Cyberspace and International Relations
Toward an Integrated System
Nazli Choucri, David Clark
Version 8-25 for internal ECIR review, August 2011
1. Introduction ............................................................................................................................................... 2 2. Transformation in International Relations: The “Old” and the “New” .......................................................... 3 2.1. Changes in Traditional International Relations ..................................................................................... 4 2.2. Cyberspace and The “New” International Relations:............................................................................. 5 3. The Layers of the Internet in Cyberspace...................................................................................................... 8 3.1. A four layer model................................................................................................................................ 9 3.2. Looking at the layers .......................................................................................................................... 10 The bottom layer—the physical properties ...................................................................................................... 10 The logical layer................................................................................................................................................. 10 The information layer........................................................................................................................................ 11 The top layer—The Users .................................................................................................................................. 12 Layers in context ............................................................................................................................................... 13 3.3. Cataloging the actors and functions.................................................................................................... 13 Those who create and operate the Internet ..................................................................................................... 14 Suppliers of hardware and software ................................................................................................................. 15 Governance ....................................................................................................................................................... 17 3.4. The limits of the layered model .......................................................................................................... 19 4. The Levels of Analysis in International Relations ........................................................................................ 20 4.1. The Individual – New Power and Influence ......................................................................................... 21 4.2. The State System – New Security Dilemmas ....................................................................................... 22 4.3. The International System – New Density of Decision Entities.............................................................. 24 4.4. The Global System – All Encompassing Commons............................................................................... 26 4.5. The Limits of the Levels Model ........................................................................................................... 27 5. The Integration Challenge .......................................................................................................................... 28 5.1. An Integrated System ......................................................................................................................... 28 Wikileaks ........................................................................................................................................................... 29 Network neutrality ............................................................................................................................................ 29 Competition policy and monopolies ................................................................................................................. 30 Pakistan and Youtube........................................................................................................................................ 30 Spam.................................................................................................................................................................. 30 Fueling Revolution............................................................................................................................................. 31 5.2. Institutions in the matrix .................................................................................................................... 31 5.3. Some results of the integration approach........................................................................................... 32 6. Conclusions................................................................................................................................................ 33 6.1. Recognizing the Private Sector ........................................................................................................... 33 6.2. Mobilization Mechanisms .................................................................................................................. 35 6.3. Integrated Norms & Principles............................................................................................................ 35 6.4. Co-­‐Evolution Dilemma........................................................................................................................ 35 6.5. Capturing Gains of Integration .............................................................................................. 37 This work is funded by the Office of Naval Research under award number N000140910597. Any opinions, findings, and
conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of
the Office of Naval Research. This is a draft subject to revision. Please contact authors for latest version and citation status.
1. Introduction Almost everyone recognizes that cyberspace is a fact of daily life. Given its ubiquity, scale and
scope, cyberspace — including the Internet, the hundreds of millions of computers it connects,
its management, and the experiences it enables – has become a fundamental feature of the world
we live in and has created a fundamentally new reality for almost everyone in the developed
world and rapidly growing numbers of people in the developing world.
Until recently cyberspace was considered largely a matter of low-politics – the term used to
denote background conditions and routine decisions and processes. By contrast high politics is
about national security, core institutions, and decision systems that are critical to the state, its
interests, and its underlying values. Nationalism, political participation, political contentions,
conflict, violence and war are among the most often cited aspects of high politics. But low
politics do not always remain below the surface. If the cumulative effects of normal activities
shift the established dynamics of interaction, then the seemingly routine becomes increasingly
politicized.
Cyberspace is now a matter of high politics. The new practice of turning off the Internet during
times of unrest in various countries, the effective leakage of confidential government documents
on Wikileaks, the cyber-attacks that accompanied recent events in Georgia and Estonia, and the
use of cyber-based attacks to degrade Iran’s nuclear capabilities all illustrate that state actors
cannot ignore the salience of cyberspace and its capabilities. We see many incidents of power
and politics, conflict and competition, violence and war – all central features of world politics –
increasingly manifested via cyber venues. Cyberspace has created a new reality that is a source
of vulnerability, a potential threat to national security, and a disturber of the familiar
international order. So critical has cyberspace become that the United States has created a Cyber
Command in the military in recognition of potential cyber threats that can undermine the security
and welfare of the nation.
Many features of cyberspace challenge contemporary international relations theory, policy and
practice. It has created new puzzles for traditional understandings of international relations with
respect to leverage and influence, power and politics, borders and territorial boundaries and
national security – as well as a host of other concepts and their corresponding realities.
Cyberspace changes and evolves rapidly, and these changes have occurred faster than our ability
to fully appreciate their significance. The result is a powerful disconnects between 20th century
international relations and the realities of the 21st century. The challenge is to reduce this
disconnect, connect cyberspace and the conventional venues of international relations, and help
create the fundamentals for aligning international relations theory, policy, and practice with the
emergent complexities of the 21st century. This paper is a first step in meeting this challenge.
We proceed as follows:
First, we will elaborate our claim that the focus and scope of international relations must change.
We will catalog some recent transformations in traditional international relations and the
complexities that these create. We will then turn to some notable changes in the traditional
landscape created by the cyberspace and the expansion of cyber access.
Second, we will develop a candidate framework that will allow those with background in
international relations to understand and reason about cyberspace. Cyberspace is mysterious,
2
technical, and complex. To provide some structure and decomposition to the phenomenon, we
will exploit a model familiar to technologists: a layered model of cyberspace. We will use
layering to describe both the technology itself and the actors that make and shape it, and the
functions they perform.
Third, we will then consider cyberspace using a framework familiar in international relations, a
levels of analysis perspective -- the individual and the aggregates, the state and non-state actors,
the international system and its components, and the overall global system. We will propose
extensions and modifications to this perspective necessary to integrate the important aspects of
cyberspace into the overall fabric of international relations.
Next, building on the above, we will attempt to tie these two frameworks together-- connecting
the levels of analysis in international relations, with its actors, levers, and actions, and the layers
of the Internet. In so doing we address the empirical features located at the intersection of levels
and layers. Then, using the cyber framework (layering) and the international relations framework
(levels of analysis) we will illustrate with selected examples how many issues that arise in
cyberspace affect the state and its interests. These illustrations help us understand the
connections between cyberspace and international relations and provide the foundations for an
“integrated model” of the two domains.
We conclude with the proposition that this integration is shaped by the co-evolution of
cyberspace and international relations, which, in turn, points to inevitable struggle and tension
between the dominance of the private sector and its operational private order on the one hand,
and the rights of the state and the principle of sovereign rights on the other. As our examples will
illustrate, to understand the relation between the public and the private sectors, we must look at
the range of actors that have emerged to use the Internet and to shape it. The behavior of actors
and entities will be shaped by their capabilities, interests and priorities and. as well as by their
perceptions and assumptions. Our goal is to provide a framework in which to position these
actors, and as well the issues over which they contend.
In theory and in practice the interconnection among these dual dynamics create forms of coevolution that point to a future of increasing interconnections rather than one of autonomy and
independence. The 21st century is inevitably shaped by the complexities of this interdependence
and the various shapes that it might assume over time.
2. Transformation in International Relations: The “Old” and the “New” We begin with a brief sketch of the traditional international system – the world of the 20th
century – and highlight some of the changes in the “old” system, before the emergence of
cyberspace. Then we turn to the “new” changes in the international system created almost
entirely by the salience of cyberspace and its growth and expansion since the end of the 20th
century.
3
2.1.
Changes in Traditional International Relations By definition, the traditional international system consists of interactions among sovereign states.
The organizing principle, sovereignty, is the anchor upon which the entire system rests. Also by
definition, all other actors and entities are derivative, legitimized at their origin by the state. At
the end of World War II there were 55 sovereign states. Today there are more than three times
that number. The state remains the dominant actor but it is increasingly subject to pressures from
non-state actors of various types.
The traditional systems of 20th international relations – such as those with bi-polar, multi-polar,
or uni-polar structures, and generally characterized by hierarchical power relations – have
gradually given way to new structural configurations characterized by different types of
asymmetries and relatively weak hierarchy, if any. New asymmetries and their complexities are
already taking shape, replacing the well known “vertically-organized” structures of power and
influence.
Among the important legacies of the twentieth century are the end of the Cold War, the
consolidation of the United States as the only “hegemony” and the growth in the number of
sovereign states (some due to the decolonization process, others to the breakup of the Soviet
Union, and still others by common consensus), all with new claims on the international
community. There are new regional centers of power with new political aspirations, and new
competitions on a global scale. In addition, the evolution of new norms and the proliferation of
international and organizations – with diverse functions and responsibilities to facilitate
development and sustainability – provides a legitimate basis for intrusion and influence deep into
the structure of the state system.
We have seen the expansion of private and public interests coupled with the creation of new
markets, and innovative practices that create overlapping spheres of influences and ever-fluid
“playing fields” – each governed by distinctive rules and regulations – making it ever more
difficult to understand and track the various systems of interaction. The commensurate repositioning of private and public interests, economic and political, is expanding the role of the
private sector in almost all parts of the world and on almost all issues. In some cases we observe
something akin to different entities behaving as if they were competing “sovereignties” seeking
to expand their control and establish their legitimacy within and across the same territorial
domains.
Various types of non-state actors – such as those focusing on development assistance and
humanitarian needs, religious groups, those with various ideological or political agenda, and the
like – seem to be growing faster than our ability to track and assess their roles and
responsibilities, constraints and contributions, as well as threats and vulnerabilities. Each shapes
and is shaped by its own system of interaction, with its rules and expectations the nature of
which are contingent on its dominant organizing principle. For example, for-profit and not-forprofit entities operate under different principle of interaction. The same holds for legal versus
illegal entities. The vulnerabilities also differ, anchored in their basic raison d’etre. For example,
we are familiar with the potential disruptions in the world oil market – almost entirely managed
by the private sector – and the role of the state in response to interruptions in the flow of
petroleum upon which modern economies depend. Each of the private and the public entities
operate within their mandated systems of interaction, and in this example, their spheres of
interests and activities are converging if not overlapping, due to the exigencies of the situation.
4
We have also witnessed changes in the nature of conflict and war in all parts of the world. Large
scale war among major powers no longer seem likely, but we have seen the state seeking to
retain control in its efforts to contain or prevent the evolution of new types of conflict and
violence with varying degrees of formal organization. For example, wars for national liberation
from colonial rule have gradually been superseded by conflicts waged by non-state actors,
expansion of civil conflicts, and a wide range of terrorist initiatives. Conflicts between major
powers over spheres of influence are replaced by contentions over control of these spheres by
various local entities. (Afghanistan is a good case in point). All of the foregoing are important
because they points to shifts in the dynamic nature of international relations and the various
complexities (even at this level of aggregation and simplification) that call for methods of
understanding, separating the wheat from the chaff.
Not to be overlooked is the important added legacy, namely the introduction of the
environmental domain into the political and social discourse at all levels of decision. While still
considered largely in the domain of “low politics” even when they contribute to conflict and
violence, environmental factors are increasingly shaping twenty-first century realities. Toward
the end of the 20th century we saw a gradual appreciation of the unintended consequences of
economic growth as the prime target for all future developments, and a shift toward a quest for
“sustainable development” – an improvement in the human condition devoid of the most
damaging byproducts of growth. The potential for sustainability is now a central feature of the
international agenda.
