The internet needs fixing, there’s no doubt about it, but whose job is it? Much can be left to the IT industry itself, which has shown itself quite competent in the past to self-regulate, standardize and hold itself to high moral standards.
Unfortunately, that is not enough. The invisible hand of the market needs help from national and international legislators. In the old Wild West, they would have called it Law ‘n’ Order. The logical body to regulate a transnational network like the internet, you might think, is the United Nations but, given the diversity of economic and political systems with their competing and, more often, conflicting goals and ethics, that hardly seems likely. So, who else?
The internet was born in the United States and for decades US authorities exercised a self-assumed authority in cyberspace. Then regulation became the watchword – of conservatives, at least – and the current administration is more likely to loosen than tighten things like antitrust regulation, much less put Big Tech on a leash for things like hate speech, child pornography or unfair business practices. The other big player, China, is more interested in putting the internet under control of party apparatchiks, which is unacceptable to Western liberal democracies.
Only one remains: Europe. The third-largest economic bloc in the world is powerful enough to enforce rules and regulations on its own turf and influential enough to persuade other countries to follow their lead.
More important, Europeans appear to be the only ones willing to tackle the many problems in the digital realm. In 2016, the European Commission fined Google $5 billion for abusing its mobile operating system to ensure the popularity of Google apps and services over others. Last year, the EU hit Google again for $1.6 billion for abusing its market dominance by imposing a number of restrictive clauses in contracts with third-party websites which prevented Google’s rivals from placing their search adverts on these websites. European authorities also have forced the likes of Facebook and Twitter to remove extremist or sexist content – or face the consequences. And, in 2017, Amazon was ordered to pay the EU $294 million in unpaid taxes.
Europe, it seems, is the only authority in the world willing to take a hard line. Add to that the unfairly criticized General Data Protection Regulation (GDPR), which turns out to be the only strong attempt by any national regulation system to solve the problem of data ownership. California is reputedly considering introducing its own legislation following the lines of Europe’s new data law.
The European Union, it seems, is just getting warmed up. In June 2019, the new EU Cybersecurity Act came into effect. Once more, critics were quick to denounce undue government meddling and overregulation, but any serious student of the new legislation will have to admit that, for the very first time, manufacturers have a standardized framework to guide them in implementing security across their products and proving to their customers that they have done so.
In fact, the act will not make life miserable for ICT product manufacturers, but instead make it easier. Companies doing business in the EU will only have to certify their ICT products, processes and services once to see their certificates recognized across all of Europe.
A way to understand what is going on better is to consider what happens when buying a fridge. For years there has been a universally accepted energy-efficiency scale (A+++ down to G) that lets buyers compare products from many manufacturers. The EU wants to make this available also with security.
Once again, it can be expected that the EU cybersecurity act will lead the rest of the world, triggering similar legislation in the US and Asia, moving security standards and certification methods across borders and applications.
After all, somebody has to do it!