Symposium | Regulating the Digital Economy

Beyond Borders: Fighting Data Protectionism

By Karen Kornbluh

At a time when Americans’ trust in their political institutions has plummeted, it is worth remembering that the Internet—the platform on which we work, play, shop, and communicate—is an American policy success story. The fact that a government program, ARPANET, spawned the Internet is well known. Less obvious is that, beginning in the 1990s, a bipartisan group of Internet policy pioneers removed obstacles to give the infant industry room to flourish—first nationally and then internationally.

These pioneers are largely lost to history, in part because they chose to forbear heavy-handed regulation and instead laid out flexible principles for technology companies to implement in concert with other stakeholders. This “light touch” or “multi-stakeholder” approach worked well to give the industry the flexibility to innovate and to allow information to flow freely through the network. The United States exported this model of Internet regulation, first to Europe and then to the rest of the world.

Today, as the Internet extends its global reach, governments around the world, fearing it will undermine local commerce, privacy, culture, or law enforcement, are reaching for their traditional regulatory tools, and the consensus for the model is fraying. With the revelations by Edward Snowden of the scope of U.S. surveillance over the Internet, global suspicions that the light-touch approach was just a fig leaf for U.S. domination have added to the calls by foreign governments for tighter and more old-fashioned regulation. To avoid damage to the future of the Internet as well as to economic growth and free expression, the United States will need to take the lead in declaring a new foreign policy of the Internet that manifests the ability of foreign governments to set national policies without impinging on international data flows.

Preserving the ability of information to flow through the pipes of the Internet should be a major U.S. foreign and international economic policy priority. According to the National Foreign Trade Council, a business organization, “goods, services, and content flowing through the Internet” were responsible for 15 percent of U.S. GDP growth from 2007 to 2012. Products and services that rely on cross-border data flows were expected to add an estimated $1 trillion in value to the U.S. economy annually over the next ten years. Globally, the Organization for Economic Cooperation and Development (OECD) calls the Internet a technological enabler likely to generate more growth than electricity, the internal combustion engine, the steam engine, or railways—and an astonishing 60 percent of the planet has yet to come online. And, as we’ve been reminded these last few years, the Internet’s power to generate innovation and growth is rivaled only by its potential to help people realize their rights and democratic aspirations.

All this was put in serious jeopardy by Snowden’s revelations of National Security Agency (NSA) surveillance. Countries already harboring mercantilist fears that U.S. Internet companies are undermining their commerce and culture are now more openly considering protectionist measures. The effect of these various government incursions could be to clog the pipes of the Internet, or even to create, as Google’s law enforcement and information security director has warned, a “splinter net.” U.S. entrepreneurs and Silicon Valley giants alike would have a hard time reaching customers, and those seeking information, expression, and association in repressive societies would have fewer options to do so safely.

The United States has championed the open, rules-based trading system since World War II. But as a number of governments have attempted to control the flow of digital goods, services, and information into and out of their countries, U.S. efforts have been hamstrung—first by the lack of successful foreign Internet companies, then by the lack of foreign participation in global Internet governance mechanisms, and finally by the surveillance revelations. In addition, a disconnect between U.S. Internet “geek” policy-makers (at the Federal Communications Commission, the White House Office of Science and Technology Policy, the Commerce Department’s National Telecommunications and Information Administration, and the State Department’s Internet and telecommunications units) and national security and economic policy “wonks” (at the National Security Council, National Economic Council, Treasury, and the Office of the U.S. Trade Representative) has kept the issue at the margins of policy-making.

International pressure is propelling the issue onto U.S. foreign and economic policy agendas, and a number of creative policy-makers in the Obama Administration are promoting initiatives that together could address the concerns of foreign governments while keeping international friction low. These efforts include creating interoperable privacy and cybersecurity regimes, using trade agreements to safeguard the free flow of information, and defending the decentralized Internet governance regime. Most recently, the White House followed its NSA review with a report on big data and privacy that called out the importance of interoperable international efforts. A new foreign policy of the Internet would elevate these efforts in a unified agenda, bringing to bear even more of the policy-making, diplomatic, and economic leverage of the United States.

Countries around the world are envious of U.S. companies’ domination of the Net. The United States is still the headquarters of the majority of the top Internet companies, and it dominates the app economy and LTE, the next generation of high-speed wireless. U.S. banks and large retailers benefit from the economies of scale for data the Internet provides, and U.S. software and services companies are best positioned to innovate.