In sum, each one of these changes in traditional international relations is embedded in its own
situational context and is important in its own right. Jointly they are fundamental features of our
world today. More specifically, they have created pressures on the established forms of
international interactions and the traditional mechanisms of assessing threats and framing
responses. The important point is this: none of these powerful shifts are due to the construction
of cyberspace nor are they contingent on the expansion of cyber venues or the increase in cyber
access. But together they constitute the context within which the construction of cyberspace has
already contributed to new and unprecedented shifts in power and influence, and forged new
types of threat and new forms of vulnerability.
If we take into account the salience of cyberspace – especially the dramatic expansion of cyber
access in all parts of the world, the growth in “voicing” and cyber participation, or the new
opportunities provided by uses of cyber venues – then we can appreciate that the world is now
much more complex than had ever been envisioned earlier. The new cyber domain has provided
for simpler multiplier effects or enablers of power and influence; it has become the critical driver
of the ongoing re-alignments in power and influence, as well as the mechanisms through which
different actors at different levels of analysis pursue their objectives. Most important of all,
cyber venues have assumed constitutive capabilities of their own.
2.2.
Cyberspace and The “New” International Relations: We now turn to some “new” features of international relations, those due almost entirely to the
construction, growth, and expansion of cyberspace. Many of these features are already
influencing if not challenging tradition in the theory, policy, and practice of international
relations. We shall also point to notable shifts and political re-alignments to date. Of the many
changes triggered by the expansion of cyber venues, the following are rank among the most
important implications of cyberspace as a new domain of interaction.
5
One: Technological innovations aside, the single most fundamental features of this new reality is
the dominance of the private sector in an international system defined by the principle of
sovereignty and shaped by the demands and capabilities of sovereign states. In many if not most
countries, cyberspace is organized, managed, and maintained entirely by private sector entities.
Specifically, the Internet is constructed and operated by private sector actors (Internet Service
Providers) located in various legal jurisdictions and minimally regulated in many contexts. The
computer industry and the content industries are all private sector activities. The standardization
and governance of the Internet is carried out by organizations such as the Corporation for
Internet Assigned Names and numbers (ICANN) and the Internet Engineering Task Force
(IETF), which are to some greater or lesser degree private actors. With cyberspace governance
defined more by areas of responsibilities and less by traditional principles of accountability,
these institutions have assumed considerable power derived from their unique and unprecedented
functions and “location” in the overall cyber domain. At this point, the entire cyber system rests
on the integrity and effectiveness of their performance – and increasing their legitimacy as well.
Two: The major actor that constitutes and defines international relations – the state – is not able
to control the cyber domain or to insulate itself from the implications of the new cyber realities.
There are unmistakable new challenges to national security, with new sources of vulnerability
(cyber threats), new dimensions of national security (cyber security), and new sources of fear and
uncertainty. Cyber threats to national security include the militarization of cyberspace, cyber
threats to critical infrastructures, various types of cyber crimes and espionage, and other broad
issue. These are generally labeled after their manifestations in the physical domain (often termed
“real” in contrast to virtual) despite the fundamental differences in action, transmission
mechanisms, and overall configuration. Concurrently, we see the growing use of cyber venues
by non-state groups whose objectives are to undermine the security of the state or to alter its very
foundations. Recent Wikileaks episodes showed in unambiguous ways the politicization and
disruptiveness of cyberspace. Responses varied across the international landscape, but in general
most if not all countries viewed this episode as a threat to their sovereignty and to their security
and are becoming more and more aware of their own vulnerabilities.
Three: The increasing evidence of cyber threats to security reinforces the politicization of
cyberspace and its salience in emergent policy discourses. Among the problems today with
security is that we have as yet no full understanding of the sources of threat, the venues, or the
targets; we have no common agreement on the concept of “security” itself; and there is no single
entity with the scope and legitimacy required to exercise authority and control in a domain
whose parameters are not fully known and hardly controllable. As a result, the tendency is to
draw upon known measures and recombine them in arguably more effective ways. In the United
States, for example, the Patriot Act adopted by the Congress in response to the tragic events of
September 11, 2001, included provisions enabling the government to monitor Internet
communications without obtaining prior permission from the Justice Department. President
Obama’s Sixty Day Review of the cyber situation in early 2009 also recognized vulnerabilities
and was designed to bring cyberspace into the policy domain.
Four: New types of asymmetries -- notably the extent to which weaker actors can influence or
even threaten stronger actors (such as press reports of anonymous penetration-incidences of the
US government computer systems) -- has little precedence in world politics. At the same time,
however, such asymmetries may actually point to the emergence of new symmetries (such as the
ability of a weaker actor to penetrate the computers of stronger actors). In either case, we are
6
witnessing a potentially powerful shift the nature of the game, especially when the actors are
state-based as well as non-state entities. The increased influence of the latter may well
undermine the sanctity of sovereignty as the defining principle for the international system.
Five: The creation of new actors—some with formal identities and others without – and their
cyber empowerment, is altering the traditional international decision landscape in potentially
significant ways. More specifically, growth in the number of actors increases the density of
decision-entities -- each with new interests and new capabilities to pursue their interests -- and
thus increased potentials for intersections in spheres of influence, with possibilities for new and
different types of contention and possible conflict. Among the new non-state entities are
commercial entities, creators of new markets, proxies for state actors, cyber-criminals (generally
too varied to list and too anonymous to identify); and not-for-profit actors (faith groups,
international interest groups, agenda setters etc), and the anonymous actors – “good” and “bad”
as the case may be -- whose anonymity itself conflicts with traditional principles of
international interactions. All of this suggests that the effectiveness of traditional policy tools
and responses crafted to deal with state-to-state interactions in a geopolitical world -- with
known threat-actors and an arsenal of expected diplomatic or military responses – remains
unclear.
Six: The growing contestation of influence and control over cyber venues between the new
institutions established to manage cyberspace (ICANN, IETF and others) and the traditional
international institutions, (such as the International Telecommunications Union (ITU) or other
United Nations organizations) creates new tensions of legitimacy and responsibility, which
further complicates the already thorny issue of international accountability. International
organizations are drawing on their established legitimacy -- based on their traditional mandate
and legal status buttressed by sovereign support -- to influence the private sector. Often such
contestations are reinforced by ambient stress as some (developed) states object to what they
regard as excessive American control over cyber management, and other (developing) states seek
influence in the international management structures already in place, traditional as well as new.
Seven: Various types of cyber conflicts (between and within states, of known as well as
unknown identity and provenance) are becoming apparent, with the potentials for new modes
and manifestations thereof, many of which contaminate the traditional calculus of conflict and
cooperation and its assumptions that are anchored in the physical domain, largely derived from
the historical experience of major powers, and based on the assumptions that the military
instruments of power dominate, the identity of the contenders are known, and that, in the last
analysis, “might” can be relied upon to make “right”, and so forth.
Eight: Concurrently, we are also observing different modes of cyber collaboration in the effort
to reduce uncertainty and introduce some measure of order in an “environment” that is
increasingly perceived as “anarchic”. Among the most notable initiatives is the development of
Computer Emergency Response Teams (CERTS), a loose network of organizations in different
parts of the world seeking to take stock of, and reduce, breaches of cyber security. Overall, these
are largely emergent in nature as sovereign states explore the various political and operational
possibilities. Another important development is the Cyber Crime Convention, but there are as yet
no such initiatives that span the entire domain of cyberspace.
7
Nine: There is a new cyber-based mobilization of civil society (the aggregations of individuals
in their private capacity as well as organized elements of the private sector) and its potential
empowerment across jurisdictions and in all parts of the world.
Ten: The intersection in spheres of influence – with the private sector managing order in
cyberspace and sovereign authority managing order in the traditional domain worldwide –
provided much of the rationale for organization of the first World Summit on the Information
Society. In part to avoid contentions over power and legitimacy, WSIS was conceived as a highlevel, inclusive and overarching meeting of all relevant entities and interests -- organized under
the auspices of the state system in international relations
These are some of the more obvious influences of cyberspace in international relations. While
the proverbial skeptic will argue that “plus ca change, plus c’est la meme chose”, it is difficult to
envisage a world in which we can effectively “roll back” any one of these factors to their pre2000 status. More to the point, cyberspace has become a significant component of international
relations, an increasingly endogenous feature of world politics.
We now offer a model that gives more structure and form to cyberspace. In doing so, we hope to
give a tool of analysis for international relations and to illustrate in more detail some of
cyberspace’s salient features.
3. The Layers of the Internet in Cyberspace Because it is the connected nature of cyberspace that gives it its distinct character—not just that
computing is now widespread but that essentially all computing is connected together by a
common network, we will use the Internet as the central component of our analysis. But we
stress that computing, both at the edges (personal computing) and in the core (including the socalled “cloud computing”), as well as sensors, embedded processing, and the cellular world are
all necessary parts of cyberspace – as are the institutions that govern the standards, operational
norms, and attendant requisites.
In general terms, most scholars and practitioners share a working concept of cyberspace—it is
the collection of computing devices connected by networks in which electronic information is
stored and utilized and communication takes place1. Another way to understand the nature of
cyberspace is to articulate its purpose, which we will describe as the processing, manipulation
and exploitation of information, the facilitation and augmentation of communication among
people, and the interaction of people and information. Both information and people are central to
the power and venues of cyberspace.
If we seek a better understanding of the overall “nature” or configuration of cyberspace, one
approach is to identify its salient characteristics. A catalog of its characteristics may be more
useful than a list of competing definitions. To simplify, we put forth a four layer model.
1
The term was coined by a science fiction writer, William Gibson, and popularized in his book Neuromancer
(1984).
8
3.1.
A four layer model In this paper, we will attempt to characterize the core of cyberspace, starting with the character
of the Internet and all of its constituent features and support mechanisms, using a model with
four layers, as shown in figure 1. We focus on the Internet as we introduce this model, but it can
be used as well to characterize other aspects of cyberspace, such as computing platforms and
other sorts of networks. From the top down, the important layers are:
•
The people – that is, the users and constituencies of cyber venues who participate in and
shape the cyber-experience—who communicate, work with information, make decisions
and carry out plans, and who themselves transform the nature of cyberspace by working
with its component services and capabilities, and by making direct and indirect demands
for the construction of new functionalities.
•
The information – in its various forms and man infestations -- that is stored, transmitted,
and transformed in cyberspace.
•
The logical building blocks that make up the services and support the platform structure
of cyberspace.
•
The physical foundations that support the logical elements, the fundamental physicality
that enables the “virtual” manifestations of interactions.
Figure 1: The layers of cyberspace, and their key attributes.
9
Computers in isolation would not constitute what we are describing as cyberspace. It is the
structure of interconnections that makes cyberspace—interconnections that affects all the layers
in this model and, therefore, involve and potentially influence (and sometimes alters) all the
actors and functions of each layer. For this reason, we start with the Internet as a subject of
analysis.
