The Open Internet on the Brink: Origins and Evolution

Technology Policy Internet Policy

The Open Internet on the Brink: Origins and Evolution

Posted on: 30th September 2021
By Multiple Authors
Andrew Bennett
Senior Policy Analyst
Melanie Garson
Cyber Lead, Internet Policy Unit
Bridget Boakye
Artificial Intelligence Lead, Internet Policy Unit
Max Beverton-Palmer
Director of the Internet Policy Unit
Akos Erzse
Associate, Government Advisory
Download PDF

    Key Points

    • The economic and social value generated by the internet is based on core technical and governance principles: interoperability, permission-less innovation, security, resilience and physical infrastructure that is unaware about the content being communicated (known as “dumb pipes”).
    • Several countries, companies and multilateral governance institutions shape the development of the internet. The US has been historically dominant but in time this will shift.
    • Led by China, more restrictive internet models are gaining ground on the open, liberal, Western internet model.

    The internet is often referred to by a series of immaterial metaphors – “cloud”, “web”, “cyberspace” or even “information superhighway” – but little about how it really works is made visible. This grounding is important: understanding how the different physical and virtual layers of the internet combine is necessary to reveal who has control over the internet, where that power comes from and why it matters.

    How Does the Internet Operate?

    How the Internet Operates

    The internet is often illustrated as a vertical “stack” of physical and virtual layers. The Open Systems Interconnection (OSI) conceptual model breaks this down into seven layers while the TCP/IP model, which describes how these layers practically combine in today’s internet, contains four layers:

    Figure 1 – Layers of the internet stack

    OSI Conceptual Model


    TCP/IP Model



    Provides user interface, e.g. Facebook or BBC News



    Formats data packets into application-ready text or audio/visual formats, and vice versa



    Controls connections between devices and rest of network, creating and terminating connection sessions


    Co-ordinates transfer of data packets between devices and the network, e.g. using protocols such as TCP



    Defines how data is routed around a network, e.g. using IP addresses



    Data Link

    Translates binary data (electrical pulses) into signals

    Network Access


    Hardware layer, e.g. undersea data cables

    Source: Adapted from Article 19

    Several features of the original vision behind the internet have contributed to its enormous social and economic importance today:

    • The internet’s architecture was built to commonly agreed standards that enable interoperability and communication between different devices and networks with minimal friction. This interconnectedness is the foundation upon which a single, global internet and economy is enabled.
    • Open protocols mean that anyone can build tools and services based on these standards without needing permission. This paves the way for massive experimentation and innovation.
    • Each layer of the internet stack was intended to be independent from others, limiting the ability for any single political or corporate actor to control the entire system. This ensures the rules that govern the internet cannot change without consensus, and this stability promotes investment and innovation.
    • The global internet is, ultimately, a network of networks, each of which is designed to be relatively autonomous and resilient, and also ensuring that power is distributed throughout the network.
    • At the bottom of the stack, data is transferred via physical and virtual networks that transport packets of information without being aware of their content. This model of dumb pipes limits preferential transporting and censorship.

    While these conceptual layers of the internet mostly still hold today, the technologies and business models of internet companies have evolved significantly. This shift is often referred to as a transition between three eras:

    Figure 2 – Internet paradigms


    Web 1.0

    Web 2.0

    Web 3.0





    Key characteristics

    Open, permission-less protocols

    Closed platforms and services

    Decentralised applications (e.g. built on blockchain)

    Economic value captured by innovators




    Barriers to entry for new users



    High, but becoming much easier



    Facebook, Twitter, Google, Adobe

    Ethereum, Bitcoin

    Source: TBI

    Who Controls the Internet?

    Who Controls the Internet?

    The original vision of the internet was built on a patchwork of norms, policies and technical standards that were designed to avoid centralised control. While much of this architecture has remained distributed, some nation-states, technology companies and multilateral organisations have increased their roles in shaping the future of the internet. Smaller companies, emerging economies and the global internet community are often left out.


