ArchiveOODA Original

The Clean Network Initiative: Another Nail in the Coffin of An Open Internet

For over twenty years the United States has consistently been the strongest voice for an open Internet that connects people all around the world. It was not a place for sovereignty and closed borders, the priorities of Russia, China, Iran, and other states scared of how the free flow of information might undermine their regime’s hold on their people. Until last week, that is.

The Trump administration’s executive orders on TikTok and WeChat, and the ongoing drama of whether TikTok will be banned, are the cacophonous frenzy where the fight is playing out, but the end-game was laid out in the State Department’s Clean Networks Initiative.

This Initiative upends decades of US diplomacy pushing for an open, secure, resilient Internet that is relatively free of borders. It aims for clean telecommunication carriers, mobile app stores, applications, cloud, submarine cables, and path into and out of diplomatic facilities. “Clean” to the State Department does not mean secure, but rather the degree to which Chinese companies are involved.

Technology policy is now largely a subset of national security policy, rather than innovation, economics, or social policy. Even if the United States is embracing a Balkanized Internet – segmented between nations – as in our national interest, this is not the way to do it.

The Clean Networks Initiative might have been framed in the terms of the Trump administration’s relatively new National Cyber Strategy, which has relevant pillars of “protecting Defend the homeland by “protecting networks, systems, functions, and data;” “nurturing a secure, thriving digital economy and fostering, strong domestic innovation;” and extending “the key tenets of an open, interoperable, reliable, and secure Internet.”

The initiative’s six workstreams could have pursued big new ideas – such as those by the recent Cyberspace Solarium Commission – and helped sustain efforts on thorny issues like software security and a securable supply chain. The new initiative achieves almost none of that.

For example, over the decades there have been many ideas to encourage or regulate telecommunication carriers and Internet Service Providers to halt known or suspected attacks. A Clean Carrier workstream to this effect might be very effective as such companies are in a unique position to drastically reduce attack traffic (if the privacy and liability issues could be solved).

But no, to the Trump Administration, Clean Carriers solely seeks to “ensure untrusted People’s Republic of China (PRC) carriers are not connected with U.S. telecommunications networks.” Likewise, rather than making hard choices about improving security of applications available on mobile app stores, the point of Clean Store is to remove Chinese-made apps so we can be safe from “exploitation and theft for the [Chinese Communist Party’s] benefit.”

If the Administration cares so deeply about safeguarding the privacy of US citizens, surely a better place to start would be a new Federal laws for data-security and privacy protection (with the additional benefit of boosting a replacement for the recently overturned EU-U.S. Privacy Shield program for transatlantic data transfer) or data-breach notification, as called for the by the Cyberspace Solarium Commission.

So Clean Networks fails as a serious effort at cybersecurity; it is a distraction. It fares little better as a project to target China, for its long-standing unfair trade practices and efforts to steal intellectual property.  The Administration should have listed the official reasons for the project; released and declassified prodigious amounts of information to show the violations of Huawei, TikTok, and WeChat; and clarify how any Chinese transgressions actions are different from those of the United States (such as the ones the world learned about after the Snowden revelations).

Little of this has happened, or at least been featured. According to David Sanger and Julian Barnes of the New York Times, CIA “analysts told the White House, it is possible that the Chinese intelligence authorities could intercept data or use the app to bore into smartphones. But there is no evidence they have done so,” and the “intelligence agencies do not see it as a major issue along the lines of Huawei.”

This new push (and the related 5G Clean Network Initiative) is essentially backing into Rob Knake and Dick Clarke’s idea for a Digital Schengen built around an Internet Freedom League, a network only for those who commit to mutually beneficial behaviors and rules.

Clarke and Knake see this as a positive step by democracies to build a new secure Internet. The Trump Administration is pushing the negative case of denying vendors which could be “subject to unjust or extra-judicial control by authoritarian governments, such as the Chinese Communist Party.”

The US surely waited too long to respond against Chinese unfair trade practices and theft of intellectual property. Huawei does pose a clear, articulable, systemic threat against which there were reasonable precautions, especially tripling down on open standards like O-RAN. But the Initiative and related executive orders appear to be lashing out without planning for the medium term much less the long one. The Chinese response will likely be harsh; they have their own pride (and domestic constituencies) as well.

The Clean Network Initiative is a major change in US policy and possibly a permanent change for the Internet. The United States is moving towards a more sovereign, self-help Internet. The future Internet is filled with national security threats, rather than cooperation and economic and social opportunities. States must strengthen their borders and arm themselves to the teeth against such threats. The United States is more afraid of China than it cares about an open a secure Internet.

I’ve argued for years we need to plan for a “sustainable cyberspace,” that is one that is at least as open, secure, and reliable for our children’s children as it is today. Even though humanity is still in the opening years of the Digital Age – with decades or even centuries left to play out – this week that future looks far darker than the past.

Jason Healey

Jason Healey

Jason Healey is Senior Research Scholar at Columbia University’s School of International and Public Affairs. Previously, he was an US Air Force officer and plankholder of the first joint cyber command, the JTF-CND in 1999, and director for cyber infrastructure protection at the White House. He created the first CERT at Goldman Sachs and was vice chair of the FS-ISAC.