Project Galileo presents: The Future of the Free and Open Internet

Thank you very much. Well, good afternoon, everyone. Hello again. My name is Patrick Day.

I'm head of the impact team here at Cloudflare. Thank you so much for being here to help us celebrate the 10th anniversary of Project Galileo.

Before we get started, I just want to say a special thank you to the National Endowment for Democracy for making use of this beautiful space for the event today and all the support.

So thank you. I think we're going to see Damian Wilson, the CEO of NED, shortly in the program.

But thank you to Daniel O'Malley and the NED team for making this such a smooth process.

So for those of you who are not familiar with Project Galileo, it's a Cloudflare program to provide free cybersecurity services to vulnerable individuals and communities around the world.

We offer services to journalists and human rights defenders, humanitarian organizations, political opposition.

Our goal is to sort of make cybersecurity services like DDoS protection, web application firewall, other tools to help protect internal teams and data available to organizations that need them the most so that they can stay online and do their work.

So we have an incredible panel here today. We're going to do a basic run of show.

We're going to have two discussion sessions starting with our panel here today.

I will kick it over to Jason Pielmeier, the Director of the Global Network Initiative, to get us started.

So thank you, Jason. Let me just echo the thanks to colleagues at the NED for hosting us in your beautiful new space and all of you guys for coming out today.

Can't think of a better group of people to bring together, State Department, National Endowment for Democracy, Cloudflare, to talk about Internet freedom, some of the challenges and the future opportunities that we have.

So really, really excited to be here. It's a pleasure. Matthew, I think I'll turn to you first to tell us a little bit about Project Galileo since that is the anniversary that we're here to celebrate.

I think probably safe to assume that most people in this room understand the basics of the program, but I would love to hear more about the history and kind of how it came about and how it's evolved over the years.

Yeah, well, first of all, thank you so much for moderating. I understand that you got out of jury duty to be here.

So that actually kind of sets the bar pretty low in terms of expectations.

I remember really clearly the day that we realized that we needed to start Galileo.

It was in 2014. We were a much smaller company at the time.

At the time, we had a free version of our service, but if you got a big enough attack, then we'd kick you off that free version of the service because you'd be using resources and resources were limited.

We tried to have some kind of understanding of what were important either geopolitically or politically or socially organizations.

Our team, again, was I think incredibly thoughtful about that, but we're computer scientists more than political scientists.

So sometimes we got it wrong. The time that it struck me was I would get a report every night of what got kicked off the night before, and I'd read it on my walk from my apartment in San Francisco into our office, which was at the corner of 2nd and Townsend Street.

I was looking through it, and it's usually a bunch of things that were kind of unsavory, and no one really minded if they weren't online, like Chinese gambling sites and random other things that would get attacked.

And I got to one, and I read it, and I was like, that seems kind of familiar.

Didn't totally recognize it, but it sounded like something. And I tried to go to the site, and the site wasn't loading because it was under a cyber attack.

And so I Googled around and found it, and the site was one of the largest independent newspapers in Ukraine.

And Russia had, the night before, launched their first invasion in Ukraine, taking over Crimea.

And before they did that, they attacked first of all the payments and financial infrastructure in Ukraine, and then they attacked a lot of the media organizations in Ukraine.

In this particular case, this media organization came under attack, and they quickly signed up for the free version of our service.

They actually tried to pay us, but the financial infrastructure was down, so their credit card didn't go through.

And our team, there was a 26-year-old, really bright young man who was working on our technical operations team, gets an alert that this one site, because it's basically all of the Russian government is trying to knock them offline, it's consuming excess resources.

And he takes a look at the page, and it's all in Cyrillic, and pictures of guys with guns, and he thinks this probably doesn't look like anything important, and pushes a button and kicks them off the Internet.

And that was one of those moments where you're just like, whoa, what we were doing could have been so helpful toward getting the story out about what was happening with the Russian invasion of Crimea, but we just actually made the problem worse.

And I think the entire team, first of all, not the 26-year-old's fault.

He followed exactly what our process was.

The fault was that we as an organization didn't have that understanding or expertise when our services were needed, and when they were supporting something that was more important simply than us being able to get paid or collect something.

And so out of that was born the idea that we should identify what are politically or artistically important organizations for which, even if they couldn't afford to pay us, we should extend the full set of our services, just because it was the right thing to do.

And then the next challenge was, okay, how do we pick what's politically or artistically important?

And again, we're computer scientists, not political scientists, and we have our own blind spots and biases and all kinds of things.

And so we said, well, what if we went out and we actually searched for political scientists?

We searched for people who were experts in these various institutions.

And we thought it was actually really important that it covered the political spectrum.

And it's actually quite easy to find at least the first handful of partners that were on sort of the more liberal side of things.

I remember calling up Cato and Heritage and a bunch of people and saying, hey, we'd love you to help out with this and let us know if there's something even on the sort of more right side of the spectrum that deserves support.

And they're like, what's in this for you? And they couldn't quite figure out why we were doing it.

And finally, we convinced them and convinced a bunch of others.

And it's been, I still get the emails every time someone applies for the program, some time one of these partners suggests it.

And it's just incredibly rewarding to both be able to help those organizations that are in need, but then also to work with the greater civil society community across the political spectrum to say that we as a technology company that's providing critical infrastructure, we believe that it is incumbent on us to be making sure that that's available to, again, these organizations that are in need.

And we want to partner with you because you understand the policy implications in parts of the world that we just never will have the same expertise around.

And so this is a program that's incredibly close and dear to my heart.

It's baked into the DNA of the company.

And it's amazing to think that it's been 10 years since we made that first mistake.

And I'm proud of the fact that we've corrected a lot since then.

That's great. Learning from mistakes is a big part of corporate leadership and government leadership and leadership generally.

So thank you for that story and that kind of context, I think.

We'll come back to some of those themes around the importance of civil society and the roles and responsibilities of business.

But Eileen, let me turn to you next and broaden the conversation out a little bit by way of sort of soft bio.

You've had a lot of really interesting experiences. You and I first worked together when you were the U.S.

Ambassador to the Human Rights Council in Geneva.

You have since worked in civil society at Human Rights Watch. You've worked in academia at Stanford.

