From the second term of the Clinton administration to the end of the Obama administration, the U.S. government pursued an “internet freedom” agenda abroad. The phrase “internet freedom” signaled something grand and important, but its meaning has always been hard to pin down. For purposes of this paper, I will use the phrase to mean two related principles initially articulated by the Clinton administration during its stewardship of the global internet in the late 1990s.

The first principle is that “governments must adopt a non-regulatory, market-oriented approach to electronic commerce,” as President Clinton and Vice President Gore put it in 1997. Their administration opposed government taxes, customs duties and other trade barriers, telecommunications constraints, advertisement limitations, and most other forms of regulation for internet firms, communications, or transactions. The premise of this commercial non-regulation principle, as I’ll call it, was that “the Internet is a medium that has tremendous potential for promoting individual freedom and individual empowerment” and “[t]herefore, where possible, the individual should be left in control of the way in which he or she uses this medium.” In other words, markets, individual choice, and competition should presumptively guide the development of the internet. When formal governance is needed, it should be supplied by “private, nonprofit, stakeholder-based” institutions not tied to nations or geography. The Clinton administration acknowledged the need for traditional government regulation in narrow circumstances—most notably, and self-servingly, to protect intellectual property—but otherwise strongly disfavored it.

The second principle of internet freedom, which I’ll call the anti-censorship principle, argued for American-style freedom of speech and expression on the global internet. This principle originated as a component of the effort to promote electronic commerce. Over time, however, it developed into an independent consideration that sought to influence foreign political structures. The Clinton administration devoted less policy attention to the anti-censorship principle than to the commercial non-regulation principle because it believed that “[c]ensorship and content control are not only undesirable, but effectively impossible,” as the administration’s internet czar Ira Magaziner put it. China’s effort “to crack down on the Internet,” Bill Clinton famously quipped in 2000, was “like trying to nail Jell-O to the wall.”

The George W. Bush administration embraced both internet freedom principles, and it took novel institutional steps to push the anti-censorship principle. In 2006, the State Department established the Global Internet Freedom Task Force (GIFT). The main aims of GIFT were to “[m]aximize freedom of expression and the free flow of information and ideas,” to “[m]inimize the success of repressive regimes in censoring and silencing legitimate debate,” and to “[p]romote access to information and ideas over the Internet.” GIFT provided support for “unfiltered information to people living under conditions of censorship,” and it established “a $500,000 grant program for innovative proposals and cutting-edge approaches to combat Internet censorship in countries seeking to restrict basic human rights, including freedom of expression.” In this way, the Bush administration got the U.S. government openly in the business of paying for and promoting “freedom technologies” to help break authoritarian censorship and loosen authoritarian rule across the globe.

The Obama administration continued to advocate for the commercial non-regulation principle and further expanded the United States’ commitment to the anti-censorship principle. The landmark statement of its approach, and the most elaborate and mature expression of the American conception of internet freedom, came in Secretary of State Hillary Clinton’s much-lauded January 2010 speech on the topic. Invoking American traditions from the First Amendment to the Four Freedoms, Clinton pledged American support for liberty of speech, thought, and religion on the internet and for the right to privacy and connectivity to ensure these liberties for all. Clinton’s successor to GIFT, the State Department’s NetFreedom Task Force, oversaw “U.S. efforts in more than 40 countries to help individuals circumvent politically motivated censorship by developing new tools and providing the training needed to safely access the Internet.” Other federally funded bodies served similar goals. The Obama administration spent at least $105 million on these programs, which included investment in encryption and filter-circumvention products and support to fight network censorship abroad.

Across administrations, the U.S. internet freedom project has pursued numerous overlapping aims. It has sought to build a stable and robust global commercial internet. It has sought to enhance global wealth—especially the wealth of the U.S. firms that have dominated the computer and internet technology industries. It has sought to export to other countries U.S. notions of free expression and free trade. And it has sought to impact politics abroad by spreading democracy with the ambitious hope of ending authoritarianism. “The Internet,” Magaziner proclaimed, is “a force for the promotion of democracy, because dictatorship depends upon the control of the flow of information. The Internet makes this control much more difficult in the short run and impossible in the long run.” The Bush administration and especially the Obama administration engaged in high-profile and expensive diplomatic initiatives to use and shape the internet to spread democracy and human rights.

