international forums, including an important meeting in Geneva in May, the World Telecommunication/ICT Policy Forum.

The massive investment in wired and wireless broadband infrastructure in the United States demonstrates that preserving an open Internet is completely compatible with broadband deployment. According to a recent UBS report, annual wireless capital investment in the United States increased 40 percent from 2009 to 2012, while investment in the rest of the world has barely inched upward. And according to the Information Technology and Innovation Foundation, more fiber-optic cable was laid in the United States in 2011 and 2012 than in any year since 2000, and 15 percent more than in Europe.

All Internet users lose something when some countries are cut off from the World Wide Web. Each person who is unable to connect to the Internet diminishes our own access to information. We become less able to understand the world and formulate policies to respond to our shrinking planet. Conversely, we gain a richer understanding of global events as more people connect around the world, and those societies nurturing nascent democracy movements become more familiar with America's traditions of free speech and pluralism.

That's why we believe that the Internet should remain free of gatekeepers and that no entity -- public or private -- should be able to pick and choose the information web users can receive. That is a principle the United States adopted in the Federal Communications Commission's 2010 Open Internet Order. And it's why we are deeply concerned about arguments by some in the United States that broadband providers should be able to block, edit, or favor Internet traffic that travels over their networks, or adopt economic models similar to international sender pays.

We must preserve the Internet as the most open and robust platform for the free exchange of information ever devised. Keeping the Internet open is perhaps the most important free speech issue of our time.


National Security

China Is a Cyber Victim, Too

The reason we should listen to Beijing's complaints about U.S. hackers.

After years of silence, the United States has finally had enough of Chinese cyber-theft of trade secrets. American officials have repeatedly raised the issue with their Chinese counterparts in language that is increasingly frank.

When pressed in public or in private, Chinese officials usually respond in one of several ways. They argue that the cyberattacks are too hard to trace to know with any certainty who perpetrated them. They argue that the Chinese government can't be blamed because hacking is illegal in China. They claim that accusations of Chinese cyberattacks are just inventions intended to denigrate China. They out and out deny responsibility, pointing to the lack of solid proof. Finally, they make counteraccusations: As one Chinese spokesman explained to the Financial Times: "[A]s a late starter, China's internet is highly vulnerable and among the most victimised by cyber attacks. The latest figures show that in the past two months, 6,747 overseas servers were found to have controlled more than 1.9m mainframes in China with Trojans or botnets."

The first four of these defenses are relatively easy to dismiss. There is a decade-long history of Chinese cyber-meddling with many nations, not just the United States, which has been exceptionally well documented only to be offhandedly dismissed by Chinese officials. All modern militaries, including both the People's Liberation Army and U.S. forces, are seeking offensive and intelligence advantages through cyber-capabilities. In the face of the Department of Defense's relative transparency, Chinese denials make the PLA appear that much more culpable.

China's counteraccusations, however, demand a more detailed response. Typically these claims are a non sequitur to deflect criticism: "We couldn't be hacking you; we're getting hacked ourselves," as if cyberspace forced them to choose one or the other. For a decade, these pleas have been dismissed as the thin defense of the guilty. But there is a nugget of truth in Chinese counteraccusations. China not only has a cyber problem, it has a valid U.S. cyber problem -- and it's one that Secretary of State John Kerry appears to have agreed to address.

The Chinese press has reported that the websites of 85 public institutions and companies were "hacked" between September 2012 and March 2013, with 39 of those attacks traced back to the United States. During a similar period, Chinese authorities noted that there had been some 5,800 hacking attempts from U.S. IP addresses and that U.S.-based servers had hosted 73 percent of the phishing attacks against Chinese customers. Of the 6,747 computers controlling nearly 2 million botnets in China -- the ones the Chinese spokesman told FT about -- 2,194 were in the United States, "making it the largest point of origin of cyber attacks against China," according to Xinhua.

