Skip to main content Accessibility help
×
Hostname: page-component-68c7f8b79f-gx2m9 Total loading time: 0 Render date: 2025-12-19T03:59:37.350Z Has data issue: false hasContentIssue false

13 - Defending Taiwan’s Democracy in the Internet Commons

from Part II - Case Studies

Published online by Cambridge University Press:  aN Invalid Date NaN

By
Simon Sun
Edited by
Scott J. Shackelford ,
Frédérick Douzet  and
Christopher Ankersen
Scott J. Shackelford
Affiliation:
Indiana University, Bloomington
Frédérick Douzet
Affiliation:
Paris 8 University
Christopher Ankersen
Affiliation:
New York University

Summary

The Internet has become a new domain for conflicts between the Republic of China (Taiwan) and the People’s Republic of China (China) with their complicated history. China’s cyber warfare against Taiwan is diverse and comprehensive. To defend Taiwan’s democracy, it has embraced a top-down approach in shaping its cybersecurity policy. Specifically, Congress amended the National Security Law to extend Taiwan’s territory to the Internet. This mirrors the notion of “Internet Sovereignty,” a principle endorsed by China’s Internet governance regime, diverging from the principle of a free and open Internet.  Taiwan’s endurance of China’s attacks captures the two metaphorical views of the Internet, steering the course of normative development within the realm of Internet governance. Much of the foundational engineering of the Internet is embedded in the “cyberspace” metaphor, specifically evident in the United States (US). This has driven early discussions in the United Nations (UN) on developing cyber norms, which entails voluntary expectations of responsible state behavior. Simultaneously, China has been consistently advocating for the metaphor of “Internet Sovereignty” and has constructed its narrative through the Shanghai Cooperation Organization (SCO), its Cybersecurity Act and the Digital Silk Road (DSR). Countries are encouraged to maintain control of information flows in a given territorial realm. To uphold Taiwan’s democratic system, this research argues that Taiwan should embrace the metaphorical view of the Internet as “commons,” transcending conceptions of “cyberspace” or “sovereignty.” This research further classifies the Internet commons from three dimensions: “cable commons,” “communications commons,” and “content commons.” Each commons presents its unique set of challenges. The tragedy of each commons, like cable interception, cyberattacks, and the dissemination of disinformation, introduces scenarios akin to cases of overexploitation. These situations give rise to the collective action problem reminiscent of classic social dilemmas – a “tragedy of the commons.” Developed by Nobel Laureate Elinor Ostrom, polycentric governance offers a solution for the tragedy of the commons by facilitating coordination among diverse actors. It fosters norm development by adeptly tackling collective action problems through coordinating and harmonizing diverse decision making centers in the Internet. This offers a strategic advantage for Taiwan to safeguard its democratic system from the bottom-up in the various Internet commons.

Keywords

TaiwancyberspaceInternet sovereigntyInternet commonspolycentric governance

Information

Type
Chapter
Information
Securing Democracies
Defending Against Cyber Attacks and Disinformation in the Digital Age
 , pp. 293 - 318
Publisher: Cambridge University Press
Print publication year: 2026
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This content is Open Access and distributed under the terms of the Creative Commons Attribution licence CC-BY-NC-ND 4.0 https://creativecommons.org/cclicenses/

13 Defending Taiwan’s Democracy in the Internet Commons

China’s Cyber Warfare against Taiwan

Taiwan, officially known as the Republic of China (ROC), is a self-governing democracy situated across the Taiwan Strait from the People’s Republic of China (PRC) (“Taiwan: Political and Security Issues,” 2023). Taiwan stood as an exemplar during the global “third wave” of democratization in the 1980s and 1990s, successfully transitioning from an authoritarian regime to a representative electoral system in a gradual and peaceful manner (Diamond, Reference Diamond2009; Myers & Chao, Reference Myers and Chao2003). At the heart of Taiwan’s democratic system lies its electoral process, through which 23 million citizens exercise their right to vote in the selection of presidents, Congress members, and local government officials (Fell, Reference Fell2018). As described by Freedom House, “Taiwan’s vibrant and competitive democratic system has allowed for regular peaceful transfers of power since 2000, and protections for civil liberties are generally robust” (Freedom House, n.d.).

However, the ongoing efforts by the PRC to exert influence over policymaking, media outlets, and the foundational pillars of democracy pose persistent challenges to Taiwan’s democratic system (Freedom House, n.d.). The PRC’s Anti-Secession Law, enacted in 2005, stipulates that non-peaceful means may be employed to protect China’s sovereignty and territorial integrity in the event of Taiwan’s secession or when peaceful unification options are deemed exhausted (Mainland Affairs Council, Republic of China (Taiwan), 2005). In line with this stance, at the Chinese Communist Party (CCP)’s 20th Party Congress in October 2022, the party’s leader, Xi Jinping, emphasized the necessity of unification with Taiwan for the rejuvenation of the Chinese nation and reiterated that the CCP would not renounce the use of force if deemed necessary (Ministry of Foreign Affairs of the People’s Republic of China, 2022). Beyond these official pronouncements, Taiwan has also come under increasing digital assault. In the early months of 2023, it emerged as the most targeted country in terms of cyberattacks, experiencing an average of over 15,000 attacks per second (Fortinet, Reference Fortinet2023). These orchestrated interventions, strategically implemented by China, are intended to systematically undermine civilians’ trust in Taiwan’s democratic processes.

The Chinese Cyber Warfare

China’s cyber warfare against Taiwan is conducted in a systematic and methodical manner. Influenced by the Gulf War, the PRC began establishing digitized forces and researching novel aspects of cyber warfare (劉 & 張, Reference Jiawei and Jiayuan2021, p. 122). In November 1999, the concept of a “cyber army” (网军) was first mentioned in the Liberation Army Daily, becoming a new branch alongside the Army, Navy, Air Force, and Second Artillery Corps (劉 & 張, Reference Jiawei and Jiayuan2021). The People’s Liberation Army (PLA) began the task of establishing “information warriors”(信息战士), with the goal of identifying talent within the information industry across various regions (林, Reference Yingyou2016, p. 59). In 2002, Major General Dai Qingmin, who served as the Director of the Fourth Department (Electronic Countermeasures and Radar) of the General Staff Department of the PLA, revealed in an internal report that the PLA had consolidated ten major patterns of “information warfare”(信息战), with a specific focus on “integrated network-electronic warfare”(网电一体战). This refers to the use of electronic warfare, computer network operations, dynamic targeting, and other methods to disrupt the enemy’s battlefield network information systems that support combat operations and force projection. The PLA believed that achieving electromagnetic superiority during the initial stages of a battle was paramount to ensuring victory on the battlefield (林, Reference Yingyou2016).

The overarching strategy employed by the Chinese cyber army involves the utilization of advanced persistent threats (APTs), which leverages the intricacies of human nature and employs sophisticated “social engineering” tactics (林, Reference Yingyou2013, pp. 102–103). These orchestrated and meticulously planned espionage activities distinguish themselves from conventional cybersecurity attacks. In pursuit of their objectives, attackers navigate through various stages of attack, employing diverse tactics to evade detection. These stages include the establishment of initial footholds, internal network scanning, and lateral movement between systems within the network, all aimed at reaching the ultimate target system. Upon carrying out their malicious activities on the target system, attackers reach a decision point. They may opt to remain within the network, continuing their harmful actions on other systems, or they may choose to exit the system after eliminating any traces, depending on the directives of their funding source. These multistage attacks typically initiate with the infiltration of one of the network’s systems. Subsequently, privilege escalation techniques are executed as needed to reach the ultimate target system, gain access to sensitive systems, and transmit status updates or information back to the attackers’ command and control center (Alshamrani et al., Reference Alshamrani, Myneni, Chowdhary and Huang2019, p. 2). APTs demonstrate the meticulous planning, organization, and coordination among cyber army units (曾, Reference Yuzhen2020, p. 22). They exhibit characteristics of organized crime, often with the backing of adversarial governments, and are particularly adept at concealing their tracks (曾, Reference Yuzhen2020).

Taiwan’s Regulatory Response and Its Limitations

Although Taiwan boasts one of the most liberated online environments in Asia, the proliferation of cyberattacks has prompted the nation to embrace a top-down approach to shaping its cybersecurity policy. The Cybersecurity Management Act (資通安全管理法) serves as the primary legislation for cybersecurity. This is part of the strategy of “cybersecurity-as-national-security strategy” (資安即國安) (國家資通安全辦公室, 2021). The law, passed in 2018, applies to government agencies and specific nongovernmental entities, including critical infrastructure providers, state-owned enterprises, and government-funded foundations (資通安全管理法,全國法規資料庫, 2022). The requirements for government agencies are modeled after the Federal Information Security Management Act of 2004 (FISMA). Moreover, specific nongovernmental entities must develop and implement cybersecurity maintenance plans in accordance with their respective cybersecurity responsibility levels and establish incident reporting and response mechanisms. These guidelines should include references to and recommendations for the relevant requirements under the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001 international information security management standard. The broad application of this provision to nongovernmental entities has drawn criticism from scholars and certain members of Congress for its perceived lack of specificity (劉 & 徐, Reference Jingyi and Xu2018, pp. 122–125; “「資通安全管理法」何去何從?,” 2018, p. 158).

To counteract the APTs from China, significant legislative advancements have been made. First, the National Security Act (國家安全法) was updated to include “cyberspace” as the “fifth domain” of national security protection (國家安全法,全國法規資料庫, 2022; 國家安全法異動條文及理由, 立法院法律系統, 2019). This amendment reflects the reality that national security threats have transcended physical boundaries, with organized cyber criminals posing significant risks by targeting and compromising national critical information infrastructure through internet connections. However, the legal definition of cyberspace remains ambiguous, lacking clarity and precision (蔡, 2019, p. 37).

