Imagine being seventeen years old in 2032. You want to send a flirtatious message to your boyfriend. Before it can even leave your phone, it is scanned, classified, and judged by software that reports suspicious activity to authorities. You have never experienced a different Internet, so this seems normal. The strange thing, from your perspective, is that there was ever a time when people were trusted to communicate privately at all.

This isn’t much of a science fiction dystopia. We’re already half-way there. This week, UK Prime Minister Keir Starmer foreshadowed that technology companies will be mandated to make it impossible for devices used by children and teenagers to record or display an image of nudity. Never mind that everyday nudity is a part of ordinary human experience for all of us. From sex ed lessons, to teen-favourite movies such as Titanic, to skinny dipping with friends – or even having sex, for older teens – nudity does exist for young people outside of an abusive context. But the new Internet is a zone in which nudity and sex will no longer exist for future generations of young people.

It doesn’t stop with sexual content. In an announcement from Apple this week, it announced its expansion of the on-device Communication Safety feature that had prompted Starmer’s pronouncement of the nudity-blocking mandate. Apple writes that the feature “will also intervene to block gore or violent content when detected in shared images or videos.” I’ve worked in trust and safety for long enough to know that there is no way that an on-device AI classifier can reliably classify violent content without full context. It takes no imagination to see how this will play out with a youngster who suffers an injury on the sports field and wants to record it for their parent or doctor.

I’ve also been around long enough to know that these features won’t be limited to hobbling device capabilities for children. There is no doubt that adults will also be navigating newly permissioned spaces, with their own devices as gatekeepers. In my last article I related how the UK has been criminalising a steadily growing list of kinky porn subgenres. One can easily foresee calls for device-level blocking of such material for everyone, enforced not by courts or police, but by the devices in our pockets. And once that principle is accepted, there is no obvious stopping point. Whatever content the government of the day regards as sufficiently dangerous, offensive, unhealthy, or undesirable can simply be added to the list.

The real question that I want to cover in this article is, is it all too late now? Have child safety crusaders and populist governments effectively managed to manufacture consent for the transformation of our own digital devices into government-controlled spying and censorship tools? Have we lost the free and open Internet forever?

Some personal history

I recently moved back to Western Australia, where my experience in digital rights advocacy began thirty years ago. In 1996, I was volunteering for the Australian Public Access Network Association at a time when the state first proposed to amend its classification legislation to extend censorship rules into the new online environment. Within a few years I was lobbying for the Western Australian Internet Association, Electronic Frontiers Australia, and the Internet Society of Australia against a raft of misguided proposals for the regulation of the early Internet.

Compared to what we know today, that early Internet really was a Wild West. For one thing, CSAM was far more ubiquitous, with discussion boards dedicated for that purpose being carried by mainstream ISPs, and commercial child erotica websites sending sample images around in their spam marketing emails. So it was clear that this ungoverned space needed a bit more order to be brought to it, but there was contention about who should impose that order. When governments began to put their hands up for the task, my own advocacy shifted from the local to the global level to suggest a better option.

In my PhD thesis, later published as a 2008 book, I argued that because the Internet is transnational, governance that is led by states suffers from a democratic deficit. A multi-stakeholder Internet governance mechanism is therefore needed not merely as a matter of inclusiveness, but as a source of legitimacy. This observation applies equally today as it did then: consider that Kier Starmer’s laws for the Internet will have global repercussions on those who never voted in any UK election. For national governments to be primary drivers of Internet policy is thus inherently overreaching and wrong.

Compounding this inherent democratic deficit, the wedge issue of child safety is one on which democracy is especially bad at reaching nuanced solutions. Once an issue is framed as “protecting children versus siding with predators,” it becomes politically dangerous to acknowledge trade-offs, unintended consequences, or evidentiary uncertainty. Policymakers can become reluctant to ask questions such as: Does this law actually reduce abuse? Could it criminalize harmless conduct? What are the privacy costs? Are enforcement resources being diverted from real victims?

Deliberative democratic theorists such as Jürgen Habermas argue that good policy emerges from reasoned discussion, evidence, expertise, and the consideration of competing values. My notion was that the then-new Internet Governance Forum might be a venue where such policy discussions could be had, rather than allowing Internet policy to be driven by tabloid outrage and populist domestic politics. Things didn’t quite pan out that way; one of my main critiques being that the IGF had settled into the less ambitious role of just being an annual multi-stakeholder Internet governance conference. But today, even that watered-down model of civil society participation in global Internet governance is under threat, as evidenced by the ability of governments to cancel this year’s RightsCon, a thriving civil society-led IGF-alternative.