However, the Internet’s importance as a platform for the world economy—or, as the American Chamber of Commerce to the EU called it in a paper, “the global trade route of the 21st Century”—is enormous. The McKinsey Global Institute reaffirmed in an April report that the Internet has dramatically increased commercial flows, allowing producers of goods or services (such as accountants or media organizations) to have a global reach, leveling the playing field for smaller participants through e-commerce platforms like eBay, and transforming some types of goods (such as books and movies) into digital data. These new flows have increased economic growth and changed the nature of trade in fundamental ways.

Of course, data flows have critically important non-economic benefits as well. Political movements such as the 2009 Iran protests and the Arab Spring demonstrate the growing power of social media to help dissidents organize. And platforms like YouTube allow for artistic creations to be more readily shared and discovered. Iran, Syria, and other cyber-autocracies use an array of pretexts to deny citizens access to the Web because they know it is a vehicle for expression that allows individuals to seek and receive information and to freely associate.

The policies that allowed the Internet to flourish first in the United States and then around the globe were intentional and hard-won. Key policy decisions in the early days of the Internet’s development helped ensure deployment of the infant technology over the open, global pipe, allowing anyone to send or receive information.

In the Clinton Administration, the Federal Communications Commission (FCC) made the critical decision to refuse to subject the new Internet service providers, or ISPs (notably AOL and Internet backbone providers), to paying “access charges” that others (notably long-distance carriers AT&T and MCI) paid for connecting to the local network for voice communications. The Telecommunications Act of 1996—signed by President Clinton with the same pen used by President Eisenhower to sign the Federal-Aid Highway Act of 1956—also allowed the FCC to remove obstacles to a single national network on which the Internet could operate seamlessly.

Clinton laid out an industry-led approach supporting self-regulatory codes of conduct and signed into law bipartisan legislation including a three-year moratorium on certain Internet taxes. The United States also promoted an open network beyond its borders. The FCC worked with the U.S. Trade Representative to support a new World Trade Organization (WTO) agreement to privatize state-owned telecommunications companies, create independent regulators around the world, and gain adoption of a set of regulatory practices to create competition. A separate WTO agreement reduced trade barriers for information-technology goods and services, including tariffs on electronic transmissions. The United States engaged with Europe, which adopted a similar light-touch Internet regulation regime, and then the OECD, which adopted new e-commerce guidelines that encouraged the U.S. approach.

The United States partially internationalized the U.S.-run Internet naming and numbering function that the Defense Advanced Research Projects Agency (the creator of ARPANET) had begun. It created a new organization, the Internet Corporation for Assigned Names and Numbers (ICANN), governed by an international “multi-stakeholder” group of technologists, industry, and other concerned parties, but held accountable by the United States through a Department of Commerce contract. In 2000, Europe and the United States agreed to the U.S.-EU Safe Harbor Framework, which facilitates data transfers between the United States and Europe.

After these Internet policy breakthroughs, productivity increased as investors plowed $90 billion into the cross-continental fiber-optic broadband network, and broadband reached homes and smaller businesses, while large businesses built their own dedicated data connections. The computers in which business had been investing were now connected and used to improve efficiency in inventory control, purchasing, sales, and manufacturing processes.

However, the story of the economic success of the late 1990s has focused on the strong record of balanced budgets and low interest rates that made investment possible. So when the inflated prices of many of the “dot com” startup companies came crashing down in the 2000s, the story took hold that the late-1990s Internet boom was just a “bubble.” And with that judgment went the story of the judicious policy-makers and their flexible regulatory approach—even though in reality this “bubble” resulted in tremendously productive infrastructure investment and innovations that yielded economic benefits for years to come.

The support for pro-innovation, light-touch policies had been bipartisan from the start and continued throughout the Bush years, when the FCC released spectrum to unleash Wi-Fi. Then, President Obama brought to Washington a new generation of tech-friendly policy-makers. The White House issued the U.S. International Strategy for Cyberspace and a new privacy framework. As secretary of state, Hillary Clinton launched a new effort on twenty-first century statecraft and championed a groundbreaking Internet freedom agenda, declaring a new “freedom to connect,” organizing a vigorous diplomatic defense of the multi-stakeholder Internet governance system, and even providing technical tools to preserve dissidents’ access to the Web. The Commerce Department took the lead on privacy, promoting the international interoperable approach featured in the new framework and working to reform ICANN.