While one can consider these layers in isolation, this decomposition will not lead to an overall
understanding of the cyberspace we describe here. While it is common practice today to
associate cyberspace with the Internet, with its particular approach to interconnection, there
could be many alternative cyberspaces, driven by different visions and principles at different
layers and defined (created and constructed) by different approaches to interconnection. Indeed,
in The Victorian Internet2, Tom Standage argues that the mode of interconnection created by the
telegraph was as transformative in its time as the Internet is today. But the structure (and the
structural implications) and the scale and scope of use (and users) of the telegraph and the
Internet could not be more different, as we will show below.
3.2.
Looking at the layers The bottom layer—the physical properties The foundation of cyberspace is the physical layer—the physical devices out of which it
is built. Cyberspace is a space of interconnected computing devices, so its foundations are PCs
and servers, supercomputers and grids, sensors and transducers, and various sorts of networks
and communications channels. Communications may occur over wires or fibers, via radio
transmission, or by the physical transport of the computing and storage devices from place to
place. The physical layer is perhaps the easiest to grasp; since it is tangible, its physicality gives
it a grounded sense of location. Physical devices such as routers or data centers exist in a place
and thus sit within a jurisdiction. Some physical components, such as residential access
networks, are capital-intensive, and the industries that produce them are as much construction
companies as telecommunications companies.
The logical layer The physical foundations of cyberspace are fundamental—cyberspace is a real artifact build out
of real elements, not a fantastical conception without any physical grounding. But the nature of
cyberspace—its strengths and its limitations, derive more from the decisions made at the logical
level than the physical level. The Internet, for example, provides a set of capabilities that are
intentionally separated or divorced to a great extent from the details of the technology that
underpins it.
The decisions that shape the Internet arise at the higher layer—the logical layer where the
platform nature of the Internet is defined and created. If one wants to understand why some of
the Internet vulnerabilities exist—why it allows phishing or denial of service attacks, for
example, it is correct but not very useful to point out that computers and communications are
subject to the laws of physics. It would have been possible to build a very different Internet
within the constraints of the same physics.
2
Standage, Tom. The Victorian Internet. Berkley Trade (October 15, 1999)
10
Within the logical layer of the Internet, we see a series of sub-layers that each provide services to
the next sub-layer above. Low-level services include program execution environments,
mechanisms for data transport, and standards for data formats. The basic transport service of the
Internet, which moves packets of data from a source to a destination, is an essential element of
this lowest sub-layer of the logical layer. Out of these low-level components and services are
build applications, such as a word processor, a database or the Web. In turn, by combining these,
more complex services emerge. For example, by combining a database with the Web, we get
dynamic content generation and active Web objects. On top of the Web, we now see services
such as Facebook that are themselves platforms for further application development.
The nature of cyberspace is the continuous and rapid evolution of new capabilities and services,
based on the creation and combination of new logical constructs, all running on top of the
physical foundations. Cyberspace, at the logical level, is thus a series of platforms, on each of
which new capabilities are constructed, which in turn become a platform for the next innovation.
Cyberspace is very plastic, and it can be described as recursive; platforms upon platforms upon
platforms. The platforms may differ in detail, but they share the common feature that they are the
foundation for the next platform above them.
The layer model we have presented here does not automatically lead to the emergence of the
Internet as we know it. One could build a very different system by taking a different approach to
the logic of interconnection. Using the same sorts of physical elements, one could design a
closed, essentially fixed function system such as an air traffic control system. Earlier examples of
interconnected systems tended to have this character—fixed function and closed; the telegraph
and the early telephone system had this character. Both these systems predate the computer, and
indeed predate essentially all of what we call electronics—not just the transistor but the vacuum
tube and the relay. Prior to the invention of those elements, it was not possible to design a system
with the generality, complexity and modularity of the Internet. It is the interconnection that
makes cyberspace, but it is the programmability and generality of the computer that makes
possible the flexible logical structure we are associating with cyberspace.
The drive for increased productivity and comparative competitive advantage shapes many
aspects of cyberspace as we see it, but most particularly it drives toward a characteristic that
allows for rapid innovation, new patterns of exploitation and so on. The logical layer—the
“platform/plasticity” component of cyberspace—enhance this capability, and this fact in turn
fuels the emphasis and attention given to this layer by the market and by developers of
cyberspace. (But we must not limit our focus to the logical layer, because another aspect of the
drive for productivity is the expectations this rapid change implies for the “people” layer—rapid
change will bring forward and advance people who can recognize new opportunities to exploit
ICT, who value rather than fear change, who demand new products and services, and who may
contribute to new ways of doing things, and so on – as we shall note later on.
The information layer Above the logical layer we find the information layer. The creation, capture, storage and
processing of information and “content” is central to the nature of cyberspace. Information in
cyberspace takes many forms—it is the music and videos we share, the stored records of
businesses, and all of the pages in the World Wide Web. It is online books and photographs. It is
information about information (meta-data). It is information created and retrieved as we search
11
for other information (as is returned by Google). It is the implied meaning of information and
content that is transmitted, shared, changed, and augmented and the like.
The character of information in cyberspace (or “on the net”) has changed greatly since computers
first started working with data-sets. Data has been processed by isolated computers well before
we had capabilities for interconnection. Data lived in card decks, on tapes, and later on disks.
Initially, data was normally thought of as static: stored and retrieved as needed. Books are static
products of authors; images are static, and so on. Massive archives of static information still
exist, such as corporate transaction records that are now stored in “data warehouses” and
“mined” for further information. But more and more, information is created dynamically on
demand, blurring the boundaries between storage and computation. Web pages are now often
made on demand, tailored to each user, based on component information stored in databases.
Information is now becoming more a personal experience, not a communal one. Issues of
ownership, authenticity, and dependability are all critical as more and more information moves
online. All of this points to the dynamic, emergent, creative formulations and reformulations
available to users.
The top layer—The Users People are not just the passive users of cyberspace; they define and shape its character by the
ways they choose to use it. They are active participants. The people and their character, which
may vary from region to region, is an important part of the character of cyberspace. If people
contribute to Wikipedia, then Wikipedia exists. If people tweet, then Twitter exists. This is a
critically important, definitional, feature of cyberspace.
Alfred Thayer Mahan, in The Influence of Sea Power upon History, wrote: “The history of the
seaboard nations has been less determined by the shrewdness and foresight of governments than
by conditions of position, extent, configuration, number and character of their people--by what
are called, in a word, natural conditions.” As we consider the nature of cyberspace, and the
position of different countries with respect to their place and power in cyberspace, this same
observation will certainly apply. We must recognize people as an important component of
cyberspace, just as we must recognize wires and protocols. We see this reality as well with the
increased understanding of environmental degradation to due to human activities.
One of the reasons why the U.S. has led in the cyber-revolution is our enthusiasm for innovation
and experiment, our willingness to risk failure to find gain, and our respect for risk-takers. It is
our enthusiasm for both individual ingenuity and the power of collaboration. This national trait
should serve us well if advantage can be gained from “out-innovating” friends and foes alike.
The system of higher education has recognized the need for innovative thinking in response to
the realities of the 21st century. The nation’s entrepreneurs have continued to forge novelty with
various forms and functions.
Changes in other parts of the world may shift this U.S. dominant balance in significant ways.
Already we see dramatic expansion of cyber access in all parts of the world, most notably in
Asia, with China clearly in the lead despite some common technical, political, and economic
constraints. We also see innovative ways of transcending some of these constraints For example,
the $100 laptop project (OLPC)3, to the extent it can be successful in meeting a need for children
3
See http://one.laptop.org/.
12
in the developing world, would create, within 10 years, millions of military-age young adults that
are fully conversant with the power of cyberspace tools. The current argument for the $100
laptop is centered in peacetime, and on social as well as economic motivations, but it can have
implications as well for state confrontation. The $100 laptop, because it reveals more of the
“platform/plasticity” dimension of cyberspace than (say) current cell-phones, may have more of
an impact than if the cell-phone is the successful technology for cyber access in the developing
world. On demographic grounds alone, we already see shifts in U.S. cyber dominance.
Layers in context All of these layers are important features of cyberspace. As a specific example, if one wants to
understand the security of cyberspace, one cannot focus on just one of these layers. Attacks can
come at all layers, from destruction of physical components to compromise of logical elements
to corruption of information to deception of the people. So defense must similarly be based on an
understanding of all these layers.
Layering is a traditional approach used by technologists to design (or to understand) a system by
breaking it up into parts, and by controlling the dependencies among those parts. In a system
that is strictly defined by layers (in a technical sense), the upper layers build upon (or depend on)
the lower layers, as a house sits on its foundation, but the lower layers do not depend the upper
layers. The functional and technical dependency is from high to low, and not the other way
around.
In the broader frame of this paper, the notion of “layer dependency” is much less precise. For
example, people use information, but they create it. In the larger socio-technical context, the
system does not conform to this simple layered relationship at all: all the “layers” depend on
and influence each other. Once we take into account all the modes of interaction—not just
technical dependency but economic, regulatory, legislative, educational, and the like, all the
“layers” should be seen as fully interdependent with mutual influence. A computer scientist
might call this a “modularized” system rather than a layered one, but the layering image is
consistent with the way networks are conceived, even as the modules are not fully autonomous.
A social scientist would consider layering to reflect near-decomposibility, an important feature
of a complex system.
3.3.
Cataloging the actors and functions The layered model above was used to describe the components that make up cyberspace as we
know it today. But from the perspective of international relations (and governance more
generally), as well as markets (and competition more generally) the important questions center
on the interests and activities of salient actors that make, shape, define, and govern the Internet.
Whether in pursuit of power or the pursuit of wealth, these actors in principle all are sensitive to
their constituencies. We now turn to this larger inquiry, continuing to use the layer architecture
to the extent it is relevant.
13
Figure 2: Illustrating a few examples of actors who create and operate the Internet and shape
cyberspace.
Those who create and operate the Internet At the physical level, we find companies that install fiber optics in the ground and undersea, put
satellites in orbit, erect radio towers, install high-speed connections to the home, and so on.
Some of these companies are also in the business of using these physical facilities to provide
public Internet service, and have well-known names, like Verizon, ATT, Comcast, British
Telecom, and so on. However, the distinction between the physical assets (e.g. fiber optic
bundles) and the logical service (e.g. the Internet) is important. In one bundle of fibers, or using a
common satellite, one can find a range of services, including the public Internet, private
corporate networks, specialized services such as air traffic control, and military networks.
Some activities at the physical layer (such as satellite and undersea cables) may be structured as
public-private partnerships, and physical construction may be more or less regulated and
financed by government in different states, but to a large extent physical construction is a private
sector activity. The business is capital intensive, and thus usually depends on private sector
investment, which makes this business a creature of “Wall Street”.
At the lowest of the logical layers, -- that most proximate to the physical layer -- we find Internet
Service Providers, or ISPs, who utilize physical assets to perform functions that make the
Internet. The scope and boundaries of their business is defined by the protocols and standards of
the Internet. The core data transport service of the Internet (specified by the so-called “Internet
Protocol”, or IP) defines a clear interface between the service it provides and the higher-layer
14
services above it. That clearly defined standard provides both a technical interface and an
obvious point of cleavage in the industry structure.