You're back in the government now. You've worked with the private sector doing some help to different companies, including serving within the Global Network Initiative as an academic member.

So I would love to just hear a little bit of your reflection on those different sectors or stakeholder groups and the important complementarity that exists between them when it comes to Internet freedom.

Great. Well, first off, this is my idea of a superb conversation and community in which to have it, in part because it is multistakeholder.

And I used to say I'm kind of a strange multistakeholder animal and a little bit different from most.

But the reality is many people in this community actually are cross-stakeholder people.

And I will say even, Matthew, what you just described really gets at this idea that technology companies are in the business of protecting the global, open, interoperable, secure, reliable, free Internet, which links directly to freedom of expression and ultimately to protection of democracy.

And that's a tech company that most people may not understand the links between cybersecurity and free expression and why protecting the global, open Internet matters so much to democracy and open societies and free expression.

But what you've chosen to make your mission and put at the core of what you do is a reflection of this cross-stakeholder reality.

And we all need to be thinking about the implications.

You can't just stick your head in the sand because you're a tech company.

You are operating in the societies around the world, and you're having a significant impact, and you make a difference.

So I'll lead with that. My own experience, you know, I have jumped around.

I actually started as a tech litigator way back out of law school.

But the thing that has made it possible for me to jump stakeholder groups is that I feel like there has been an integrity and continuity in terms of what I actually care about.

And regardless of whether I've been in government or in the private sector or, you know, working with the private sector, really, and academia, civil society, I have been able to be an advocate for human rights, free expression, the open Internet, you know, democratic society, and elevating the importance of technology to all of those things.

And so it's sort of like this cross-sector experience has been really valuable.

I sort of have the heart of an advocate. I have intellectual needs. Academia, you get to dig deep, and you have tremendous autonomy, a little less relevance policy-wise.

Civil society can be less pragmatic and have less influence. Government, I would say you do have to get things cleared.

And you have to be aware of tone and word choice.

But I have never had to compromise on kind of my true north.

And that's what's made it possible. And I feel like the space we're in naturally brings together these different communities who all need to work together.

Wonderful.

No, that's great to hear. I think that sort of through line across these different sectors and sort of approaches is what really allows for multistakeholderism to realize a certain potential and impact in the Internet governance and tech policy space that you don't necessarily see in other sectors.

Aileen, I'm going to stick with you for the next question, because I want to kind of bring us up to where we are today.

You were the U.S. ambassador to the Human Rights Council in 2012 when the very first Human Rights Council resolution on Internet freedom was proposed and negotiated and eventually passed.

And that resolution has now gone through many iterations and has built on itself.

And there's more elaborate language there.

But that was a really marquee moment, really putting Internet freedom into not only sort of foreign policy but into human rights context.

And obviously a lot has happened since then. But I would love to just hear some quick reflections from you about sort of that initial moment and sort of how different governments, including some of the governments that we now see as more adversarial to Internet freedom, have responded and where we are today that's different from where we were 12 years ago.

Great question. I feel like I was very lucky to be there at that moment, sort of that founding moment.

That was sort of the height of the Internet freedom movement.

And this was the first U.N. resolution. And it was the first time there really was this official linkage between human rights and the open Internet.

And having been in Silicon Valley for decades, it just felt like I had an organic sense of those links.

But it was not obvious to everyone. But that resolution passed by consensus.

And it was a simpler time, a happier time, a much more optimistic moment.

Everybody knows this about the Internet. And times have changed.

Times have changed not just because authoritarians have figured out how to capitalize on technology and the Internet in ways we never imagined.

Actually, we were so naive thinking, oh, they'll never be able to stop the free flow of information.

Well, they actually have. But the other thing that has changed is that it's not just the Internet anymore.

We really have had a complete digital transformation of society.

You know, it's the software has eaten the world.

Technology has eaten the world. Technology is intermingled with every sector of society.

And so tech governance has just become the subject that the international diplomatic community and governments are leaning into.

I will also say since that early moment, those days, some of the authoritarian-leaning governments were so much less sophisticated.

And they had no power. They had no leverage.

They had nothing compelling. And they have upped their game dramatically.

At the same time, I would say much of the so-called democratic world, so-called like-minded, has become much more fearful of technology itself.

And to some extent, we've turned to a narrative about the risks of technology.

And a little bit overdone, the risk part of the equation, obviously significant risks associated with technology.

But we have lost sight to some extent, some of our like-minded, of the actual value of the global open Internet and the fact that it has become the means through which we exercise our human rights, as well as the domain in which we exercise our human rights.

And we take that for granted at our own peril.

And so those are some of the changes I've seen. And I think we have to balance the sense of understanding the benefits and value of the technology with a sense of risks and how to mitigate them.

And everybody's becoming more sophisticated about that.

But we really do have to do both things at the same time. Yeah.

I mean, there's no doubt we're more on our back foot today than certainly back then.

And Matthew, maybe it's a good segue to ask you, maybe to articulate, I think, especially for this audience, which is probably more sort of D.C.

policy wonk than Silicon Valley business-oriented, what is that benefit of the open Internet, Eileen spoke to?

From our perspective in government or in civil society, that may be an easier thing to articulate.

But I'd love to hear from you why that's so critical to a company like Cloudflare and why you think it's important for the tech sector more generally.

I mean, my secret is I'm more D.C. policy wonk than tech executive.

So but I can pretend. I think if you just imagine how much change has happened across all of society over the course of the last 50 years, I mean, it is really remarkable.

You don't have that much sort of change to society in any other 50-year period of history.

And that, I think, has been largely a good thing. Not exclusively.

There are things that are challenging. But it has been largely a good thing.

But the traditional sources of power in society that have been the traditional sources of power for quite some time, whether that's government, media, religion, education, or family, it's kind of the five traditional sources of power, with all of them, the Internet weakened them to some extent.

And that's, again, a lot of change.

And it's happened very, very quickly. And it would be strange if there weren't some reaction to all of that change.

So I think the Internet's a miracle.

And the best metaphor that I have looking back over the last, you know, 50 years, is a bit of a nerdy one, but is to Star Wars.