Combined with a massive reduction in funding available to civil society groups for advocacy work (the subject of many complaints from RightsCon delegates), and the ineffectual support that the philanthropic sector has ever offered for critiques of measures packaged as child protection, it saddens me that 20 years after I expressed my vision for its future, “multi-stakeholderism” in Internet governance has become little more than a buzzword to whitewash governmental and Big Tech hegemony.

So to return to the question previously raised, have we lost the free and open Internet forever? Signs point to yes. As Alexia Maddox recently pointed out, “No government repeals a signature child protection measure. The political ratchet only goes one way.” On the other hand, history rarely moves in a straight line, and technologies that centralise power often provoke counter-movements that redistribute it. But for the first time in my thirty years of digital rights advocacy, I find it difficult to identify where such a counter-movement is supposed to come from. 

The free and open Internet has not disappeared overnight. Rather, it is being transformed piece by piece into something more managed, more permissioned, and more surveilled. The danger is not that this transformation will be imposed against public will. The danger is that it will occur with public approval, until eventually nobody remembers that another model ever existed.

Pivoting to resistance

So, where does that leave us? I remain pessimistic about the prospects for a large-scale political reversal. Governments have discovered that child safety is an extraordinarily effective justification for expanding control. Technology companies have learned that compliance is usually easier than resistance. Civil society organisations are weaker and poorer than they have been in decades. And the next generation will grow up having never experienced an Internet that was genuinely open.

That leaves a second path: technological self-defence. If there is reason for optimism, it lies in the fact that attempts to centrally control communications networks have failed before. Before the Internet took off, governments, telecommunications authorities, and standards bodies had all agreed to push an alternative government-led network model that placed national authorities at the pinnacle of its hierarchical design (the Internet Open Systems Interconnection (OSI) protocol suite, which I write about in my book). This was a dismal failure, largely because users rejected it in favour of the Internet’s decentralised, permissionless model.

Since then, whenever political institutions have failed to defend online freedom, technical systems often have, acting as safety-valves against online repression. From the closure of Napster spawning decentralised file-sharing networks, to the rise of Tor in response to surveillance, attempts to centralise control have repeatedly been met by technologies designed to evade, bypass, or resist that control. If there is a counter-movement today, it is not coming from governments, major platforms, or international institutions. It is coming from the continued existence of tools that allow individuals to retain a measure of autonomy over how they communicate, browse, and compute.

For now, those tools still exist. Encrypted messaging apps such as Signal remain outside many of the content-scanning regimes being proposed for mainstream messaging platforms. The Tor browser and network continues to provide a practical means of resisting identification and censorship mandates. Even alternative operating systems such as Linux and GrapheneOS remain available for those unwilling to surrender complete control of their devices.

It’s true that resorting to these tools will increasingly be treated as suspicious and reportable behaviour, or even be criminalized directly. Activists working under genuinely authoritarian regimes are already familiar with this dynamic. Yet the more widely freedom-preserving technologies are adopted by ordinary users, the more difficult it becomes to portray their use as inherently suspicious. Privacy, anonymity, and freedom from surveillance should not be niche demands of dissidents and technologists. They are ordinary conditions of a free society.

Conclusion

The future of the open Internet may depend less on persuading governments to relinquish power than on ensuring that enough people continue exercising the freedoms that governments seek to constrain. We still have that choice. We can quietly accept a future in which every online interaction is mediated, monitored, and permissioned. Or we can continue building and using technologies that preserve the Internet’s original character as a network for human autonomy rather than administrative control.

Tyranny rarely ends because it discovers moderation. It ends because its excesses become impossible to sustain. Once a tipping point of resistance is reached, the control that governments do retain over their walled-garden Internet will become increasingly irrelevant. The history of communications technology is littered with examples of decentralised systems outlasting the institutions that sought to regulate or replace them.

Whether the specific privacy technologies mentioned here hold the key is impossible to know. Some will be outlawed, some will be compromised, and some will simply become obsolete. But if the free and open Internet has any future at all, it is unlikely to be because governments voluntarily relinquished power. It will be because enough people decided that some freedoms were worth preserving and used the tools available to preserve them.

So let’s resist while we still can, in the hope of seeding a network that will outlast the restrictions that governments are placing upon the Internet we know.