Faithful readers know of my geeky love for tech policy books. I read lots of 'em. There's a steady stream of Amazon.com boxes that piles up on my doorstop some days because my mailman can't fit them all in my mailbox. But I go pretty hard on all the books I review. It's rare for me pen a glowing review. Occasionally, however, a book will come along that I think is both worthy of your time and which demands a place on your bookshelf because it is such an indispensable resource. Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace is one of those books.
Smartly organized and edited by Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski, and Jonathan Zittrain, Access Controlled is essential reading for anyone studying the methods governments are using globally to stifle online expression and dissent. As I noted of their previous edition, Access Denied: The Practice and Policy of Global Internet Filtering, there is simply no other resource out there like this; it should be required reading in every cyberlaw or information policy program.
The book, which is a project of the OpenNet Initiative (ONI), is divided into two parts. Part 1 of the book includes six chapters on "Theory and Analysis." They are terrifically informative essays, and the editors have made them all available online here (I've listed them down below with links embedded). The beefy second part of the book provides a whopping 480 pages(!) of detailed regional and country-by-country overviews of the global state of online speech controls and discuss the long-term ramifications of increasing government meddling with online networks.
In their interesting chapter on "Control and Subversion in Russian Cyberspace," Deibert and Rohozinski create a useful taxonomy to illustrate the three general types of speech and information controls that states are deploying today. What I find most interesting is how, throughout the book, various authors document the increasing movement away from "first generation controls," which are epitomized by "Great Firewall of China"-like filtering methods, and toward second- and third-generation controls, which are more refined and difficult to monitor. Here's how Deibert and Rohozinski define those three classes (or "generations") of controls:
- First-generation controls focus on denying access to specific Internet resources by directly blocking access to servers, domains, keywords, and IP addresses. This type of filtering is typically achieved by the use of specialized software or by implementing instructions manually into routers at key Internet choke points. First-generation filtering is found throughout the world, in particular among authoritarian countries, and is the phenomenon targeted for monitoring by the ONI's methodology. In some countries, compliance with first-generation filtering is checked manually by security forces, who physically police cybercafes and ISPs. (p. 22)
- Second-generation controls aim to create a legal and normative environment and technical capabilities that enable state actors to deny access to information resources as and when needed, while reducing the possibility of blowback or discovery. Second-generation controls have an overt and a covert track. The overt track aims to legalize content controls by specifying the conditions under which access can be denied. Instruments here include the doctrine of information security as well as the application of existent laws, such as slander and defamation, to the online environment. The covert track establishes procedures and technical capabilities that allow content controls to be applied ''just in time,'' when the information being targeted has the highest value (e.g., during elections or public demonstrations), and to be applied in ways that assure plausible deniability. (p. 24)
- Unlike the first two generations of content controls, third-generation controls take a highly sophisticated, multidimensional approach to enhancing state control over national cyberspace and building capabilities for competing in informational space with potential adversaries and competitors. The key characteristic of third-generation controls is that the focus is less on denying access than successfully competing with potential threats through effective counter-information campaigns that overwhelm, discredit, or demoralize opponents. Third-generation controls also focus on the active use of surveillance and data mining as means to confuse and entrap opponents. (p. 27)
Again, the country-by-country discussions contained in Part 2 of the book document how several nations are moving toward those more sophisticated second- and third-generation information control efforts, although it appears that CIS states are on the cutting edge so far. As Deibert and Rohozinski note in their opening overview chapter: "the center of gravity of practices aimed at managing cyberspace has shifted subtly from policies and practices aimed at denying access to content to methods that seek to normalize control and the exercise of power in cyberspace through a variety of means." (p. 6) They also note that, just in the short time since their previous volume was published (in 2008):
a sea change has occurred in the policies and practices of Internet controls. States no longer fear pariah status by openly declaring their intent to regulate and control cyberspace. The convenient rubric of terrorism, child pornography, and cyber-security has contributed to a growing expectation that states should enforce order in cyberspace, including policing unwanted content. (p. 4)
I don't agree with all the conclusions in the book, of course. In particular, I don't share the somewhat lugubrious outlook most of the contributors seem to hold toward the long-term prospects for "technologies of freedom" relative to "technologies of control." I think it's vital to put things in some historical context in this regard. It's important to recall that, as a communications medium, the Net is still quite young. So, is the Net really more susceptible to State control and manipulation than previous communications technologies and platforms? I'm not so sure, although it's hard to find a metric to compare them in an analytically rigorous fashion. However, I'm still quite bullish on the prospect for the "technologies of freedom" that are already out there (and those yet to be developed) to help people evade many of the technologies of control being utilized by States across the globe today.