Second, in 2022, the National Communications Commission (NCC) proposed a draft act called the Digital Intermediary Service Act (數位中介服務法) to combat disinformation. The draft legislation included provisions establishing liability for internet intermediaries, modeled after the Digital Service Act. It also includes provisions for an “access restriction order,” inspired by Section 125 of the United Kingdom’s “Draft Online Safety Bill” from 2022 (“數位中介服務法草案總說明,” n.d.). However, the law faced extensive criticisms for infringing on freedom of expression and allegations of unconstitutionality (陳, Reference Chengliang2023). In response, the NCC announced its decision to refer the entire draft back to the internal digital convergence working group for thorough deliberation and examination of the contentious issues. (Shan, Reference Shan2022)

Third, in consideration of data breaches involving nongovernmental organizations, the Administrative Yuan passed an amendment to the Personal Data Protection Act (個人資料保護法) (新聞傳播處, 2023). The proposed legislation establishes an autonomous entity dedicated to data protection and significantly raises the penalty (up to NT$10 million) for private enterprises that fail to ensure the security of personal data. According to the National Development Council (國家發展委員會), this is part of the key strategies outlined in the “New Generation Anti-Fraud Strategy Action Plan” by the Executive Yuan, which focuses on strengthening the cybersecurity obligations of all stakeholders involved under the “Prevention of Fraud” initiative (新聞傳播處, 2023).

Taiwan remains committed to upholding a free and open internet. However, the prevalence of cyberattacks from China has led to the adoption of a top-down approach, involving increased government intervention and the establishment of national boundaries within the internet sphere. Taiwan faces a critical challenge: safeguarding its democratic institutions while navigating the pressures of cyber warfare. This situation reflects broader discussions about the normative behavior of governments and private parties online. This research will explore the underlying norms and metaphors shaping internet governance over time, gaining valuable insights to address the complex challenges of the digital age.

Norm Developments of the Internet

Norms and Metaphors

The internet was conceived in the late 1960s as a groundbreaking project by the U.S. Department of Defense (Leiner et al., Reference Leiner, Cerf, Clark, Kahn, Kleinrock and Lynch1997). Designed to interconnect research institutions and universities, it emerged as a sophisticated network for communication and resource sharing. Since its inception, the internet has undergone remarkable transformations, becoming the ubiquitous global network that defines our modern era. One of the internet’s most important features is its ability to construct virtual reality, which has sparked a wide range of perspectives (Kerr, Reference Kerr2003, p. 357). Building on these perspectives, scholars have increasingly emphasized the idea of a “norm” in the digital context, focusing on how it is defined and established within the internet.

According to political scientist Martha Finnemore and Kathryn Sikkink, a norm is “a standard of appropriate behavior for actors with a given identity” (Finnemore & Sikkink, Reference Finnemore and Sikkink1998, p. 891). The discourse surrounding norms in the digital realm is commonly referred to as “cyber norm,” with its primary focus on defining the expected conduct of governments in relation to global security and the stability of the internet (Finnemore & Hollis, Reference Finnemore and Hollis2016). A norm life cycle consists of three stages: norm emergence, norm cascade, and norm internalization. Norm emergence may potentially result in a norm cascade, once the tipping point has been reached, which is then followed by the norm’s internalization. The fundamental mechanism of the initial stage, norm emergence, entails the persuasive efforts of norm entrepreneurs who strive to sway a critical mass of states toward the adoption of novel norms. This process relies on the art of persuasion and the strategic influence wielded by these entrepreneurial actors to foster the acceptance and endorsement of emerging norms (Finnemore & Sikkink, Reference Finnemore and Sikkink1998, p. 897). In short, the development of norms is linked to the active engagement of norm entrepreneurs.

At its core, the development of norms in internet governance revolves around the metaphors promoted by norm entrepreneurs. These metaphors not only present legitimate regulatory functions and drive policy changes but also possess remarkable cognitive power, as they help us conceptualize complex ideas or phenomena (Frischmann, Reference Frischmann2007; Hunter, Reference Hunter2003). They serve as bridges between the technical complexities of the internet’s infrastructure and the sociopolitical dynamics that shape its governance. Moreover, metaphors encapsulate specific visions of the internet, rendering the abstract realities of the digital world more tangible and relatable.

In the subsequent sections, I will analyze the two influential norm entrepreneurs in the digital realm – the United States and China – to glean perspectives on the evolution of behavioral norms and their significant contributions to this process. I will specifically explore how these norm entrepreneurs have used two distinct metaphors to shape internet policies. This analysis could offer valuable insights into the governance of international relations, where the interplay of law and politics influences the actions of states and other relevant entities (Finnemore & Sikkink, Reference Finnemore and Sikkink1998, p. 916).

The United States and Cyberspace

The US’ norm development was influenced by the “cyberspace” metaphor, popularized by William Gibson, a science fiction novelist, to describe a new place created by worldwide networks (Hunter, Reference Hunter2003, p. 441; Lemley, Reference Lemley2003, p. 524). According to traditional cyberlibertarianism, cyberspace is its own entity and therefore not subject to territorial regulation (Barlow, Reference Barlow1996). This vision depicted a free and open place where “land could be taken, explorers could roam, and communities could form with their own rules” (Hunter, Reference Hunter2003, pp. 442–443). Notably, David Johnson and David Post argued in a 1996 article that cyberspace should be left to develop its own self-regulatory structure, as there was no longer an obvious method to connect an electronic transaction communication to a particular nation-state jurisdiction (Johnson & Post, Reference Johnson and Post1996, p. 1367). Among the various proposals on self-governance, some theorists believe that online transactions should be governed by norms similar to those in the Lex Mercatoria – a set of norms that governed merchant transactions in medieval times (Hardy, Reference Hardy1994, pp. 1015–1025; Hunter, Reference Hunter2003, p. 448; Perritt, Jr., Reference Perritt1997, p. 461–463; Reidenberg, Reference Reidenberg1998, p. 553).

While the internet has never been as independent or sovereign as early idealists believed, the “cyberspace” metaphor strongly influenced the US legal academic discourse, judicial pronouncements, and legislative enactments (Hunter, Reference Hunter2003, pp. 446–447). The concept of cyberspace as an unrestricted virtual realm is deeply rooted in the American philosophy of free speech (Bradford, Reference Bradford2023, pp. 33–68; Lessig, Reference Lessig2000, p. 6). It embodies the conviction that individuals possess the liberty to articulate their thoughts without censorship or unwarranted intervention, akin to the safeguards enshrined in the First Amendment of the U.S. Constitution (Bradford, Reference Bradford2023, p. 41). Most significantly, the cyberspace metaphor resulted in favoring a bottom-up rather than top-down approach to internet governance. This philosophy contributes to an evolving legal landscape in the United States shaping how online activities are governed and influencing the protection of user data and online security. For instance, the United States lacks a comprehensive cybersecurity law. Meanwhile, US legal discourse on cyber policy has been closely monitoring the density of regulations over the cyber world, with the goal of keeping it free and open (Lessig, Reference Lessig1996, p. 869; Mueller, Reference Mueller2020, p. 779).

The metaphor of “cyberspace” has significantly shaped the trajectory of the US international norm development in cybersecurity, particularly by emphasizing constraints on government actions in the digital domain. Since 2005, the United States has actively engaged in the United Nations (UN) Group of Governmental Experts (GGE), prioritizing the development of responsible state behavior to prevent interstate conflict and limit the use of cyberattacks during cyber conflicts (Lotrionte, Reference Lotrionte2013, p. 75; Mueller, Reference Mueller2020, pp. 786–787). The GGE’s efforts fostered constructive progress that culminated in the formation of a 2013 working group whose participants reached a consensus that the principles of the UN Charter principles, as well as international law, apply to the digital domain.

In 2015, the GGE released a report that acknowledged eleven voluntary norms – a significant milestone in advancing both the understanding of relevant international laws applicable to information and communications technologies (ICTs) and the imperative of safeguarding critical infrastructure (United Nations General Assembly, 2015). These principles were reaffirmed in the 2021 report by the UN Open-Ended Working Group (OEWG), an initiative originally seen as the GGE’s counterpart and sponsored by Russia (Broeders, Reference Broeders2021, p. 278; United Nations General Assembly, 2021).

Overall, the United States has promoted its norms through the “cyberspace” metaphor, emphasizing minimal government intervention in the digital realm and prioritizing voluntary measures to protect free speech. This approach has influenced US cybersecurity policies abroad and has been effectively championed in international forums such as the UN GGE, where similar norms appear in the UN OEWG, the Paris Call, and the Global Commission (“The 9 Principles,” n.d.; The Hague Centre for Strategic Studies, n.d.).

China and Internet Sovereignty

China views the internet as an extension of its territorial sovereignty, shaping its metaphorical perspective on how the internet should be governed (Bradford, Reference Bradford2023, p. 70). This notion was first introduced in the Chinese State Council Information Office’s 2010 publication, The internet in China (Wang, Reference Wang2020, p. 397). The “internet sovereignty of China” in this context refers to the assertion that the internet within Chinese territory falls under Chinese jurisdiction – a significant statement to partitioning the internet along national boundaries. The Chinese government has spearheaded legitimation and adoption of “internet sovereignty” through its 2017 Chinese Cybersecurity Law, representing the nation’s intent to assert control over the internet within its jurisdiction (Creemers, Webster, & Triolo, Reference Creemers, Webster and Triolo2018). Central to this framework are measures such as “public opinion guidance” and requirements for data localization by foreign companies (McKune & Ahmed, Reference McKune and Ahmed2018, p. 3835; E. Wu, Reference Wu2021, p. 1).

Acting as a norm entrepreneur, China has promoted internet content control norms in regional and international institutions under the principle of internet sovereignty. The Shanghai Cooperation Organization (SCO), jointly led by China and Russia, exemplifies this successful multilateral adoption of digital authoritarian norms and practices (McKune & Ahmed, Reference McKune and Ahmed2018, p. 3841). Formed in 2001, the SCO consisted of China, Russia, Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan. Over time, the organization has developed a robust normative framework and gained international prominence. In 2009, SCO member states adopted the Yekaterinburg Agreement, which established core principles for “international information security” and paved the way for proposing an “International Code of Conduct for Information Security” to the UN in 2011 and 2015 (Ministry of Foreign Affairs of the People’s Republic of China, 2011). This Code of Conduct emphasizes sovereignty, territorial integrity, and political independence, urging UN members to refrain from using ICTs to interfere in the internal affairs of other states or undermine their political, economic, and social stability (McKune & Ahmed, Reference McKune and Ahmed2018, p. 3841). Meanwhile, President Xi Jinping underscored the importance of “respect for cyber sovereignty” at the second World Internet Conference (WIC) held in Wuzhen in December 2015 (McKune & Ahmed, Reference McKune and Ahmed2018, p. 3845).

