The internet of today is far from the digital promised land first envisioned by cyber utopians. While the trend towards internet Balkanisation advances and EU regulation struggles to hold industry giants to account, the future of the internet hangs in the balance. Adam Szedlak navigates the perplexing world of fake news, hackers, robot vacuum cleaners and data harvesters – and its intersections with geopolitics – to identify the make-or-break questions that will shape the future of the web.
“I like to think
(it has to be!)
of a cybernetic ecology
where we are free of our labors
and joined back to nature,
returned to our mammal
brothers and sisters,
and all watched over
by machines of loving grace.”
-Richard Brautigan, ‘All watched over by machines of loving grace’, 1967.
There is no better text to describe how the cyber utopians saw the internet in the beginning. It was a promised land, one without nation states, one that could be free of wars. It was of course a dream, but we find this dream woven into the technologies that underpin the internet and the web.
The system was built up with a trusting mindset. But after the invention of the web, the commercialisation of the promised land, the problems began to emerge. Security was an afterthought; malicious intent was a new phenomenon needed to be reckoned with, a problem that has not gone away today. A nation state or a trusted telecommunication company can still route a great chunk of internet traffic to places that it was never meant to reach. In November 2018, China Telecom managed to route domestic American traffic through Chinese servers. This was not the first time, and it surely will not be the last. The Border Gateway Protocol (BGP), which was designed in the 1980s for routing internet traffic between Autonomous Systems (AS) – big networks usually controlled by one internet service provider, network operator or business organisation – does not have any built-in security controls. These systems cannot be mapped directly onto the political world map. Deutsche Telekom has its own systems, but the Zoological Parks Board of New South Wales in Australia also has a small AS. We continue to use technological solutions that were designed for the innocent ur-Internet.
“Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.” – John Perry Barlow, 1996.
John Perry Barlow’s A Declaration of the Independence of Cyberspace was written in 1996, and it was antiquated the day it was published. Barlow wrote it as a response to the United States’ Telecommunications Act of 1996 which took up a laissez faire approach of doing business on the internet. The text did not attack the act of deregulation, but instead it opposed the fact that states were starting to conquer cyberspace. The nation states felt that they had a place, a role to play on the internet. And, of course, there was business to be done too, wars to fight, and secrets to acquire.
Cyberspace was a utopian concept. In ten years, it became the commercial web, with the other services on the internet stepping out of the limelight – the dotcom boom at the end of the 1990s gave birth a lot of unsuccessful startups and a couple of lucky mammoths like eBay or Amazon. When the dust settled, all started again with Web 2.0, a term popularised by Tim O’Reilly in 2004. Since then, the promised read and write web, inhabited and shaped by its users, changed into siloed, closed ecosystems. The blogs are gone, but we have the Facebook newsfeed with bites of information to consume. The libertarian vision of a place with no connection to the ‘meat world’ transformed into our internet, which is a layer of the physical world. The two geographies cannot be precisely mapped together, but a close enough approximation was worked out. Some of the tensions of the internet can be traced back to this mapping problem or to the discrepancies between the geographies.
The promised land of the digital mall
While work is being done on the European digital single market, using Netflix, Spotify or even YouTube in different EU countries offers a wildly different user experience. Because of the diverse copyright regimes and content licensing, the user may or may not experience the same shows or albums depending on their physical location, something which is a symptom of pre-internet dictated Balkanisation.
The biggest challenge for the next decade is to avoid fragmentation on a bigger scale. The internet started as a global phenomenon, and it is in our mutual interest to keep it that way. There are visible splits in the fragment of the net, with commonly cited examples being the great firewall of China – and it is worth mentioning China’s new experiment in technology supported social control – or the censorship regime in Malaysia. The Chinese social credit schemes are in a pilot phase. There are multiple local systems working with financial, municipal, criminal databases and with information collected by internet firms. These systems share a common goal: to shepherd citizens towards complying to a set of rules, to be good citizens in the system. Otherwise they will be banned from travel via high speed train or via domestic flight – as millions in 2018.
But the Facebook-accelerated Rohingya genocide last year in Myanmar or the WhatsApp-driven lynching in India shone new light on the other side of this problem. Global internet firms like Facebook, Google or smaller ones like Telegram, the encrypted messaging client, can alter the state of a conflict. We have loads of technology and not enough insight about how that technology affects society. The results can be seen in the fake news empires and genocidal conflicts accelerated by social media.