The first 40 years of the Internet, leading up to 2016, is Episode IV of Star Wars.

Almost identical. And again, if you go back and watch it, and I'm not that big a Star Wars fan, but I've used this metaphor enough that I'm now becoming one.

It's a really bad movie. It's incredibly naive.

It's incredibly optimistic. This farm kid discovers this magical power, which is ruled and governed by a bunch of kind of weirdos, that they then use to take on the traditional most powerful thing in the universe, and then by some miracle defeat it and all go off and celebrate.

That's the plot. And yet, if you think back to, I mean, the early issues of Wired, where they were like, the Internet's the end of government.

Replace Jedi with developers and network administrators.

Replace the Force with the Internet.

Replace the Death Star with, again, the traditional sources of power, government, media, religion, education, and family.

And some farm kids blew it up. And there's been an enormous amount of change.

And 2016, for me, is the year that everything changes.

And lots of things that you can point to. Obviously, in this town, you point to the Trump election, which, again, just that massive difference, massive change that comes from that.

We all forget, but that's the same year as Brexit happened.

The same year as very kind of populist leaders in the Philippines and a number of places around the world.

Modi consolidates power in India.

Xi consolidates power in China. David Bowie died. I don't know if that's...

That actually happened in January, so maybe that was sort of it. The thing that I point to...

It was a bad, bad omen. The thing that I point to is that in July of 2016, the Associated Press said, you no longer had to capitalize the I in Internet anymore.

And that wasn't the cause, but I think that that's actually a really good metaphor for when you go from seeing something as a miracle to seeing something as just the stuff we have.

Compare Earth, capital E, with Earth, lowercase e.

And that's a difference. And again, it's a natural thing. It went from the thing that we were like, wow, isn't it amazing?

We can do all this stuff to, oh my gosh, we see all the downsides.

Because there are massive downsides to connecting every person on Earth.

But there are massive upsides too. And I think we've flipped to almost taking it for granted.

So if you look at Cloudflare, anytime we write the word Internet, we always capitalize it.

Screw the Associated Press. They're just wrong, right?

There should only be one Internet. We should be reverent toward it.

We should be honoring it and thinking of it as a miracle. We should also acknowledge that it has brought real, again, amazing societal change and some real challenges.

And we should think about how to fix those challenges, right?

We can't just hide from that. But we should be capitalizing. And again, to extend the nerdy metaphor, after episode four is episode five, and it's The Empire Strikes Back, it was such a depressing movie that Lucas had to reshoot the ending because people were threatening suicide afterwards.

And again, if you go through the plot of it, protagonist falls in love with a girl who disses him for the protagonist's rogue best friend, who then disses the girl, basically.

Now, it's going to later turn out that the girl and the protagonist are brother and sister, but that's the next episode.

The girl gets sold off to slug slavery. The rogue best friend gets encased in some plastic thing.

And then the protagonist loses his hand while fighting with his mortal enemy, who turns out to be his father.

Dark movie, right?

And that's what we're in the middle of. The adepts have just landed on Hoth, right?

And we're just trying to hold it all together because, again, those traditional sources of power are coming back and using what are, again, a lot of fear in order to say, well, maybe we need to put the Internet back in a box.

And so I think the next 40 years are about, the only two countries that didn't let the Internet in were China and North Korea.

And everybody now, and it's not just Russia and Iran, every country, every government is trying to say, can we be a little bit more like China?

And that's, I think, a very, very dangerous thing to say.

That's even happening here in this town, where the U.S., where the State Department used to always say, more Internet is always in the U.S.

interest. That is not the policy of the U.S. government anymore.

And if it's not the policy of this government, who's going to stand up for it?

And I think that that's something that we need to acknowledge and we need to think about because I'm not sure that the right answer for the next 40 years is, hey, let's all just try and be like China.

And yet that feels increasingly like what a lot of the world is headed toward.

Yep, absolutely. We need a new generation of Padawans to take forward the fight.

I really appreciate the capitalization of the Internet.

I remember having that battle internally within the State Department when I was heading the Internet freedom team there.

I don't know if the policy remains to capitalize Internet, but I will say the GNI style guide continues to emphasize capital I.

Thank you, Megan. Glad to hear it. And we should get the AP to switch.

Yeah. That is a tangible thing we could do. Just anytime you take to a journalist, say, capitalize the I in Internet.

I mean, it's not that much more ink.

But if you care about it, capitalize it. And that's just a very small thing that we can all do anytime we're writing about it.

I'm with you. We'll write a letter to the editor, whoever that is at the AP.

Eileen, so Matthew was speaking about this counter -revolution that we've lived through and where we are today and the temptation, the siren's call of restriction, whether it's for cybersecurity purposes or competition reasons.

There are myriad justifications that governments can pull on to say, yeah, maybe actually we don't want it quite as free, quite as open, quite as interoperable.

The U.S. government, the State Department was tasked by Congress with producing a new strategy which sort of corresponds to the new bureau that you're a part of the leadership of, communications information policy.

And that strategy articulates not an Internet freedom approach per se, but a broader approach to sort of cyber within U.S.

foreign policy.

I'd love to hear your sort of 10,000-foot summary of what you're trying to do with that.

I mean, this concept of digital solidarity that's really kind of at the core of that strategy and where you see Internet freedom, specifically digital freedom, your portfolio, fitting into that.

Great. So first I want to acknowledge, sometimes I look around and think of all the change we've been through as individuals, as people, as humans.

And it is stunning our ability to adapt.

That's one thing. In terms of governments adapting, we think back to the early days, and Thomas Ilves talking about the post-Westphalian world and that nation-state boundaries are no longer relevant.

John Perry Barlow, the Declaration of Independence of Cyberspace, those were the early days.

And yet you've referenced this retrenchment and reassertion of sovereignty.

Right now we have this, we've just put out May 6th, the International Cyberspace and Digital Policy Strategy for the U.S.

government. And it is an effort to to bring together a variety of strands that we believe are central to digital solidarity, which is quite different from digital sovereignty.

We think that, as Nate always says, it's a mirage.

The idea of actually having digital sovereignty and being an open, democratic, free market society, that's a mirage.

Maybe if you want to be China, it's not a mirage.