The U.S. internet freedom project deserves significant credit for the remarkable growth of the global internet, and especially global commerce, in the last two decades. But on every other dimension, the project is failing, and many of its elements lie in tatters. In response to perceived American provocations, other nations have rejected the attempted export of American values and are increasingly effective at imposing their own values on the internet. These nations have become adept at clamping down on unwelcome speech and at hindering the free flow of data across and within their borders. Authoritarian countries, in particular, are defeating unwanted internet activities within their borders and are using the internet to their advantage to deepen political control. The optimistic hope that the internet might spread democracy overseas has been further belied by the damage it has done to democracy at home. Digital technologies “are not an unmitigated blessing,” Secretary Clinton acknowledged in her 2010 speech. She understated the point. The relatively unregulated internet in the United States is being used for ill to a point that threatens basic American institutions.

Hypocrisy

Hillary Clinton’s 2010 speech took place against the background of fifteen years of growing global digital conflict. On the surface, this conflict was mostly about control over internet content. The internet was an American invention that, in its very code, seemed to embody the American values of free speech and resistance to regulation. But global connectivity and access initially challenged local political control and sparked resentment and fear among governments in authoritarian and non-authoritarian states alike. These sentiments were exacerbated by the fact that the American technology giants—Amazon, Google, Facebook, Apple, and Microsoft—dominated online life, raking in hundreds of billions of dollars in profits through the relentless growth of their increasingly indispensable digital products. They were also stoked by the United States’ control of the naming and numbering system for the internet.

More than any other nation, China fought back against these trends. It developed powerful systems of censorship and control over the internet in order to protect the Communist Party and the nation from what the Party viewed as subversive online forces. And it forced American firms seeking to do business in China to play by its rules or be denied access. Other authoritarian nations took steps in this direction, although none matched China’s vigor or commitment.

But it wasn’t only authoritarian governments that the U.S. internet freedom project threatened. Europe’s prevailing conception of government’s relationship to the individual, and the individual’s relationship to personal data, differs sharply from the prevailing American conception. Since the 1990s, European regulators have held American technology firms to higher standards of privacy and competition than American regulators have required of them. European regulators have also sought to eliminate from their networks hate speech that is tolerated by the First Amendment but is illegal in Europe.

Below the surface of disputes about content was a different but no less fierce battle about theft of private and proprietary data. Computer systems are inevitably filled with vulnerabilities that can be exploited to gain entry. When a computer is connected to the internet, actors from around the globe have potential access. And the internet’s architecture makes anonymity and spoofing (fake emails or webpages disguised to appear genuine) easy, which further facilitates unauthorized entry. The combination of these factors sparked a growing wave of cybertheft in the first decade of the twenty-first century.

The U.S. government participated in this bonanza of digital extraction, although it focused on acquiring military and intelligence secrets rather than commercial theft to benefit U.S. firms. But the United States was also among the most digitally dependent of nations, and a good deal of its military and economic and cultural power was embedded in digital networks. By the time of Hillary Clinton’s 2010 speech, the United States worried that it was losing more from cybertheft than it was gaining. American government networks suffered embarrassing intrusions that resulted in the exfiltration of cherished intelligence and military secrets. Just as alarming was the digital theft from abroad of the commercial secrets of American firms. U.S. companies reportedly lost hundreds of billions of dollars of commercial value each year in what National Security Agency (NSA) Director Keith Alexander described as “the greatest transfer of wealth in history.” China was public enemy number one for this great digital heist. But other nation-state adversaries and sophisticated organized crime networks also figured out how to steal information from American computer systems.

One important innovation in Clinton’s 2010 speech was to tie the imperative of internet security to the ideal of internet freedom. She did so by drawing on the fourth of President Franklin Roosevelt’s Four Freedoms, the freedom from fear. The United States must “work against those who use communication networks as tools of disruption and fear,” Clinton said. Nations and individuals that “engage in cyberattacks should face consequences and international condemnation.” To further resist the rise of cyberattacks, the United States should “create norms of behavior among states and encourage respect for the global networked commons.”