    Europe, China and India are growing players in internet geopolitics but the US, in particular, has immense jurisdictional power by setting the regulatory environment for many of the internet’s largest companies. Despite only 7.1 per cent of the world’s internet users being based in the US, it is home to some of the most influential consumer tech companies and, on average, houses over 60 per cent of core infrastructure services for the global internet. This includes data centres – which store content for websites, databases and applications – and DNS servers – which tell your browser to convert URLs like into an IP address like

    Figure 3 – Jurisdictional power over internet infrastructure versus share of global internet users


    Source: Nick Merrill, The Internet Atlas Project, accessed 17 September 2021

    Note: *(DNS servers, web hosting, data centres, SSL certificates, top-level domains, server locations, proxy services) - May 2021


    As the web has developed – reducing costly friction and allowing innovators to capture some of the economic value they generate – many companies have also grown to extend significant influence over different aspects of the global internet. Many of these are large, well-known firms. For example, Apple and Google set privacy standards for a Covid-19 contact-tracing API; Facebook created a new “supreme court” to oversee its moderation decisions; and Twitter explored a new protocol to decentralise social media. All these decisions challenge nation-states’ historical monopoly over global policy. These companies also wield significant economic power, such as when setting rules that govern how other companies can monetise services through app stores or by implementing proprietary technologies that become de facto standards for all.

    Beyond user-facing services, however, are a set of infrastructure companies that are increasingly coming under scrutiny. In one recent example, a failure at Fastly – a content delivery network (CDN) that physically stores content closer to where users are based globally, to speed up load times – affected access in some geographies to popular websites including the Guardian, GOV.UK and Amazon. As sociologist Susan L Star wrote, this exemplifies how infrastructure often only “becomes visible upon breakdown”. While it may be tempting to bemoan the single points of failure that lead to these breakdowns, the reality is that the costs of building in the redundancy required to avoid these issues, by contracting with multiple companies simultaneously, are often more than a short period of downtime.

    Beyond accidental failures, some infrastructure companies also have taken deliberate actions that illustrate their power. For example Cloudflare, another CDN, has denied service to websites 8Chan and The Daily Stormer – which had repeatedly failed to remove or moderate far-right, abusive, violent content – making it difficult for those sites to operate. While these decisions broke with a general precedent that content moderation should primarily happen at the application layer by user-facing services, these user-facing websites had failed to moderate so Cloudflare took action at the infrastructure layer.

    Content neutrality remains an important default principle for services further down the stack. However, with other infrastructure services including payments, web hosting and search companies under pressure to act on abusive content, these firms are increasingly left to evaluate their responsibilities with little legal guidance or regulatory support. For example, Cloudflare has recently launched extra cybersecurity support for at-risk public interest groups and state elections. While the power of infrastructure companies is clear, it is a lack of due process and internet infrastructure policy frameworks that is the primary issue.

    Decentralised Web 3.0 Organisations

    The transition from Web 2.0 platforms to Web 3.0 protocols will also challenge incumbent gatekeepers. For example, while traditional currencies require a single authority, such as a bank or government, to maintain a record of transactions and prevent double spending, transactions of decentralised digital currencies like Bitcoin are verified computationally by consensus mechanisms such as proof of work or proof of stake, with no need for central authorities. Ethereum, another decentralised currency, is also a protocol incorporating programmable contracts whereby payments are automatically made on the basis of some condition being fulfilled. At scale, this could enable entire organisations to be managed autonomously in code, rather than by individuals in a bricks-and-mortar office.

    While nation-states retain some levers to control Web 3.0 applications – for example, so-called on-ramps, such as cryptocurrency exchange platform Coinbase, are regulated financial entities – they have limited ability to regulate the underlying protocols except by participating directly in their development, which in turn could devalue any individual protocol’s appeal to the wider crypto community. While we are only at the beginning of the Web 3.0 era, as it matures it promises to disrupt what is already an unstable power dynamic between states, technology companies and the global internet community.

    Global Institutions

    Finally, there is a group of multilateral, multi-stakeholder, international governance bodies that collectively maintain and develop the global internet. While these organisations have been fundamental in the formation of the internet, they have also struggled to keep pace with its evolution and now their role is being challenged.