If you want to be North Korea, it's not a mirage. But if you want to have technological innovation and you want free expression, access to information, individual freedom, it is to some extent a mirage.

And we are, in fact, interdependent.

The global Internet is inherently cross-border in terms of how it operates.

And our job, if we care about the values we care about, is to figure out how to adhere to them in this changed environment, radically changed environment, where we do not believe we have to give up on our enduring values, whether it's commitment to human rights or democratic society.

We should not give up on the aspiration of technological innovation and the benefits of it.

But we do have to take much more seriously the need for cyber resilience and cyber security in all its dimensions.

And so the big picture is bringing those pillars together, freedom, innovation, security, cyber security in particular, and resilience.

And having an ecosystem that is not nation-state based is inherently cross-border.

But people playing by those rules and agreeing not to attack, you know, do cyber attacks or Internet shutdowns, and also adhering to basic freedom, you know, human rights commitments and the open Internet.

And so we're trying to package that all together.

Generally speaking, our allies have been quite open to it and embracing it.

We understand that the concept of digital solidarity, we had to sort of reclaim the concepts because even that word solidarity has been used in many different settings.

We had to really reclaim it. And we're in the process of that.

But I would say in some settings, there is a complete open door to that idea.

For example, we were all recently in Brazil, NetMundial plus 10.

And we also were at WSIS plus 20, the high-level event last week and the AI for Good Summit.

My experience is in a global multilateral, multistakeholder fora, there's a lot of openness because this idea of digital solidarity speaks to the parts of the world that are less connected, that are yearning to be part of the system.

But they don't want to do it at the expense of their security and they don't want to do it at the expense of their rights.

But they really want in. They really want in to the digital ecosystem.

I would say in a transatlantic context, there's also been general support, but a little more skepticism, I think.

You know, there was an op-ed by President Macron and Chancellor Schultz in the last week or two weeks, basically reusing this concept of EU digital sovereignty.

They don't mean digital sovereignty in the same sense that China means it, which is an entire alternative model that is authoritarian-based of control for the state.

But they do mean it in protecting their own ecosystem as a European Union.

And a little bit more skepticism about the U.S. tech innovation ecosystem and being completely open to that.

So we're still working on it, but we think it is a concept that is reality -based in the sense that we don't think the world wants to go back to sovereignty, a sovereign state, national boundaries -based system when it comes to technology.

We don't think that's realistic. But as Matthew said, people do want to have a sense of security and mitigation of risk and protection from malign actors as well as protection of rights.

So we do have to take extra steps to deal with the vulnerabilities that come from hyper -connectivity without throwing out the whole ballgame and retreating back to digital sovereignty.

Talk a little bit about, I mean, Cloudflare by virtue of your business is everywhere all at once, but you also have physical servers in locations around the world.

Increasingly, those regulations that Aileen was alluding to are migrating from the content layer where most of the activity has been, at least initially, down into other layers of the stack, whether through regulatory frameworks that are intentionally targeting Internet-as-a-Service or VPNs specifically, or court decisions and other kind of government policies that take approaches that were developed perhaps for the content layer or for other kinds of specific services and try and apply them very broadly to different kinds of technology services.

So curious how you're seeing that global landscape right now and how the U.S.

strategy around digital solidarity and trying to re-establish a like-minded coalition in favor of an open Internet, how that's working and where you see that there could be challenges and opportunities.

The vision of a self -regulated world where freedom of expression everywhere, nation-state boundaries don't exist, Internet, I think is naive.

And while we might object to China saying, the Chinese system of of ruling, the fundamental China argument, I've sat with Chinese officials and they said, we have a sovereign right to be able to regulate the networks that are inside our borders.

And again, the first time I heard that, it chafed me the wrong way.

But unless you just don't believe in sovereignty, it's hard to argue against it.

Because at the end of the day, they're their borders.

Networks are inside their borders, so you have to play by their rules.

And again, you may just choose not to play there. And I do think that if you're trying to be a place that is innovative and foster creativity and attract the best and the brightest, it is going to be more attractive in a place that is open than in a place that is closed.

But I think it's really hard to argue against that you have a sovereign right to regulate the networks that are inside your borders.

And so it's tough to make that fight. But that's not the problem.

The problem is that countries aren't satisfied with just regulating what's inside their borders.

So just a couple weeks ago, we run a public DNS resolver service.

This is, you don't make any money off of it. It's 1.1.1.1. Google has another one.

It's 8.8.8.8. OpenDNS provides another one. And a French court, which followed a similar ruling out of a German court, a similar ruling out of an Italian court, when we've been able to get some return, but eventually they just keep chipping away.

The French court said, basically, that Google, Cloudflare, Cisco, anyone who runs one of these services has to, on a global basis, any time this one French court says this website is bad, block it globally.

So if you're sitting in D.C.

and you're using that service, French court can tell you you can't see that online.

And that, I actually think that the stronger argument is to actually lean into sovereignty.

Because I think that that violates the U.S. sovereign rights to regulate the networks inside of its borders.

And so I'm not quite sure where the stable equilibrium is.

I don't think that the sort of early days of wired, governments are dead, we're done, that's not stable.

It's not realistic. But I also don't think the sort of what I would almost think is the Teletubbies Internet, where basically everything has to fall to the absolute lowest common denominator, where it doesn't offend any court anywhere in the world, like that's not going to be stable either.

And so we've got to figure out what that intermediate point is. In Cloudflare's case, I mean the good news is we do operate infrastructure all around the world.

And so if a German court says, you know, this neo-Nazi content is illegal inside of Germany, we can say totally get it, we can understand, we can block it inside of Germany, and we can handle that.

And that's, again, your sovereign right.

But we can do it. I also think that, again, I grew up in the U.S.

And I really do believe that part of the reason why the U.S. has out -innovated the rest of the world, the U.S.

continues to be the place where the best and brightest want to come, is because of freedom of expression.

But we have to acknowledge how radically libertarian the U.S.

conception of freedom of expression is.

No other country on earth has as broad a freedom of expression protections. And so you as an American speaking about freedom of expression are inherently looked at with skepticism by the rest of the world because of the fact that they don't believe in it the same way that we do.