Along a lateral dimension, ISPs interconnect among themselves to make the global Internet, and
again it is standards and protocols (e.g. the Border Gateway Protocol, or BGP) that define the
technical means of aggregation and interconnection. The business relationships among the ISPs
are in turn shaped by the features and limitations of these protocols.
Above this lowest logical layer, we find first some supporting services (such as the Domain
Name System, or DNS), and then application providers. Applications come in many forms and
structures, since the definition of the Internet Protocol has the effect of de-coupling the design of
applications from the structure of the IP sub-layer. Specifically, while ISPs are to some extent
tied to the physical assets they use to build their part of the Internet, and thus seem physically
localized to some extent, applications do not see the boundaries among these parts of the
Internet, and can be implemented with an internal structure that has nothing to do with the
structure of the ISPs.
Email, a very old Internet application, is usually offered by ISPs as a part of their basic service
offering. However, email is also offered by Google, Microsoft, AOL, and the like, which are not
in the business of being ISPs. This simple fact illustrates the cross-layer opportunities pursued by
actors as they expand the scale and scope of their businesses. The design of the Web allows it to
be built up out of millions of independent providers of Web sites, supported by web hosting
companies, content delivery services such as Akamai, and the like. Some applications are highly
centralized, such as Facebook, Twitter, and many multi-player computer games. This pattern is
often seen in applications developed by commercial developers, who use the centralization as a
means to maintain control and sustain their commercial objectives—and thus protect their
interests and profits.
At the information layers, we find a range of actors with diverse capabilities and providing
different services. Google delivers a searchable index of the web. Companies like Netflix,
Google and Apple iTunes sell music and video content over the Internet. Some applications are
centralized from a control perspective, but highly distributed technically, for reasons of
performance—these include high-volume content sources such as YouTube or Netflix. The
providers of Web pages are perhaps the most obvious example of “information layer actors”—
they include commercial sales and marketing sites, “free” sites supported by advertising,
government information and service portals, and so on. All of these businesses are based on the
ingenuity and innovation, buttressed by market creation capability.
The two important points of this analysis are first, that the protocols and standards of the Internet
define not just technical interfaces, but interfaces between separate business entities, and second,
that almost all of this vast universe of actors, large and small, are highly dynamic creatures of the
private sector, many of which exist and function beyond the authority of any single sovereign
state. To date, the makers of the Internet – as defined above – are predominantly in the private
sector, subject to principles of private order, not to the power of the state.
Suppliers of hardware and software In support of the set of actors that make and operate the layers of the Internet, a set of equipment
and software suppliers have grown to meet an expanding demand, with a rough structure that
matches the layering of their customers. There is no fundamental reason why this set of actors
15
would be structured along the same layering boundaries, other than that different core
competencies, customary provider relationships, and the like have led to a fairly consistent
mapping between providers and their customers. If there is an underlying logic, then it is one of
market efficiency. Thus, companies such as Cisco and Juniper supply ISPs, Corning supplies
fiber optics, Lucent-Alcatel sells wireless base-stations, and the like. Looking beyond the
Internet to other aspects of cyberspace, operators of data centers tend to have their own preferred
suppliers, again distinct from the makers of end-consumer PCs. The PC industry is itself layered,
with Intel making chips, companies such as Dell making the computers, Microsoft making the
lowest logical layer (the operating system), and other providers making application software. The
theory of the firm is the relevant reference point here, given that the firms in question are all
shaped and shaping a highly dynamic, volatile, and virtual market environment.
Figure 3: Illustrating a few examples of firms that supply technology for cyberspace.
16
Figure 4: Illustrating a few of the organizations that set standards or provide aspects of Internet
governance.
Governance In general, governance refers to the processes that provide order in social interactions, enable
decision-making, and facilitate compliance.
We do not intend, in this paper, to provide a detailed review of all the governance principles and
organizations that have come into existence to deal with cyberspace (and the Internet more
specifically). While whole books have been written on the subject4, the fact remains that we do
not have a full census of all actors, in all jurisdictions that span all aspects of cyber governance.
Our important conclusions about these entities are as follows:
•
•
4
These organizations focus on the structure of the Internet itself; some have a
layered structure others do not. Standards bodies (which embody a deep technical
strength) tend to follow this model. The IEEE (through their 802 standards body)
define many standards at the physical level, including the well-know Ethernet and
WiFi standards. The Internet Engineering Task Force (IETF) establishes and
maintains most of the standards that define the Internet and its core services
(DNS, email, and the like). The World Wide Web Consortium at MIT (the W3C)
establish the standards that define the web. Other standards bodies define
standards for media formats (audio and video), and so on.
Different industry sectors tend to have their own associations to facilitate
cooperation and pursue their interests. For example, ISPs meet through the misnamed North American Network Operators Group, or NANOG (mis-named
See for example Milton Mueller, Networks and States, (MIT Press, 2010)
17
•
•
•
because it is not restricted to operators from North America), which provides a
venue for addressing pragmatic operational issues among ISPs.
Most of these organizations are creations of the private sector, not derived from
sovereign state or international state-centric institutions. This fact is in sharp
contrast to the earlier history of telecommunications in the telegraph and
telephone era, when the International Telecommunications Union (ITU) set
standards. The ITU, which today is a component of the U.N., is by definition an
international, state-centric organization with all attendant implications for statedirected motivations and interests. In contrast, the IETF is housed inside a private
sector U.S. corporation set up for that purpose (the Internet Society), the IEEE is a
professional society, and the World Wide Web Consortium (W3C) housed itself
at an academic institution. The Internet Corporation for Assigned Names and
Numbers (ICANN) is a notable “special case” in this situation, having been
created as a private corporation by special action of the United States, and thus
left in an ambiguous and contested form. (No other state has had any notable
influence on the governance of the Internet).
As we noted earlier, the legitimacy of these private sector actors is now being
contested by some of the more state-centered institutions that either existed before
(e.g. the ITU) or have come into existence to deal with specific issues around the
Internet (the Internet Governance Forum, or IGF, deriving from the ITU and thus
essentially a traditional international institution). This contestation is supported by
enough states, to enable the ITU to proceed with its challenges.
While the Internet may initially have arisen in the United States, most of these
governance institutions have, by necessity, a strongly international (even global)
character today. At the same time, they are the fundamental constituents and
actors in the private order governance of cyberspace
The list of institutional entities above only scratches the surface of the decision and order
ecosystem. If one looks at a particular sub-component of the system, such as online video
delivery, one can find hundreds of players involved in what business schools call the “value
chain”—operators, equipment suppliers, content providers, specialized distribution agents,
ancillary commercial actors (e.g. the actors in the advertising industry), actors associated with
enforcement of copyright, and so on. The space of actors is dense, interconnected, dynamic and
mostly unregulated by the state. As indicated earlier, the principles of governance are those of
private order, not public policy.
We are not the first to suggest that a layered model be used to organize and structure the process
of governance and regulation of cyberspace. Much of the prior work in this area comes from the
legal tradition. Much of it has been centered on one concern, the “open” Internet or network
neutrality, and much of it is scoped to the domestic or state level. Laurence Lessig5 describes a
three-layer model: physical, “code” (which is our Internet layer), and content. The different
layers have different properties: the physical layer is private property, much content is protected
by copyright, but his “code” layer is a “commons”, which he believes should be protected.
5
Lessig, L. The Internet under siege. Foreign Policy, 127, 56-65. (2001) Available at
www.lessig.org/content/columns/foreignpolicy1.pdf
18
Kevin Werbach6 describes a very similar model, with four layers: physical, logical, application
and content. His paper provides a good summary of the U.S. domestic (e.g. FCC) regulation of
telecoms, and its potential relevance to the regulation of the Internet (which he describes as
“square pegs in round holes”. He stresses the importance of the open interfaces between the
layers, and interfaces as potential points of control. Lawrence Solum and Minn Chung7 propose a
slightly more complex model, where the separate physical into link and physical, and they
distinguish the two protocol layers TCP and IP in the Internet. They provide a extensive tutorial
on layering, suited for non-technical audiences, and then propose their layers principle, which is
“respect the integrity of the layers”. More specifically, they propose two corollaries: layer
separation and minimization of layer crossing regulation. This corollary has much in common
with the conclusion we will draw in section 5, which is that regulation imposed at the wrong
layer will often be ineffective. Richard Whitt8 uses the four-layer model to look at a number of
issues, both domestic and international. Similar to the work of Solum and Chung, he argues for
regulation or control that is applied at the appropriate layer. Scott Jordon9 argues that a layered
approach to network neutrality regulation is appropriate to take into account the differences
among the layers. With respect to network neutrality, he argues that because the application layer
is more competitive, regulation should not focus there but on the lower Internet/physical layer.
3.4.
The limits of the layered model While layering is a useful tool to make an initial division of the problem into more
comprehensible parts, as with all tools it has its limits. The layers are essentially a point of entry
for analysis of the Internet. They are not intended to be a ‘map’ for all activities or issues that
arise. But they provide an internally consistent, clearly definable, and easily tractable set of
criteria for describing, observing, and analyzing actors and action, functions and outcomes that
characterize cyberspace.
The layers model is a useful devise to (a) locate cyber actors and activities, (b) signal changes in
strategies or orientations, (c) identify the conditions under which actors operate across layers or,
alternatively, chose to concentrate their activities within a layer, and (d) thus help track and
represent the processes of transformation and change within the cyber domain. At the same
time, the “solution” to a recognized “problem” may be concentrated or, conversely, cut across
layers. The structure of the layers model provides a degree of coherence in both conceptual and
6
Werbach, K. D.. A layered model for Internet policy. Journal on Telecommunications and
High-Tech Law, 1. (2002) (Available at http://ssrn.com/abstract=648581).
7
Solum, L. B., & Chung, M. “The layers principle: Internet architecture and the law”. U San
Diego Public Law Research Paper No. 55. (2003).
(Available at http://ssrn.com/abstract=416263).
8
Whitt, R. S. “A horizontal leap forward: Formulating a new communications public policy
framework based on the network layers model”. Federal Communication Law Journal, 56, 587672. (2004)Available at www.law.indiana.edu/fclj/pubs/v56/no3/Whitt%20Final%202.pdf
9
Jordan, Scott, "A Layered Network Approach to Net Neutrality," International Journal of
Communication 1 (2007), 427-460.
19
operational terms. In other words, the overall structure is layered, and their interconnections
shape what we call cyberspace. Some critical challenges or dilemmas are not decomposable,
easily represented in layered terms. For example, security of cyberspace is not best understood or
achieved using a layered approach to the problem. Security is an overall emergent property of a
system, shaped both by design (e.g. standards) and deployment (e.g. investment) decisions. It is
also shaped by the actors, their intents, expectations, and capabilities. In theory, one can attempt
a partial division of the security problem into layers, but in practice for overall progress to occur
all parties must agree to the terms of the division, and since any particular division has
significant economic consequences, there is a strong motivation to throw problems “over the
interface” into another entity’s action and decision space. At the same time, we recognize that
many security problems arise due to threat-actors that are equally willing to “stay within their
layer” or to cross layer boundaries and go “over” or “under” a layer-centric defense.