Who’s the boss?
None of these issues are trivial to solve. All of them lead back to the governance of the internet. And the net is still largely an American project. At the beginning, all internet engineering and regulation forces were non-profits based in the US. This only began to change in the noughties with talks about multi-stakeholder governance. The goal was to create a more international governing body for the internet. The NetMundial Intiaitive (NMI), which was launched by the non-profit ICANN and the Brazilian Internet Steering Committee, tried to build a new system but failed. The oversight of the US Department of Commerce over ICANN ended in 2016, with the internet now a more international place. But the big question of who should be in control of the infrastructure, the engineering decisions, and the bureaucracy of the net remains unsolved. Last year, the French president, Emanuel Macron, presented a declaration on cyber threats at the meeting of the Internet Governance Forum.
It remains to be seen if the data loss scandals and the new data protection regulation will work in unison to establish a less user-hostile world.
Meanwhile, the business model and structure of the big internet firms has changed. We may tend to think of Google as a search company or Facebook as a social network, but that is a grave oversimplification. First and foremost, they are ad companies, and since they need huge amounts of personal data to serve personalised ads, they are surveillance companies at the same time. Lastly, they are based in the US, as are the biggest payment processors, email services, entertainment sites, digital game services, and the press too. Aside from a couple of notable exceptions (The Next Web, The Register), you are hard pressed to find a handful of consumer-focused technology papers written and edited in Europe with a European viewpoint.
And of course, we also need a European tech industry with strong players. Europe has not been doing well on this front: all the big platform companies (Google, Amazon, Microsoft, Facebook) are from the US, and the next wave of up-and-coming firms is from China. We need a European digital single market which is easy to navigate, and incentives for startups to try to grow in Europe.
Spies in the cupboard
Like the above examples, the General Data Protection Regulation (GDPR) is also worthy of critical assessment. The regulation itself communicates clear values and looks like a step in the right direction. Can the EU change the ways silo operating internet firms work? It remains to be seen. European internet users are now unable to read the news published by the Tribune Publishing Company because they chose the easier method to comply the GDPR: they blocked all European traffic. The same goes for Instapaper, a service used for archiving websites for reading at a later date. GDPR-handling code snippets and redirection services popped up to help get rid of European traffic. And of course, there are downright cynical solutions to GDPR involving long cookie and tracker lists, technical lingo, tabs and scrolls, but without a way of a meaningful opt-out.
On the other hand, it seems that GDPR did not hurt the business practices of the silo companies. Internet users have been trained to accept, give consent, click next, click finish. On the first day of enforcement of the GDPR, Max Schrems, the Austrian privacy activist, lawyer and founder of NOYB – European Center for Digital Rights, launched a couple of lawsuits against Facebook and Google in Ireland. According to Schrems, the new and supposedly GDPR-compliant data handling policies of the internet giants are not in compliance with the regulation. The consent form asks the users to accept the policy in order to use the services, but the GDPR asks for a more gradual decision instead of an all-or-nothing verdict. It remains to be seen if the data loss scandals and the new data protection regulation will work in unison to establish a less user-hostile world.
Tax the link?
It is worth mentioning that the GDPR is one of the more successful attempts at regulation. The EU’s copyright directive on link taxes and upload filters has fired up activists across Europe. The intent of the directive is clear: the revenue of publishers took a hit when Facebook and Google became the two biggest ad companies. The sector’s solution is half baked to say the least, and the small players without the resources to ask for permission could suffer drawbacks.
The publishers themselves may suffer too. It is easy to imagine a Facebook without links to news stories, just as it was easy to imagine a scenario in which an American publisher would block traffic from the EU instead of complying with the GDPR. Julia Reda, the German Pirate Party MEP, has explained the problems with the link tax regarding the future of publishers and freedom of information. The proposal for the directive was approved by the European Parliament in March 2019 and now awaits final approval from the Council of the EU.
The perfect symptom of the 21st century is that people are afraid that their smartphones are used for wiretapping. Not by spies, but by marketers.