The concept of “sovereignty” has gained traction, resonating not only in authoritarian regimes but also in liberal democracies such as those in Europe (C.-H. Wu, Reference Wu2021, p. 659). The European Union (EU) has begun using the terms “technological sovereignty” and “digital sovereignty,” driven by the aim of enhancing its competitiveness in the digital realm and ensuring economic independence (Burwel & Propp, Reference Burwel and Propp2020, p. 1; European Commission, 2019, p. 3; von der Leyen, Reference von der Leyen2020). This concept encompasses preserving strategic autonomy and safeguarding security interests, as highlighted by the European Commission (European Commission, 2019, p. 3). The Digital Silk Road (DSR) extends the opportunity to propagate similar ideologies to African nations, potentially importing principles of “internet sovereignty.” One noteworthy policy proposition is “data localization,” which rests on government control, self-determined economic advancement, and societal structuring. This idea holds substantial appeal worldwide, extending well beyond nondemocratic governments (Erie & Streinz, Reference Erie and Streinz2021). The internet appears to be moving toward greater balkanization, marked by the creation of national boundaries that restrict the flow of information within specific jurisdictions (Lemley, Reference Lemley2021, p. 1399).

In general, China’s norm development in the cybersecurity realm has advanced significantly, with one notable achievement being the increased awareness among nations of their sovereignty in the digital sphere. As a result, there has been a growing inclination to implement regulations and policies that exercise state control over the internet. By consistently using the term “sovereignty,” President Xi has emphasized the importance of upholding the principle of internet sovereignty, highlighting the need for nations to assert their authority over their respective digital domains and establish governance mechanisms aligned with their national interests.

Taiwan’s Metaphorical Choice: The Internet as Commons

The main implications of the two norm developments, each driven by a distinct metaphor, center on differing cybersecurity strategies. The US conception of “cyberspace” emphasizes voluntary measures, whereas China treats the internet as an extension of its national territory and favors regulatory controls. However, both perspectives face significant challenges. Under the “cyberspace” metaphor, the notion of a free and open internet, while aligned with the original vision of the internet, leaves democratic institutions vulnerable to attacks. As a result, the National Cybersecurity Strategy, published by the White House in March 2023, calls for coherent regulations in critical sectors, signaling a shift toward a model more akin to China’s (The White House, 2023). Meanwhile, the “internet sovereignty” metaphor – by endorsing stringent regulatory measures – risks creating a “splinternet,” characterized by regulatory conflicts and the potential for authoritarian regimes to curtail online freedoms (Lemley, Reference Lemley2021, pp. 1418–1421).

An alternative path for developing internet norms can be fostered by adopting the metaphor of the internet as “commons.” This approach is not without theoretical foundations – scholars and politicians have long used the term “commons” to characterize the internet, with some referencing concepts such as the “global commons,” “semi-commons,” “pseudo commons” or commons within the economic context (111th Congress, 2010; Benkler, Reference Benkler2003; Chertoff, Reference Chertoff2014; Frischmann, Reference Frischmann2013; Hess, Reference Hess1996; Hess & Ostrom, Reference Hess and Ostrom2003; Lessig, Reference Lessig2001; Mueller, Reference Mueller2020; Shackelford, Reference Shackelford2013, Reference Burwel and Propp2020; Shiffman & Gupta, Reference Shiffman and Gupta2013). Embracing the “commons” metaphor to depict the internet offers two primary advantages.

First, the metaphor of the “commons” aptly captures the shared nature of the internet (Hess, Reference Hess1996). The term “commons” generally refers to a resource shared by a group of people subject to social dilemmas (Hess & Ostrom, Reference Hess and Ostrom2007, pp. 3–4). One specific type of shared resource system, known as a “common-pool resource,” combines the subtractability characteristic of private goods with the difficulty of exclusion typically associated with public goods (Ostrom, Reference Ostrom2010, pp. 644–645). Forests, fisheries, and irrigation systems are prominent examples of common-pool resources worldwide (Ostrom, Reference Ostrom2010, p. 645).

Given the internet’s intricacies, the levels of subtractability and exclusivity vary depending on the aspect of the resource system under examination. The exclusion of internet resources is highly fragmented and piecemeal. When many users access the internet simultaneously, congestion can arise, highlighting the issue of subtractability (Hess, Reference Hess1996). However, the attribute of difficulty of exclusion and high subtractability do not fully encompass the diverse resources of the internet. Accordingly, this research focuses on the notion of the “commons” to capture the internet’s shared nature and highlights three shared resources:

  • The cable commons: The internet relies on a vast physical infrastructure, with a network of high-performance submarine cables carrying 99 percent of global traffic between countries and continents (Takeshita et al., Reference Takeshita, Sato, Inada, de Gabory and Nakamura2019, p. 36). This infrastructure can be referred to as the cables commons, comprising more than 552 submarine cables that span the ocean floor and linking to over 1,300 distinct coastal landing stations (McDaniel & Zhong, Reference McDaniel and Zhong2022; TeleGeography, n.d.). Ownership of submarine cables is heavily concentrated in the private sector, with about 99 percent privately owned by prominent telecom carriers, content delivery providers, and investor groups (Burnett, Reference Burnett2021). While network operators have traditionally been the primary investors, content providers such as Google, Amazon, Microsoft, and Meta have also expanded their investments to ensure seamless interconnection between their data centers (Wall & Morcos, Reference Wall and Morcos2021). Excluding others from using the same submarine cables can be challenging, given their shared nature. Congestion may occur due to high demand, technical issues, underinvestment, or geopolitical factors.

  • The communications commons: The internet’s most significant accomplishment is its standardized means of communication, enabled by a set of globally accepted protocols. The communications commons refers to the shared, interoperable, and equitable nature of internet communication. This commons is primarily maintained by several organizations, including the Internet Engineering Task Force (IETF), Internet Corporation for Assigned Names and Numbers (ICANN), and Institute of Electrical and Electronics Engineers (IEEE). A foundational conceptual framework for coordinating the development of interconnection standards is the Open Systems Interconnection (OSI) model, developed by the ISO. This model consists of seven abstraction layers, including physical, data link, network, transport, session, presentation, and application layers (ISO, 1994). Each layer represents a specific aspect of the communication process in a computing system. These standards are designed to be open and universal, enabling anyone, anywhere, to build software or hardware that connects to the internet. Because of these open standards and the interoperable nature of the internet, excluding others can be difficult. However, congestion may occur due to network architecture, peak usage, heavy users, or distributed denial of service (DDoS) attacks.

  • The content commons: The “content commons” refers to the collective body of information and speech that flows across the internet, shaping the virtual world. It encompasses content created by both users and organizations such as governments, corporations, and academic institutions. Much of this commons is hosted on platforms controlled by large US and Chinese corporations – ranging from social networking to search engine services and e-commerce (CompaniesMarketCap, 2023). Within these platforms, diverse social groups establish various sub-commons, each with unique functions, thereby fostering distinct communities. Sharing content on the web remains relatively easy due to low costs, wide reach, and the prevalence of social media platforms. However, congestion can occur because of information overload, the tendency to prioritize quantity over quality, and the lack of effective content discoverability.

Second, Ostrom’s scholarly inquiry into the governance of commons offers profound insights that can significantly enhance internet governance, particularly regarding cybersecurity strategies. Ostrom’s main contribution to the commons theory lies in her formulation of eight institutional design principles, which are strongly tied to the effectiveness of institutions in managing common-pool resources. These principles were the successful commons management systems she identified among the cases examined in Governing the Commons (Ostrom, Reference Ostrom2015). The eighth design principle, which addresses larger and more complex systems of common-pool resources, specifies that various governance activities associated with robust institutions should be organized across multiple layers of nested enterprises. In subsequent work, Ostrom and others have sometimes used the term “polycentric” interchangeably with, or in reference to, the “nested” requirement of the eighth design principle – though polycentricity implies more than nestedness (Carlisle & Gruby, Reference Carlisle and Gruby2017, p. 930).

While there is no unified definition of “polycentric governance,” at the heart of nearly every discussion is the notion of multiple centers of decision-making, where none of them has ultimate authority for making collective decisions (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019, p. 31). This mirrors the structure of the internet, wherein the decision-making centers encompass national authorities, international organizations, private companies, and individuals. Recognizing this, when governance systems are structured in a polycentric manner – from the smallest to the largest scales – they become capable of addressing collective action problems across multiple levels (Ostrom, Reference Ostrom, Brousseau, Dedeurwaerdere, Jouvet and Willinger2012, p. 107). This arrangement inherently fosters the development of norms among participants through a variety of mechanisms, all interconnected and mutually reinforcing. It emphasizes the potential for effective cooperation, conflict resolution, fruitful competition, and shared learning (Bruns, Reference Bruns, Thiel, Garrick and Blomquist2019, p. 237). As a result, polycentricity highlights the organic and self-organizing nature of internet governance – where multiple centers of decision-making interact and collaborate – and stands in contrast to a purely market- or state-centric approach (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019).

The Taiwan–China conflict illustrates the clash between two different internet metaphors. The US concept of “cyberspace” encourages minimal regulatory intervention and is less effective in mitigating cyberattacks, whereas China’s “sovereignty” perspective prioritizes stricter regulations and enhanced security, often at the expense of freedom of expression. Embracing the metaphor of the “internet as a commons” offers Taiwan valuable insights for formulating its cybersecurity strategy. It directs the attention toward identifying shared resources and decision-making centers within the internet. This metaphor serves as a critical tool for interpreting, shaping, and navigating the intricate landscape of policies and protocols that underpin Taiwan’s cybersecurity frameworks. It also promotes meaningful dialogue among diverse stakeholders – policymakers, technologists, academics, civil society, and businesses – that often transcends disciplinary and cultural boundaries. By adopting this approach, Taiwan gains a strategic advantage without veering toward an overly idealized “cyberspace” metaphor or fully embracing “internet sovereignty.” Individuals can safeguard and coordinate the management of shared resources without relying on centralized rulemaking, thereby enhancing security and fostering norm development (Shiffman & Gupta, Reference Shiffman and Gupta2013, p. 100).