Moreover, given the contested nature of the dense institutional structure that surrounds today’s
Internet, the layer structure is a tool for understanding the core of the cyber domain, not a
mechanism for guiding solution strategies provide. In addition, the layers provide a useful way
of framing and understanding the nature of cyber-contentions, that is, those contentions among
actors that have the goal of shaping the character of cyberspace itself. Usually such contentions
are about the degree of openness, the areas in “need” of regulation, essential symbols, and the
like.
In sum, an important feature of the layers is that these are structural in nature; they cannot be
“reversed” or randomly rearranged, so to speak, and to some extent the performance of each
layer is contingent of the efficacy of the one that precedes it. At the same time, various actors
noted above operate within and across the different layers, albeit in uneven and unequal ways.
Paradoxically, the layer model often enables rather than restricts actors in their activities across
the layers depicted here. This, in itself, is a source of innovation and creativity enabling new
opportunities and new markets – and new challenges in international relations.
We now present a highly stylized “model” of the international system, a simple but useful
structure of world politics. In doing so, we seek to signal the ways in which this new cyber
domain influences and is influenced by the realities in the international system, both “old” and
“new”. We also hope to provide a set of tools for analysts of cyberspace to help anticipate the
ways in which world politics impinges on the Internet and on the overall cyber system as we
know it today.
4. The Levels of Analysis in International Relations For the most part, the international system is generally viewed as anarchical in nature, with no
overarching source of authority that can control all of its constituent parts. For this reason, a
common way of taking stock of structure and process in international relations is to focus on
levels of analysis. Traditionally, the levels consisted of the individual, the state and non-state
entities, and the international system. In recent years, a fourth level was recognized, namely the
overarching global system.10 In principle, the levels provide a means not only to take into
10
The initial concept was introduced by Kenneth Boulding, in The Image, 1956 who referred to the levels as
“Images” and elaborated further by Kenneth Waltz in Man, the State and War, 1959 Both developed a three-level
20
account their respective characteristics but also the ways in which levels (structural features) can
shape and be shaped by actions and reactions within and across levels (dynamic processes). In
practice, however, seldom are these interconnections fully explored or articulated.11
This hierarchical view of the international system is anchored in the principle of sovereignty that
distinguishes between the state and other entities, on the one hand, and provides the legal basis
for the modern system of international relations. The important point here is that the levels
provide some order in both structure and process of international relations allowing for
understanding transformations and change while adhering to the principle of sovereignty, the
defining feature of the international system. In some ways, the levels view shares with the layers
model an important feature, namely mutual influences and dependencies as well as potential
feedback dynamics across and within levels.
We now highlight some of the ways in which the unrelenting expansion in cyber access is
contributing to significant changes in the traditional levels of analysis in world politics, forging
greater mutual sensitivity and interdependence among actors – the old and the new – and
creating loads on the governance structures that may well exceed their institutional and
organizational capabilities.
4.1.
The Individual – New Power and Influence In principle, access to cyberspace and participation in CyberPolitics facilitates the articulation
and aggregation of demands and helps enhance the capacity for understanding and for action at
all levels of analysis. The individual is generally considered as the First Image (or level of
analysis) in international relations.12
Given that all individuals have in principle the possibility of engaging in cyber interaction, it is
often difficult to differentiate the personal from the social, the political expression from the
statement of threat, and so forth. By participating in cyber venues, individuals transcend
geographical constraints, the bounds of sovereign territoriality and even formal identity. More
important is the possibility that the individual – not necessarily in the aggregate – can actually
undermine the state in unforeseen ways.
Cyberspace provides new parameters for permissible action that cannot always be ignored by the
state. From a theoretical perspective, this means that the First Image in international relations
theory is as privileged as other Images or levels of analysis, which is a change from traditional
theory. And it is difficult to identify the specific individual who is responsible for a particular
cyber message.
view of international relations that continued to dominate theory and policy until late in the 20th century when
environmental problems became salient politically, as illustrated by the increasingly long set of books addressing
“planetary politics”. Robert C. North introduced and formalized the Fourth Image in War, Peace, and Survival
(2000).
11
A notable but limited exception is Peter Gurevitch’s article, “The Second Image Reversed: The International
Sources of Domestic Politics “, International Organization, Vol. 32, No. 4. (1978), pp. 881-912.
12
As Robert C. North reminds us in War Peace and Survival, each individual is an information processing and an
energy using entity, a reminder that echoes Herbert Simon’s earlier arguments in The Sciences of the Artificial (MIT
Press, 3rd edition, 1996)
21
Enabled by the new cyber infrastructures -- buttressed by institutional supports and steered by
policy directives -- the individual is now endowed with access to cyber venues and empowered
in ways that were not possible earlier. The broad range of state efforts to control cyber uses, the
differentials in access to cyberspace, and the differences in the enabling functions of knowledge
and skills, mitigate the practical value of this individual access to varying extents in some
nations. But on balance, few would dispute that the individual has gained power.
Cyber interaction allows for self-definition as well as individual expressing, framing, and
organization of political stances. We do not argue that cyberspace provides a venue for “voicing”
that replaces traditional interest articulation and aggregation within an established political
process. It does, however, serve as an effective venue of expression outside the established
channels, even in ways that challenge the established order. Note, for example, the recent
Wikileaks episode that has so enraged many states was triggered by the actions or two
individuals. Then, too, the Egyptian “revolution” of January 2011 was set in motion by the
actions of one individual – a Google executive in the Middle East -- and its aggregative powers
and snowballing effects forced a thirty year dictator to resign.
The fact that individuals and groups have found many ways to bypass the power of the state and
pursue their own policies has drawn attention to the importance of decision entities and units in
international relations other than the state and the state system. It also points to the potential
emergence of new organizational principles in world politics. In several parts of the world we see
political blogs becoming mechanisms for the expression of interests and, to the extent possible,
for organization into a critical mass. All of this is best facilitated in situations where the political
rights of individuals are articulated, understood, and protected by the nature of the political
system itself. Under these conditions, homo politicus is fundamentally enabled by the capabilities
of homo cybericus.
While each person is embedded in, and always “bounded” by, the realities of the natural system
and the social system, strong demands (high motivation) may to some extent compensate for low
capabilities, just as high capabilities can compensate for low demands (or low motivations).
Access to cyber venues facilitates this compensation. It offers a new means for expressing views
and interests separate from those of the state. At the same time, however, we have also seen that
when individual views threaten the established order, the state responds in many ways, usually
with little accommodation and even less enthusiasm.
4.2.
The State System – New Security Dilemmas None of the forgoing negates the role of the state as the basic organizing principle for authority
in the international system. The state continues to be the major actor and the dominant level of
analysis in international relations theory, with security and survival as its overarching concern.
Consisting of its population (private and public constituencies) the state is embedded in the
natural environment and its life-supporting properties. Increasingly the state is recognizing that it
is also embedded in a cyber environment. Cyber security shares with environmental security the
important attribute of transcending — or perhaps encompassing — the social order. Its challenge
now is to take account of the emergent cyber context and, to the extent possible, to protect and
pursue its interests in a new domain managed entirely by private, not sovereign order
All of this places the security of the state hostage to a range of disparate factors, many of which
are not addressed in the traditional security calculus that concentrates on defense against external
22
military threat. The convergence in international relations of the “old” and the “new”, discussed
earlier, imposes on the state a complex security calculus. The military logic is always necessary,
but it is far from sufficient to ensure the security of the state.
In today’s world, we argue, national security spans four distinct but interconnected dimensions -each with its core concerns, key variables, and inherent complexities. To simplify, anchored in
external security, the traditional defense of borders, the sanctity of the state requires internal
security, the stability and legitimacy of government and governance, environmental security, the
resilience of the life supporting properties of nature and cyber security, security of online
information and knowledge, and protection against cyber threats, espionage, sabotage, crime and
fraud, identify theft, and other destructive e-interactions and e-transactions. If there is an
overarching proposition, it is this: a state is secure only to the extent to that can provide or
guarantee protection across all four dimensions. The attendant predicaments are common to all
states to varying degrees.
Framed in abstract and stylistic terms, this view of national security obscures the fact that
different components do not necessarily tend in the same direction and may interact with one
another. Such caveats aside, this four-dimensional perspective is likely to be more relevant in the
twenty-first century context than the traditional military-centered view the individual security
variables are, the stronger the state’s overall national security. In the U.S., for example,
cybersecurity is becoming increasingly salient in the nation’s overall security assessment. We
anticipate greater complexity of national security policy processes as we begin to appreciate the
full ramification of each of the constituent dimensions
In the absence of useful historical precedents, a simple and informative (but incomplete and
limited) approach is to consider the security ratio, defined in terms of the loads that create
pressures or threats (the numerator), in relation to the prevailing capabilities (the denominator)
– however roughly conceived -- with view that the loads on the system should not exceed its
capabilities to manage. Tracking the security ratio over time might also provide useful
information about the evolving security status. Interestingly, one can see how to track three of
the four dimensions of national security with some degree of consistency and reliability. But the
fourth, cyber security, is particularly elusive. We have no effective ways to quantify risk, assess
levels of vulnerability and actual attack, or the cost of different sorts of failures.
In most countries, an individual or group can circulate its message with a reasonable expectation
that it will not be effectively — or at least not completely — regulated, controlled, or otherwise
policed. The numerator is likely to be considerably greater than the denominator in most cases,
most of the time – with few system-wide ramifications, but not always. During the Egyptian
“revolution” noted earlier, in response to the increased circulation of anti-government messages
and calls for protest, the government ordered the ISPs to cut all Internet connections. The ISPs
complied. The order was rescinded shortly thereafter.
The notion of sustainability is a newcomer to politics among nations. In many ways it is closely
connected to national security, broadly defined. But international relations theory has also little
to say about sustainability and the state. The extensive literature on state failure is not matched
by commensurate studies on the conditions of and propensities for state sustainability, despite the
reasonable expectation that the loss of sustainability must surely mean an erosion of security,
hence of sustainability, and therefore a precursor to state failure.
23
In the early years in the construction of cyberspace there was much in this new context that states
were not aware of and could not readily control, due largely to the rapid pace of technological
change and the fluid set of private sector actors (for profit and not for profit). Many states have
not been slow to control access to cyber venues, and, when possible, to prosecute presumed
offenders. Some go to great lengths to limit the exposure of their citizens to messages deemed as
undesirable. Many governments have used cyber venues to exert their power and influence and
extend their reach as well as their instruments of sanction and leverage – and to pursue their own
security by increasing the insecurity of their critics or detractors.
At the same time, we see that most if not all states have begun to implement the delivery of
social services via cyber venues – to different extent and with varying degrees of success. The
degree of effectiveness depends on the availability and reliability of cyber access, clarity of
purpose, and degree of “cyber-literacy” among the population. While we would expect industrial
states to excel in the use of cyber venues, we already observe many developing countries moving
in that direction as well.
