Neelie Kroes / Dec 2011
Vice-President of the European Commission, Neelie Kroes. Photo: European Union, 2011
The Internet offers new opportunities for the 21st century. The promise of economic growth for the future – as a sector already providing half our productivity growth. A platform for citizens to make their voices heard - for those in democracies, or those who would like to be. And limitless new possibilities for innovation - with ever more ways of interacting, communicating, sharing.
But there are challenges too. Online crimes like credit card fraud or phishing, attacks which seek to steal information or to disrupt systems: these things, or even the mere rumours of them, undermine confidence in the system and deter people from making the leap to new technology. Online crimes like grooming or the propagation of child pornography have very real offline consequences. And as our social, industrial and administrative structures become ever more dependent on cyberspace, there are those who would seek to deliberately disrupt or attack it — to destabilise, undermine or terrorise the essence of democratic society.
How should we react to these threats? We need to remember that the Internet is unique. First, it is universal and unified: every user, wherever they are, can in principle communicate with every other; while actions taken or not taken in one geographical region have impacts across the network. Second, it does not "belong" to governments: on the contrary, it belongs to as wide a range of stakeholders as it is used by – including businesses, civil society, and ordinary citizens.
Both of these features are positive, and the cause of the Internet's phenomenal success: they are what enables the Internet to promote the free exchange of ideas, and to be a tool for so many different needs. These unique and positive features should be protected, and full account must be taken of them.
But that does not mean we can ignore the risks that exist online, nor the legitimate responsibilities that democratic governments have to protect against them. Whether it is threats to security, crime, or protection of the most vulnerable: governments have the obligation to respond to this kind of thing, on-line as well as off. The fact that the Internet is unique and open does not mean it is lawless: citizens who go online are not mysteriously stripped of their rights, nor public authorities of their responsibilities. Those who commit crimes online should be held responsible; and states which initiate online attacks, or permit them to happen, need to be dealt with.
How do we achieve this balance?
There are some who want the Internet to carry on as it is, so it can continue to develop untrammelled and unconstrained. It is true that under this approach, so far, the Internet has become a huge success. But, in my view, we are no longer in that same world. As William Hague, chair of the recent London Cyberconference, put it: the future development of the Internet is now too important to be left to chance. No government can tolerate the risks of disruption or outright attacks on what has become a structural part of our economic and social framework.
Others think that the Internet can best be protected using the traditional instruments of relations between nation states. There may be some truth in this. After all, national security existed before the Internet; the language of diplomacy, peace and war can also be applied to new technologies. However, cyberspace is in many respects a very specific case; the Internet is so pervasive that it cannot be conceived of as a military arena. How can you tell the difference between a civilian and a soldier on the Internet? How do you locate where your attackers are operating from? Or if they are linked to a government?
We need to invent new codes and new approaches for Internet security. A rigid set of rules is not the solution here, partly because the Internet is so flexible and non-hierarchical, and partly because such rules would be too cumbersome to serve, with any degree of success, such a constantly evolving technology.
I think the way forward is some middle ground between these options: norms or principles for how the internet should be, which can be agreed globally. Principles, for example, ensuring that social and legal rights apply on-line as well as off; ensuring that the Internet is a place of safety and justice; and ensuring that the Internet remains a unified, unfragmented and inclusive whole, governed by an effective multi-stakeholder model.
Already we are seeing some movement towards such an approach; the G8, the UN and OSCE have already done some good work in setting out such principles. I myself set out my ideas in the form of a "Compact for the Internet" which I presented to the OECD earlier this year.
I am convinced that convergence of these ideas is essential: if we fail to act then we expose the technology to unacceptable, uncontrollable risks; if we go too far, the ecosystem will be crushed or shattered. Coordinated, international actions are important and timely if we are to protect the Internet as an engine of innovation and freedom across the world.