Defending Taiwan’s Democracy in the Internet Commons under Polycentric Governance

Tragedy of the Internet Commons

V. Ostrom, Tiebout, and Robert Warren (Reference Ostrom, Tiebout and Warren1961) introduced the concept of polycentricity in their endeavor to ascertain the nature of activities undertaken by numerous public and private agencies involved in the provision and production of public services within metropolitan areas (Carlisle & Gruby, Reference Carlisle and Gruby2017, p. 928). V. Ostrom’s idea of polycentricity goes beyond specific domains and encompasses various aspects of societal organization, including economic markets, legal systems, scientific disciplines, and multicultural societies. In the realm of politics, federalism stands as a key example of polycentricity (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019, p. 24). As mentioned earlier, Elinor Ostrom adopted the term in her work on governing the commons, making it a central pillar of the Bloomington School of Political Economy (Carlisle & Gruby, Reference Carlisle and Gruby2017, p. 930).

The main purpose of Ostrom’s polycentric governance is to mitigate the risk of the “tragedy of the commons” (Hardin, Reference Hardin1968). In valuable open-access resources, the absence of an effective governance regime – either by involved parties themselves or external authorities – may lead to suboptimal outcomes. As internet usage increases, it introduces more threat vectors and provides malicious actors with an expanded range of networks to target, creating a scenario akin to the “tragedy of the commons.” While the broader China–Taiwan conflict resembles a vibrant threat system, the emergence of APTs and activities such as undersea cable disruptions, DDoS attacks, and disinformation campaigns within the internet context are analogous to overexploitation of resources across different internet commons. These developments present a collective action problem that falls within the realm of classic social dilemmas (Shackelford, Reference Shackelford2013, p. 1293).

Tragedy of the Cable Commons

The tragedy of the “cable commons” refers to intentional interference with submarine cables and their use as tools for intelligence gathering. Despite their pivotal role in the digital economy, submarine cables remain surprisingly vulnerable, and the regulations governing their security are antiquated (McDaniel & Zhong, Reference McDaniel and Zhong2022). The governance of the cable commons occupies a gray area, which some phrase as “the orphans of international law” (Beckman, Reference Beckman, Burnett, Beckman and Davenport2014, p. 281). Relevant conventions, including the 1884 Convention for the Protection of Submarine Telegraph Cables, the 1958 Convention on the Continental Shelf, and the 1982 United Nations Convention on the Law of the Sea (UNCLOS), only provide a limited degree of peacetime protection for submarine cables. Their applicability during times of conflict, however, remains contested (McDaniel & Zhong, Reference McDaniel and Zhong2022).

Intentional interference can originate from state or non-state actors, serving various objectives. These may include disrupting military or government communications in the early stages of a conflict, cutting off internet access for a targeted population, sabotaging economic competitors, or causing economic disruptions for geopolitical reasons (Davenport, Reference Davenport2015; Wall & Morcos, Reference Wall and Morcos2021). Taiwan is connected by fifteen submarine cables (McDaniel & Zhong, Reference McDaniel and Zhong2022). This network – protected by advanced encryption – has landing points in Toucheng, Taiwan; Baler, Philippines; and El Segundo, California, yet it poses a significant vulnerability to the nation’s cybersecurity. For instance, in February 2023, two submarine cables connecting Taiwan and Matsu were severed, disrupting internet access for residents in Matsu Island. In an invasion scenario, beyond physically cutting these cables, China could deploy submarines or unmanned underwater vehicles (UUVs) to locate and sever cables, launch cyberattacks that result in data disruption, and use devices that generate electromagnetic pulses (EMPs) to damage cables or their connected infrastructure (陳, Reference Chengliang2023).

It is also possible to tap cables to intercept and steal data for espionage. Edward Snowden revealed that the United States and the United Kingdom have been directly intercepting the internet backbone (Davenport, Reference Davenport2015). Moreover, the need for cable tapping in espionage may become redundant when a state owns the infrastructure. One important feature of the DSR involves Chinese technology firms partnering with non-Chinese counterparts to construct undersea cables (Erie & Streinz, Reference Erie and Streinz2021). China’s ongoing efforts to assert control over various islands in the South China Sea further exacerbate the issue, allowing it to lay its own network cables away from international scrutiny. With ambitions to expand 5G networks – led by Huawei – the Chinese government stands to exert even greater influence over the flow of information entering and exiting the country (Martin, Reference Martin2019).

Tragedy of the Communications Commons

Cyberattacks predominantly take place within the “communications commons” and take various forms. Their primary goal is to disrupt the shared internet communication. A common type is the DDoS attack, which involves flooding the network’s communications channels. In one method, an attacker sends a continuous stream of packets to a target, depleting critical resources and rendering the system inaccessible to legitimate clients. Another tactic uses a few maliciously crafted packets to disrupt an application or a protocol on the victim’s machine, causing it to freeze or require a reboot. Such attacks are feasible because internet security is highly interdependent and internet resources are finite (Mirkovic & Reiher, Reference Mirkovic and Reiher2004, p. 40). Other cyberattacks include malware, phishing, ransomware, spoofing, and eavesdropping (Fortinet, n.d.). One major consequence of cyberattacks is a data breach, in which unauthorized entities gain access to sensitive or confidential information (Kosinski, Reference Kosinski2024).

Taiwan experiences persistent daily DDoS attacks from China. For instance, in 2018, the computer systems of Taiwanese government departments were subjected to frequent cyberattacks and vulnerability probing, exceeding 10 million incidents per month – more than half of which originated from Chinese information warfare units. In 2022, following a visit to Taiwan by U.S. House Speaker Nancy Pelosi, Taiwan’s Ministry of National Defense reported a DDoS attack that took down its network for about two hours (Miller, Reference Miller2022). Hackers have also targeted the websites of the Presidential Office, Ministry of Foreign Affairs, and Ministry of National Defense.

Additionally, Taiwan has experienced numerous significant data breaches, affecting both government agencies and private sectors across various industries (李, Reference Jiaqi2023). Reports indicate that personal data from key intelligence systems, including the National Security Bureau and Military Intelligence Bureau, have been compromised and traded in overseas markets (李, Reference Jiaqi2023). Also, domestic and international cybersecurity agencies have repeatedly found Trojan programs in devices produced by well-known Chinese smartphone brands. These programs covertly transmit users’ personal information, captured photos, and network communications to specific addresses, enabling surveillance of smartphone users and creating a “cybersecurity black hole” (國防部政治作戰局, 2017).

Tragedy of the Content Commons

The tragedy of the content commons refers to the disruption of a shared content ecosystem. It can arise from “information warfare,” a strategy that involves controlling information to gain a competitive advantage. This strategy encompasses both offensive and defensive operations. Strategy, in this context, refers to the process of planning to achieve national objectives and goals, while operations serve as the bridge between strategic objectives and specific tactics, techniques, and procedures. This linkage is facilitated through information operations (IO). Categories of information used in IO include propaganda, misinformation, and disinformation. Notably, the Russian government has been accused of employing bots to spread disinformation and sow discord in various contexts, including the 2016 US presidential election (Theohary, Reference Theohary2018).

Beijing’s information warfare targeting Taiwan has been focused on promoting the PRC’s model of governance and fostering polarization, aiming to undermine confidence in Taiwan’s democratic process (Faust, Reference Faust2023). Doublethink Lab, a Taiwanese organization researching the impact of digital authoritarianism, has identified several methods used by Chinese actors. These include social media influencers amplifying disinformation from CCP-backed content farms and operations involving collaboration with actors who often recruit Taiwanese agents to carry out influence campaigns originating from the mainland (Lee et al., Reference Lee, Tseng, Kao, Wu and Shen2020, pp. 22–39).

The task of preserving the content commons through regulations has been arduous due to the inherent risk of “collateral censorship” associated with any form of speech regulation (Balkin, Reference Balkin1999, p. 2298). When the state holds one private party, “A,” liable for the speech of another private party, “B,” A has an incentive to avoid any potential liability by restricting even fully protected speech. This dynamic often leaves the content commons largely unregulated, especially in democratic states. Meanwhile, authoritarian regimes have enacted laws to censor online speech, ostensibly in the interest of national security. These measures include dictating the permissible forms of speech on websites, exemplified by the 2017 Chinese Cybersecurity Law (Creemers, Webster, & Triolo, Reference Creemers, Webster and Triolo2018). In summary, striking a delicate balance between protecting free speech and upholding national security remains a significant challenge.

Taiwan’s Polycentric Governance in the Internet Commons

Within the internet commons, global problems involve a diverse array of actors, extending beyond governments to include corporate entities that serve as agents for complex publics and exhibit significantly intricate behavior (McGinnis & Ostrom, Reference McGinnis and Ostrom1992). As mentioned, nearly every discussion of polycentric governance revolves around the concept of multiple “decision-making centers” (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019, p. 31). This concept highlights the distributed nature of governance, where power and decision-making are dispersed across various institutions. Jurisdictions of authority may overlap, with many centers of decision-making operating formally independent of each other (Ostrom, Tiebout, & Warren, Reference Ostrom, Tiebout and Warren1961). The goal of polycentric governance is to facilitate the use of local knowledge and build mutual trust (Cole, Reference Cole2015). Local communities possess the skills, local knowledge, and capacity to overcome many challenges, making it essential to resolve problems as close to these communities as possible. This approach effectively addresses the challenges posed to traditional models of democracy centered on the nation-state (Scholte, Reference Scholte and Kohl2017, p. 167). Polycentricity challenges the belief that either the state or markets alone hold the solution to addressing complex challenges (Shackelford, Reference Shackelford2013, p. 1333). Instead, it creates an effective mechanism for cooperation, coordination, conflict resolution, and the utilization of local knowledge.

