When the internet was created at the end of the 1960s, there was no knowing that this communication network was the first step on a journey of digital development that has completely transformed the way we live and work. The technologies, tools, and capabilities that have emerged since then – and continue to come thick and fast – have delivered more benefits than we can list and shifted so much of life onto the internet.
Unfortunately, a shift to digital living also sees the darker side of humanity moving online; crime and exploitation is shifting into the digital space. Just as we have much in place to ensure our physical world is a wholesome and safe place to be, we need to ensure that the internet reflects the world in which we all want to live in. Is regulation a part of that?
The issue was debated at the recent Global Cyber Alliance event, Cyber Trends 2021 during which I contributed to a panel discussion. There was a healthy level of discussion around whether such an approach can be effective or even possible for a vast, borderless, decentralised space. It’s easy to understand the concern; regulation is a limited tool in a complex arena and can be used by authoritarian regimes to limit freedoms and control citizens.
It also must be acknowledged that government regulation is complicated and reassuringly slow to implement. In democratic societies we expect substantial checks and balances on the power of government, with robust debate to ensure issues are fully understood before laws are passed to limit or require certain behaviour. This doesn’t naturally sit well with fast moving technology – but it is no longer acceptable to state that the internet is too intricate and couldn’t possibly be regulated. The more interesting question is, how can government intervention complement existing best practice? How do we address the nuance and complexity, and what does a holistic multi-stakeholder approach to building our desired internet look like?
We must remember that while regulation is the ultimate spur for change, it’s not the only tool utilised by modern governments. Softer levers – such as procurement power – can drive change across businesses and benefit society. For example, by requiring government suppliers to implement basic cyber security practices or differentiating otherwise similar bids by including a consideration of the social value contribution businesses make, we can positively shift the incentives for investment decisions within a business.
Organisations don’t need regulation to implement positive change, but they do need to see the value in doing so. Increasingly, regulators recognise that companies have tools, data and expertise that place them in a good position to understand risk and implement policies to keep their users safe. The value for change could be compliance with regulation, but it could also be a market differentiation as the public become more aware of the risks they face on the internet. Reputation matters enormously and offering safety and security are increasingly becoming selling points that organisations need to provide.
The ideal solution would be organisations across the internet ecosystem considering the impact of their actions on the wider public at the right time in their decision making processes. This is not always easy in a complex fast moving space, but it’s important for society and valuable for business. At Nominet, a commitment to public benefit is at the heart of everything we do and we have always taken steps to keep our users and customers as safe as they can be on the internet. None of this is motivated by commercial aims but will have contributed to the .UK Domain being trusted and respected in the ccTLD community.
Most recently, we’ve launched a pilot project to implement landing pages in collaboration with law enforcement agencies (LEAs). This is the latest step in a long-standing relationship with LEAs, who inform us of any criminal activity they identify associated with .UK domain names. We then suspend (de-activate) the domain name in line with our public Criminal Practices Policy.
We currently have landing pages in place for four agencies: the Medicines and Healthcare products Regulatory Agency (MHRA), National Crime Agency (NCA), Financial Conduct Authority (FCA) and City of London Police IP Crime Unit (PIPCU). These pages share information and advice to those who may have been victims of online crime. The project is seen by the agencies as a useful way to reach the public with essential messages and raise awareness of the potential risks online, an important part of their work to reduce the incidence of crime online. This is particularly crucial in areas of repeat victimisation, such as financial crime. It is also a way of reminding criminals that they are being watched and they will, in time, be caught.
This is just one approach Nominet takes in our small corner of the internet that isn’t set in law. Rather, it springs up from collaboration and supporting shared goals – and we’re not the only ones who work hard to do the right thing whenever possible. My fellow panel session colleagues, hailing from ICANN, Central Nic and Microsoft, all spoke about the roles they play in creating a better internet. We also discussed the challenges associated with it, such as distributed control, false positives and collateral damage. A key point of agreement was the importance of global multistakeholder collaboration to fill the gaps that never could – or should – be filled by unilateral government regulation in a global internet system.
As we continue to embark on this journey of shaping the internet in a way that reflects our values and expectations, we must recognise the complexity and the challenges without letting them defeat us. Wide reaching, inclusive, multi-stakeholder discussion is essential to address nuanced issues in a complex and decentralised system like this. If we keep curiosity at the heart of our debates, we can identify and implement solutions that are as innovative and collaborative as the internet technology itself.
Cyber Trends 2021 is available to watch on the website.