The hypocrisy in the linkage between internet freedom and internet security was apparent even before Clinton finished her speech. Eight paragraphs after complaining about cyberattacks, she boasted that the State Department was “supporting the development of new tools” to fight authoritarian censorship online. These tools—which, as noted above, were supported by tens of millions of dollars in U.S. grants—were designed to help activists advocate for freedom in foreign networks in ways that foreign governments viewed as disrupting those networks and violating their sovereignty.

Authoritarian states had worried since the 1990s about ties between the U.S. government and U.S. technology firms; they feared that the United States would use its internet dominance to foster regime openness and regime change. Their fears grew as U.S. internet technology firms rose to global dominance in the 2000s and as American social media companies like Facebook and Twitter seemed to provide the organizational tools for the protests that shook the Arab world during the Obama administration. In the midst of the demonstrations in Iran following its 2009 presidential election, a State Department official asked Twitter to delay a scheduled maintenance of its network that might “cut off service while Iranians were using Twitter to swap information and inform the outside world about the mushrooming protests around Tehran,” as the New York Times put it in a story titled Washington Taps Into a Potent New Force in Diplomacy. The event confirmed for Iranian officials that “the Internet is an instrument of Western power and that its ultimate end is to foster regime change in Iran,” as Evgeny Morozov noted. Iran and other authoritarian governments saw U.S. social media firms in particular as “a ‘made in America’ digital missile that could undermine authoritarian stability.”

That perception intensified after Secretary Clinton delivered a second speech on internet freedom in January 2011, during the early days of the Arab Spring. Clinton emphasized how much Facebook and Twitter had aided the Arab Spring and touted U.S. financial and technical support “to help people in oppressive Internet environments get around filters [and] stay one step ahead of the censors.” That same month, the State Department intervened with U.S. tech companies to help protect protesters in Tunisia who would soon force President Zine El Abidine Ben Ali to step down. As former NSA and Central Intelligence Agency (CIA) director Michael Hayden described these efforts, “The Secretary of State is laundering money through NGOs to populate software throughout the Arab world to prevent the people in the Arab street from being tracked by their government.” Authoritarian nations got the message.

The United States also seemed to be militarizing cyberspace in ways that were hard to square with its rhetorical commitment to digital security. Seven months before Clinton’s 2010 speech, the Obama administration established U.S. Cyber Command to integrate American cyber operations, including offensive military cyber operations abroad. It was no accident that the administration placed the director of the NSA in charge of Cyber Command. NSA is responsible for breaking into and extracting intelligence from communications and computer systems abroad—activities that are typically prerequisites to the computer network attacks contemplated for Cyber Command. “We have U.S. war­ri­ors in cy­ber­space [who] are de­ployed over­seas and are in dir­ect con­tact with ad­versar­ies over­seas,” bragged Bob Gourley, a former chief tech­no­logy officer for the De­fense In­tel­li­gence Agency, to a reporter a few months after Cyber Command was created. These ex­perts “live in ad­versary net­works,” he added.

The astounding degree to which the U.S. government lived in adversary networks would became apparent to the world over the next few years. In November 2010, diplomatic cables pilfered by Chelsea Manning and published by WikiLeaks showed that Clinton herself had sent diplomatic directives about ways to break into the communications channels of diplomats from several nations as well as of the secretary general of the United Nations. This is a standard secret intelligence practice, but it was nonetheless embarrassing for Clinton, who had insisted a few months earlier that “in an internet-connected world, an attack on one nation’s networks can be an attack on all.”

Then, in June 2012, the New York Times reported that President Obama had used an elaborate cyberattack to disrupt the centrifuges in Iran’s nuclear enrichment facilities. “Olympic Games,” as the operation was called, marked a new era in the militarization of cyberspace, according to Hayden, because it was “the first attack of a major nature in which a cyberattack was used to effect physical destruction” rather than simply to steal data or disrupt a computer’s normal operation. “Somebody crossed the Rubicon,” he stated, comparing the attack on Iran to August 1945, when the world first witnessed the destructive power of nuclear weapons. Olympic Games, on top of Cyber Command, accelerated the global arms race for cyber weapons and cyber forces, with ominous implications for internet freedom.