Taiwan’s Role as a Public Entrepreneur in the Cable Commons

To effectively address collective action problems, it is critical to foster entrepreneurship and innovation across local, regional, national, and international domains. Taiwan, as a decision-making center, has the potential to act as a public entrepreneur in the cable commons, calling for policy changes on maintaining the cable commons among governments, cable operators, and cable owners. As explained by Elinor Ostrom, “Entrepreneurship is a particular form of leadership focused primarily on problem solving and putting heterogeneous processes together in complementary and effective ways, rather than simply making public speeches and being charismatic” (Ostrom, Reference Ostrom, Brousseau, Dedeurwaerdere, Jouvet and Willinger2012, p. 107). Entrepreneurship can be further understood as “acts performed by actors who seek to punch above their weight,” distinguishing them from those who merely perform their duties and act appropriately (Boasson, Reference Boasson, Jordan, Huitema, van Asselt and Forster2018, p. 119). In relation to the concept of “norm entrepreneurs,” as discussed in international relations theory, both norm and public entrepreneurs serve as agents of change. While the former concentrates on shaping norms and values, the latter seeks to drive policy change.

The governance of the cable commons, as mentioned, is a gray zone that poses significant concerns due to its vulnerability to disruption and penetration. Taiwan’s role as a public entrepreneur in this domain should focus on promoting best practices, including diversification, cable installation, operation and maintenance, information sharing among allies and contingency planning, and the development of a variety of regulatory regimes and international legal frameworks (European Agency for Cybersecurity, 2023). This role is particularly important given the ongoing competition between China and the United States over control of undersea cables.

Specifically, regional and international cooperation on information sharing should be established as a mechanism for interorganizational, intersectoral, and intergovernmental exchanges of data deemed relevant by the sharers for resolving collective action problems (Housen-Couriel, Reference Housen-Couriel, Shackelford, Douzet and Ankersen2022). Taiwan and its allies can formulate joint patrols or task forces with regional partners to share intelligence and coordinate countermeasures. The goal is to strengthen infrastructure by investing in cable armoring, deep burial, and decoy cables, while collaborating with international organizations to establish accountability systems (陳, Reference Chengliang2023).

The Industry’s Role of Fostering a Security Culture in the Communications Commons

In the communications commons, each company within the industry serves as a decision-making center to maintain internet communication by fostering a cybersecurity culture. The concept of cybersecurity culture can be understood as a set of rules regarding best cybersecurity practices expressed through either formal regulations or informal social norms and values. It refers to the norms spanning industries, individuals, governments that promote best cybersecurity practices, given that human error is one of the biggest security threats. Under polycentric governance, companies, as local communities, inherently harbor a wealth of valuable skills, indigenous knowledge, and capacity to surmount multifarious challenges, serving as a decision-making center. Therefore, it is essential to address problems at the community level, recognizing the potential for localized solutions.

The industry can cultivate a cybersecurity culture in two ways: by nurturing it within individual companies and by collectively developing a cybersecurity framework. Fundamentally, security cultures should be rooted in and aligned with the broader organizational culture (Nasir et al., Reference Nasir, Arshah, Ab Hamid and Fahmy2019; Uchendu et al., Reference Uchendu, Nurse, Bada and Furnell2021). Studies have shown that critical factors in fostering security culture include top management support, clear policies and procedures, and information security awareness and training. Specifically, without management support, cybersecurity initiatives may not appear significant to employees when weighed against their daily responsibilities (Uchendu et al., Reference Uchendu, Nurse, Bada and Furnell2021). It is critical to establish a community and an environment of trust to effectively implement and sustain a cybersecurity culture (Batteau, Reference Batteau2011). As mentioned, adversaries utilize APTs to execute precise and covert cyberattacks on organizations, often remaining concealed within enterprise networks for extended periods, sometimes months or even years (Mahmoud, Mannan, & Youssef, Reference Mahmoud, Mannan and Youssef2023). Research indicates that people are often the weakest point in the cybersecurity chain. Internal users may either intentionally disclose sensitive information to external entities or inadvertently provide valuable information to adversaries with sophisticated expertise and significant resources. Fostering a strong security culture becomes a crucial step in raising awareness to reduce the likelihood of APTs (Alshamrani et al., Reference Alshamrani, Myneni, Chowdhary and Huang2019, p. 1873). The ultimate goal is to build a “solid and effective human firewall” (Marotta & Pearlson, Reference Marotta and Pearlson2019, p. 9).

Furthermore, the Taiwanese industry and government can coordinate to establish a cybersecurity framework. Ideally, industry groups most familiar with best practices should be allowed to craft local rules, which can then be augmented and enforced (Shackelford, Reference Shackelford2013, p. 1353). Such a framework can be voluntary, at least in the beginning. One example is the cybersecurity framework developed by the National Institute of Standards and Technology (NIST). In response to Executive Order 13636, NIST employed a year-long process involving active dialogue with multiple stakeholders, establishing a bottom-up approach to cybersecurity (Peng, Reference Peng2018, p. 451; Shackelford et al., Reference Shackelford, Proia, Martell and Craig2015). A voluntary cybersecurity framework for Taiwan should also be created through an inclusive and transparent process, involving stakeholders from the private sector, civil society, and government. This would complement the Taiwanese government’s top-down approach. Different frameworks may address different risks, such as those related to cybersecurity, privacy, and artificial intelligence (AI). By promoting collaboration and drawing on best practices from both the public and private sectors, such an initiative would foster a culture of proactive and voluntary cyber defense measures.

The Community’s Role in Content Moderation in the Content Commons

In the content commons, online communities – including fact-checking initiatives – play a key role in maintaining the shared content ecosystem. Individuals within each community can collaborate to create a network for verifying and disseminating accurate information. The Taiwanese online community, in particular, ought to foster a strong sense of collective responsibility for content moderation, empowering individuals to actively shape and maintain a healthy online environment. Their goal is to counter information warfare at the local level. This approach should center on two key elements: first, fostering both cooperation and competition between professional and crowdsourced fact-checking initiatives and, second, implementing a multilevel governance framework.

First, professional and crowdsourced fact-checking initiatives can be perceived as decision-making centers within the context of polycentric governance. The proliferation of professional fact-checking outlets around the globe has experienced a remarkable growth, increasing from just eleven sites in 2008 to 424 in 2022 (Stencel, Ryan, & Luther, Reference Stencel, Ryan and Luther2023). Taiwan, in particular, boasts a robust environment for fact-checking centers, with organizations such as MyGoPen and Taiwan FactCheck Center. At the same time, Cofacts, a crowdsourced fact-checking center, focuses on local and daily matters, helping to mitigate the effects of everyday misinformation. Research indicates that Cofacts plays a complementary role alongside professional fact-checkers. It leverages the global, cross-language perspectives offered by professional fact-checking organizations while offering faster responses to fact-checking needs (Saeed et al., Reference Saeed, Traub, Nicolas, Demartini and Papotti2022). The overlapping jurisdictions between these two types of fact-checking initiatives are integral to the dynamic of polycentric governance, which guarantees competition and cooperation among themselves (Stephan, Marshall, & McGinnis, Reference Stephan, Marshall, McGinnis, Thiel, Garrick and Blomquist2019, p. 33).

A key aspect of a polycentric system is the concept of “nested enterprises,” where governance activities are organized in multiple layers of related governance regimes. Large tech companies and local administrators can be perceived as part of a nested ecosystem. Given that one of the central challenges within the content commons is the centralization of platforms, an approach to decentralizing platform power involves introducing intermediary layers of local administration. Research suggests several design implications for local administrators – platforms should support them in experimenting with community guidelines, sanctioning criteria, and automation settings; allowing for cross-cutting membership so users can participate in multiple communities; fostering healthy competition; holding decision-makers accountable for poor performance; and providing mechanisms for conflict resolution (Jhaver, Frey, & Zhang, Reference Jhaver, Frey and Zhang2021). This approach could be particularly impactful for local administrators on popular social media platforms in Taiwan, such as Facebook.com, Line.me, Instagram.com, ptt.cc, and dcard.tw. The goal is to involve volunteers of subcommittees in Taiwan to actively enforce platform moderation policies and help establish local community norms.

Conclusion

In conclusion, the development of internet governance has been driven by two distinct metaphors – the “cyberspace” metaphor and the “sovereignty” metaphor. The United States holds significant influence in promoting responsible state behaviors in the UN rooted in the “cyberspace” metaphor. This approach reflects the belief that voluntary measures provide greater flexibility and adaptability to address the multifaceted challenges of cyberspace. In contrast, China has made notable advancements in raising global awareness about the notion of “sovereignty.” This progress has contributed to a growing trend of nations adopting regulations and policies that emphasize state authority and control over the internet.

By embracing the metaphor of the internet as “commons,” the focus of internet governance can be directed toward governing various shared resources, including the “cable commons,” the “communications commons” and the “content commons.” This approach allows Taiwan to navigate the delicate balance between national and private control of the internet to protect its democratic system. Grounded in compelling evidence, Ostrom’s research on commons highlights that individuals from all walks of life possess the ability to voluntarily organize and establish rules to protect shared resources.

Polycentric governance offers a pathway to address the various challenges posed by cyberattacks. This approach acknowledges the benefits and constraints of multilevel regulation, underscores the importance of self-organization, and recognizes the vital role of internet governance from the local level. Taiwan’s efforts to defend its democracy in the digital realm extend beyond its borders, offering a blueprint for other nations navigating similar threats. Ultimately, Taiwan’s success in this endeavor will not only strengthen its own democratic system but also contribute to a more resilient, inclusive, and cooperative global digital ecosystem.

Footnotes

The author would like to thank Scott Shackelford, Michael D. McGinnis, Dan Cole, Fred Cate, Kenny Huang, Tim Waters, Craig Jackson, Oscar Engelbrektsson, and Mar Diez. Henao for their valuable comments. The author is also thankful for all the feedback received during the Defending Democracy Colloquium, the 2023 Asian Law School Association (ALSA) conference, the Maurer School of Law Graduate Colloquium, and the Young Digital Law Conference 2024.

