PWH Undergraduate Essay Prize Polar Preferences: Authoritarian and Democratic Preferences in International Cyber Law

May 17, 2021
By Abby Baggini | Perry World House Undergraduate Essay Prize 2021

Author’s Statement

This paper aims to make clear the discrepancy between the international internet law preferred and endorsed by authoritarian regimes and liberal democracies. As a relatively new and malleable forum of international governance, laws regulating information and communications technologies (ICTs) present a clear dilemma to the future of open, democratic global internet and cyberspace. Recent, watershed cyber conflicts such as the SolarWinds hack make this issue of the utmost importance to global policymakers. It should, therefore, also be of significant interest to the Perry World House’s The Future of the Global Order research. The potential implications of a Russia or China-led cyberspace legal regime, therefore, lie at the very nexus of “changing global power dynamics, impacts of new technologies, and contributions of governance institutions for the future of international cooperation.” Specifically, it provides a natural progression to the workshop hosted last February by PWH and the Carnegie Endowment for International Peace, titled “Cyberspace and Geopolitics: Assessing Global Cybersecurity Norm Processes at a Crossroads.”

Ultimately, this paper argues that fundamentally, authoritarian and democratic governments have distinct preferences for the content and design of emerging internet law, resulting in competing visions for an international cyber legal regime. The malleable, anonymous, and unrestricted nature of the internet makes these differences especially evident. It ends with a proposal for how we might conceptualize and respond to an emerging world order in which regime type dictates cyber policy. That is, these basal preferences will ultimately limit areas of normative cooperation, forcing liberal democracies to forge a strong coalition to match Chinese and Russian commitment to cyberspace and cyber law. They must also address concerns in the existing international law so that it takes the shape of democratic preferences.


Since the announcement of the infamous SolarWinds hack in December 2020, cyber laws have once again emerged as focal points of international relations and international law. The attack --ordered by Russian intelligence-- was one of the largest and most sophisticated hackings against the United States, and upon further analysis, reflects some of the longstanding differences in the way in which liberal democracies and authoritarian regimes both perceive and practice international law. Scholars like Tom Ginsburg have argued that the traditional IR theories fail to explain some variations between the two systems of government. Specifically, he argues that they ignore the ways in which a state’s purpose and internal organization are fundamental in shaping preferences in international law. Moreover, as a burgeoning area of study, cyber law raises significant questions about the role that international law can and should play in regulating a forum that was designed to be inherently open and borderless. Understanding the basal preferences behind the competing visions for the international cyber legal regime will be key for the shaping of the future global order. Ultimately, critical examinations of authoritarian efforts in cyberspace indeed reveal that regime type systematically influences preferences towards international internet law. Norms alone will therefore not be sufficient for hedging against authoritarian cyber law, necessitating an enhanced Budapest Convention and democratic coalition.

To understand these varying preferences, however, one must have a strong understanding of the fundamental motivations and political structures of each regime type. That is, liberal democracies are influenced by strong civil societies that can hold their governments accountable through viable elections; authoritarian regimes lack genuine elections. Consequently, the former is motivated by a desire to secure individual human rights, whereas the latter aims to promote autocracy, maintain internal security, and ensure its own survival. Broadly speaking, liberal democracies and authoritarian governments tend to thus vary on four core tenets of international law: rhetorical grounding, function, substance, and form.[1] Most fundamentally perhaps, democracies view international law as a means of establishing commitment across time, while it chiefly serves a coordination tool for authoritarian regimes. In contrast to liberal democracies, therefore, authoritarian regimes prefer international law to be less precise, weakly delegated, and for decisions in IOs to be made only unanimously. From these preferences thus emerges a so-called authoritarian international law whereby governments’ “authoritarian use of international law will support normative development that specifically enhances authoritarianism.”[2] By adapting elements of the existing world order to their own preferences, authoritarian actors “utilize existing structures to their own ends, as would any powerful country… the model is one of sedimentation, with a new layer of ideas, rhetoric, and institutions resting on top of the prior one.”[3]

