How to Regulate the Internet Without Becoming a Dictator

Justin Sherman wrote for Foreign Policy about how democracies can exert more control over the internet to protect citizens online without automatically being authoritarian.

On Nov. 16, 2018, U.S. President Donald Trump signed the Cybersecurity and Infrastructure Security Agency Act into law, which transformed the National Protection and Programs Directorate at the Department of Homeland Security into the Cybersecurity and Infrastructure Security Agency (CISA).

The change aims to bolster the United States’ defenses against physical and digital threats to critical infrastructure. The reasons for CISA’s creation are no mystery: Democracies are increasingly realizing that they cannot rely entirely on the unregulated market to protect citizens or even businesses from cyberharms. Now, the question for CISA is how to meet current threats while maintaining a free and open internet for Americans.

Democracies are grappling with the differences between the internet as idealized in their policy documents—with principles such as freedom and openness—and the internet in reality—an insecure, increasingly centralized, and increasingly restricted network. Democratic internet strategies face tensions that need to be resolved, including the need to find a balance between total network openness (which dangerously allows anything through) and total network control (an authoritarian model for the internet).