References

中華民國 [Republic of China]. (2018, June 6). 資通安全管理法 [Information Security Management Law]. 全國法規資料庫 [Law & Regulation Database of The Republic of China (Taiwan)]. https://law.moj.gov.tw/LawClass/LawAll.aspx?pcode=A0030297Google Scholar
中華民國 [Republic of China]. (2022, June 8). 國家安全法 [National Security Law]. 全國法規資料庫 [Law & Regulations Database of The Republic of China (Taiwan)]. https://law.moj.gov.tw/LawClass/LawAll.aspx?pcode=A0030028Google Scholar
中華民國 [Republic of China]. (2019, June 19). 國家安全法 異動條文及理由 [National Security Law Amendments to the National Security Act and Explanatory Notes]. 立法院法律系統 [Legislative Yuan Law Database of the Republic of China (Taiwan)] https://lis.ly.gov.tw/lglawc/lawsingle?000918C978660000000000000000014000000004FFFFFD^01441108061900^00000000000Google Scholar
中華民國 [Republic of China]. (2023, June 28). 增訂並修正電信管理法條文-全國法規資料庫 [Update and amendments to the provisions of the Telecommunications Management Law]. 全國法規資料庫 [Laws & Regulations Database of The Republic of China (Taiwan)]. https://law.moj.gov.tw/News/NewsDetail.aspx?msgid=176197Google Scholar
數位中介服務法草案總說明 [General explanation of the draft Digital Intermediary Services Law]. (n.d.). https://ncc.gov.tw/chinese/files/22081/5542_47882_220811_1.pdfGoogle Scholar
國防部政治作戰局 [Department of Defense, Political Operations Bureau]. (n.d.). 中共網軍襲臺的案例與效應 [Cases and effects of the CCP’s cyber army’s attack on Taiwan]. 國防部政治作戰局 [Department of Defense, Political Operations Bureau]. https://gpwd.mnd.gov.tw/Download_File.ashx?id=2327Google Scholar
謝銘洋 [Mingyan, S.], 蔡易餘 [Yiyu, T.], 余宛如 [Wanju, Y.], 劉靜怡 [Jingyi, L.], 林明昕 [Minghsin, L.], 黃居正 [Chucheng, H.], & 邱文聰 [Wentsong, C.]. (2018, April). 「資通安全管理法」何去何從? [Where does the “Information Security Management Law” go from here?]. 月旦法學雜誌 [The Taiwan Law Review], 275, 156–167. https://doi.org/10.3966/102559312018040275012CrossRefGoogle Scholar
國家資通安全辦公室 [National Information Security Office]. (2021, September). 國家資通安全戰略報告: 資安即國安2.0 [National Information Security Strategy Report: Information Security is National Security]. https://scribd.com/document/679477578/資安及國安Google Scholar
新聞傳播處 [Press and Communication Department, Executive Yuan]. (2023, April 13). 政院通過「個人資料保護法」第1條之1、第48條、第56條修正草案設置個資保護獨立監督機關並提高個資外洩罰責. 行政院 [The political Yuan passed the draft amendments to Articles 1-1 48, and 56 of the “Personal Data Protection Las” to establish an independent supervision agency for personal information protection and increase penalties for personal information leakage]. 行政院 [Executive Yuan]. www.ey.gov.tw/Page/9277F759E41CCD91/2d6bb590-fa47-435f-818e-c196c25733e0Google Scholar
林穎佑 [Yingyou, L.]. (2013, March). 大陸網軍與APT攻擊 [Mainland CyberArmy and APT attacks]. 展望與探索 [Perspective and Exploration Monthly], 11(3), 95110.Google Scholar
林穎佑. [Yingyou, L.]. (2016, Fall). 中國近期網路作為探討:從控制到攻擊 (Discussion of recent China cyber operations: From control to attack). 台灣國際研究季刊, 12(3), 5168.Google Scholar
蔡震榮 [Zhenrong, C.]. (2019, July 14). 間諜罪防制修法之探討 [Discussion on the amendment to the prevention and control of espionage crime]. 台灣法學雜誌 [Taiwan Law Journal], 371, 2538.Google Scholar
曾于臻 [Yuzhen, Z.]. (2020, January 1). 網路安全對國家安全之重要性:以台灣的網路安全為例 [The importance of cybersecurity to national security: Taking Taiwan’s cybersecurity as an example]. 發展與前瞻學報 [Journal of Development and Prospect], 30(1), 526. https://doi.org/10.6737/JDP.202012_(30).01Google Scholar
李佳琪 [Jiaqi, L.]. (2023, February 24). 國安大漏洞!中國駭客盜賣台灣2300萬筆個資(圖) - 在地見聞- - (移動版) [Big national security loophole! Chinese hackers stole and sold 23 million pieces of personal information in Taiwan]. 看中国 [Vision Times]. www.secretchina.com/news/b5/2023/02/24/1029710.htmlGoogle Scholar
陳成良 [Chengliang, C.]. (2023, March 23). 中國黑手伸向海底電纜 外媒:台灣應反擊 [China’s black hands extend to undersea cables. Foreign media; Taiwan should fight back]. 自由時報 [The Liberty Times]. https://news.ltn.com.tw/news/life/paper/1573543Google Scholar
陳俐蓉 [Lirong, C.]. (2023, November 4). 數位中介服務法草案爭議問題 [Controversial Issues in the Draft Digital Intermediary Services Law]. Taiwan Artificial Intelligence Wise Agent Network. https://ai.iias.sinica.edu.tw/controversial-draft-digital-intermediary-service-act/Google Scholar
劉靜怡 [Jingyi, L.], & 徐彪豪 [Xu, B.]. (2018, January). 行政院版資通安全管理法草案評析 [Commentary on the Draft Information Security Management Law of the Executive Yuan]. 月旦法學雜誌 [The Taiwan Law Review], 272, 111–132. https://doi.org/10.3966/102559312018010272009Google Scholar
劉嘉偉 [Jiawei, L.], & 張家瑍 [Jiayuan, Z.]. (2021, June 1). 面對中共網軍威脅國家資訊網路安全之探討 [Discussion on the Security of the National Military Information Network in the Face of the Threat from the Chinese Communist Party’s Cyber Army]. 海軍學術雙月刊 [Naval Academic Bimonthly], 55(3), 118131. https://doi.org/10.6237/NPJ.202106_55(3).0008Google Scholar
111th Congress. (2010, February 23). Cybersecurity: Next steps to protect our critical infrastructure. GovInfo.Google Scholar
Alshamrani, A., Myneni, S., Chowdhary, A., & Huang, D. (2019, January). A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities. IEEE Communications Surveys & Tutorials, 21, 18511877. https://doi.org/10.1109/COMST.2019.2891891CrossRefGoogle Scholar
Balkin, J. M. (1999). Free speech and hostile environments. Columbia Law Review, 99(8), 22952320. https://doi.org/10.2307/1123612CrossRefGoogle Scholar
Barlow, J. P. (1996, February 8). A declaration of the independence of cyberspace. Electronic Frontier Foundation (EFF). https://eff.org/cyberspace-independence10.37514/RNT-J.1996.3.6.21CrossRefGoogle Scholar
Batteau, A. W. (2011). Creating a culture of enterprise cybersecurity. International Journal of Business Anthropology, 2(2). https://doi.org/10.33423/ijba.v2i2.1179Google Scholar
Beckman, R. (2014). Protecting Submarine Cables from intentional damage – The security gap. In Burnett, D. R., Beckman, R. C., & Davenport, T. (Eds.), Submarine cables: The handbook of law and policy (pp. 281297). Martinus Nijhoff.10.1163/9789004260337_014CrossRefGoogle Scholar
Benkler, Y. (2003). The political economy of commons. The European Journal for the Informatics Professional, 4(3), 69.Google Scholar
Boasson, E. L. (2018). Entrepreneurship: A key driver of polycentric governance? In Jordan, A., Huitema, D., van Asselt, H., & Forster, J. (Eds.), Governing climate change: Polycentricity in action? (pp. 117134). Cambridge University Press. https://doi.org/10.1017/9781108284646.008CrossRefGoogle Scholar
Bradford, A. (2023). Digital empires: The global battle to regulate technology. Oxford University Press.10.1093/oso/9780197649268.001.0001CrossRefGoogle Scholar
Broeders, D. (2021). The (im)possibilities of addressing election interference and the public core of the internet in the UN GGE and OEWG: A mid-process assessment. Journal of Cyber Policy, 6(3), 277297 https://doi.org/10.1080/23738871.2021.1916976CrossRefGoogle Scholar
Bruns, B. (2019). Practicing polycentric governance. In Thiel, A., Garrick, D. E., & Blomquist, W. A. (Eds.), Governing complexity: Analyzing and applying polycentricity. Cambridge University Press. https://doi.org/10.1017/9781108325721Google Scholar
Burnett, D. R. (2021). Submarine cable security and international law. International Law Studies, 97, 16591682.Google Scholar
Burwel, F., & Propp, K. (2020, June). The European Union and the search for digital sovereignty: Building “Fortress Europe” or preparing for a new world? Atlantic Council: Future Europe Initiative. https://atlanticcouncil.org/wp-content/uploads/2020/06/The-European-Union-and-the-Search-for-Digital-Sovereignty-Building-Fortress-Europe-or-Preparing-for-a-New-World.pdfGoogle Scholar
Carlisle, K., & Gruby, R. L. (2017). Polycentric systems of governance: A Theoretical model for the commons. Policy Studies Journal, 47(4), 927952. https://doi.org/10.1111/psj.12212CrossRefGoogle Scholar
Chertoff, M. (2014). The strategic significance of the internet commons. Strategic Studies Quarterly, 8(2), 1016.Google Scholar
Cole, D. H. (2015). Advantages of a polycentric approach to climate change policy. Nature Climate Change, 5, 114118. https://doi.org/10.1038/nclimate2490CrossRefGoogle Scholar
CompaniesMarketCap. (2023). Largest internet companies by market cap. Companies Market Cap. https://companiesmarketcap.com/internet/largest-internet-companies-by-market-cap/Google Scholar
Creemers, R., Webster, G., & Triolo, P. (2018, June 29). Translation: Cybersecurity Law of the People’s Republic of China (Effective June 1, 2017). DigiChina. https://digichina.stanford.edu/work/translation-cybersecurity-law-of-the-peoples-republic-of-china-effective-june-1-2017/Google Scholar
Davenport, T. (2015). Submarine cables, cybersecurity and international law: An intersectional analysis. Catholic University Journal of Law and Technology, 24(1), 57109, https://scholarship.law.edu/jlt/vol24/iss1/4Google Scholar
Diamond, L. (2009). The spirit of democracy: The struggle to build free societies throughout the world. St. Martin’s Publishing Group.10.56021/9780801893773CrossRefGoogle Scholar
Erie, M. S., & Streinz, T. (2021). The Beijing effect: China’s ‘Digital Silk Road’ as transnational data governance. New York University Journal of International Law and Politics, 54(1), 192.Google Scholar
European Agency for Cybersecurity. (2023, August 31). Dive into the deep sea: A view of the subsea cable ecosystem. The European Union Agency for Cybersecurity (ENISA). https://enisa.europa.eu/news/dive-into-the-deep-sea-a-view-of-the-subsea-cable-ecosystemGoogle Scholar
European Commission. (2019). Questionnaire to the Commissioner-Designate Thierry Breton. European Parliament. https://europarl.europa.eu/resources/library/media/20191113RES66410/20191113RES66410.pdfGoogle Scholar
Faust, R. (2023, September 12). Taiwan on the Frontline of China’s Information Operations. Power 3.0. Retrieved December 16, 2024, from https://power3point0.org/2023/09/12/taiwan-on-the-frontline-of-chinas-information-operations/Google Scholar
Fell, D. (2018). Government and politics in Taiwan. Routledge.10.4324/9781315643120CrossRefGoogle Scholar
Finnemore, M., & Hollis, D. B. (2016). Constructing norms for global cybersecurity. The American Journal of International Law, 110(3), 425479.10.1017/S0002930000016894CrossRefGoogle Scholar
Finnemore, M., & Sikkink, K. (1998). International norm dynamics and political change. International Organization, 52(4), 887917.10.1162/002081898550789CrossRefGoogle Scholar
Fortinet, . (2023, August 23). Global Threat Landscape Report: A Semiannual Report by FortiGuard Labs. https://fortinet.com/content/dam/fortinet/assets/threat-reports/threat-report-1h-2023.pdfGoogle Scholar
Fortinet. (2023, August 23). Fortinet report: Taiwan was attacked an average of nearly 15,000 times per second in the first half of 2023, ranking first in the Asia-Pacific. Fortinet.Google Scholar
Fortinet. (n.d.). Top 20 most common types of cyber attacks. Fortinet. https://fortinet.com/resources/cyberglossary/types-of-cyber-attacksGoogle Scholar
Freedom House. (n.d.). Taiwan: Country Profile. Freedom House. https://freedomhouse.org/country/taiwanGoogle Scholar
Frischmann, B. M. (2007). Cultural environmentalism and the wealth of networks. The University of Chicago Law Review, 74(3), 10831143.Google Scholar
Frischmann, B. M. (2013). Infrastructure: The social value of shared resources. Oxford University Press.Google Scholar
Hardin, G. (1968). The tragedy of the commons. Science, 162(3859), 12431248. https://doi.org/10.1126/science.162.3859.1243CrossRefGoogle ScholarPubMed
Hardy, T. (1994). The proper legal regime for ‘cyberspace’. University of Pittsburgh Law Review, 55, 9931055.Google Scholar
Hess, C. (1996, March). Untangling the web: The internet as a commons. Indiana University. https://dlc.dlib.indiana.edu/dlc/bitstream/handle/10535/327/Untangling_the_Web96.pdf?sequence=1&isAllowed=yGoogle Scholar
Hess, C., & Ostrom, E. (2003, Winter). Ideas, artifacts, and facilities: Information as a common-pool resource. Law and Contemporary Problems, 66, 111146.Google Scholar
Hess, C., & Ostrom, E. (2007). Introduction: An overview of the knowledge commons. In C. Hess & E. Ostrom (Eds.), Understanding knowledge as a commons: From theory to practice. MIT Press.Google Scholar
Housen-Couriel, D. (2022). Information sharing as a critical best practice for the sustainability of cyber peace. In Shackelford, S. J., Douzet, F., & Ankersen, C. (Eds.), Cyber peace: Charting a path toward a sustainable, stable, and secure cyberspace (pp. 3963). Cambridge University Press. https://doi.org/10.1017/9781108954341.003CrossRefGoogle Scholar
Hunter, D. (2003). Cyberspace as place and the tragedy of the digital anticommons. California Law Review, 91(2), 439519. https://doi.org/10.2307/3481336CrossRefGoogle Scholar