And finally, in the spring of 2013, Edward Snowden stole many thousands of documents from the NSA and gave them to a group of journalists to publish. The documents revealed that the NSA had penetrated every conceivable form of computer and communications system around the globe, sweeping up unfathomable masses of electronic intelligence about foreign governments and foreign citizens. They also showed that it had set up a system to collect huge quantities of intelligence information, not just by breaking into foreign networks but also by (among other means) demanding information from Google, Yahoo!, Facebook, and other American firms that themselves collected data from abroad, especially communications of individuals. In these and other ways, the NSA seemed to be succeeding in its stated aim of (as one of the leaked documents put it) achieving “global network dominance.”

“It would be hard to overstate the extent to which Edward Snowden’s disclosures about US mass surveillance techniques in the post-9/11 period have shaken up geopolitical dynamics on Internet freedom, security and governance,” wrote Eileen Donahoe of Human Rights Watch two years after the leaks. The Snowden disclosures, on top of everything else, gravely damaged the internet freedom project.

They made it seem like the United States’ “hands-off” approach to the internet was, as many nations had feared, a mask for U.S. government manipulation and control. They thus exacerbated the resentment that had been building against the United States due to U.S. firms’ dominance of the internet economy and the U.S. government’s control over the internet’s naming and numbering system. The disclosures also showed that the NSA was heavily involved, on a global scale, in the very forms of surreptitious network surveillance that the U.S. government decried when done by authoritarian nations, albeit for different ends. They indicated that the NSA was secretly trying to undermine the very encryption tools that the State Department and other U.S. agencies were promoting to fight oppression abroad. And the disclosures revealed that the United States was acting directly contrary to the cybersecurity imperative that Clinton had linked to the internet freedom agenda in 2010.

The harm to internet freedom from the Snowden and related disclosures went beyond mere revelations of U.S. hypocrisy. The disclosures chilled certain forms of online communications for fear of government snooping. Most significantly, they gave nations a powerful incentive and a powerful excuse to exert more control over their domestic networks in response to perceived U.S. cyber incursions, along with a roadmap for doing so.

Failure Abroad

By the time that Secretary Clinton began to speak about internet freedom, a decade after Bill Clinton’s presidency had ended, China was doing a pretty good job of nailing the Jell-O of undesirable speech to the wall of Party control. Some in 2010 still had doubts that China would succeed. Today, five years after Snowden’s revelations, China is approaching mastery over the internet communications that it cares most about, which are mainly forms of organizational speech and collective expression that it believes threaten the Party and public order generally.

China has established digital filters at the border that allow in only the types and quantities of information the Party wants. CNN, ESPN, and the Washington Post can currently be accessed in China, but Facebook, Google, YouTube, Twitter, and Instagram are blocked and replaced by home-grown and government-friendly substitutes that flourish behind the Great Firewall. China has also been tightening its grip on the “virtual private networks” that allow sophisticated users to defeat these filters.

Inside the country, an intricate regime of surveillance, counter-speech, censorship, and targeted disruption enables additional Party control, often in real time. These tools are supported by a deterrence strategy of prominent arrests, fines, extralegal detentions, and forced confession for writers, journalists, and dissidents who violate China’s speech rules. China has also been developing a real-name identity registration system to prevent anonymity and to enhance surveillance, as well as a related “social credit system” that (among many other things) seeks to tie online access to online behavior. And China requires foreign and domestic firms to keep the “critical information infrastructure” they collect inside China and to give the government access for security purposes. Apple is typical among U.S. firms in complying with China’s law enforcement and security demands, even as it has resisted in court several U.S. government efforts at cooperation on law enforcement.

A core assumption of the U.S. internet freedom agenda is that online censorship and control retard innovation and modernization. “[C]ountries that restrict free access to information or violate the basic rights of internet users risk walling themselves off from the progress of the next century,” Clinton warned China and other authoritarian states in her 2010 speech. China is in the process of proving this assumption false. It is creating an internet that reflects the Party’s values and protects its interests. At the same time, China permits its nearly 800 million internet users to communicate with each other and the rest of the world on a vast array of topics. It also fosters a sophisticated and robust e-commerce space, led by Chinese companies that include four of the world’s largest internet firms: Alibaba (online shopping), Baidu (search), Tencent (social media and messaging), and Xiaomi (smartphones and related products). China has a vibrant technology start-up scene that is starting to rival Silicon Valley’s. It is probably ahead of the United States in digital payment systems, mobile commerce, and next-generation wireless technology, and it appears to be holding its own in the important fields of artificial intelligence and quantum computing. Its technology firms, meanwhile, are making the turn from copycats to innovators and are starting to compete abroad, especially in Asia.

