The Internet, Global Governance, and the Surveillance State in a Post-Snowden World (The Internet is Not Your Friend, Get Over It)

Posted on September 4, 2013


Much has been made of the role that the Internet is playing in restructuring the way in which governance is executed both at the national and the global levels. The role of the Internet in supporting the rise of wide-spread autocrat-challenging movements in the Arab world, the role of the Internet in enabling middle class protests against out of touch officials and political structures in democracies, the power of the Internet to sway elections and directly influence policies are all obvious and widely commented upon.

Equally significant is the role of the Internet in creating global initiatives and global consciousness in a variety of areas–in supporting global movements in civil society; in making borders largely irrelevant in the transmission of information–importantly including images and direct communications; in allowing for the extremely low cost and largely frictionless sharing of experiences, good practices and how to’s in the whole range of areas of interest to civil society and the grassroots.

All of this experience and the attending thinking and analyses highlighted the very positive contribution that the Internet was and could play in transforming opportunities for economic and social development, for dispersed and even individualized empowerment and for a radical deepening and extending of popular participation and democracy.  However, many of these experiences and analyses–highly optimistic, even “pollyanna-ish”–were developed and articulated in a rather more naive and simple era — the era before the revelations made by Ed Snowden and our collective realization of what the true nature and impact of the Internet on global governance might be in a truly Internet enabled and inter-connected world.

What we do know is that the Internet is having a truly profound effect on the modalities, instrumentalities and mechanisms of governance.  By making information (and communications) much more widely available; by providing the opportunities for articulating political positions, for aggregating comments and opinions, for instant mobilization; the Internet has let a genii out of the box which it will be impossible to put back in. All of these modes of Internet use have been seen (not incorrectly) as means for empowerment–personal empowerment, group empowerment, empowerment at the margins (in some cases) and as potentialities for a very broad widening of the distribution of influence and even power in contemporary societies.

2. Management (and Governance) in and Through Information Systems

Parallel to these processes of Internet enablement and long antedating them are equally significant processes of the use of Information (and Communications) Technologies (ICT) as means for the extension, elaboration, and systematization of command and control.  Not surprisingly much of the early research in the area of (Management) Information Systems (IS/MIS) was concerned with the management of logistics particularly for military purposes and for the acquisition and systematization of the information needed to support these systems and to make them ubiquitously available and implemented.

The role of Information systems in allowing for control at a distance and the capacity to manage and command vast resources through limited and focused information inputs is well known but often forgotten in the recent overwhelming attention given to the Internet.

In the area of governance IS/MIS could be seen as largely an enabler of processes and functions, facilitating the range of transactions and resource management requirements rather more attuned to e-government (transaction management) than e-governance (process management).

3. Adding the Internet to Management Information Systems

Until the use of the Internet became widespread there were clear distinctions drawn between “consumer” electronics/Information Systems and business or management Information Systems. The former were seen as end user and consumer oriented and were understood as being outputs or products for commercial providers/manufacturers. Consumer oriented electronics was often seen as being entertainment and content oriented while MIS was infrastructure and logistics or transaction oriented.

Two things of interest have happened in this regard.  The first is that the Internet as a delivery system has become a major element in infrastructure provision for commercial/business and government applications as with other end user oriented applications. The low cost, ubiquitous, customer equipment neutrality of the Internet has proven irresistible for many (if not most) commercial and government and even to an extent military applications.

The other development is that the Internet with its primary focus on the non-professional  end-user and the development of the range of classes of applications to support the requirements and interests of the non-professional end user has provided to the commercial and government systems a user facing front end which is significantly more powerful and applications rich than anything that the previous transaction oriented commercial front ends were providing.

The linking of commercial and governmental (and now other such as military) systems into the Internet has had the additional and transformative effect of giving these latter systems a totally new and extremely powerful means for inter-facing with, not only their own traditional end users, but also with the entire range of potential end users accessible via the open Internet. Thus the access to the Internet has lead to transformations in conventional commercial marketing, transactions/sales management, customer relations and  customer service and so on as well as entirely new types of commercial and governmental services/practices in such areas as “open data”, “peer to peer” transactions, “open access collaborations” and so on all based on what is generically referred to as “social” or “social networking” software.