ISO. (1994, November). ISO.IEC 7498-1:1994 – Information technology – open systems interconnection – basic reference model: The basic model. ISO. https://iso.org/standard/20269.htmlGoogle Scholar
Jhaver, S., Frey, S., & Zhang, A. (2021). Decentralizing platform power: A design space of multi-level governance in online social platforms. Journal of the ACM, 47(4), 110. https://doi.org/10.48550/arXiv.2108.12529Google Scholar
Johnson, D. R., & Post, D. (1996). Law and borders: The rise of law in cyberspace. Stanford Law Review, 48(5), 13671402. https://doi.org/10.2307/1229390CrossRefGoogle Scholar
Kerr, O. S. (2003). The problem of perspective in internet law. Georgetown Law Journal, 91, 357362. https://dx.doi.org/10.2139/ssrn.310020Google Scholar
Kosinski, M. (2024, May 24). What is a Data Breach? IBM. Retrieved July 3, 2025, from https://ibm.com/think/topics/data-breachGoogle Scholar
Lee, L. M.-C., Tseng, P.-Y., Kao, S.-S. W., Wu, M.-H., & Shen, P. (2020). Deafening Whispers China’s Information Operation and Taiwan’s 2020 Election. Doublethink Lab. https://drive.google.com/file/d/1FW35t93GvMJ3W6rqbPhAm6lNZ4uy66jD/viewGoogle Scholar
Leiner, B. M., Cerf, V. G., Clark, D. D., Kahn, R. E., Kleinrock, L., Lynch, D. C., et al. (1997). Brief history of the internet. Internet Society. https://internetsociety.org/wp-content/uploads/2017/09/ISOC-History-of-the-Internet_1997.pdfGoogle Scholar
Lemley, M. A. (2003). Place and cyberspace. California Law Review, 91, 357405.10.2307/3481337CrossRefGoogle Scholar
Lemley, M. A. (2021). The splinternet. Duke Law Journal, 70(6), 13971427. https://dx.doi.org/10.2139/ssrn.3664027Google Scholar
Lessig, L. (1996). Reading the constitution in cyberspace. Emory Law Journal, 45(3), 869910. https://dx.doi.org/10.2139/ssrn.41681Google Scholar
Lessig, L. (1999). Code: And other laws of cyberspace. Basic Books.Google Scholar
Lessig, L. (2001). The future of ideas: The fate of the commons in a connected world. Knopf Doubleday Publishing Group.Google Scholar
Lotrionte, C. (2013). A better defense: Examining the United States’ new norms-based approach to cyber deterrence. Georgetown Journal of International Affairs, (2013–14), 75–88.Google Scholar
Mahmoud, M., Mannan, M., & Youssef, A. (2023, March 31). APTHunter: Detecting advanced persistent threats in early stages. Digital Threats: Research and Practice, 4(1), 131 https://doi.org/10.1145/3559768CrossRefGoogle Scholar
Mainland Affairs Council, Republic of China (Taiwan). (2005, March 29). The Official Position of the Republic of China (Taiwan) on the People’s Republic of China’s Anti-Secession (Anti-Separation) Law. General Policy Archives (1994–2008). https://mac.gov.tw/en/News_Content.aspx?n=8A319E37A32E01EA&sms=2413CFE1BCE87E0E&s=D1B0D66D5788F2DEGoogle Scholar
Marotta, A., & Pearlson, K. E. (2019, July). A culture of cybersecurity at Banca Popolare di Sondrio (Working Paper No. CISL# 2019-07). MIT Management Sloan School. https://web.mit.edu/smadnick/www/wp/2019-07.pdfGoogle Scholar
Martin, H. (2019, September 29). Undersea espionage: Who owns underwater internet cables? The McGill International Review. https://mironline.ca/undersea-espionage-ownership-of-underwater-internet-cables/Google Scholar
McDaniel, C., & Zhong, W. (2022, August 29). Submarine cables and container shipments: Two immediate risks to the US economy if China invades Taiwan. Mercatus Center, George Mason University. https://mercatus.org/research/policy-briefs/submarine-cables-and-container-shipments-two-immediate-risks-us-economy-if.Google Scholar
McGinnis, M., & Ostrom, E. (1992). Design principles for local and global commons. Conference on “Linking Local and Global Commons”. Harvard Center for International Affairs. https://researchgate.net/profile/Muhammad_Rafique15/post/Is_there_any_research_and_articles_that_assess_Ostrom_principles_by_statistical_approach_or_econometrics/attachment/59d64158c49f478072eaacca/AS%3A273795674247171%401442289384859/download/design+principles.pdfGoogle Scholar
McKune, S., & Ahmed, S. (2018). Authoritarian practices in the digital age: The contestation and shaping of cyber norms through China’s internet sovereignty agenda. International Journal of Communication, 12, 38353855.Google Scholar
Miller, M. (2022, August 2). Taiwan presidential office website hit by cyberattack ahead of Pelosi visit. Politico. https://politico.com/news/2022/08/02/taiwan-presidential-office-website-hit-by-cyberattack-ahead-of-pelosi-visit-00049255Google Scholar
Ministry of Foreign Affairs of the People’s Republic of China. (2011, September 12). International Code of Conduct for Information Security. Ministry of Foreign Affairs of the People’s Republic of China. https://fmprc.gov.cn/eng/wjdt_665385/2649_665393/201109/t20110913_679318.htmlGoogle Scholar
Ministry of Foreign Affairs of the People’s Republic of China. (2022, October 25). Full text of the report to the 20th National Congress of the Communist Party of China. Ministry of Foreign Affairs of the People’s Republic of China. https://mfa.gov.cn/eng/xw/zyjh/202405/t20240530_11341666.htmlGoogle Scholar
Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communications Review, 34(2), 3954.10.1145/997150.997156CrossRefGoogle Scholar
Mueller, M. L. (2020, December). Against sovereignty in cyberspace. International Studies Review, 22(4), 779801. https://doi.org/10.1093/isr/viz044CrossRefGoogle Scholar
Myers, R. H., & Chao, L. (2003). The first Chinese democracy: Political life in the Republic of China on Taiwan. Johns Hopkins University Press.Google Scholar
Nasir, A., Arshah, R. A., Ab Hamid, M. R., & Fahmy, S. (2019). An analysis on the dimensions of information security culture concept: A review. Journal of Information Security and Applications, 44, 1222. https://doi.org/10.1016/j.jisa.2018.11.003CrossRefGoogle Scholar
Ostrom, E. (2010). Beyond markets and states: Polycentric governance of complex economic systems. American Economic Review, 100(3), 641672. https://doi.org/10.1257/aer.100.3.641CrossRefGoogle Scholar
Ostrom, E. (2012). 5 polycentric systems: Multilevel governance involving a diversity of organizations. In Brousseau, E., Dedeurwaerdere, T., Jouvet, P.-A., & Willinger, M. (Eds.), Global environmental commons: Analytical and Political challenges in building governance mechanisms (pp. 105125). Oxford University Press. https://doi.org/10.1093/acprof:oso/9780199656202.003.0005CrossRefGoogle Scholar
Ostrom, E. (2015). Governing the commons: The evolution of institutions for collective action. Cambridge University Press https://doi.org/10.1017/CBO9781316423936CrossRefGoogle Scholar
Ostrom, V., Tiebout, C. M., & Warren, R. (1961). The organization of government in metropolitan areas: A theoretical inquiry. The American Political Science Review, 55(4), 831842. https://doi.org/10.2307/1952530CrossRefGoogle Scholar
Peng, S. (2018). “Private” cybersecurity standards? Cyberspace governance, multistakeholderism, and the (ir)relevance of the TBT regime. Cornell International Law Journal, 51(2), 445469.Google Scholar
Perritt, H. H., Jr. (1997). Cyberspace self-government: To democracy or rediscovered royalism? Berkeley Technology Law Journal, 12(2), 413482.Google Scholar
Reidenberg, J. R. (1998). Lex informatica: The formulation of information rules through technology. Texas Law Review, 76(3), 553593.Google Scholar
Saeed, M., Traub, N., Nicolas, M., Demartini, G., & Papotti, P. (2022). Crowdsourced fact-checking at Twitter: How does the crowd compare with experts? CIKM ‘22: Proceedings of the 31st ACM International Conference on Information & Knowledge Management, 1736–1746. https://doi.org/10.1145/3511808.3557279CrossRefGoogle Scholar
Scholte, J. A. (2017). Polycentrism and democracy in internet governance. In Kohl, U. (Ed.), The net and the nation state: Multidisciplinary perspectives on internet governance (pp. 165184). Cambridge University Press. https://doi.org/10.1017/97811316534168.012CrossRefGoogle Scholar
Shackelford, S., Proia, A. A., Martell, B., & Craig, A. (2015). Toward a global cybersecurity standard of care? Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices. Texas International Law Journal, 50, 303330.Google Scholar
Shackelford, S. J. (2013). Toward cyberpeace: Managing cyberattacks through polycentric governance. American University Law Review, 62(5), 12731364.Google Scholar
Shackelford, S. J. (2020). Governing new frontiers in the information age: Toward cyber peace. Cambridge University Press. https://doi.org/10.1017/9781108604000CrossRefGoogle Scholar
Shan, S. (2022, September 8). NCC halts drafting of controversial online legislation. Taipei Times. https://taipeitimes.com/News/taiwan/archives/2022/09/08/2003784968Google Scholar
Shiffman, G., & Gupta, R. (2013). Crowdsourcing cyber security: A property rights view of exclusion and theft on the information commons. International Journal of the Commons, 7(1), 92112. https://doi.org/10.18352/ijc.343CrossRefGoogle Scholar
Stencel, M., Ryan, E., & Luther, J. (2023, June 21). Misinformation spreads, but fact-checking has leveled off. Duke Reporters’ Lab https://reporterslab.org/misinformation-spreads-but-fact-checking-has-leveled-off/Google Scholar
Stephan, M., Marshall, G., & McGinnis, M. (2019). An introduction to polycentricity and governance. In Thiel, A., Garrick, D., & Blomquist, W. A. (Eds.), Governing complexity: Analyzing and applying polycentricity (pp. 2144). Cambridge University Press. https://doi.org/10.1017/9781108325721CrossRefGoogle Scholar
Taiwan: Political and Security Issues. (2023, June 13). CRS Report No. IF10275, Version 76. https://crsreports.congress.gov/product/pdf/IF/IF10275/76Google Scholar
Takeshita, H., Sato, M., Inada, Y., de Gabory, E. L. T., & Nakamura, Y. (2019). Past, current and future technologies for optical submarine cables. 2019 IEEE/ACM Workshop on Photonics-Optics Technology Oriented Networking, Information and Computing Systems (PHOTONICS), 36–42. https://doi.org/10.1109/PHOTONICS49561.2019.00011CrossRefGoogle Scholar
TeleGeography. (n.d.). Submarine Cable FAQs. TeleGeography. https://telegeography.com/submarine-cable-faqs-frequently-asked-questionsGoogle Scholar
The 9 principles. (n.d.). Paris Call for Trust and Security in Cyberspace. https://pariscall.international/en/principlesGoogle Scholar
The Hague Centre for Strategic Studies. (n.d.). Global Commission on the Stability of Cyberspace: Norms: The rules of the road. The Hague Centre for Strategic Studies. https://hcss.nl/gcsc-norms/Google Scholar
The White House. (2023, March 1). National cybersecurity strategy. The White House https://whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdfGoogle Scholar
Theohary, C. A. (2018, March 5). Information warfare: Issues for Congress (CRS Report No. R45142). https://crsreports.congress.gov/product/pdf/R/R45142Google Scholar
Uchendu, B., Nurse, J. R. C., Bada, M., & Furnell, S. (2021). Developing a cyber security culture: Current practices and future needs. Computers & Security, 109 https://doi.org/10.1016/j.cose.2021.102387CrossRefGoogle Scholar
United Nations General Assembly. (2015). Group of governmental experts on developments in the field of information and telecommunications in the context of international security. United Nations Digital Library https://digitallibrary.un.org/record/799853#record-files-collapse-headerGoogle Scholar
United Nations General Assembly. (2021). Open-ended working group on developments in the field of information and telecommunications in the context of international security: Final Substantial Report. United Nations General Assembly. https://front.un-arm.org/wp-content/uploads/2021/03/Final-report-A-AC.290-2021-CRP.2.pdfGoogle Scholar
von der Leyen, U. (2020, February 19). Shaping Europe’s digital future: Op-ed by Ursula von der Leyen, President of the European Commission. European Commission. https://ec.europa.eu/commission/presscorner/detail/es/ac_20_260Google Scholar
Wall, C., & Morcos, P. (2021, June 11). Invisible and vital: Undersea cables and transatlantic security. CSIS. https://csis.org/analysis/invisible-and-vital-undersea-cables-and-transatlantic-securityGoogle Scholar
Wang, A. (2020). Cyber sovereignty at its boldest: A Chinese perspective. The Ohio State Technology Law Journal, 16(2), 395466. http://hdl.handle.net/1811/92276Google Scholar
Wu, C.-H. (2021). Sovereignty fever: The territorial turn of global cyber order. Heidelberg Journal of International Law, 81(3), 651676. https://doi.org/10.17104/0044-2348-2021-3-651CrossRefGoogle Scholar
Wu, E. (2021, July). Sovereignty and data localization. The Cyber Project, Belfer Center for Science and International Affairs, Harvard Kennedy School. https://live-hksbelfer.pantheonsite.io/sites/default/files/2021-07/SovereigntyLocalization.pdfGoogle Scholar