As a relatively new and malleable forum, cyberspace offers authoritarian governments the opportunity to do just that. International attempts to harness internet governance clearly reveal regimes’ differing preferences for cyber law. Specifically, authoritarian regimes prefer a multilateral internet governance model through which they can more aptly assert control and censor content for political purposes. A system that tolerates state regulation would allow authoritarian regimes to better secure their internal stability. This practice has already been seen across autocracies; for example, China’s Great Firewall notoriously blocks Twitter, YouTube, the New York Times, and any other platforms that might provoke dissent. These tendencies come in direct conflict with the preferences of the United States, which opts for a multi-stakeholder model in which a broadly open internet is governed primarily by like-minded actors and private firms. Indeed, this is what it has aimed to accomplish by delegating significant regulatory power to a California nonprofit called Internet Corporation for Assigned Names and Numbers (ICANN). As Raustalia (2016) writes, “The key distinction is that such power-sharing is pursued primarily with civil society in its myriad of guises, rather than other states who may—and in this case clearly do— have often quite different agendas and values than does the United States.”[4]

Notably, these divergent preferences are evidenced by voting patterns on the UNGA resolution “Countering the Use of Information and Communications Technologies for Criminal Purposes.” Its major proponents included Cambodia, China, Belarus, Iran, Myanmar, Nicaragua, Syria, and Venezuela, while the U.S. and its democratic allies were opposed. The controversial resolution raised eyebrows in Western liberal democracies,[5] as it largely reflected authoritarian preferences: provisions that give a legal cover for online censorship, limits to human rights, and emphasis on state control in internet governance. Other ongoing UN proceedings also reflect these differences. For example, the only existing global agreement on internet crime --the 2001 Budapest Convention-- is currently being challenged by Russia. Additionally, the UN general assembly is in the process of conducting open-ended working groups (OEWG) on cyber policy, the results of which will almost certainly bear the contours of regime-dependent preferences. Already these preferences are exemplified by Russia’s statement on the OEWG’s zero draft report, which argues that “The role of a multi-stakeholder approach to ensuring international information security is exaggerated by imposing the idea that States and other stakeholders hold similar responsibility in this area.”[6] Similarly, in its submissions to the OWEG, China also aimed to reinforce many of its aforementioned authoritarian-linked preferences.

The coalescing of authoritarian regimes on matters of international internet law is reflected not just in UNGA resolutions and working groups, but also in issues of cybersecurity. Increasingly, authoritarian regimes have come together to promote a set of cyber norms that would allow them to continue their dubious online activities; indeed, authoritarian regimes have been amongst the most destabilizing actors in cyberspace. For example, China was accused of the OPM hack, North Korea hacked Sony Pictures, Russia allegedly conducted the 2007 DDoS attack, and more recently of course, the hacking of various U.S. federal agencies. Under the auspices of the Shanghai Cooperation Organization (SCO), China and Russia have jointly endorsed cyber norms as a vehicle for promoting so-called “information security.” The notion of “information security,” of course, is a rhetorical guise for their repressive internet regulation. As Finnemore and Hollis (2016) note: “China and Russia’s newly shared expectations of cooperation against technology that destabilizes the society or interferes with internal affairs derives, at least in part, from both governments’ concerns about regime stability, conditions that do not motivate most Western states.”[7] This process is what Finnemore and Hollis call “norm siloing,” whereby “like-minded” states group together to promote their specific norms in international law. Such siloing is also exemplified by other joint international legal efforts, such as the Russia-China Joint Declaration on Promotion and Principles of International Law, and reflect such regime-related preferences.

Ultimately, it is this exact sort of norm setting that allows authoritarian actors to condition internet governance in accordance with their preferences. As Finnemore and Hollis establish, normative frameworks have come to be the governance model of choice for global cybersecurity; norms are viewed as a good alternative to international laws, which seem too rigid for a cyber environment.[8] Constructivist theorists have long demonstrated that norms are inherently tied to identity. Consequently, because norms dictate international internet governance, a state’s identity as a liberal democracy or an authoritarian regime is all the more important and influential. The very nature of this governance model thus allows authoritarian regimes to further exploit these systems and increasingly shape it to their preferences. Other specific features of internet governance also allow authoritarian regimes to bend international law to their will. Specifically, the secrecy and anonymity afforded by cyberspace allows regimes to be discrete and ambiguous in their digital dealings. Moreover, the internet is highly dispersed and composed of many different actors, thus making it rather difficult to be governed absolutely from one centralized institution or entity. Initially, there was even debate over the feasibility of internet regulation given its lack of geography and formalized territory, though scholars such as Goldsmith and Wu (2006) have since established that it is indeed possible.[9].