    Figure 4 – Internet governance institutions


    Full Name





    Internet Governance Forum

    Internet policy

    2005. IGF set up as forum for discussion re: internet policy and governance

    UN multi-stakeholder forum and regional dialogues


    International Telecommunications Union

    Internet infrastructure and technical standards (incl. radio, satellites, other ICTs)

    1865. Set up to connect international telegraph networks. Became UN agency in 1949

    UN agency


    World Wide Web (W3) Consortium

    Develops web standards

    1994. Founded by Tim Berners-Lee to develop web protocols and guidelines

    Voluntary standards body, funded by members


    Internet Engineering Task Force

    Develops and promotes internet standards, incl. TCP/IP

    1986. Originally supported by US federal govt, but since 1993 funded by Internet Society

    Voluntary standards body


    Internet Society

    Advocacy re: internet standards, access, skills and policy, incl. funding for IETF

    1992. Set up by Vint Cerf and Bob Kahn. In 2002, ICANN gave ISOC Public Interest Registry (PIR) to generate revenue from .ORG domains

    Non-profit / charity. Funded by .ORG profits. Sale of PIR to private equity in 2019, to create an endowment, was aborted


    Internet Corporation for Assigned Names and Numbers

    Manages IP addresses and DNS / domain names

    1998. Technical maintenance for IP address and DNS root

    Non-profit / charity


    Unicode Consortium

    Maintains and develops the Unicode Standard, which ensures text can be shared between languages and borders without corruption, including approving new emoji

    1991. Established to create and maintain a standard for multilingual text representation

    Non-profit, funded by membership fees and donations. Voting members include Adobe; Apple; Facebook; Google; Microsoft; Netflix; SAP; Salesforce; University of California, Berkeley; Bangladesh Computer Council; Emojipedia; Tamil Virtual Academy; and Yat Labs


    Global Internet Forum to Counter Terrorism

    Information sharing for countering online terrorism

    2017. Founded by Facebook, Microsoft, Twitter and YouTube

    Tech-industry funded initiative


    Internet Watch Foundation (UK)

    National Center for Missing & Exploited Children (US)

    Child safety and protection; hashing databases for spotting CESA content. IWF and NCMEC entered data-sharing agreement in 2019

    1996 (IWF). ISPs + London Internet Exchange initiative to provide URL database to enable CESA content blocking. Now includes a broad membership of tech companies and education providers

    1981 (NCMEC). Missing children’s charity funded by US Department of Justice

    Non-profit / charity

    Five Eyes

    Five Eyes

    Intelligence sharing

    1940s. Set up to counter Russia’s growing sphere of influence pre- and during Cold War

    UK, US, Australia, Canada, New Zealand alliance


    Digital Nations

    Digital government collaborative network

    2014. Initially D5: UK, Estonia, Israel, NZ, Korea

    Diplomatic network

    Source: TBI

    Openness Versus Authoritarianism

    Openness Vs Authoritarianism

    The foundations of today’s internet are based on openness, permission-less innovation, security, stability and global interoperability. These features, and the limited friction and intervention they entail, have enabled the internet to grow and act as one of the world’s most important economic and social infrastructures.

    However, as the internet has grown in importance, regulations have followed. Some restrictions are clearly necessary – a libertarian “state of nature” would do little to ensure privacy or safety while the meme of an unregulated “wild west” is misleading. But nation-states are looking to reimpose their authority. Even governments in free societies are considering increasingly interventionist steps on internet architecture – be it bans on encryption or anonymity, data localisation laws, censorship or full internet shutdowns. At the most extreme end, China’s internet model is the archetypal authoritarian approach, given its extensive domestic and international censorship as well as requirements on foreign companies to create local subsidiaries and store data in the country to enable surveillance.

    However, many other jurisdictions, including the EU, are also considering data-localisation laws as part of a growing global trend towards policies that promote the idea of digital sovereignty. It is not unreasonable to require data to be stored in a jurisdiction where countries have a stake in its governance. Yet for some smaller countries in particular, this comes with trade-offs. Putting up new digital borders could impede access to the global internet economy, while data-localisation laws could also cut countries off from hyperscale data centres and technical services – and their immense economic and technical benefits – if they are located outside their borders.

    Leaders must beware a death by a thousand cuts: the stability, openness and interoperability of the global internet are a public good – generating prosperity and opportunity for the long-term – and they are increasingly at risk.

    Charts created with Highcharts unless otherwise credited.

    Find out more