Accessibility standard: WCAG 2.2 AAA

Why this information is here

This section outlines the accessibility features of this content - including support for screen readers, full keyboard navigation and high-contrast display options. This may not be relevant for you.

Accessibility Information

The HTML of this book complies with version 2.2 of the Web Content Accessibility Guidelines (WCAG), offering more comprehensive accessibility measures for a broad range of users and attains the highest (AAA) level of WCAG compliance, optimising the user experience by meeting the most extensive accessibility guidelines.

Content Navigation

Table of contents navigation
Allows you to navigate directly to chapters, sections, or non‐text items through a linked table of contents, reducing the need for extensive scrolling.
Index navigation
Provides an interactive index, letting you go straight to where a term or subject appears in the text without manual searching.

Reading Order & Textual Equivalents

Single logical reading order
You will encounter all content (including footnotes, captions, etc.) in a clear, sequential flow, making it easier to follow with assistive tools like screen readers.
Short alternative textual descriptions
You get concise descriptions (for images, charts, or media clips), ensuring you do not miss crucial information when visual or audio elements are not accessible.
Full alternative textual descriptions
You get more than just short alt text: you have comprehensive text equivalents, transcripts, captions, or audio descriptions for substantial non‐text content, which is especially helpful for complex visuals or multimedia.
Visualised data also available as non-graphical data
You can access graphs or charts in a text or tabular format, so you are not excluded if you cannot process visual displays.

Visual Accessibility

Use of colour is not sole means of conveying information
You will still understand key ideas or prompts without relying solely on colour, which is especially helpful if you have colour vision deficiencies.
Use of high contrast between text and background colour
You benefit from high‐contrast text, which improves legibility if you have low vision or if you are reading in less‐than‐ideal lighting conditions.

Save book to Kindle

To save this book to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×