And again, they might all be wrong, but it's going to be tough to convince them because that's their thing.

And it's also kind of just a certain degree of hubris to tell someone else how to run their country.

I think, though, what I have spent a lot more time focusing on and thinking about is not freedom of expression, but rule of law.

Because it turns out that rule of law is something that even very authoritarian regimes at least pay lip service to.

That the law must matter. And if you look at the original Aristotelian concept of rule of law, which actually amazingly independently, you know, China and a bunch of the Asian countries developed almost the exact same things talking about what are the pillars of rule of law.

It really comes down to three things.

Transparency, consistency, and accountability. Transparency, you have to know what the laws are.

Consistency, two people in the same situation, the rules should be applied the same way.

And accountability, the people who enforce the laws should be subject to the laws themselves.

And again, you look at Russia, I mean, why did Russia go through all the rigmarole with Navalny before they finally killed him?

Because they still believe that you have to have those three things.

And so what I think is, we're not going to convince the rest of the world that the U.S.

version of freedom of expression is the right thing. I think it's going to be really hard to convince the French or the Germans or the Dutch or the Portuguese or the Chinese or the Indians, right?

And if they want to think about whether the future of the Internet is going to be set, it's going to be set in Mumbai and Delhi.

It's going to be really tough to convince them they don't have the right to regulate the networks inside their border.

But I think we maybe can convince them that as they do that, they have to follow principles of rule of law.

And so that means that you don't just make sites go away, you have to put up a notice that says this site went away because of this ruling, and if you have an objection to it, it's transparent, it's consistent, it's accountable, and here's the history why we in Germany don't want Nazi content online.

And again, respect.

But I think that we have to actually start to talk less about freedom of expression, because as Americans, we're not taken seriously around the world when we do.

We have to start talking more about rule of law, because it turns out that if you get people to really respect rule of law, it's the foundation for freedom of expression.

And rule of law is something that you can have a conversation with the Chinese about, you can have a conversation the Russians about, you can have a conversation the French about.

And that's a place where I think we can actually start to think about, as we think about what the future of the Internet is, it has to be grounded in the concepts of rule of law.

You very quickly learned to describe these same concepts in human rights terms.

But it's hard to do it here even. I mean, Americans don't believe in it anymore.

Well, and we have a couple of Supreme Court cases pending, which may significantly change the way the First Amendment actually is interpreted on the Internet.

But I did, Eileen, want to go to you to maybe reflect a little bit on that, on what Matthew was just saying, the use of rule of law, the broader human rights framework, which is universal.

I mean, and that's the foundation of the Global Network Initiative concept, which is, we're not going to go around the world telling people to follow the American approach.

We're going to go around the world telling people to follow the international approach that the countries have signed up to through international treaties and that there's an entire UN architecture around.

Obviously, we've had some successes with the resolutions on Internet freedom, other efforts, but it continues to be challenging.

And I think, with the next, within the next 12 months, we've got some really big decision points coming up.

The Global Digital Compact is being negotiated as we speak in New York.

This is a contribution to the pact for the future, which will come out of the summit for the future in September.

And it is the Secretary General's sort of attempt to sort of put his imprint on the way we should think about technology as a global common resource.

We, at the same time, have the, you mentioned the World Summit on the Information Society where we were last week in Geneva.

The 20-year review of that is coming up and will be concluded next year.

That has been basically the paradigmatic sort of compromise between different types of states.

Where do you see us coming out, Eileen? What's the sort of positive scenario and the negative scenario a year from now, if we're kind of looking back, what would be the markers of success for maintaining the open, interoperable, secure Internet?

And where would we potentially have drilled some holes that can no longer be filled if we're not successful?

A lot on the table. And I'm going to definitely come back to the free expression challenges, especially for Americans.

But what would success look like? I think the first thing is we all, that out in the policy conversation, governments and other stakeholders all get more sophisticated in delineating between different types of governance related to technology.

I think this is happening and this was the outcome of the NetMundial plus 10 document that most of us were very pleased with because it delineated between technical architecture layer governance of the Internet itself.

That is the global open, interoperable, secure Internet that we now want to be secure, reliable, free also.

But that is the global resource. That is very different from what's happening on the Internet.

And that what's happening on the Internet, as you said, very appropriately can be, you know, sovereign states do have a right to deal with what's happening in their societies.

And the way we talk about on the Internet is like we're talking about digital society writ large.

Effectively, there is the Internet and that goes back to your capital I and then there's everything that happens in digitized society.

And in fact, the NetMundial outcome document delineated.

It said there's Internet governance at the architecture layers and there's digital policy should be multi -stakeholder in all levels.

But those are different things and they should not look the same.

You even asked me about my mandate and how Internet freedom, digital freedom goes together.

Digital freedom is the larger category of how do you protect freedom, human rights in digitized society writ large.

Internet freedom is a very important subpart, but we use the terminology.

We sort of sometimes call it the Internet and we're talking about other things than the actual resource of the global Internet.

I will say part of what's making this challenging right now is AI has kind of eaten the world and AI governance has eaten the world and that could end up being its own layer of international governance.

The bottom line is it still has to be rights respecting. It should be multi-stakeholder.

So we'll all see how that develops, especially in the international realm.

I do think though we don't have to say there's never an appropriate place for sovereign states to make rules about what's happening in their digitized societies.

At the same time, we say generally universally we should all agree and this is what digital solidarity is about is protecting access to the global open resource that is the Internet.

So that's the first delineation. Back to free expression.

I'm an American.

I am a free expression maximalist, you know, trained in the First Amendment.

Not embarrassed about it. However, as Jason said, in international diplomacy, people don't care about the First Amendment.

It's not relevant. So we don't use that.

What we do use is the International Covenant on Civil Political Rights and the Universal Declaration of Human Rights, which are universally applicable.

They have status of international law, agreed to multilaterally, had a multi-stakeholder process of crafting and drafting the documents.

But this is the international lingua franca. Article 19 is strong enough for protecting free expression.

It's not the First Amendment, but it does protect the freedom to seek, receive, and impart information as well as the ability to form and hold opinions.

I would argue, and we're doing a lot of work in this exact vein, that in the United States, in the technology community, in the technology libertarian part of the tech community, there is an incredibly unsophisticated understanding of what free expression entails.