4. The Impact of the Merging of the Internet and Management Information Systems

The effect of this linking of the Internet with more traditional Information Systems and the extension of IS/MIS capabilities through the interactivity and end-user ease of access of the Internet has led to an explosion in new end user (and Business to Business, Government to Citizen and so on) services and even classes of service. The extremely  rapid pace and scope of  ICT/Internet based innovation has in turn been and continues to be transformative and the basis for the vast creations of Internet based wealth creation in Silicon Valley as elsewhere.

The end result of this merging has also meant that the highly developed and centralized information acquisition, storage, analysis and management capabilities of traditional Information Systems could become part of customer/end user based systems in practice providing these with their basic technology infrastructure while at the same time giving those infrastructures access to vast amounts of  end user based information which they would not otherwise had access to. The power of these infrastructures (designed for industrial/commercial strength information and transaction processing) further enabled these applications to extend their scope and attractiveness to become global and essentially ubiquitous services almost overnight and with relatively smooth technology transitions and expansions.

However, while the end user (“social”) software was designed to facilitate peer to peer and horizontal information access and sharing the underlying infrastructure remained one organized to ensure traditional highly centralized, top-down, command and control management structures. These latter did not change but rather were supplemented by these new more free wheeling end user information interfaces.[1]

The effect of these linkages in readily and cost-effectively providing companies and governments and in this context, more particularly security agencies with vast amount new highly individualized information was to some extent an unanticipated by-product of the dramatic roll-out of the Internet as a global infrastructure initially paralleling but increasingly displacing or at least supplementing the existing systems infrastructure. But of course, the recognition of the significance, value (including monetary), and power of this fusion and new information access was not lost on those at the core of information system development and was the primary driver of the initial  DotCom boom and has since become the basis for the business model of the variety of successful Internet fueled corporations (Google, Amazon, eBay, Yahoo etc. etc.).

Perhaps simultaneous with (or perhaps even in advance) of the fortune creating corporate recognition of the power of the Internet/IS fusion it would appear was the recognition by governments and more particularly by security services of the vast power that was now coming into their hands–to obtain individualized information at a highly granular level including that concerning both transactions and social/communication interactions; the means to store, organize and access this vast vast array of information; and through their pre-existing capabilities rapidly being augmented through a variety of technology advances to deploy the outcome of the analyses of that information using the ICT infrastructure in extremely powerful and highly unobtrusive interventions.

It is thus not surprising that many of those with backgrounds in MIS or systems management and development were unsurprised by the Snowden revelations, indicating that they had known all along of the possibility (if not the reality) of the large scale information access/surveillance that he revealed.  Equally not surprising is the evident surprise and consternation with which these revelations are being responded to by those only accustomed to dealing with the end user oriented applications and interfaces since few if any of them has ever understood that the basic platform on which their valued applications rested were highly amenable to these kinds of initiatives.

5.  The Internet vs. Governance

To some extent the Internet has been presented as “anti-governance”. Thus the Internet is presented as empowering individuals vis-a-vis their governments along with notions of radically altering structures of governance toward those based on highly decentralized and distributed processes. In this case the Internet is understood as the basic platform of governance and with various functionalities providing intermediary structures for coordination and facilitation for higher level or more aggregate processes as required. Of course, these notions have been only in the process of formulation and with even less instances of implementation (except in those areas where Internet based peer-to-peer frameworks have been or are being introduced) but a great deal of leading edge thinking has been directed in this way. 

As well, arguably, the libertarian political philosophy of so many, particularly US based technical developers and business people, could be seen as a form of moving towards de-structured governance or de-legitimizing governance altogether (see the Californian Ideology) as an example.

The underlying governance notion in this context being that with the Internet (and ICT technology over-all) individuals are sufficiently empowered to manage their own affairs in many areas where government has up to this point been required/necessary.  Thus as the Internet becomes more pervasive and more available as the underlying infrastructure for daily life the need for government intervention and government itself diminishes apace. This process of “pushing back” government is presented as an opportunity to maximize individual “freedom” as understood within Libertarian notions.

But of course, the applications and systems which are being pointed to in these kinds of analyses are the dispersed and decentralized ones of the Internet and not the more centralized and control oriented MIS applications.