The U.S. government has been unable to stymie China’s singular approach to mixing political control and commercial freedom on the internet. Since Snowden destroyed its remaining moral leverage and Donald Trump became president, it has practically stopped trying. Access to China’s gargantuan market is so cherished by American firms that they acquiesce in policies of government intrusion and surveillance they would not tolerate in the United States. The U.S. government has, in turn, tolerated this acquiescence, perhaps because it realizes that too much pressure on Beijing over censorship would result in retaliation that would harm American companies and the American economy on balance. American efforts to introduce digital tools to defeat China’s control over the political aspects of its internet have also failed. Proposals to invoke international trade law to fight back against what the United States sees as the digital protectionism of the Great Firewall have gone nowhere and are unlikely to succeed even if pursued with more vigor.

China is an extreme case. At the dawn of the Arab Spring, it seemed that the internet, especially social media platforms such as Twitter, YouTube, and Facebook, had a better chance of fostering freedom in Arab nations. Many of the leaders of the 2010–2011 uprisings in Tunisia, Libya, Egypt, Yemen, Syria, and Bahrain were trained to use digital technologies by organizations sponsored by the U.S. government and U.S. internet firms. But whatever advantages these technologies initially brought—a debated point—they now appear to have been reversed. The communications tools that seemed to mark a decisive advantage against Arab governments reflected only a temporary advantage due to government incompetence and inattention. In the last five years, authoritarian Arab regimes have reasserted control. They have done so by using tanks, to be sure. But they have also begun to master digital technologies and to deploy them to censor, surveil, and disrupt protesters and to actively cultivate alternative nationalist movements using “bots” and armies of fake users. “The very technologies that many heralded as ‘tools of liberation’ . . . are now being used to stifle dissent and squeeze civil society,” Ron Deibert has observed. These governments have also grown adept at employing internet shutdowns and slowdowns, at blocking encrypted communication tools, and at cracking down on circumvention efforts.

The trend of increasing internet control by governments extends beyond China and the Arab states. In 2009, Freedom House initiated an annual global survey of internet freedom that measured national limits on internet content, internet access, and violations of user rights, including undue surveillance, privacy violations, and penalties for online speech. Its 2017 report found that internet freedom, so measured, was becoming increasingly precarious. “Disinformation tactics contributed to a seventh consecutive year of overall decline in internet freedom, as did a rise in disruptions to mobile internet service and increases in physical and technical attacks on human rights defenders and independent media,” Freedom House concluded. “A record number of governments have restricted mobile internet service for political or security reasons, often in areas populated by ethnic or religious minorities,” and “[g]overnments around the world have dramatically increased their efforts to manipulate information on social media over the past year.”

It is not just authoritarian nations that have defied American-style internet freedom. In recent years, the nations of the European Union have come to see the hegemony of U.S. internet firms as nothing less than a danger to the European way of life. In part, this is due to the revelation that the NSA had been sucking up massive amounts of data about European citizens initially collected by U.S. firms. And in part, it is because U.S. internet firms wield their enormous power to shape morals, politics, news, consumer choice, and much more in ways that many European officials abhor. “We are afraid of Google” because it threatens “our values, our understanding of the nature of humanity, our worldwide social order and, from our own perspective, the future of Europe,” wrote Mathias Döpfner, the CEO of Axel Springer SE, Germany’s largest media group, in a much-noted open letter to Google CEO Eric Schmidt in 2014. In recent years, European regulators have embraced this philosophy and significantly ramped up their legal pressure of American technology firms. Many believe that this pressure is motivated in part by economic protectionism. Perhaps so. The point for now is that Europe’s internet regulators are becoming more active within European borders, and sometimes beyond.