Overall we find greater convergence among countries when we examine their cyber enabling
features than we do when we observe the usual “real” or physical characteristics. We have also
noted to be a general trend toward greater use of e-government – irrespective of level of
development. In addition, the relatively strong positive relationship between performance of egovernment and the perceptions of government effectiveness signals that something is indeed
happening on the ground. Nonetheless, while there are some important differences among states,
it is clear that the entire state system is increasingly engaged in cyber venues.
Finally we turn to the transnational actors, private as well as public. 13 They operate “laterally”,
that is, connecting constituencies and interests across state boundaries, as well as “vertically”
connecting constituencies across all levels of interaction. These entities operate across
boundaries and levels but are not always controlled by the organs of the state or those of the
international system. Notable among such actors are the multinational corporations, trade
unions, scientific organizations, religious groups, and international cartels, to name a few. All
of this becomes increasingly important given that who gets what, when, and how is influenced by
cyber access but also by the growth and diversity of actors, each endowed with differential levels
and distributions of power and capability. And they all participate in one way or another in the
international forums and all seek venues for shaping the evolving international agenda.
4.3.
International System – New Density of Decision Entities Despite the proliferation of international institutions, the international system as a whole cannot
be treated as a unitary actor with centralized, authority or legitimate mechanisms for behavior.
At the same time, depending on the prevailing distribution of power and capability, the system
can take on diverse structural forms generally considered in terms of “poles” of the system. For
example, during the immediate post World War II period, the international system was
characterized as a tight bipolar system – with the United States leading the free world pole, and
13
See Robert O. Keohane and Joseph S. Nye Jr., (eds) Transnational Relations in World Politics Harvard University
Press, 1970, for essays on various types of transnational actors.
24
the Soviet Union leading the communist pole, with the deviation of France from the US pole and
China from the USSR group. Gradually the international system evolved into a multi-polar
system, when China declared its own policy positions, and the newly independent countries
defined themselves as non-aligned. With the demise of the Soviet Union and the creation of a
number of independent state, the remnants of the bipolar system eroded entirely with little
tendency toward multipolarity. The net effect was the primacy of the United States in an
international system devoid of a “pole” structure (since this primacy did not impose conformity
to US policy or preferences.)
What does international relations theory have to say about this? Lateral re-alignments and shifts
in the geo-strategic landscape notwithstanding, the United States remains the world’s technology
leader. U.S. institutions, scientists, engineers, research infrastructure, and facilities invented and
constructed the Internet and much of the computing infrastructure the Internet connects. US
dominance in the Internet’s construction and management entirely consistent with Realist theory
focusing on state power and national security in international relations theory as is the challenge
from other ascending states. But with the conjunction of rapid growth in other parts of the world,
the expansion of information communication and technology created new uses and users, as well
as a wide range of previously unforeseen stakeholders. The “push-back” from various actors and
entities is an entirely predictable reaction, and its manifestations and consequences can be
framed in terms consistent with institutional theory, which concentrates on coordinated and
formally organized international behavior.
Concurrently, the expansion in the number of sovereign states as well as the growth in cyber
access worldwide appear to reinforce diversity in policy and preferences, rather than
convergence. It further reinforces departures from the traditional structural polarities. Somewhat
paradoxically – or perhaps by necessity – we have seen the growth in the diversity of actors and
conditions, on the one hand, concurrently with the expansion of shared understanding of
prevailing problems, on the other.
Overall, the international system also includes actors and entities enfranchised by the state
including non-state actors and those commonly thought of as transnational (operating across
boundaries) or multinational (rooted in different states). We have witnessed the increased density
of decision entities as well as the remarkable expansion of governance structures for the
management of information and communication technologies and the support of development
goals. Clearly, cyberspace has accelerated the formation of private interests that become
influential entities in their own right, with goals and objectives, priorities and problems. Some
are embedded in purposeful networks that change over time – some expand, some retract, and
some alter in shape.
The international community is continuing to explore the development of modes of international
governance in a state-centered world, a world in which no one single actor is given monopoly
over the use and control of force – or any other instrument of law and order. With the growth of
international institutional initiatives and new trends in forming a ‘“global” agenda, increased
institutional linkages with the state and its bureaucracies and agencies are taking place. Various
non-state groups have been accorded observer status or are otherwise allowed to participate in
international forums, a status that expands their influence and legitimizes their reach.
Early in the twenty first century we saw the first evidence of the convergence of two, hitherto
separate, policy issues in international forums – namely the salience of cyberspace and the
25
consolidation of sustainability agenda. This convergence became evident at the World Summit
on the Information Society (WSIS) in its pursuit of two objectives: to enhance cyber
participation and to support transitions toward sustainability. In so doing, WSIS effectively
coupled two issues that were separate in their origin and development by pushing for uses of
cyberspace for sustainability purposes.
One of the most well-respected views of world politics and international economics today -that the distribution of power in the international system shapes the framework of international
interactions – argues that the dominant power forges the rules and regulations that govern
relations among states.14 Over time, however, ascending powers threaten the dominant state and
will seek to undermine the prevailing principles of governance. Early stages of the Internet
support this argument, as the U.S., the major power, constructed cyberspace and assumed
leadership in the use of the Internet and framing its governing principles. But the rapid diffusion
of cyber access and participation worldwide created new patterns of power and leverage, new
interests and new opportunities, and this occurred far more rapidly than would have been
anticipated by the conventional view. The new patterns of power have now begun to challenge
the prevailing US-led cyber order, and the governing principles from that era.
What is especially novel in the context of international relations theory is the notion of the
provision of public goods at the international level. Indeed, the definition of the domain of
coverage itself is highly political in nature. How it is defined will clearly delineate expectations
regarding who gets what, when, and how. Over time, we expect the international community to
engage more and more in the cyberpolitics of worldwide public goods provision. Then, too, an
immediate follow-up challenge pertains to the rules for institutional development to meet these
new demands. The challenge will be greater if the nature of the cyber-based participation in
global deliberations influences significantly the shaping of national positions in international
forums, or alternatively, if cyber participation undermines the established processes and leads to
a transformation of state-centric exclusivity in international decision-making.
All of this will become increasingly important for international relations theory and policy
throughout the rest of the twenty-first century as we are all confronted with a long list of
common concerns that may well call for agreements on global norms and operational goals. This
leads us to the overarching context of all human life, the global system.
4.4.
The Global System – All Encompassing Commons In principle, the fourth level of Image refers to the Earth, its geological and geographical
features, and all life-supporting properties – as well as cyberspace created by human ingenuity. It
spans the world’s population, distributed across geographical areas (without reference to
sovereign jurisdictions). We have already seen the politicization of both the natural and the manmade features of the Fourth Image, and we expect a continued trend in that direction. In addition,
when cyber venues are used to pursue global objectives via international institutions a whole new
range of challenges emerge. We can now anticipate at least three sets of cyber-challenges – and
there are surely many more
14
See Robert Gilpin, Political Economy of International Relations, Princeton: Princeton University Press, 1987.
26
The first pertains to appropriate uses of cyberspace for the performance of international
organizations. Although states are the stockholders as well as the voters in international
governance, non-state actors increasingly resort to cyber venues for interest articulation and
aggregation as well as their inputs into international decision forums. Among the challenges at
hand is to converge on operational mechanisms and practices in the uses of cyber-based
instruments for this purpose.
The second challenge, central to the mission of almost all international institutions, pertains to
the uses of cyber venues for response to emergent demands and provision of services in one form
or another. Almost all institutions have extended their reach and performance in the primary
domains of responsibility, as well as in the educational supports, by using cyber venues. The
trend is unsurprising, except perhaps the speed at which the use of cyber access is taking shape.
What remains to be seen is the extent to which this bears on who gets what, when, how – as well
as who decides on each of these issues.
The third notable challenge involves the nature of vertical linkages – connecting global and local
– for information, communication, and knowledge building to and from the grass roots. At the
same time, however, we recognize that if stakeholders are organized, then access to cyberspace
becomes a major asset. Some of these linkages are converging around the notions of “civil
international society” and the commensurate concern for “civic global responsibility.” All of this
enhances the potential consolidation of a global civil society.
In many ways cyberspace can be already seen to assume properties that are characteristic of the
global commons. At issue here is less the matter of equivalence than the query as to the potential
for cyber “tragedy,” if any, at this time or at any point in the future.15 Some countervailing trends
persist. On the one hand, cyber access and use can legitimately be characterized as chaotic,
reinforcing global anarchy (as understood in international relations). No one is in control. On the
other hand, the expansion of cyberspace and cyber participation may generate a demand for
governance structures and processes that transcend territorial sovereignty and rein in the chaos of
interaction. We must also consider the potential and important parallel between cyberspace with
its global reach and highly interconnected character, and environmental parameters, most notably
climate change, with their fluidity and pervasive character as well as global scale and scope.
4.5.
The Limits of the Levels Model The limits of the levels model are well recognized. It is most useful as an ordering devise to
locate the primacy of the state and its sovereignty, taking into account both internal and external
“environments”. At the same time it signals both the formal and informal actors and actions in
various spaces of interactions in internally consistent ways and, to the extent possible, helps
situate the potential consequences – most notably those related to transformation and change.
So far we have presented the levels view of the international system from the “bottom- to- the
top”. The same level logic could have been presented from the “bottom-to-the-top”. Indeed,
“reversing the Images” is a well known phrase in international relations. More significant,
however, is the permeability across the levels and the extent to which conditions and behaviors at
one level influences structure and process across others.
15
The “tragedy of the commons”, introduced by Garret Hardin has become a commonplace reference in the social
sciences. See Garret Hardin, “The Tragedy of the Commons”, Science, 1968, 163 (13) December.
27
By far the most important limitation of the levels model is its relatively minimal recognition of
the private sector and its role in world politics today. The sovereignty principle obscures the
power of non-state actors and provides little venue for addressing their growing influence. We
shall return to this, and related issues in the Conclusion.
At this point we consider the integration challenges in its entirety. We build upon the layers and
the levels structures to construct an overarching model spanning international relations and
cyberspace, with case-based tests to explore its utility and robustness.
5. The Integration Challenge st
An integrated theory of 21 century international relations must recognize cyberspace—today a
new arena of interaction—and integrate the cyber and the geopolitical arenas into one
overarching framework. We have already introduced two ways of decomposing the integration
challenge, the problem domain, into parts: the layer model of the computer science community
and the levels of analysis of international relations. Our goal is now to develop and illustrate the
relationships and interdependence between these two methods of analysis and their referents.
5.1.
An Integrated System As a starting point, we can construct a matrix that represents both methods – the layers and the
levels -- and position some specific examples of current issues into this joint space. This matrix
diagram can be used to help situate various current technology and policy issues. The extent to
which these issues can or cannot be “pigeon-holed” illustrates some of the power and nuances of
the matrix.
Figure 5: A selection of current issues and concerns,
positioned in the matrix of levels and layers.
28
To explore the integrative signals in this table, we turn to several high visibility cases that have
dominated the media, the government, and the research community in various parts of the world.
These cases reflect generic features of cyber-“real” international relations, not theoretical or
contingency potentials or possibilities.