6.  The Snowden Revelations

Edward Snowden a private contractor analyst working for the US National Security Agency (NSA) has been making public a series of documents giving a window into the activities (and interests) of this agency and by implication of the US Government as a whole.  Without going into the details on specific items revealed it is well to think about the overall implications of these revelations in the context of global governance and including global governance of the Internet. (Note, while the Snowden revelations are specific to the NSA/US there are clear implications that other governments as for example China are, within the limits of their own technical capabilities, undertaking similar surveillance and, where possible ICT enabled interventions activities).  As the capabilities become more widely known, the technical capabilities more widely dispersed and the cost of the key technologies declines one can expect many many more national governments to attempt to do what Snowden has revealed that the US and its immediate (Five Eyes partners) have been involved with.

A few observations:

a. the NSA and security/surveillance activities historically have been highly centralized and control oriented top down structure accustomed to dealing with similar structures in the commercial and technical spheres.

b. much of the information/surveillance being revealed comes through the Internet front ends of the existing MIS infrastructures and the NSA and other security agencies have access to this through their traditional relationships and the mechanisms of surveillance of those infrastructures.

c. the NSA and others now see the Internet as a prime means for ensuring the national security of the US

d. the NSA and others see the Internet as a prime means for surveillance but more importantly as a means for using the information derived from surveillance as a means to intervene so as to achieve desired real world outcomes i.e. as orienting inputs into its centralized use of MIS control mechanisms

e.  the NSA and others (or those acting within the context of Internet enabled infrastructures) are intervening in a number of areas that are concerned with more general areas of governance and not simply areas of “security” (e.g. surveillance of the UN and the EU discussions, the actions of ecology activists for example…

7. Surveillance, Governance and Trust

A central element in all of what is currently transpiring with respect to surveillance, the impact on governance, information systems, the Internet and so on are issues of trust.  Trust is at the very core of Information Systems, Internet, and governance and without trust — in how things are managed, whose interests are being served (or not served), information being handled with discretion and integrity and within a body of rules that ensure transparency and accountability and most important the enforcement/enablement of the rule of law; then systems technical, political and social begin breaking down very very quickly. 

If the governed cannot trust the probity and integrity of the governors, if information systems users cannot trust the discretion of the systems and the transparency of how their content is managed and distributed; if Internet users cannot trust that they have a degree of control over how their communications and personalized information is aggregated, analysed, disseminated and interpreted; then users both individually and in aggregated form (as groups, communities, countries) find it necessary to withdraw from the use of those systems –again technology, governance and social systems which they no longer find to be reliable and trustworthy.  In this direction lies the inevitable fragmentation of the Internet, the increasing imposition of external structures of control and accountability on information systems, and the break-down of the implicit (and necessary) contract between the governors and the governed which makes functioning democracies possible.

It is an extremely sad outcome of the Snowden revelations that in each of these areas the  implicit and continuing base of trust has been shattered. Rebuilding this will be a long term and difficult process and one which moreover will require significant changes in the manner in which the technology infrastructure which has so far been built is governed including its structures of accountability and oversight.[2]

8. Implications for Global Governance

The implications of the above for global governance are I believe extremely significant.  If, as many have argued, the Internet has become the nerve system of global communications including for commerce and for governance including the level of transactions and interactions between individuals and more importantly between individuals and governments, governments to governments, business to business and so on; and if the NSA and other security agencies’ capacities not only to acquire information via the Internet based front ends but also to use that information in purposeful directed ways to achieve specific outcomes through its control over the Information Systems infrastructures, then the capacity for these agencies to control at whatever level they choose the direction of action in the real world is at this time unassailable.

Whether or how they choose to use those capabilities is of course, another question and of that we have, as yet, little specific information. But on current evidence it would appear unarguable that they have the capability and that capacity can only improve over time with ever more refined means of analysing the data it is acquiring and translating that data into effective actions in the real world.

This, as well, does not mean that the technological capability under the security agencies control allows it to fully determine outcomes in the real world–there are much too many exogenous variables including individual motivations, rational actions and irrationalities at all levels to allow it to do this.  However, what it does mean is that for any action, context or transaction where the overwhelming dominance of knowledge capability and capacity to manage technology interventions/outcomes is a consideration (it is in fact, rather hard to think of many real world contexts where these are not overwhelming elements), it is possible for security agencies to intervene so as to achieve their defined objectives as for example by thwarting a communication, introducing false information, giving one of the actors (including where appropriate military, police, diplomatic, commercial etc. actors) in the transaction foreknowledge of the anticipated actions of other actors and so on and so on.