European regulators have, for example, fined Google $2.7 billion for abusing its economic power in the arena of internet search and Apple $15.3 billion for unpaid taxes. Several other antitrust investigations against Google and other U.S. tech firms are in the works, and European regulators are searching for ways to impose billions more in taxes. They have also threatened these firms with severe sanctions if they do not clamp down on hate speech, incitement, and terrorist violence. They have recognized a “right to be forgotten,” which allows individuals to remove detrimental personal information from search results on the web—not just in Europe but possibly everywhere in the world. European courts, alarmed by the Snowden revelations, have raised the privacy bar for sending data collected in Europe to the United States, for fear of NSA snooping. And most significantly, the new General Data Protection Regulation (GDPR) in Europe imposes burdensome new data disclosure and privacy rules for firms handling the information of EU citizens. These rules are in the process of being adopted by firms globally, including in the United States.

The GDPR is one of scores of recent national and regional regulations related to privacy, security, surveillance, and law enforcement that limit the flow of information across national borders and pressure firms to store data about users in a given country on servers located within that country. Other non-tariff barriers to digital free trade that have grown sharply in recent years include local infrastructure or computing requirements, local partnership requirements, intellectual property infringement, cross-border cybertheft, and the various means of filtering and blocking information from abroad noted above. The United States has gotten in the game, mostly through an interagency committee to review foreign investments known as the Committee on Foreign Investment in the United States (CFIUS). CFIUS now regularly flouts the commercial non-regulation principle with its aggressive crackdown on attempts by foreign firms, notably from China, to own or control U.S. information technology firms. The ostensible justification for CFIUS’s growing vetoes of foreign takeovers of these firms is cybersecurity. But the trend also reflects retaliation against Chinese protectionism and worries about strategic control over crucial technology sectors.

While the commercial non-regulation principle is everywhere under assault, it would be wrong to ignore its successes. The principle largely prevailed for almost two decades during which the internet boomed and large U.S. firms grabbed huge market share globally, in some instances approaching monopoly power. The United States has a big trade surplus in digital industries. Both U.S. firms and U.S. consumers continue to reap the benefits of the continuing growth in the digital economy, even though U.S. firms and digital free trade are suffering pushback abroad and even though other countries and firms in other countries are catching up. It is an open question how far nations will go down the road of digital protectionism, how burdensome foreign regulations will prove to be for U.S. firms, and what impact these trends will have, especially in the burgeoning tech battle with China.

The anti-censorship principle, by contrast, is much further down the road to collapse and indeed was always a delusional goal. Nations have different values and priorities, and the American conception of freedom, especially our conception of free speech, is a global outlier. As the very different examples of China and Europe show, when the internet threatens those values and priorities, nations can preserve them by exercising sovereign muscle—brute coercive power—over local firms and communication intermediaries within their borders. The internet freedom agenda never really had a plan to fight this logic. The United States lacks the economic or diplomatic power to bend China or the European Union to its will on internet matters. If anything, the dependency of American firms on access to these giant markets gives China and Europe the upper hand. Nor has the United States been able to deliver to activists abroad the digital tools to defeat control in weaker nations, which have largely succeeded in reversing the impact of these tools for their own ends.

Failure at Home

The United States’ internet freedom project is not just failing abroad. It is also failing at home. I explained above that the United States is increasingly engaged in forms of digital protectionism that it once decried. But both the commercial non-regulation principle and the anti-censorship principle are allowing real harms within the country’s borders as well. “[M]odern information networks and the technologies they support can be harnessed for good or for ill,” Clinton acknowledged in her 2010 speech. The premise of the U.S. internet freedom agenda is that an open, unregulated internet is great at home on balance and thus should be exported abroad. This premise—built on an optimism about the impact of digital technologies on American public life—is now being called into question.