Wikileaks The Wikileaks release of classified information is indeed an issue at the information layer of the
cyberspace architecture. It might initially be seen as a domestic (state) issue with respect to
levels of analysis. However, it was in fact an international issue, since the Wikileaks operator
was overseas. In fact, in general it is very difficult to exercise influence or control over an actor
at the information layer, since they may be highly mobile (with respect to jurisdictions), and very
small scale (a few people). Many nations have strong resistance to regulation of information
(e.g. “freedom of speech”), which makes control at the information layer harder. Some attempts
were made to disable Wikileaks by “attacking” it at lower layers.
It has been report, but not confirmed, that the U.S. government brought influence to bear on the
domestic provider of their DNS name (wikileaks.com) to disable it. In response, Wikileaks
registered a variant of their name in Switzerland. It also appeared that the U.S. government
attempted an attack on Wikileaks at the physical level, by bringing pressure on the company
hosting the web site, Amazon. In response, the data was moved overseas, and as well a host of
zealous advocates hosted copies of the information across the globe, more or less assuring that
the information could never be suppressed. The creator of Wikileaks, Julian Assange, is being
called before the Swedish court for a sexual transgression—one can form different opinions as to
whether this is in fact an “attack” at the people level. In any event, to this point none of these
actions have been effective in suppressing the leaked information; in fact they may have been
counter-productive, as they drove the locus of the offense further from the offended jurisdiction
and brought attention to it.
Network neutrality Network neutrality is an issue at the overall Internet level—it has to do with whether ISPs can
discriminate in the way they offer services to the services at the layer above. At the moment, this
issue seems to rest at the domestic (state) scope, but can be expected to expand to
international/global scope. Attempts to regulate ISPs depend on the details of domestic law: in
the U.S. the courts have handed the FCC a setback in their attempt to impose neutrality
regulation, while in other countries the regulator seem to have more explicit powers.
Structurally, the consequence of a “non-neutral” ISP might be felt at the application layer (an ISP
might discriminate against a specific application, such as a game) or at the information layer (an
ISP might discriminate against one provider of content, such as Netflix.).
This type of issue will rise to international levels if and when there are calls for consistent
imposition of norms and regulations across countries, and as multi-national firms start to enter or
exit country-specific markets based on variation in local conditions. It will also arise if the state
finds it necessary to close its border, so to speak.
29
Competition policy and monopolies This is an issue related to network neutrality, but with its roots at the physical level. Since
physical facilities are very costly, (for example broadband access to the residence), there is a
recurring fear that the market will not sustain adequate competition. One approach (in the U.S.)
was to try to remove the need for regulation at the Internet layer by encouraging diversity at the
physical layer (so-called facilities based competition as between a cable and telephone
company.) Other countries have taken the tack of forcing providers to give their competitors
access to their physical facilities, which in turn is seen as inhibiting investment. Again, this issue
is mostly of domestic (state) scope, but takes on international scope when facilities cross borders,
as with the recent construction of an undersea fiber facility hooking countries in Africa. Such
initiatives are usually public/private partnerships, given the need for large amounts of capital, but
also with strong need to assure the various nations as to the terms under which they and their
domestic providers could have access to this cable.
Pakistan and Youtube This story is typical of various nation-specific (e.g. state scope) attempts to block access of their
citizens to content which they deem offensive, disruptive, or illegal for one or another reason.
However, there was a global twist to this story. Pakistan, offended by a video degrading to Islam
on Youtube, decided to block access to Youtube internally, and instructed their domestic ISP to
take this action. Youtube, of course, is a higher-level (information) service from the perspective
of an ISP; ISPs have no control over Youtube (Google) and what they post. So the Pakistan ISP
took the approach of injecting a false routing assertion into the local region, which would
redirect packets being sent to the address of Youtube to a local site that would inform the viewer
that Youtube was blocked. However, due to a technical error, this false routing assertion leaked
out of Pakistan and disrupted access to Youtube in various parts of the globe. In fact, a global
effort was required to “fence off” Pakistan’s disruption. This effort was carried out (in a matter
of a few hours), by the collective and cooperative action of ISPs across the globe. In other words,
the response was not an international (multi-state) action, but a large-scale voluntary global,
non-state action carried out in a loose, non-hierarchical organization of ISPs.
Spam Spam is a problem that arises at the application/information layer, within email. It seems to be of
global scope, since spam arises from sources across the globe. Responses have been formulated
at all scopes of analysis. At the individual scope, control of spam has been somewhat effective
by the use of local spam filters. Working at the state level, the U.S. has passed the CanSpam Act,
which seems somewhat ineffective because of the mismatch of scope—the spammers can easily
move themselves outside the jurisdiction. While there may have been international
conversations, they have mostly remained just that—conversations, not actions. In contrast, a
significant and effective response has arisen at the an institutional global, non-state scope: the
organization called Spamhaus, which collects lists of sites known to be spammers, and passes
this list on to email operators who then have the option of blocking email from those sites.
Spamhous is light-weight (performing only this function, it has essentially no assets) and it can
easily position itself in jurisdictions that are unsympathetic to lawsuits from enraged spammers.
This seeming liability is actually its major asset.
30
Fueling Revolution The “Arab Spring” of 2011 is the label given to the resistance movements in Tunisia and Egypt
and to the eventual revolutions that changed the normal course of politics in these countries. As
noted earlier, the events in Egypt following the Tunisian initiative that called for regime change
eventually led to the resignation of the President and his entire cabinet. The initial protest
movement set in motion a political avalanche whose transformative effects are still in the
making. This is a case of mobilization of individuals, the concentration and expansion of
activities in the people layer: users who leveraged their Internet connection via various types of
appliances to mobilize political protest and create a relatively non-violent but dramatic demand
for political change in the state.
It is fairly reasonable to assume that without access to the Internet the initial protests would not
have had the momentum to hold its course and turn into revolution. At this writing we are
observing various efforts to use the Internet as a venue for organizing protest, most notably in
Syria, Bahrain and, to a lesser extent, Yemen and Saudi Arabia.
These events fit into the layer model at the “people” layer, and might (on first inspection) to
seem to fit into the levels of analysis model at the “state” scope. However, the events had
powerful spillover from one country to another, such that China is now blocking such search
terms as “Egypt” and “Arab Spring”. There is clearly a fear at the state level triggered by the
ripple effect as this revolution spilled from one country to another. Egypt tried (briefly and
ineffectively) to quell the cyber-based aspect of the protest by turning off the Internet; China is
acting at the information layer by blocking search terms, and (at the people layer) the
phenomenon is no longer a cyber-event but a physical event in the streets and the seats of
government. But as the problem spilled across states, there was no institution at the international
level that could serve to address the fears of these worried nations. The “problem” was “bigger”
than the scope of one state, but not one that fit into any traditional model of international
relations.
5.2.
Institutions in the matrix In the previous version of the integrative matrix, we positioned a number of issues and problems.
The matrix can also be used to position different actors and institutions. In figure 6 we illustrate
examples of those who govern in some respect: standards organizations, regulators, facilitators,
and enforcement organizations. We map out actors, entities, and scope of action:
31
Figure 6: A selection of organizations and activities,
positioned in the same matrix of levels and layers.
5.3.
Some results of the integration approach Different problems have an empirical base or definitional positioning in this matrix of levels and
layer, with some neatly fitting into one box and some less well constrained. Just as we used the
matrix to track current issues, we can use location to position various institutions that propose to
govern one or another aspect of cyberspace. It is instructive to compare the positioning of one or
another problem in Figure 5 with the positioning of various proposed solutions, both in terms of
mechanism and the related organization.
Based on the few examples we discussed, we can draw some conclusions, perhaps tentative at
this point, but at least they serve as hypotheses to inform further study.
•
•
The lower layers of the Internet architecture are more amenable to state regulation, since
they are more “physical”, and the actors at that level are fixed on the face of the earth by
physical assets. The activities are also capital intensive, and thus associated with large,
established actors that are “easy to find”. The higher layers are often populated by private
actors that are smaller and which can more easily escape from regulation and
enforcement by moving. Even a large firm like Google can choose to leave China to
avoid conforming to their regulation.
An issue that naturally arises at one layer (e.g. the information layer) is most effectively
dealt with at that layer. Attempts to deal with problems by imposing controls at another
layer either fail (trying to disable Wikileaks by disabling its name in the DNS), or have
the “blunt instrument” outcome (turning off all of the Internet to block access to social
networking sites such as Facebook and Twitter.)
32
•
•
•
Problems and challenges will move across scopes over time (domestic problems may
become global problems), and can sometimes be dealt with at different scopes. Spam
may be a global problem, but dealing with it at the individual level is somewhat effective.
In contrast to state-centered international organizations, the non-state global
organizations, sometimes poorly institutionalized, have shown the nimble and flexible
character necessary to deal effectively with important issues. These non-state
organizations can position themselves, not necessarily intentionally but often very
successfully, as competitors to international institutions as the proper venue for oversight
and governance of cyberspace.
With respect to non-state actors, international or global refer to scope of activity, not size
of entity. Non-state actors can be both global and small. Many of the important non-state
global actors seem to be positioned at the higher layers of the cyberspace architecture—
they are more concerned with people and information than with fibers and simple packet
transport. But this is by no means always true.
The foregoing point–directly and indirectly–to emergent properties of the integrated international
system, one in which the cyber domain is even more salient than the environment domain in
matters of power and politics at all levels of analysis. We see the emergence of dilemmas
inherent in the ubiquity of cyberspace and international relations that will shape local and global
interactions throughout the remainder of the 21st century.
6. Conclusions In conclusion, we highlight five critical factors whose characteristic features will create the
parameters of an integrated reality in the decades to come. 6.1 Recognizing the Private Sector
The fact that most if not all of the fundamental features (or core functions) for seamless cyber
interactions are controlled and managed by non-state entities leads us to the first conclusion: We
must recognize the power of the private sector that manages cyberspace in a world dominated by
the sovereign state and the power of the public sector. We need to resolve what appears to be a
critical disconnect between the organization principles that underlie cyberspace (the private
order) on the one hand and that of the international system (the sovereign authority) on the other.
This discord can be readily appreciated in the context of traditional international system where
the state continues to provide the "rules of the game," even if it is no longer the only relevant
player. When we attempt to map the non-state actors into the framework of “scopes of analysis”
-- the layers and the levels -- it becomes obvious that in practice the strict hierarchy of
international vs. state is a legal distinction rather than a reflection of empirical features of world
politics.
It is a powerful challenge to traditional theory and practice that cyberspace, with its ubiquity and
global reach, is managed by private sector entities. While international relations theory and
policy recognize the salience of non-state actors, in no arena are they as dominant as in the cyber
domain – a situation that can perhaps be best understood in its historical moment. Recall that it
was the most powerful state, the United States, that delegated to the private sector the operational
33
management of cyberspace. This sovereign decision set the rule of the playing field early on.
None of this was the result of international deliberation or international decision. Nor did the
operational and governance matters appear to follow the usual norms of state-anchored
management in international relations.
