������Ƶ

The U.S. and other liberal-democratic nation-states make reference to an internet that is, in some combination, free, open, interoperable, secure, and resilient. The precise meanings of these terms are unclear. However, as we interpret them based on existing policy documents, these terms mean:

• Free: Any user can access and exchange information on and through the internet without unreasonable restriction.
• Open: Systems and infrastructure are merely conduits for data transmission; they are net neutral and oblivious to what goes through them.
• Interoperable: Parts of the global system (network) work with other parts of the global system (network); A can easily move or convert to B.
• Secure: The system upholds the confidentiality, integrity, and availability (CIA) of its users, its data, and itself.
• Resilient: No single points of failure exist in the network; systems do their intended job despite impediments.

Here we provide an elaboration on how we arrived at these definitions and some of the nuance behind them. These definitions are of course subjective, particularly in their original usage by each government, but there is relatively consistent usage among liberal-democratic nation-states which we attempted to extract.

In 2011, the United States’ International Strategy for Cyberspace asserted that “the more freely information flows, the stronger our societies become.”¹ It also noted that “the ability to seek, receive and impart information and ideas through any medium and regardless of frontiers has never been more relevant.”² France produced a document that same year which stated, “France condemns all censorship and arbitrary or general restriction of Internet access and seeks to promote freedom of opinion, expression, information, assembly and association on the Internet.”³ A 2012 report to the U.S. House Committee on Energy and Commerce held that any deviation from the “the free flow of commerce and ideas” would harm the internet’s “ability to spread both prosperity and freedom.”⁴ France’s 2015 National Digital Security Strategy writes that the internet should remain “a place of free expression for all citizens, where abuses can only be prevented within the limits set by the law and in line with our international agreements.”⁵ Israel’s 2017 National Digital Program says that “freedom of expression and free access to information, which are vitally important for the social resilience of the State of Israel and its democratic nature, must be ensured.”⁶ Australia explicitly defines internet freedom as a state where “people are not burdened by undue restrictions on their access to and use of cyberspace; and their human rights are protected online as they are offline so that cyberspace remains a vibrant force for economic, social and cultural development.”⁷ And a 2017 address of the European Commission by the Greek Vice-President even discussed Greece’s backing of the free flow of internet data.⁸ Our definition is based on these (and many other) references to freedom tying into the ability to access and share information online. Most often, this principle of internet freedom is impacted by laws, regulations, social norms, and political actions.

Australia defines an open internet as “interoperable across borders and accessible to all; it facilitates unrestricted participation and the free flow of information, driving inclusive online collaboration, innovation and growth.”⁹ France’s 2017 international digital strategy discusses the importance of openness and network neutrality, guaranteed by decentralized internet architecture.¹⁰ The Italian government sets “net neutrality, open networks, [and] equivalent and non-discriminatory access conditions” as key goals of its internet strategy, adding the importance of “a technical solution completely open and neutral, deploying only passive infrastructures and laying optic fiber according to a fiber-to-the-building (FTTB) reference architecture to allow the wholesale unbundled access to all operators.”¹¹ The U.S. Federal Communications Commission (FCC) stated in 2016 that openness more or less refers to net neutrality, which ensures that “broadband service providers cannot block or deliberately slow speeds for internet services or apps, favor some internet traffic in exchange for consideration, or engage in other practices that harm internet openness.”¹² Our definition is therefore oriented to a non-discriminatory architecture that is net-neutral. What this means in practice is that the internet infrastructure is oblivious to the nature of the data or traffic flowing through it. Regardless of what the data is, it will be treated the same way by the infrastructure. Often, violations of internet freedom (e.g., passage of a censorship law) are what prompt violations of openness in architecture (e.g., corresponding filtering on the part of internet service providers [ISPs]).

The United States’ FCC discussed interoperability as far back as 2003 in the context of signaling architectures, call control architectures, voice over wireless, inter-provider interfaces, directory services, and safety and security features, broadly referring to features by which different networks and systems interact.¹³ Australia’s recent international cyberspace strategy links interoperability with the harmonization of global internet standards (e.g., through organizations such as the International Organization for Standardization).¹⁴ A 2014 paper from the U.K.’s Chief Scientific Adviser frames interoperability the same way: compelled by universally-recognized standards.¹⁵ The United States’ Computer Emergency Readiness Team (US-CERT) defines interoperability as “the ability of two or more systems or components to exchange information and to use the information that has been exchanged.”¹⁶ The European Commission expands upon all of these definitions, asserting that “interoperability is not simply a technical issue concerned with linking up computer networks. It goes beyond this to include the sharing of information between networks and the reorganisation of administrative processes to support the seamless delivery of eGovernment services.”¹⁷ Our definition therefore broadly refers to the ability of different components of a given system—in this case, the global internet—to interact without failure.

Germany’s 2011 Cyber Security Strategy defines security in context as “the sum of all national and international measures taken to protect the availability of information and communications technology and the integrity, authenticity and confidentiality of data in cyberspace.”¹⁸ Australia’s government holds that “a secure cyberspace is safe, reliable and resilient; it fosters an environment of trust so that individuals, businesses and governments can engage online with confidence and realise the opportunities and minimise the risks of the digital age.”¹⁹ Canada’s recent Cyber Security Strategy categorizes cybersecurity as response and mitigation measures to unauthorized data access and electronic attacks.²⁰ The Spanish government discusses cybersecurity as a broad objective to “ensure that Spain makes secure use of the Information and Telecommunications Systems, strengthening cyber-attack prevention, defence, detection, analysis, investigation, recovery and response capabilities.”²¹ And US-CERT defines cybersecurity as “the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.”²² Our definition comes from these and other references, which in aggregate aim to protect the confidentiality, integrity, and authenticity (CIA) of the global internet and its related components—from broad strategy down to highly-technical processes.

Israel’s previously-mentioned National Digital Program ties the internet directly into the social resilience of the nation-state.²³ The U.S. President’s National Security Telecommunications Advisory Committee (NSTAC) issued a 2017 report on resiliency that linked it to network redundancy and the security of communications and infrastructure.²⁴ The U.S. Department of Homeland Security discusses resilience in context with technical and operational resistance to cyber attacks.²⁵ Spain’s Ministry of Defence defines resilience as “the defensively oriented policy that maximizes the ability of possible target systems to prevent, deter and withstand cyber attacks and, if they occur, to minimize and mitigate their effects” which “is a multidimensional concept and has technical, organizational, political and legal components that need to be combined to be effective.”²⁶ France’s Internet Resilience Observatory most recently defined resilience on the internet as “the ability [for the internet] to operate during an incident and return to the nominal state. It can be characterized by measurable indicators, some of which come directly from engineering rules called best practices.”²⁷ Our definition aims to encompass the underlying thread in these and other definitions, which center around the ability of a system to essentially route around failure, regardless of the underlying cause.

Even in an idealized version of a global internet, not every dimension or element in our framework necessarily needs to contain or implicate all five of these ideal principles. However, in the idealized version of the internet in our framework, we provide a description of a global network that we believe captures the vision of a free, open, interoperable, secure, and resilient global internet. It is our hope that this mapping further clarifies the definitions and our interpretations of free, open, interoperable, secure, and resilient and provides an idealized archetype from which we are able to identify real departures.