It is only, apparently, in some circles, about the freedom to impart, and it's only the freedom of users.

And what we're trying to do is elevate all the other dimensions of free expression.

Seek and receive information.

The ability to form and hold opinions, that can't be done in an information environment that has completely eroded in its integrity.

And open democratic society does depend on an information realm that people can trust and is fact-based.

You can't have citizens participating in their democracies if they don't have a shared information realm.

And that isn't about mandating that everybody has the same sources of information, but it is saying it's okay to elevate authoritative sources, quality, and that the private sector companies who run these networks have the liberty to choose, and this is an amicus brief from the Supreme Court, to choose to say we choose to elevate authoritative information as a reflection of our free expression.

Not every company is doing that, and part of the reason they're not is because they have this very un-nuanced understanding of free expression itself.

And I will say, you know, I talked to Alyssa earlier from Cloudflare, we are co-chairing this initiative at the OECD, 38 member states.

It is all about this subject of information integrity, and that the key idea is concern about protection of the integrity of the information realm is not in tension with free expression.

It is in service of free expression. It is facilitating the exercise of all of those dimensions, freedom to seek, receive, as well as impart, freedom to form and hold opinions, and to participate in democratic societies.

And so we're doing those things, I will say. The Secretary of State gave a very excellent speech on this topic at the Summit for Democracy, basically saying the United States has to lead on this.

We can't just fall back into this un -nuanced idea of free expression, and he wanted to so-called flip the script.

Let's have a proactive, affirmative vision of what information integrity is.

We did this democratic roadmap, we're elevating full idea of free expression, the importance of information integrity, and the role of the private sector.

So I don't think the United States, or people who represent the United States in the international realm, need to cede their authority or their ability to influence free expression conversations if anchored in international law, Article 19.

Yeah, it has to be sophisticated, and no one is better placed to help make that sophisticated argument than you, Eileen.

Matthew, I'll give you the last word before we hand things over to Damon Wilson to close us out, and then we'll move to the next panel.

But just kind of coming first, full circle, back to why we're here at Project Galileo, and the sort of realization that you came to and that the company has embraced about the role that small actors, journalists, civil society organizations, who maybe don't show up in Geneva for the WSIS Forum, or come to Silicon Valley to have meetings with big investors on Sand Hill Road, but are doing really important work at the local level, facing real challenges in terms of threats to their ability to publicize their work, and sometimes worse.

Just hoping to get your thoughts on kind of how we can take inspiration from those actors, because we've talked a lot about the challenges that lie ahead, and they're not going to be easy to overcome.

You know, Kleffler didn't start with a mission.

When people ask what Kleffler's mission was in early years, I would say to take advantage of this unique opportunity where the world was shifting from hardware and software to services, to hopefully make a little bit of money and impress our parents, which honestly is why a lot of people do a lot of things in the world.

And we had a problem, which was the sort of chicken and egg problem, which was if we were going to sell to Goldman Sachs and JP Morgan and the U.S.

government, big, big organizations who spent a lot of money with us in order to make money and impress their parents, that we needed to be able to build models on how threat actors worked online.

In order to build those models, you had to have data.

In order to have those data, you had to have customers.

In order to have customers, you had to have models. And so we had this chicken and egg problem where that was kind of the circle that we kept running around.

And our solution was to create a free version of our service and give it away.

And that would give us the data to sort of start the flywheel going. And we thought it was going to be a bunch of small businesses and things that would sign up.

And we were actually quite surprised that the very first adopters were actually a lot of human rights organizations, civil society organizations, Sub-Saharan African journalists, places that felt very, very far and very, very foreign to us.

And I remember at some point, the Organization of the Community to Protect Journalists, which is who, when a journalist is kidnapped or unfortunately often killed, they go and pay the ransom or recover the body.

The director, a guy named Jeffrey at the time, called me and said, would you like to meet three Cloudflare customers?

And I was like, why am I wasting my time doing this?

And Michelle, my co-founder, was like, you never know what comes of these things.

Go take this meeting. This is back in 2011. And I took this meeting. It was three African journalists.

One was from Angola. The other was from Ethiopia. And the third, they wouldn't tell us his name or where he was from because he was currently being hunted by death squads.

And that was the first business meeting I'd ever been in, the first meeting I'd ever been in, where the term death squad was used.

And over the course of what was supposed to be a 15-minute meeting that turned into two hours, they told the story of the work that they were doing, where they were largely covering government corruption in their home countries, providing that kind of key aspect of rule of law, which is transparency.

And there were very powerful forces that were trying to shut them down.

And without the Internet in general, they wouldn't be able to do their work.

And increasingly because of cyberattacks without Cloudflare, they wouldn't be able to do their work.

And I remember walking them out to the taxi after we got finished with the meeting.

And Michelle had kind of stuck her head at some point and gotten track of the transfix.

Michelle, my co-founder. And we both looked at each other and were like, what have we gotten ourselves into?

And I think it was through those realizations, through seeing those people who couldn't afford to pay for world-class cybersecurity, but how they absolutely needed it, that we really came to the realization that the Internet wasn't just this place that we could kind of find a way to make a quick buck and impress our parents, but that it was something that really needed to be fostered and cared for and provided for.

And I think that that DNA, as a result, gave rise to our mission of helping build a better Internet.

And again, I think it really comes back to us all.

We've got to start revering the Internet as the miracle that it is.

Part of that is also acknowledging there are problems.

And Patrick Day has sort of been kind of, we've been trying to think through, again, what's a metaphor or analogy.

The last time we had as a society, anything close to this biggest shift as we're going through right now was the Industrial Revolution.

And the Industrial Revolution came along with a lot of good things, mass-produced clothes and food and a bunch of things.

But it came along with a lot of bad things, too.

Child labor, sweatshops, industrial accidents.

And at the time, the world really split into two different paths. And one path was a set of people that was like, this capitalism thing is bad.

Let's put it back in the box.

And about half the world went down that path. And that's Marxism and everything that came along with it.

The other half said, let's acknowledge child labor is bad.

Industrial accidents are bad. Let's be very surgical in how we address those issues.