This challenge all but assures that the state system anchored in sovereign authority will make
every effort to redress or to “rectify” a seeming anomaly in international relations – that is by
reasserting the dominance of state sovereignty over cyber matters. We are now observing some
“push-back” from different actors and entities around the world. This too can be anticipated by
traditional theory. But the outcome is not a foregone conclusion. Issues of cyberspace
management may or may not remain entirely within the purview of private sector decisions and
actions. In particular, we see certain states exerting pressure to bring at least their private-sector
actors more under the control of the state, and we may see similar pressures at the international
level.
In general, international relations theory and practice broadly defined tends to focus on the
private sector largely in terms of economic entities or multinational corporations. In recent years
some standard setters (such as the ISO system) were recognized, for example, in connection with
emergent responses to environmental challenges and the need for standards for reducing the
environmental damages of products and processes. By contrast, in international relations theory
no discernable attention is given to Internet standard setters or to any of the dominant institutions
serving as managers of cyberspace.
Non-state actors create a great deal of fluidly at all levels of aggregation, from very small
associations of individuals to organizations more or less domestic in scope to organizations that
are intentionally global in scope and perhaps nimble with respect to their presence in one or
another jurisdiction. Thus, we must position non-state actors on a continuum from domestic to
global—and potentially across many different issue-areas—and in lateral, transborder, terms
throughout the continuum. It is a question for further research as to whether this representation is
a useful robust generic structure that will help frame the analysis of non-state actors.
There are added and important complexities: Overall, non-state actors include profit as well as
not-for-profit entities. Increasingly we observe hybrids, whereby a non-state actors harbors both
commercial and non-commercial features. The initial non-state actors in the early days of
cyberspace were not-for-profit. They were the essential and fundamental system organizers and
managers. They reduced transaction costs, and acted as the basic regulators of the cyber system.
In some ways they were akin to public sector actors or actors whose constituency was the global
constituency of cyber users.
Over time, with the growth of opportunity and the creation of new services, transactions and
interactions, a wide range of commercial opportunities soon developed. The profit-making
private sector took off and expanded toward new horizons of seemingly unlimited opportunities.
Indeed, it may be difficult to locate non-profit actors in any function within or across layers other
than as standard setters, operators of the domain name system, and perhaps one or two other core
functions. While such “partitioning of the playing field” further politicizes the very fact of
private order in cyberspace and enhances the disconnect with the sovereign system of
international relations, the private sector must be formally recognized and its legitimacy affirmed
accordingly in the development of future cyber order. At the same time, we must anticipate
pressures to move critical aspects of the governance and operation of cyberspace more under the
34
control of the public sector, leading to complex hybrid forms of public-private organizations, on
the one hand profit-seeking but on the other hand increasingly regulated by the state.
6.1.
Mobilization Mechanisms The second conclusion pertains to growth in the power of people, individually and collectively,
as seen in the context of the layers model as well as in the levels model. The integrated approach
allows us to locate and trace both the sources and the consequences of the aggregation of
interests and activities. Again, for the first time in human history, the unit of the individual
begins to “matter” in international relations. And they matter in different roles and with different
implications. People are voters and consumers; they pursue activities and interests; and now
access to cyberspace enables them to aggregate and their interests and mobilize for action. We need to determine if this mobilization is to be a critical issue for the future, and if so how? If
not, why not? How will the state respond? What implications for the growth, configuration and
expansion of the cyber experience?
6.2.
Integrated Norms & Principles At issue here is agreement on the norms and principles – the code of conduct -- for an integrated
international system. Such agreement (formal or informal) precedes any movement on matters of
governance. Already we see some nascent efforts in various parts of the international system to
develop norms for behavior in cyberspace. Precisely what that means remains unclear. The basic questions include: Why norms now? Norms for what? Who will regulate? Why and
How? Conversely, we could frame these questions with a reverse frame of reference, namely,
that no norms are needed. We have done so well for so long without formal norms, why rock the
boat (with apologies for the mixture of metaphors).
Clearly cyberspace is not managed by some random principles of interaction. Not only are norms
in place, there is a backing by institutional practice ands organizational strength. By the same
token, the international system is also anchored in some powerful norms (however imperfectly
implemented). Missing from the forgoing is the perhaps not so “hidden” agenda, namely that the
state system is recognizing its own limitations in the management of cyberspace and seeks to
expand its influence and control – using its own principles of territorial sovereignty and
legitimacy. At a minimum, the physical layer of cyberspace is territorially anchored. In this
respect, and many others, a total disengagement of physicality is not possible at this time.
Such ambiguities and contentions notwithstanding, the fact remains that we are at early stages of
framing norms or rules of conduct in an integrated system. Can this situation persist without
leading to conflict of interests and collision of action?
6.3.
Co-­‐Evolution Dilemma It goes without saying that we will continue to witness inevitable changes in international
relations, the specific nature of which cannot be readily discerned with any degree of certainty.
These will be driven in part by the domain of “low politics” -- such as population dynamics,
resource uses, technological developments, and environmental changes – as well as the domain
of “high politics” -- such as strategic competition, conflict and warfare, and contentions over
“right” and ”wrong”. Even more likely, indeed near-certain, are the anticipated changes in
35
cyberspace, across all of the layers and along all dimensions of cyber interactions. Invariably, the
increased interconnections of cyber and other aspects of international relations will continue to
shape their co-evolution along a trajectory of greater and greater interconnection.
But
interconnection does not necessarily mean integration.
While the past is seldom a good predictor of the future, we already see the emergence of a
powerful dilemma rooted in this nearly inevitable co-evolution, a dilemma that will have to be
addressed sooner or later. The dilemma is this: we have as yet no mechanisms to manage the
inevitable violations of law, policy and practice with respect to four critical features of
international relations that have evolved over the centuries and are considered fundamental
anchors for the international system as a whole.
The first feature relates to jurisdiction: Who is recognized to have the legitimate right to
adjudicate or govern what, when, and how? Traditionally jurisdiction, inherent in sovereignty, is
understood in physical and geographical terms (with the usual exceptions of diplomatic and extra
territorial arrangements). Jurisdiction disputes of a geographical nature can be addressed by the
relevant states, or go through some adjudication process if they are to be resolved or they will
remain unresolved. But at the very least there is some established process. There is no
jurisdiction of or in cyberspace, yet many notable cyber situations -- such as contention over
regulation of the DNS, spam and other criminal activities, or regulating the dissemination of
various sorts of content -- raise questions about matters of jurisdiction that have been addressed
largely on ad hoc basis. So far this appears to have worked. But if the number of cases grows, if
contentions increase, and if some process for management remains ad hoc, then we will confront
uncertainties that could, sooner or later, interfere with the fluidity of cyber interactions, with all
that this may entail.
For the most part jurisdiction in international relations is tied to location-centric rules that depend
on the nature of the actors and the issues, and the willingness of sovereign states to accommodate
differences in the internal laws for managing the private sector, while conforming with the
practice that external activities are governed by the rules of jurisdiction in public international
law. The territorial principle dominates, with the attendant distinction between territoriality of
country of origin vs. territoriality of country of destination. Such simplistic rendering
notwithstanding, it is clear to see the potential disconnects between these basic principles and the
character and ubiquity of cyberspace. There are inherent tensions that are yet to be addressed. If
there is international law for cyberspace, it is still in the making. One analyst argues that there is
a “simple choice”, that is between “[m]ore global law and a less global internet.”16
The second feature of international relations pertains to the nature and character of critical
organizations and institutional practices. Here the problem is rather different than the forgoing.
International institutions are well established in international relations, and they have even grown
over time at rather rapid rates. Moreover, international institutions are also established for the
management of cyberspace, but since they are relatively new additions to the global landscape,
we cannot determine their relative rate of growth. Interestingly, the co-evolution dilemma
converges around jurisdiction: which institutions have been enfranchised to deal with which type
16
Uta Kohl, Jurisdiction and the Internet, Cambridge University Press, 2007, reprinted 2010,
p. 28.
36
of issue in cyberspace? And, in the absence of agreement, what mechanisms exist to resolve
conflicts of understanding? An excellent example is the emergent contention, noted earlier,
between the ITU and the IETF, for example. And this is probably the very tip or an increasingly
deep iceberg. Even at the most superficial level, to support IETF is to argue for the dominance
of private order over sovereign authority, and of course, sovereign rights. To support ITU is to
support and further reinforce the sanctity of state-based authority at the international level – in a
domain that is managed entirely by the private sector.
The third feature that contributes to the co-evolution dilemma pertains to transformation and
change in international relations, which is inherent in the very fact of co-evolution. Given the
increasing salience of cyberspace in international relations, it can do longer be considered as a
parallel and separate domain of activity. At this point, cyber and other aspects of international
relations cannot be untangled. This means that cyberspace cannot be insulated from the reality
of sovereignty and its fundamentals, any more than can the state system insulate itself from
changes in cyberspace.
To illustrate, everyone agrees that World War I and World War II constitute major breaks that
created powerful changes in the international system. But the state system persisted.
Sovereignty remained intact as a legal principle. The very brief history of cyberspace creates
few, if any, such anchors for ensuring continuity of power and influence in this domain. The
construction of cyberspace was itself a major system break. If there is one factor that further
highlights the poor fit between cyberspace and international relations it is the rate of change in
the respective domains. Changes in the rates of change only accentuate the disconnects.
The fourth feature pertains to the near-decomposibility of complex systems. While some might
argue that, in overall scheme of things, “everything is related to everything else”, for pragmatic
as well as policy reasons, it is important to identify those system-segments that reflect tightly
coupled relationships, that is, a high degree of interdependence. All of this will be shaped by the
interactive effects of structures and processes for cyberspace and international relations, as well
as the emergent properties created by their co-evolution.
Any one of these features alone is significant. Jointly they point to near-inevitable complexities.
6.4.
Capturing Gains of Integration The integrated framework – with the illustrative tables -- provides an important first step, a
useful base-line to help (1) track changes in actors, functions, situations, standards and other
critical factors shaping current realities, altering these realities, or taking on new significance
over time; (2) identify, explore and anticipate the potential futures – in conceptual, empirical,
and perhaps even strategic terms; (3) signal emergent conflicts of interest or intersections in
spheres of influence; and, especially important, (4) frame policy and practice on sound
normative and empirical principles
In this paper we have developed the necessary, but not sufficient, basis to anticipate, prepare for,
and manage, the next round of policy imperatives. To illustrate: one such imperative is to
address and resolve the difficulties created when decisions and policies pertaining or located at
the global level, for example, are made at the other levels of analysis – if and when the various
constituencies recognize the need for decision. Another, also near-inevitable imperative, is to
manage the diverse challenges to the governance of an integrated system with its layers, levels,
37
and linkages –– given the existing policy spaces and the new ones as they begin to consolidate.
Indeed, the near-decomposability of a complex system is likely to provide important clues
regarding what is to be governed, why, and how. (Invariably, such dilemmas will be amplified as
the international community also considers its responses to world-wide increasing evidence of
climate change due to human actions.) In sum, we expect the integrated system and its attendant
dynamics to help clarify situational context and boundary conditions for policy responses.
Clearly, the initial configuration of an integrated system we have presented here is an important
first step. It certainly requires further elaboration. These investigations will also allow us to
locate potential errors in the base-line, and suggest correctives for missed understandings, or
faulted framing.
38