Perhaps oddly for Chinese statistics, these actually stand up to scrutiny: American cyberspace is one of the least secure online realms. The United States does indeed top the list of botnet controllers with 40 percent of the total tracked by cybersecurity giant McAfee; Russia accounted for 8 percent and China 3 percent. Other measurements show these nations grouped closer together, but the United States is clearly a leading source of attacks. For example, Akamai, one of the world's largest content-delivery networks, has observed that 13 percent of global attack traffic originated from the United States, though 33 percent came from China. Russia has the most malicious severs, with the United States ranking sixth; China doesn't make the top 10, according to HostExploit's latest quarterly report. After years of stories about U.S. military and intelligence cyber-capabilities, international audiences might see these statistics and agree with China that it is the Americans who are the troublemakers -- after all, they were the ones behind Stuxnet.

But China's claims of victimhood sometimes get a better hearing than they should. Western newspapers can appear balanced by reporting that each side is "trading barbs" or "exchanging allegations," while the Chinese nationalist press can assert that "the US' exaggerations of the threat posed by Chinese hackers are aimed at creating an environment to accelerate its capability to carry out a cyber war." Such messages are part of a campaign aimed squarely at the non-aligned countries, which have long worried about U.S. hegemony, including in cyberspace. It is a message that is winning adherents.

Yet U.S. cyber-operations are extremely different from their Chinese equivalents and cannot be compared in the way the Chinese suggest. When the U.S. military or intelligence community conducts cyber-operations, they are quiet, coordinated, exceptionally well targeted, and under the strict control of senior officers and government executives. Lawyers review every stage. Even Stuxnet, though it was a breathtakingly sophisticated and brazen attack, was so tightly controlled that, when it escaped its target network, it caused no disruption. The White House keeps a close hold on cyber-operations through senior executives, generals, and political appointees throughout the bureaucracy.

Chinese espionage, by comparison, is under no such control. As in other areas of Chinese society, the People's Liberation Army and state-owned enterprises are subject to little oversight and feel little need to coordinate their actions. Recently, one colleague that works for a specialized incident-response firm reported finding as many as seven different Chinese espionage groups operating in the same network, all sending information back to different masters. Few, if any, senior party officials care to rein in activities helping domestic companies (and probably lining their own pockets) by stealing foreign intellectual property.

Yes, the United States may be addicted to using cyber-operations as a cheap and easy way to disrupt adversaries and gain intelligence, but this has absolutely nothing to do with the nation being a home for phishing sites, malicious software, and botnet controllers. These are purely criminal matters, as juveniles, organized-crime groups, and others use U.S. servers to host their felonious attempts to disrupt, blackmail, defraud, spam, and annoy the rest of us. The United States has so many computers and so much of the Internet's underlying infrastructure -- with perhaps 500 million hosts compared to 20 million for China -- it is not surprising that so many criminal attacks originate or pass through here.

Still, the United States can and should clean up its own act -- not because of any Chinese finger-pointing, but because it serves our commercial and societal interests, and because it's the right thing to do. If an attack is coming from here, there is a good chance it's because an American citizen is a criminal or because a citizen's computer or network has been taken over by foreign criminals. Either way, the U.S. government has the obligation to stop it. Yet while in Beijing, I have heard Chinese cyber-crime officials say they have asked the United States for help that never comes.

That's why it's good that Secretary Kerry just announced a joint U.S.-China working group to tackle cyber issues. In this group, American officials should shout loudly, but they should listen, too -- ask for details and hunt down the perpetrators using the resources of the Department of Homeland Security, the Department of Justice, and the FBI. Not only will cleaning up our own Internet improve cyberspace for us, it will provide a chance to shift the U.S.-China dynamic. At present, the conversation is mostly one-sided, with senior American officials berating their counterparts. Taking action on valid Chinese criticisms may help develop this into an actual conversation.

Moreover, many leaders around the world are confused about U.S. intentions in cyberspace, and concerned that, in light of Stuxnet and Cyber Command, the United States is preaching "do as I say, not as I do." If the United States were to publicly respond to Chinese counteraccusations, it could regain the high ground and demonstrate the difference between the two countries' approaches to cyberspace. The United States is committed to an open and global Internet, while China pushes a darker vision with strong national borders cutting out any objectionable material.

U.S. officials must continue their campaign to convince the Chinese leadership to reduce cyber-espionage. It may seem like tilting at windmills, but it is the right policy and long overdue. But China has some legitimate concerns also, which are in America's own interests to resolve (and be seen resolving) and the new joint working group provides the perfect opportunity. In any relationship, there is room even in the most heated argument for both shouting and listening.