The contributors in Access Controlled don't really come to any definitive conclusion on this issue, but some of them seem to imply that the Net is more easily manipulated than past technologies. For example, in Chapter 3, Hal Roberts and John Palfrey speak of the Internet as "surveillance-ready technology." (p. 35). It's certainly true that the State has access to more data about its citizens than in the past, but it's also true that we have more information about the State than ever before, too! And, again, we also have access to more of those "technologies of freedom" than ever before to at least try to fight back. Compare, for example, the plight of a dissident in a Cold War-era Eastern Bloc communist state to a dissident in China or Iran today. Which one had a better chance of getting their words (or audio and video) out to the local or global community? But let me be clear about something: I am not one of those quixotic utopians who thinks that the whole world is going to magically become more democratic and free overnight because of the existence of blogs, mobile phones, wireless networks, SMS, Twitter, YouTube, encryption, proxy servers, etc. Nonetheless, aren't we citizens of the modern world at least a little better off for having such technologies at our potential disposal?
Moreover, what about the scale and volume problem that would-be censors increasingly face? Again, let's remember how young the Net is and how many people aren't using it aggressively (or at all) yet. The challenge of bottling-up information -- or even tracking / monitoring it -- is going to grow exponentially more difficult as more people get online, networks expand, digital technologies fall in cost and grow more ubiquitous, and the overall volume of data flows continues to expand. What sort of armies of censors and surveillance officers are going to be needed going forward to keep up with this pace of change? Ethan Zuckerman's chapter on "Intermediary Censorship" in Access Controlled discusses one answer that many nation-states are turning to in an effort to solve that problem: Make the middleman do it. Deputizing the middleman has been used in many contexts before, of course, but the problem for the State is that (a) the middlemen typically resent doing that sort of censoring / surveillance and (b) it is only going to grow more costly and convoluted for those middlemen to carry out the will of the State as the scale and volume problems identified above manifest themselves.
Of course, one could argue that the censoring & surveillance technologies are going to continue to grow more robust, too, and that the middlemen will always fall in line with the State's desires if the penalties for non-compliance are steep enough. But I can't believe that's how it will play out over the long haul. At some point, something's got to give. The technological arms race between the State and its citizens will continue to escalate, but I remain optimistic that we will live not in an "access controlled" world, but more like a "access-sorta-controlled-but-with-lots-of-holes-in-it" kind of world.
Anyway, these are not major reservations that should keep you from reading Access Controlled. Indeed, it may have been for the best that the editors and contributors chose not to go down this line of inquiry since it would have made a long book even longer and forced the contributors to divert from their generally objective positions.
I have only two other little nitpicks with the Access Controlled. First, I do not understand why the editors decided to dump the excellent old chapter from Access Denied on "Tools and Technologies of Net Filtering," which contained some very useful schematics explaining how technologies of control work. [You can see what I mean here.] I used to recommend that chapter to students and journalists all the time as the first stop in their investigation of online censorship issues. I hope the editors decide to update that chapter and include it in the next version of the book. Second, I was quite surprised there wasn't more discussion of HerdictWeb in the book. Herdict, which I have praised here in the past, "seeks to present a real-time picture of Web site accessibility and inaccessibility... by crowdsourcing data from individuals around the world." I think I only saw one mention of Herdict in the Access Controlled. I thought it would figure more prominently in this version of the book.
Those small quibbles aside, I want to congratulate all the editors and contributors to the marvelous volume. Access Controlled is an indispensable resource that I can wholeheartedly endorse as a "must-have" for your info-tech policy bookshelf. Buy it now.