But let's respect that the underlying system actually has way more good than harm.

And that's what largely the West followed over the next 120 years.

It is clear that one of those approaches was significantly more successful than the other.

And I think we're at another fork in the road today, where we are thinking about, what is that future?

And here, the place that used to always say, more Internet is always in the U.S.

interest, we just had a debate in Congress where it was not unanimous, but pretty darn close, to say, we're going to ban TikTok.

Now, we can, again, I think, have a very reasonable debate of whether or not there are harms that come from TikTok and that.

But wholesale banning of that is, again, especially when we're trying to say, we don't want to be like China, that's what China would do.

And it's some version of the old joke about why you don't wrestle with pigs, right?

You both get dirty and the pig enjoys it. I worry that we are no longer that kind of core advocate for the Internet is good, the Internet is a miracle.

We should be fighting for that. And as we lose that position, I worry that no one across the rest of the globe is making that argument.

And we've lost a little bit of our standing.

And so I think it's critically important for the private sector.

It's critically important for civil society. It's critically important for our own government to be standing up and saying, the Internet's worth fighting for.

And yes, there are some challenges. But we need to be very, very surgical as we address those challenges, because it has brought more good than harm.

The changes that have happened over the last 40 years have been the things that a lot of the world was fighting for, for a long time, that most of us imagined that we would never see in our lifetimes.

And yes, there are challenges as well.

But we should address those challenges very specifically, as opposed to just saying, let's give up on technology and put it back in the box.

Well, thank you for giving us that story about kind of how the mission crystallized for you and for all the work you've done since then to protect thousands of sites and work with hundreds of organizations around the world, many of whom are GNI members, many of whom have had support from Ned.

It really is nice to feel like you're part of a constellation and a constellation that includes companies with the technical sophistication and kind of moral vision like Cloudflare.

So, Eileen? One thing before Damon comes up, we'll continue the TikTok conversation, whether TikTok is the Internet.

We'll go and we'll see how it all shakes out.

There's a lot of nuance there. I just want to say, I want to read to you a part of an email I literally received last night from the Deputy Foreign Minister and Chief Digital Transformation Officer of Ukraine.

Because he had been in my office a couple weeks ago, and I asked, like, what's Cloudflare doing?

How is it relevant? And here is what he said. It is absolutely definite that Cloudflare services provide a vital layer of cybersecurity within the Ukrainian segment of cyberspace.

Numerous DDoS attacks are directed at state electronic services, fintech, official information sources.

So, if there was no Cloudflare as a proven protection against DDoS attacks, it would have serious consequences, causing chaos, especially when these attacks are synchronized by the enemy in parallel with kinetic attacks.

So, if you have any doubts about Cloudflare's role in the world, think again.

And I got personally sanctioned by Russia as thanks.

I don't get to go back to St. Petersburg anytime soon, but it feels like a badge of honor.

So, thank you for sharing. Well, thank you both. Maybe we'll close with a round of applause for our panelists.

And I'll invite Damon Wilson, the CEO of NED, up to close us out.

Well, Matthew, you've come to the right place because NED was the first officially undesirable organization sanctioned by our Russian colleagues.

And I think myself, I think Aileen from her board service here, several share that sanctioning.

But welcome, everybody.

First of all, it's just a real privilege to join all of you to commemorate the 10 years of Project Galileo.

It's a testament to Cloudflare's commitment to supporting civil society organizations globally, as you've just heard, as Aileen just pointed out.

NED is a really proud partner of Project Galileo, and our core institutes are NDI and IRI, who are here as well.

So, thanks to Cloudflare, thanks to you, to the CEO, Matthew, for your leadership.

It's been pivotal in strengthening digital resilience of organizations that are crucial to the global support for democracy.

And you heard him sharing the story about what led him to think about this for Cloudflare just at the end here.

And it's a reminder of what the team here at the endowment, our core institutes every day, we work in the space of democracy.

I'm actually late coming up because we're downstairs with board members approving funding for projects that we support to support our partners around the world.

But it's not about projects.

It's not about these abstract ideas. It's about the people behind them. It's about courageous, determined activists that, against great odds, are willing to do this.

And we're glad to see how that's animated Cloudflare's protection.

And Jason, you got it right. There's no one more nuanced in making the case in a complex time right now than Aileen.

Aileen Donahue, it's great to have you back here at the endowment as the special envoy right now.

She not only served on the endowment board previously, but it's her wisdom, her guidance, her insights that have really helped shaped NED's approach to international digital policy.

And since I joined the endowment, partnering with Aileen before she stepped down to really focus on how technology was an important component of our work here.

And that's why Dan O'Malley now is in his role helping us honcho this.

And we've seen her leave her fingerprint on this and her role as special envoy helping to shape the State Department's international space and digital policy strategy.

And I saw your fingerprints all over Secretary Blinken's remarks in Seoul where we were there to hear them together.

So last week, I had an experience sort of up front with a reminder of the Cloudflare importance when we're out in the field.

I was traveling in the Western Balkans.

It's a region where the struggle for an independent media is palpable.

And even more so, we were meeting with a lot of our partners from the Middle East and North Africa and Sarajevo.

And of course, across Bosnia, NED's a strong, strong, strong supporter of the media outlets.

But they themselves are under very frequent cyber attacks that have incapacitated their websites.

It prevents news from reaching the public where information is very much something that is used and weaponized against communities across Bosnia.

And this was precisely the case with one of our partners, Buka.

It's a news outlet that's based in Banja Luka in Republika Srpska.

And while I was there, I met with some of our partners from Banja Luka who had been physically beaten up and intimidated.

There's a crackdown on civil society, new restrictions and laws against them.

But for Buka, it was a little bit of a different scenario because it was earlier this year where they suffered a DDoS attack during which their servers were overwhelmed by up to 700 million page requests.

And the sheer volume suggests the attackers had significant resources, making it a particular severe threat.

But by onboarding Buka into Project Galileo, we were able to help them restore their site's functionality.

And now Buka's website is equipped to withstand even the most sophisticated attacks, ensuring that their critical reporting continues uninterrupted exactly at the time where the Republika Srpska government is looking to close and restrict independent civic voices in that part of Bosnia.