But the global consensus had already begun to fray even before Snowden’s revelations. Although the EU helped create the international consensus on an open Internet, its concerns over privacy and its desire for a “European cloud” (or “Schengen area”) to route and store European data only in the continent led European countries to begin work on a new EU data-protection regulation and to bring more enforcement actions against U.S. companies. The Commerce Department was negotiating with Europe when the NSA story broke.

Following the initial diplomatic protests and media attention abroad about eavesdropping on the German chancellor and Brazilian president (and lack of public acknowledgement by our allies that they engage in similar activities), we began to see the repercussions. Brazil debated legislation to require that all data remain local, and the European Parliament voted to revoke the U.S.-EU Safe Harbor Framework. Even as negotiations continue, a lawsuit filed in the Irish courts by privacy activists is attempting to strike down the safe harbor through the European court system. A recent European Court of Justice ruling codified a person’s “right to be forgotten,” or the obligation of search engines to remove links to personal information upon request from the subject. In order to comply, ISPs must act as censors rather than as neutral platforms. This causes friction—and high costs. An analysis by the U.S. Chamber of Commerce estimated that implementing the “right to be forgotten” fully could lead to a decrease of between 1.5 and 3.9 percent in the EU’s GDP.

This summer, Russia passed a new law requiring that beginning in 2016, Internet companies store Russian data on servers based in Russia. This has caused concerns about the potential for censorship, but it would also eliminate the efficiencies gained by using data centers in other countries.

In Asia, there has been a flurry of privacy regulation. South Korea’s restriction requires that personal data be hosted locally, absent very specific consent from the data subject. Where obtaining consent is not practicable, the law effectively bans many data offshoring arrangements. Indonesia has a draft regulation that may require all sites that facilitate online transactions to maintain local data centers. Vietnam’s Decree 72 requires that any website, gaming platform, or social network have at least one server in Vietnam so that it can be inspected by Vietnamese authorities. This means domestic companies cannot use international platforms. And the “Golden Shield Project,” better known as the “Great Firewall of China,” blocks routing through designated IP addresses.

These efforts clog the pipes of the Internet, but a more drastic proposal would do even more damage by giving national governments sovereign control of the traffic in their countries. A group of countries including Russia, China, and a number of African and Middle Eastern nations voted at the UN’s International Telecommunications Union (ITU) a year and a half ago for the Internet to be covered by UN regulations—meaning that the current “multi-stakeholder” governance system (especially ICANN, but also including the Internet Engineering Task Force, the Internet Architecture Board, the World Wide Web Consortium, and the Internet Society) would be supplanted by national governmental control. Regulating the Internet through the UN, rather than allowing it to continue to work out issues with the relevant stakeholders, would effectively allow clogging throughout the network through conflicting technical and regulatory requirements, potentially preventing many smaller and noncommercial users from traversing the Web.

These restrictions have significant implications not only for Internet companies but also for sectors of the economy like finance, transport, communication, energy, health, education, and commerce. They can cause severe unintended consequences, such as a reduction in data security, increased cost, decreased competitiveness, and harm to consumers.

The United States has a lot to lose, but so does the world. A recent report by the Boston Consulting Group reiterates that uncoordinated policies hampering access to content can prevent a country—or, by extension, the world—from realizing the Internet’s full benefits. Yet restrictions on the free flow of data among countries are not seen as a global no-no. And as more countries without a history of light-touch regulation come online, a far different, far slower, less innovative, and more expensive Internet may result.

In order to safeguard the free flow of information, the United States must bring the work of the tech “geeks” into the mainstream in international fora in order to build a new global consensus for the next chapter of the Internet’s history. The resulting new foreign policy of the Internet would shine a light on and expand five emerging efforts. By doing so, it would repair the fraying international consensus and demonstrate how countries can address important challenges of the digital age without balkanizing the Internet or restricting competition and the free flow of information.

First, it should elevate international negotiations over privacy, which has become an increasing concern and a major justification for restrictions on data flows by governments. The Obama Administration endorsed interoperability in its 2012 white paper on privacy and again in its recent big-data report. The idea is to allow data to flow across borders by treating other countries’ citizens’ data largely as it would be treated at home when it is traveling abroad. Mechanisms such as certification requirements, third-party oversight, dispute resolution, and industry-specific codes of conduct provide necessary assurances and avoid the need for bureaucratic approval of each transaction.