The Google-Facebook duopoly is the largest of the data collecting operations but there are more firms with somewhat similar methods. A fresh pile of Internet-of-Things devices arrives on the market every quarter. One can buy smart shades, smart lighting, smart ovens, refrigerators, tea and coffee makers. The first victim was the TV-set, and now it is hard to find a TV without smart functions. And if you succeed, you may have to pay more for it, because as Bill Baxter – the CEO of electronics company Vizio – told The Verge: Vizio monetises the data the smart TVs collect from users, it receives a share from the price of the movies it sells through the TVs, and of course it serves ads. It is not yet known what data can be collected by smart door locks, pet feeders or juicers. But we cannot assume this to be nothing; after all, the Roomba robot vacuum cleaners were able to collect the spatial data of their owners’ homes. The perfect symptom of the 21st century is that people are afraid that their smartphones are used for wiretapping. Not by spies, but by marketers.
The propagation of Internet of Things devices pose another question. These gadgets often pose security risks, if not immediately after they hit the market then after the discovery of some security holes. Usually these holes can be patched by installing a new version of the software or firmware, but if the manufacturer does not make one available then the costumer cannot do anything about it. Moreover, the assumption that the home users will monitor the security state of their devices is a wild one. Updating the operating system on a PC or on a smartphone is a much easier task, but even that is not widespread practice among users – most people do not really want to be system administrators in their free time.
Besides the hackers and malwares, we also have to cope with gadgets from not-so-reliable manufacturers. Huawei took the limelight after the chief financial officer was arrested in Canada in December 2018, and little over a month later a Huawei employee was arrested in Poland with spying charges. Yet the Chinese firm’s phones are on sale, and talks are going on in several countries about using Huawei hardware for 5G mobile networks. Cybersecurity will pose big questions for the European and global internet in times to come. Any regulatory endeavor should have an idea for solving this problem. There is a lot of mistrust to begin with. If the Five Eyes – the intelligence sharing alliance of the US, the UK, Australia, Canada, and New Zealand – countries do not trust Huawei and ZTE, than shall the EU? And of course, what about trusting the Five Eyes? And is Xiaomi, a big Internet of Things device supplier, to be handled another way?
Does it have to be garbage?
Now to the biggest and thorniest problem of all: fake news, hostile information operations, and manipulation, all substantial talking points in 2018. Blame fell on the content silos that did not want to acknowledge that besides being photo hosting, chat and event marketing services, for example, they are media companies too. It is easy to understand why: content moderation is a difficult job. It is costly, it cuts into the bottom line, and it is easy to be caught in the political crossfire. Facebook has some experience in that. Yet the silos have to own the responsibility, because otherwise incidents like those last year in Myanmar and India in which Facebook and WhatsApp were implicated can occur again.
there is a deep technological illiteracy and some helpful lobbyists which makes regulation even harder
Sarah Jeong, an American internet scholar and journalist, argues in her important 2015 book, The Internet Of Garbage, that most of the internet was always rubbish (for example spam) but that technology and human curation could deal with it. Online harassment, propaganda, and hate speech is the new garbage, and it will not go away. We need tools and we need policy decision to fight it. The cheaper laissez faire approach will not work: if we learned anything from Gamergate, Comicsgate or the birth of the online alt-right, it is this. It is not clear who will bear the cost of the moderation. Neither the EU nor the US government was really able to hold the big tech firms to account. There is a corollary to this: there is a deep technological illiteracy and some helpful lobbyists which makes regulation even harder.
Et in Arcadia ego
On the one hand, the future of the internet is tied to geopolitics. It is hard to tell if anybody will be able to stop the trend toward Balkanisation. Users with tech literacy can and will be able to communicate, use end-to-end encryption, read foreign press and consume foreign culture. But it is not that hard to close the digital borders for most people. This is tied to the EU’s internal struggle with populists, autocrats, and the effects of climate change, and how these three converge: as long as there is a climate catastrophe that stimulates migration, the populists can capitalise on it. And the EU and the internet are hardly ready to handle the scenario when the fake news campaign comes from the national broadcaster of a member country. The internet mirrors the physical world, and laws governing some aspects of online life can be mapped onto the globe. Yet there is no true oversight and we have only frail governance.
On the other hand, the future is tied to big technological and business questions. Who will bear the cost of moderation of the social media sites? Who will pay for the security, patching up and customer support of Internet of Things devices? Can the EU create regulation that will make silo companies cooperate?
The internet is not the cybernetic meadow we were promised. Neither is it the global village we hoped it would be. We need another working metaphor, because on better days it feels like a companies’ town, and on worse days it looks like warring states.