And this is just one example.

Last week, traveling in Bosnia, of the numerous NED partners who've benefited from Cloudflare's Project Galileo since NED became a partner in 2017.

It's profound to the efficacy of our partners' work. It effectively ensures that bad actors can't silence the voices and the work of democracy advocates and independent media around the world.

One of the things that Eileen got in my mind as I was taking on these responsibilities is that we're living in a time when technology is not just part of our everyday lives, but it's the very scaffolding upon which the future of democracy is being built.

And digital platforms, communication tools are new battlegrounds for democratic engagement.

With every byte and broadband connection, it can be as pivotal as any ballot in shaping democratic outcomes.

And for the endowment, when we think about supporting the 2,000 organizations that we do across 100 countries, you think about the people that that represents behind them.

Each one of them is profoundly touched by the digital revolution.

So from the smallest NGOs that we support to significant media outlets, these organizations rely on digital tools for everything from fostering community to holding governments accountable.

And as you heard from Matthew and Eileen, it's brought incredible opportunities to help their voices be heard, to help their impact, to spread their messages, to keep them connected.

And yet we've seen it also as a challenge to them.

And so digital tools, they're transforming the landscape within which NED partners and other civil society organizations carry out their work with the potential to help advance, but also to challenge human rights.

And we hear from our partners a lot that they continually emphasize the importance of this global connectivity.

We were in Sarajevo with partners across the Middle East and North Africa, 200 and some of our partners from across all the countries, and their isolation and very difficult work in difficult places.

We had 20 partners there from Yemen. And when they feel disconnected from what's happening in the region globally, it's very, very challenging to do the tough work that they're doing on their own.

That connection, that connectivity globally helps them understand they're part of a bigger effort, a bigger movement, a broader community, and that there are people out there who have their back.

And so in a world today where we see these digital barriers being used by authoritarian regimes to isolate, to control, maintaining this sense of a unified global network, it's really important to energize activists around the world, not only for the flow of information, but for the essence of what connects us as a global community advocating democratic values.

It's what stands behind our discussions in the world movement for democracy, how to leverage that.

And there's no doubt that in this context, bridging the gap between civil society and the private sector is fundamental.

Private sector is critical to this approach, and that's not always the most natural connection between some of these constituents.

But companies like Cloudfair are at the forefront, defending the digital spaces and the tools that are essential for democracy.

Project Galileo exemplifies this by extending crucial protections to civil society during critical times.

And all too often, authoritarians use digital attacks to take democracy off the field.

It's how they're working to undermine democracy globally, and often doing it together, sharing the tools, tactics, and techniques of repression.

And yet efforts like Project Galileo, where we can connect and have networks into this type of defense, it enables them to do this work.

And I was told that last year, on average, Project Galileo blocked almost 100 million cyber attacks per day.

It's a staggering number. To be honest, when Mahmoud, our CTO here, our IT director, tells me how many attacks we get a day, I'm always stunned.

But this is just one small indicator of the scale of the nature of the assault on freedom and democracy around the world today.

Many of the systems that we built to support democracy around the world were built in a more benign environment, against with the energy and the oxygen of the third democratic wave.

And in many cases, it allowed us to think about how to be good stewards of public funds, to think about auditors and compliance and all that good stuff.

And yet the tools weren't necessarily built for wartime. And yet our adversaries have declared war on democracy and many of our partners, and we've got to adapt with the tools that help us to defend them in this really tough time.

So, we know it isn't always easy for global companies to be values-driven in an increasingly polarized and divided world on top of the requirement to think about profit.

And that's why it's important to recognize when they do take important stands.

It's pretty unusual for us to do an event like this. But what we think about is not our relationship with Cloudflare or what's happening here in Washington.

What we think about every day is what are the challenges that our partners around the world are facing?

Where are the threats? Where are the problems?

And who can we work with to help solve their problems so that they can stay focused on their work?

And that's what this is about. Thank you. Project Galileo is not an isolated CSR initiative, as you've heard.

It's emblematic of this broader commitment that pervades the organization from that very first meeting.

For example, as you may have seen in some of, I read your founder's note that you put out on an annual basis, and we saw in the wake of Russia's invasion of Ukraine, Eileen just commented on this, the actions to keep Ukrainian civic and media websites connected to the global Internet, it was crucial.

And similarly, we've just had in town this week a couple hundred of our partners, Russian partners, that are on the forefront of civic activism inside the country and certainly media access.

And as Cloudflare's concerted efforts to help Russian civil society maintain access to uncensored information, it demonstrates a steadfast dedication to digital freedom that transcends borders.

Now, these actions have not gone unnoticed from authoritarian regimes.

We all, our partners, first and foremost, have to be prepared for the response, the reprisals.

Matthew's been personally sanctioned by the Russian regime, but it is a testament to the impact and significance of standing firm on the principles of Internet freedom and access to information.

So we're pleased to be marking and helping to commemorate this 10 years of Project Galileo.

And we're especially grateful to everybody who's here, because many of you in your own way have been leaders who have been pivotal in defending human rights and democracy against these evolving digital threats and are leaning in onto how we help shape and leverage technology for democracy.

So as we look to the future, we know our mission, we work in common cause in a very clear way.

We have to work together to forge a common cause to champion digital freedom and ensure that the digital landscape remains an open arena for free expression, innovation, and democratic engagement.

And this requires a unified effort. It requires harnessing the private sector innovation, public commitment to protect and enrich our digital world.

In many respects, if our partners and we are facing autocracy, of many of the bad guys working together to push back on democracy and freedom, how do you represent, how do we represent Democracy United coming together to protect those partners first and foremost, but allowing and putting them in a position to go on offense in favor of freedom.

So let's continue to keep this partnership.

Let's continue to collaborate, to innovate for us to adapt, to play to the strengths of free societies, to adapt, innovate, to draw on entrepreneurs so that we can take risks.

We can handle the difficult feedback that you don't have in autocratic societies so that we can go stronger, ensuring that our digital environment not only survives, but it thrives as a foundation of modern freedom.

So it's a real honor to have you in the house today. It's a real honor to welcome you both to the endowment.

And with that, thank you very much.