In 2011, the leaders of the Asia-Pacific Economic Cooperation (APEC) group of Pacific Rim economies endorsed a Cross-Border Privacy Rules system based on the organization’s privacy principles. Each participating economy must have its own Privacy Enforcement Authority, which in turn coordinates with an APEC-wide enforcement network. In 2012, the United States and Mexico became the first countries to participate in the system. APEC’s system is scalable; countries opt into the system, which means that it can expand beyond APEC and, indeed, in March officials from APEC and Europe developed a comparison tool for companies seeking certification under both APEC’s and the EU’s systems.

The OECD high-income nations adopted Internet Policy Making Principles in 2011, championed by the United States as part of Secretary Clinton’s Internet freedom agenda. These principles recommended practices for safeguarding the free flow of data while implementing national policies on issues such as privacy, cybersecurity, or consumer protection. In 2013, when the OECD updated its privacy guidelines with mechanisms to implement and enforce privacy protection, it called for addressing global privacy concerns through interoperability.

The U.S.-EU Safe Harbor Framework is an early and successful interoperable system under which U.S. organizations certify to the Department of Commerce that they protect personal data in certain ways that meet EU requirements. Despite the objections by many in Europe following the Snowden revelations, the agreement has become so important (more than 4,000 organizations are listed on the Safe Harbor list) that U.S.-European negotiations (including, at Europe’s insistence, restrictions on law-enforcement access) to renew the agreement are progressing.

Second, the foreign policy of the Internet should champion efforts already underway to create interoperable cybersecurity regimes that also work together to allow cross-border flows. The new U.S. Cyber Security Framework developed by the National Institute of Standards and Technology was designed to be interoperable with international cybersecurity standards. U.S. and German industry are working together already to develop flexible standards and promote adoption through incentives.

Third, the United States should celebrate and persevere in its creative use of the trading system. The WTO’s core multilateral agreements do not offer straightforward rules on how to handle international data transfers, which were relatively rare when the agreements were negotiated. The rules pertaining to trade in services are set to be modernized, and the United States has already proposed changes to ensure the free flow of data. The U.S. Trade Representative has also proposed free-flow provisions in its two ongoing regional trade negotiations, the Trans-Pacific Partnership, among 12 Pacific Rim nations, and the Transatlantic Trade and Investment Partnership with Europe.

Fourth, policy-makers at the Departments of State and Commerce should continue pushing back on foreign efforts to alter the nature of Internet governance. The Administration announced a plan in March to give up its oversight of key Internet domain name functions to refute the claim that the multi-stakeholder system is controlled by the United States. The plan is the subject of partisan debate, but at least this partisan debate is largely about the right issues; conservatives voice concern that without the United States as cop on the beat, countries lacking respect for free expression will gain more power over the Internet, while progressives see that unless the United States cedes greater control to a decentralized, multi-stakeholder governance model, these same countries will be even more likely to convince others to support UN regulation. ICANN is working with experts to develop a plan that the U.S. government can approve before the fall of 2015.

The fifth pillar of the foreign policy of the Internet must be digital development—giving developing countries a stake in the open Internet. The United States, working with industry, technologists, NGOs, and more developed countries, should help increase access, promote innovation, and build capacity for these countries to not only participate in multi-stakeholder institutions, but to use them to address challenges like “spam,” knowledge development, and cybercrime. The State Department has stepped up efforts to consult with developing countries after the split at the ITU over Internet governance, but more needs to be done to help these countries see what the open Internet can offer them.

A new foreign policy of the Internet can fuel an engine of shared prosperity. It is critical to our competitiveness in a digital era and also to global economic development and expression that the Internet continue as a network of open pipes. We can safeguard the successes of the Internet policy pioneers by championing their innovative successors. If not, the low-friction Internet may become a distant memory.

From the Symposium

Regulating the Digital Economy

As the economy has become increasingly powered by innovations that seem to pop up by the day, government has failed to keep up. How can regulators protect the values of fairness, competition, and consumer protection without impeding innovation?

next

Bridging the Knowledge Gap: In Search of Expertise

By Beth Simone Noveck

13 MIN READ

See All

Karen Kornbluh is senior fellow for digital policy at the Council on Foreign Relations and former U.S. Ambassador to the Organization for Economic Cooperation and Development. The views expressed here are hers alone. The author thanks Robert Maxim for his research and assistance on this essay.

Also by this author

Families Valued

Click to

View Comments

blog comments powered by Disqus