In the rapidly unfolding digital age, the strongest player on the international stage is not necessarily the state with the biggest weapons or the most soldiers. Instead it is the cyber actor, which may or may not be a state, capable of most effectively leveraging the Internet to achieve objectives. Like the seafaring captains of old, these actors navigate the labyrinth of the Internet to discover, to trade, to pillage, and to conquer. Digital packets are their vessels. The Internet is their sea.
Like the sea, the internet encircles the globe. Like the sea, the Internet is used for benign activity, such as commerce and leisure, but also for destructive activity, such as theft and combat. The sea has sailors and pirates; the internet has cyber professionals and hackers. The comparison seems appropriate and begs the questions: Can international law regulate the Internet like it regulates the sea?
The similarities between the Internet as a medium and the sea as a medium suggest that international principles governing the use of the sea could effectively be applied to the use of the Internet. Upon inspection, however, this theory quickly erodes for numerous reasons. Perhaps the most significant obstacle is the lack of a common heritage to the Internet. Common heritage is the critical component that has allowed the law of the sea to develop.
Customs governing the use of the sea probably began to emerge when humans first encountered other humans at sea. These customs grew out of a recognition that the sea was an incredibly vast shared space that no one nation could hold in the way that land territory could be held. The sea was recognized as the common heritage of mankind. Seafaring parties intersected with both allies and enemies in this shared space. Customs and laws continued to develop over millennia to regulate these encounters. As humanity’s access to the sea increased, international norms increased, including codifying many of these customs in the UN Convention on the Law of the Sea (UNCLOS). These laws were based on the idea that all humans enjoyed freedom of the sea because it was common heritage. The laws fostered shared use of the sea while deterring nefarious actions on the sea.
As a recent phenomenon, the Internet has no such common heritage, although it has become a common resource. The Internet traces its origins back to a research project completed by the United States Defense Advanced Research Projects Agency (DARPA) during the 1960s. Its usage grew exponentially until it became the truly globe-spanning super network of today, reaching an estimated 3 billion people. Because the United States was the primary driver of early Internet adoption, its infrastructure and usage patterns have developed in such a way that most of the world’s internet traffic passes through the United States. This position offers the United States unique advantages and opportunities that the United States is unlikely to relinquish.
Other nations have more recently undertaken measures to ensure their own Internet posture also offers unique advantages and aligns with their interests. For example, China has erected “The Great Firewall” around Chinese Internet users, allowing China to censor which traffic is accessible by Chinese users. China is leveraging its Internet power to further its interests at the expense of internet freedom and access. Meanwhile in the European Union, some European leaders are advocating for new Internet regulations that could bolster European tech companies’ positions against their American counterparts. The fortifying of digital space will not enable the international community to adopt any sort of “freedom of the Internet” measures akin to the freedom of the seas. Quite the opposite in fact, the trend seems to be increasing restrictions on communal use.
Even if the international community did characterize the Internet as a resource to be shared by all, regulation appears to be technically impossible, at least at present, because Internet traffic cannot be finitely quantified and observed in the same way that seafaring vessels can. Sea regulations are enforceable in large part because nations are able to observe a meaningfully quantifiable number of vessels and react by employing the appropriate legal measure. On the sea, the regulator can, for example, react to nefarious activity by boarding a vessel and searching it.
Over the Internet, the regulator would likewise have to conduct inspections in some manner but there are far too many data packets to deal with. By the end of 2016, an estimated 1,000,000,000,000 gigabytes of data will traverse the Internet annually. That number is too large to fathom its significance. Finding nefarious activity among that much data and reacting appropriately while still fostering Internet freedom is technically impossible given the current state of technology. There are simply too many packets traversing the internet.
The lack of common heritage to the Internet and technological limitations on widespread enforcement make the application of the law of the sea’s principles to the Internet impossible for now. The international community must approach the Internet with a fresh perspective that considers its modern and unique characteristics. The Council of Europe’s Convention on Cybercrime, which entered into force in 2004, is currently the leading international convention in this field. The Convention identifies numerous cybercrimes that signatories must address in their domestic criminal laws, requires that certain law enforcement procedures be put into place, and demands that signatories cooperate to investigate and prosecute cybercrimes. The Convention has been ratified by forty-seven states so far and signed by an additional seven.
The Convention shows some real promise because it addresses uniquely cyber issues and has seen at least some adoption. However, it still lacks global utility because it does little to address state-on-state cyber acts and lacks signatures from significant cyber powers, notably China and Russia. The lack of widespread adoption suggests cyber stakeholders with competing interests have a long way to go before they are able to agree on international regulation that works as effectively as sea regulations.
Matthew Matechik is an Evening J.D. student at the University of Baltimore School of Law (Class of 2016). He currently works full-time for the U.S. Federal Government as a Counterterrorism Analyst. He has a Bachelors of Arts (Magna Cum Laude, 2008) from Florida State University. All views in this blog post are Matthew’s own views and do not represent that of the U.S. Government.