What this does is to pose a dramatic challenge and dilemma to the rest of the world. For some, a situation where security agencies are in a position to determine the outcome of whatever specific interaction in which they choose to intervene may be seen as a relatively benign and even desirable state of affairs — potentially leading to a significant reduction in the risk of terrorist actions, the capacity to intervene where necessary through for example the “responsibility to protect” and so on.  However, for most, such benign outcomes are not anticipated since these agencies are an instrument at the service of the national interests of a variety of national governments and represent an enormous and even overwhelmingly powerful support for the specific localized status quo whatever that status quo might be and including whatever narrow and highly self-interested definition might currently prevail as to what constitutes these localized “national” interests.  

The world is thus presented with an overwhelming challenge of how to respond to this set of circumstances. What leverage can be placed to provide oversight on the actions of the these agencies? Are there technology means that can be used to thwart this overwhelming “information dominance”? Is the only answer to establish national Internets and thus destroy the true value of the global Internet? What mechanisms are in place at the global level to respond to what are globalized activities by these national “Surveillance States”? What happens in the event that an individual or group with particularly malevolent intentions gains power in a context where they have direct control over the digital infrastructure which has been revealed and where there are, as now, no effective checks or balances on their use of that power for whatever ends or in whatever directions they arbitrarily choose?[3]

These are the real challenges of global governance as we move forward in our post-Snowden world.


The dilemma of how to respond to the Snowden revelations–the loss of innocence with respect to the Internet, the very real threat of a totalized Surveillance (and Command and Control) Society–is a very real and immediate one.

Unfortunately none of the approaches so far being suggested seem capable of dealing with the realities which are being faced. 

Challenges to these actions on the basis of existing laws (or constitutional guarantees) seem to be countered by processes of legalization and revision of constitutional interpretation (and very much depend on the existence of an enforceable rule of law which in some national jurisdictions at least seems questionable).

Arguments that current grassroots initiatives might scale sufficiently to present a form of counter-power or alternative technology/techno-social structures seem highly optimistic at best (open for example to intervention and manipulation as they might become successful and an apparent threat).

Technical solutions concerning encryption and structuring/restructuring of existing infrastructures appear dependent on the active involvement of significant technical and corporate bodies/individuals who to this point have been either complacent or even complicit in the developments noted above.

The development of broad framework agreements towards governing the Internet and the broad technical and telecommunications infrastructure are seen by many as quite unrealistic, however, they might provide the only realistic hope.  Their significance would be not so much in the capacity to enforce these agreements (the incapacity of existing of oversight and control structures in the face of political force, technology drive, personal and corporate interests and collective insecurities are not such as to lead to a great of optimism in this direction).  Rather their significance would come through the process of their formulation as nations and their citizenries globally would need to be confronted with the quite stark choice of acceptance of a Surveillance (and Command and Control) State or of a rule of law enforced through transparency and democratic oversight.

[1] The example here is Stuxnet which apparently was able to be inserted directly into the logistical infrastructure of the Iranian nuclear program but then went “into the wild”, through the linking of this infrastructure with one or another social software program. That the process of moving a software intervention tool such as Stuxnet the other way i.e. from social software into infrastructure would thus appear to be feasible and potentially extremely powerful. It is of considerable interest that while IS professionals indicated no surprise at what was revealed by Snowden about the extent of information access there was very considerable surprise and consternation among the same groups at what had been achievable by Stuxnet and by what means this was undertaken.

[2] Parminder Jeet Singh commenting on an early draft of this paper pointed to the significance of the increasingly privatized governance structures of the Internet being introduced through for example the internal regulatory apparatus of global information (quasi) monopolies such as Google, Facebook and in an earlier era Microsoft and the operational inter-linking of various private companies in such areas as standards setting, and overall management and deployment of the global digital infrastructure(s) as substitutes for “public” (and not incidentally publicly accountable governmental) rule setting

[3] I owe this point to another early reader Norbert Bollow.