The first problem concerns cybersecurity. Not a week goes by without reports of major cybersecurity breaches, data thefts, information compromises, or cyberattacks in which major U.S. firms and their consumers are the victims. The U.S. government is not doing much better. A May 2018 report by the Office of Management and Budget and the Department of Homeland Security concluded that an overwhelming majority of U.S. federal agencies are ill equipped to defend their networks and cannot even “detect when large amounts of information leave their networks, which is particularly alarming in the wake of some of the high-profile incidents across government and industry in recent years.” The U.S. government and U.S. firms have seen this problem coming for over a decade, but they have been unable to check it. “We’re the frog in the pot that’s getting boiled,” said Rob Joyce, the Trump administration’s cybersecurity coordinator, at a conference in 2017. “I watch these breaches every day,” he added. “It’s getting to a point where we’re getting numb.”

Among the many reasons the United States is failing at cybersecurity is its commitment at home to the commercial non-regulation principle. Inadequate regulation is a primary cause of poor cybersecurity hygiene in the United States. Individuals have inadequate incentives to use security software and take other precautions, and firms lack proper incentives to harden their defenses and share information with each other and the government. The vast majority of software companies, internet technology firms, and individuals will not internalize the many negative cybersecurity costs they impose due to weak security standards or poor security investments unless the government provides some prodding through liability, regulation, tax incentives, standard-setting, or some other means. But the United States’ non-regulation commitment and concerns about the impact on innovation have significantly hampered progress on this front.

Another unfortunate side effect of internet freedom at home, and one caused more by the anti-censorship principle, is susceptibility to information operations from abroad. Explaining the difficulty of preventing Russia from stealing emails from Democratic National Committee (DNC) accounts, President Obama explained shortly before leaving office that “our economy is more digitalized and it is more vulnerable, partly because . . . we have a more opened society and we are engaged in less control or censorship[] over what happens on the internet.” The United States has a wider and more readily accessible digital attack space than any nation in the world, and much of this attack space lies in the private sector, including private channels of communication. The U.S. commitment to free speech, relative anonymity, and sharp limitations on domestic government surveillance—all virtues from a civil liberties perspective, of course—makes it hard for our government to identify, prevent, and respond to malicious cyber operations, especially ones that seek to manipulate information for nefarious ends. This is the very problem of social disruption and instability from online foreign meddling that Russia and China have been harping about, and taking steps to check, for years.

Another way in which internet freedom threatens American institutions is in the pathological forms of speech that it fosters. There are many reasons for the political and social fracturing of American society, but arguably near the top of the list is the balkanization of information consumption, and the attendant coarsening of public discourse, that digital technologies foster. The internet, and especially social media platforms such as Facebook and Twitter, promote the sort of fine-grained, self-serving, and exclusionary information consumption that Cass Sunstein has called “self-insulation.” As Sunstein and others have argued, self-insulation makes it harder to empathize with citizens whose concerns and opinions differ; enhances mutual alienation, misunderstanding, and polarization; and subsidizes the spread of falsehoods, conspiracies, and counterfeit news. The internet has also enabled a proliferation of specialty news and information sites that tend to be more extreme and partisan than traditional “meat-space” media and that intensify self-insulation, especially in a heterogenous society like the United States. All these tendencies have a devastating impact on our deliberative democracy, which depends for its success on mutual understanding, compromise, and learning.

A final problem comes in the form of the weaponization of speech. The internet has made speech cheap to produce and to aggregate. This has allowed private actors to engage in vicious group attacks by “troll armies” that aim to discredit or to destroy the reputation of disfavored speakers and to discourage them from speaking again. A related practice is to distort or overcome disfavored speech by using fake news, fake commentators, and other forms of misinformation or propaganda to muffle the disfavored speech or confuse the audience. Both practices take advantage of the pathologies of self-insulation. And the impact of both can be magnified by bots that automatically send and resend the weaponized speech on a large scale. The aim of weaponized speech is often to create a fog that prevents all news sources, and all informed critical commentary, from being trusted.

These maladies of internet freedom at home converged in the historic event that may one day be seen as its death knell: the Russian information operation in the presidential election of 2016. In 2010, Hillary Clinton spoke of internet freedom as a means to end censorship and control in authoritarian nations like Russia. Six years later, such efforts had had no apparent effect on that country. On the contrary, Russian president Vladimir Putin, perhaps in response to perceived provocations by Clinton, was able to exploit internet freedom and openness in the United States to cause unprecedented disruption in its democratic processes, possibly denying her the presidency. The DNC hack, as President Obama noted, was “not particularly sophisticated—this was not some elaborate, complicated espionage scheme.” It was a simple phishing operation that extracted email messages which, once made public and churned through social media, caused a public storm. The Russians also weaponized speech through social media accounts in ways that appeared to be designed to advantage Donald Trump. For many Americans, these commonplace tactics called into question the legitimacy of the election and of the democratic system more broadly. The really bad news is that there is little to prevent something like this, or worse, from happening in the next presidential election, this time at the hands of multiple foreign actors.