What is clear from this analysis, therefore, is that since the desired norms are so distinct, soft laws and norms cannot be the principal form of internet governance. That is, these basal preferences will ultimately limit most areas of cooperation when it comes to norm setting. These limits are made particularly clear by the fact that neither China nor Russia are signatories to the Paris Call for Trust and Security in Cyberspace, the multi-stakeholder initiative to have countries commit to nine normative principles for cyberspace. Nonetheless, democratic powers still have options for securing a free and open model of internet governance. They can do so by revisiting --but not abandoning-- the existing Budapest Convention and building a strong coalition that matches the efforts of authoritarian regimes. When it comes to legalized internet governance, countries certainly have the option to craft a new cyber treaty to replace the Budapest Convention. But as Hakmeh and Peters (2020) write, “a new treaty may distract and stall progress on international cybercrime cooperation at a time when the threat is at an all-time high.”[10] In this sense, democratic efforts would be best spent revising the Budapest Convention to disprove Russian concerns that the accords are outdated. It is crucial that the convention remains a confidence-building mechanism, and attempting to replace it entirely might distract and dissuade swing state signatories from supporting a new measure.

Not only must democratic powers enhance the Budapest Convention, they must also aggressively promote it through a strong democratic coalition that matches Chinese and Russian commitment to cyber. This is the forum where democratic governments can use norm setting to their advantage, but only if they reach the cyber infrastructure of those crucial swing states first. The United States and its democratic allies seem increasingly behind in this area, especially with China’s Digital Silk Road Initiative well underway. Indeed, in Africa, “China already provides more financing for information and communications technology than all multilateral agencies and leading democracies combined do across the continent.”[11] Moreover, in a world that is projected to reach a $15 trillion infrastructure financing gap by 2040, most regions are eager for Chinese funding.[12] What this means is that countries that accept this infrastructure financing will adopt authoritarian-inspired normative frameworks and legal regimes. Authoritarian governments could indeed not just inspire, but also teach countries with slight illiberal tendencies how to “better control their internets through filtering, content moderation, data localization, and surveillance.”[13] Thus, the U.S. and its allies must reinvigorate their commitment to supporting swing state cyber infrastructure in order to spread their normative frameworks on cyber. This project, in turn, will surely help garner the support they need in their legal efforts to revise the Budapest Convention. Thus, international internet law provides clear evidence for the disparate ways in which liberal democracies and authoritarian regimes interact with international law. As institutional structures are reshaped in the wake of global shifts, legal scholars, practitioners, and observers must continue to take into account regime-related preferences and the prospect of an authoritarian cyber law. Liberal democracies would be wise to focus their attention on revising the Budapest Convention and forging a strong democratic coalition for promoting their normative frameworks in swing states.


[1] Ginsburg, “Authoritarian International Law,” 2020

[2] Ginsburg, “Authoritarian International Law,” 2020

[3] Ginsburg, “Authoritarian International Law,” 2020

[4] Raustalia, “Governing the Internet,” 2016

[5] Stolton, “UN backing of controversial cybercrime treaty,” 2020

[6] United Nations, “Open-ended Working Group,” 2021

[7] Finnemore & Hollis, “Constructing Norms for Global Cybersecurity,” 2016

[8] Finnemore & Hollis, “Constructing Norms for Global Cybersecurity,” 2016

[9] Goldsmith & Wu, Who Controls the Internet?, 2006

[10] Hakmeh & Peters, “A New UN Cybercrime Treaty?,” 2020

[11] Kurlantzick, “Assessing China’s Digital Silk Road,” 2020

[12] Kurlantzick, “Assessing China’s Digital Silk Road,” 2020

[13] Kurlantzick, “Assessing China’s Digital Silk Road,” 2020


Finnemore, Martha. & Hollis, Duncan. Constructing Norms for Global Cybersecurity. American Journal of International Law, 2016, 110(3): 425 - 479.

Ginsburg, Tom. “Authoritarian International Law?” American Journal of International Law, 2020 114(2), 221-260. doi:10.1017/ajil.2020.3

Goldsmith, Jack. & Wu, Tim. Who Controls the Internet? New York: Oxford University Press, 2006.

Hakmeh, Joyce. & Peters, Allison. “A New UN Cybercrime Treaty? The Way Forward for Supporters of an Open, Free, and Secure Internet.” Council On Foreign Relations. 2020.

Kurlantzick, Joshua. “Assessing China’s Digital Silk Road: A Transformative Approach to Technology Financing or a Danger to Freedoms?” Council on Foreign Relations. 2020.

Raustalia, Kal. Governing the Internet. The American Journal of International Law, 2016, 110 (3): 91-503.

Stolton, Samuel. UN backing of controversial cybercrime treaty raises suspicions. EURACTIV. 2020.

United Nations. “Open-ended Working Group.” 2021.