For the non-state actors who are making efforts to approach cybersecurity issue in a different and creative way, the state actors, however, have given clear signs that they have exhausted their patience and insisted on doing things alone by bringing traditional old tricks back into cyberspace.
This is exemplified in the bilateral meeting of two cyber sovereigntists — the Chinese and U.S. presidents on April 6-7, and in the multilateral G7 Declaration on Responsible States Behavior in Cyberspace on April 11.
Particularly disturbing in the wording of the G7 Declaration is its call on "states to publicly explain their views on how existing international law applies to states' activities in cyberspace to the greatest extent possible".
If we associate that with the words shared by Ms. Heli Tiirmaa-Klaar, Head of Cyber Policy Coordination at European External Action Service at an event on March 29, during which she promotes the application of "the Law of Armed Conflict based on the interpretations in the two Tallinn Manuals”, then it is clear that the G7 nation-states are eager to introduce the traditional logics of conflict solution into the cyber domain.
This has given rise to the trend that the whole set of industrial age narratives such as allies, threats, deterrence are being replicated in the cyber rules-making. Once this lid is opened, global Internet governance will be dominated by those whose way of thinking divides people rather than unites them. Nevertheless, at the approaching UN GGE conference in June, it would be clearer about how far the states can go.
The real dilemma goes beyond the warring rhetoric of states, but rests on the very legitimacy the states have on striking a deal on cybersecurity. As early as in 1996, Barlow had a good reason to call states like "China, Germany, France, Russia, Singapore, Italy and the United States" as "weary giants of flesh and steel". By 2017, their legitimacy and credibility in cyber policy-making had suffered numerous fatal blows.
It is in this context of the crisis of traditional models that the multistakeholder approach represented by ICANN has been widely celebrated, and the industry initiative on a Digital Geneva Convention by Microsoft is highly appreciated. Professor Milton Mueller has compared the Microsoft initiative to a "2017 version" of the Declaration of the Independence of Cyberspace.
When the industry and civil society find ways to join hands, there is a chance that they can make a difference. Take the China-U.S. case for example, now that the two presidents have agreed to carry on the cybersecurity dialogue, the two countries' IT industry leaders like GAFA and BAT and civil society groups should reach each other to make sure this dialogue happens in a multistakeholder framework and is not dominated by those who approach the issue from a national security lens.
After all, state actors are often willing to compromise cyber issues for other geopolitical gains. The IT sector and the civil society groups who are active in the field, however, have the interests and motivation to treat cyberspace as a different domain that nurtures new values, gives birth to creative mechanism of global governance, and, in turn, enlightens the physical world and traditional mentality.
Written by Peixi (Patrick) XU, Associate Professor, Communication University of China