Conclusion: Tradeoffs

The Trump administration has hollowed out the State Department and has deemphasized human rights and free trade. It is thus doubtful that it will give much support to the internet freedom agenda. But even a future administration more sympathetic to the agenda will need to address its failures to date by acknowledging some uncomfortable realities about the internet and by facing some large tradeoffs. Here are what I think are the three most important ones.

The first set of tradeoffs arise from how the United States promotes its anti-censorship principle abroad. That principle is premised on a commitment to spreading democracy and U.S. constitutional values that has been a lynchpin of American foreign policy since at least World War II, if not earlier. There are many ways to maintain this commitment while rethinking the tactic of meddling in foreign networks to undermine authoritarian governments. The American people are angry about and threatened by Russian cyber interference in the 2016 election. But the Russian government, as well as China’s and Iran’s governments and others, are angry about and threatened by U.S. intervention in their domestic networks with the ultimate aim of changing their forms of state and society.

Network interventions to promote freedom and democracy are not on the same moral plane as network interventions to disrupt or undermine democracy. But regardless of the morality of the situation, it is fanciful to think that the digitally dependent United States can continue its aggressive cyber operations in other nations if it wants to limit its own exposure to the same. Unless the United States can raise its cyber defenses or improve its cyber deterrence—a dim prospect at the moment—it will need to consider the possibility of a cooperative arrangement in which it pledges to forgo threatening actions in foreign networks in exchange for relief from analogous adversary operations in its networks.  The Russian government recently proposed a mutual ban on foreign political interference, including through cyber means. The significant hurdles to such an agreement include contestation over the terms of mutual restraint, a lack of trust, and verification difficulties. These high hurdles are not obviously higher than the hurdles to improving U.S. cyber defenses and cyber deterrence. And yet, no one in the U.S. government appears to be thinking about which sorts of operations the United States might be willing to temper in exchange for relief from the devastating cyber incursions of recent years.

The second set of tradeoffs concern U.S. skepticism about more extensive government regulation of, and involvement in, domestic networks. The devastating cyber losses that the United States has been suffering result in large part from market failures that only government regulation can correct. The government will also need to consider doing more to police and defend telecommunications channels from cyberattack and cybertheft, just as it polices and defends threats that come via air, space, sea, and land. This might involve coordination with firms to scan internet communications, to share threat information, and to frame a response. And it might require accommodations for encrypted communications. The hazards for privacy from these steps are so extreme as to make them seem impossible today. But there are also serious hazards for privacy from not providing adequate cybersecurity. If the threat to our valuable digital networks becomes severe enough, the American people will insist that the government take steps to protect them and the forms of social and economic life they enable. Our conception of the tradeoffs among different privacy commitments and between privacy and security will adjust.

Finally, U.S. regulators, courts, and tech firms may need to recalibrate domestic speech rules. Tim Wu has recently proposed some ways to rethink First Amendment law to deal with the pathologies of internet speech. For instance, First Amendment doctrine might be stretched to prevent government officials from inciting attack mobs to drown out disfavored speakers, as President Trump has sometimes appeared to do. Or the doctrine might be tempered, to allow the government to more aggressively criminalize or regulate cyberstalking and trolling, or even to require speech platforms to provide a healthy and fair speech environment. These are bold reforms, but they are also potentially very dangerous. The line between genuine political speech (including group speech) and propaganda and trolling will be elusive and controversial. The effort to ensure a healthy speech environment is even more fraught and will invariably ban or chill a good deal of speech that should be protected. These misgivings do not mean that such modifications are not worth exploring or that current understandings of the First Amendment are sacrosanct. They just mean that here, as with the other tradeoffs, the choices we face are painful.

© 2018, Jack Goldsmith.