Cyberspace has become central to 21st century economic, political, and social life. With ever more activities relying on seamlessly working computer systems and networks, the cost related to interruption or default is formidable. Initially construed as a space free from regulation and intervention, the rising tide of threats to the stability and future development of cyberspace has spurred calls for more expansive governance.
Cyberspace governance is characterised by a multitude of actors, issue areas, and fora involved in processes of steering. Accountability structures are often diffuse in settings of this nature, and questions such as who is accountable to whom for what by which standards and why remain opaque. Yet, answering to those questions is critical for increasing accountability-related transparency, assessing processes of legitimisation, and scrutinising impending models of regulation.
We argue that accountability structures pertaining to cyberspace governance are confronted with three challenges: 1) the problem of many hands, 2) the profusion of issue areas, and 3) the hybridity and malleability of institutional arrangements.
What follows is a brief analysis of each of these challenges. We begin with the problem of many hands.
The problem of many hands refers to a condition of accountability obfuscation caused by the wealth of actors engaged in concurring regulatory ventures. 'Because many different officials contribute in many ways to decisions and policies […], it is difficult even in principle to identify who is morally responsible for political [and technical] outcomes'.
In the context of cyberspace governance, the number of stakeholders contributing to policy outcomes and regulatory deliberations is immense, ranging from epistemic communities, including entities such as NGOs and academic research groups, to industrial bodies and private sector companies, to international organisations and state departments. While the abundance of actors involved in cyberspace governance does not (necessarily) imply an absence of accountability mechanisms, it does imply higher degrees of complexity.
The heterogeneity of stakeholder configurations can aggravate questions of agency and contribution. Accountability structures are more difficult to determine because actors co-produce outcomes and contribute to the end-product in hybrid constellations.
Accountability structures can further be complicated by the conflation of stakeholder-specific traditions, standards, and expectations. Not only is the variety of actors contributing to governance ventures and their goals larger, making the identification of accountability objects more difficult (i.e. for which goals should accountability be rendered), but their expectations diverge.
Diverging stakeholder expectations have a tendency to result in accountability trade-offs, i.e. situations in which an increase in accountability along one dimension results in the reduction of accountability along another. Cyber-based public private partnerships between state and private-sector entities serve as a case in point. Carr, for example, notes: 'the reluctance of politicians to claim authority for the state to introduce tougher cyber-security measures by law, coupled with the private sector’s aversion to accepting responsibility or liability for national security, leaves the partnership without clear lines of responsibility or accountability'.
The problem of many hands represents but one accountability challenge in the context of cyberspace governance. The profusion of issue areas, spanning across technical, socio-political, and economic spheres, constitutes another conundrum.
In the context of cyberspace governance, the excess and coming together of technical and non-technical issue areas can severely complicate accountability structures. Seemingly unrelated issue areas may suddenly converge. Examples of such convergence can, for example, be found in areas related to intellectual property rights protection and address naming and numbering.
The names and numbers given to Internet entities, such as domain names used in Internet addresses, may seem to be a [solely technical] issue to be managed by the Internet Corporation for Assigned Names and Numbers Internet (ICANN). But, the registration of a well-known trademark as a domain name with the intention of selling it back to the owner, called ‘cybersquatting’, has led to governance issues that are also the concern of international organisations—like the World Intellectual Property Organisation (WIPO)—and national and international legislation and regulations which also cover more traditional trademark and related concerns.
The confluence of issue areas can lead to a 'tangled web of relationships'. Left untangled, the intertwined web of relationships can have fatal consequences for accountability structures. It can either result in erosions of (pre-existing) accountability structures and cause accountability deficits, or can lead to dysfunctional amalgamations of accountability arrangements and bring about situations of accountability overcrowding.
The hybridity of institutional arrangements pertaining to cyberspace governance poses yet another accountability challenge. Cyberspace governance is characterised by the absence of a coherent regime or organisation in charge of enacting globally consistent and comprehensive norms and policies.
Accountability structures tend to suffer from the dispersion of topics across different institutional settings. A considerable number of institutions involved in cyberspace governance do not exhibit a permanent character or operate on an ad hoc or remote basis, with changing stakeholder configurations. The fact that stakeholders can take on different roles across different fora of interaction further obfuscates accountability structures.
Certain actors may be involved in the production of an outcome in one forum (be accountors) but may play the part of accountees in another institutional setting. For example, an academic research group may contribute substantially to the development of new security protocols, e.g. in the context of IETF (Internet Engineering Task Force) meetings, but may hold private sector companies accountable for faulty implementation/commercialisation of said security protocols, e.g. in circumstances of dispute resolution. 'Insofar as accountability mechanisms are present, […] mechanisms [can] become mixed. The [jumble] of accountability mechanisms that results from this [can give] rise to uncertainty, confusion, or shrinking'.
The hybridity of institutional setups also makes developments hard to track and procedural access for some stakeholders, including civil society, uneven, thereby undermining processes of public account giving. Civil society organisations have voiced concerns re unequal participation and the fact that decisions of sensitive nature are made behind closed doors across several I* organisations.
From the above, we can gather that accountability structures are contested by the very elements that are constitutive of cyberspace governance, that is, the number of stakeholders contributing to regulatory ventures (the problem of many hands), the multiplicity of issue areas concerned (the profusion of issue areas), and the malleability of the organisational environment involved (the hybridity of institutional arrangements). In as complex and dispersed an environment as cyberspace governance, the examination of accountability structures is not a straight-forward undertaking. Researchers are confronted with tangled webs of accountability relationships of different texture and design. Untangling these webs, identifying emerging modes of accountability and ways stakeholders deal with accountability challenges demands further contemplation. Much of what is referred to as accountability in cyberspace governance is still very much terra incognita and requires continuing research.
Bovens M, Goodin RE and Schillemans T, The Oxford Handbook Public Accountability (Mark Bovens, Robert E Goodin and Thomas Schillemans eds, Oxford University Press 2014) <http://www.oxfordhandbooks.com/view/10.1093/oxfordhb/9780199641253.001.0001/oxfordhb-9780199641253>
Carr M, ‘Public-Private Partnerships in National Cyber-Security Strategies’ (2016) 92 International Affairs 43 <https://academic.oup.com/ia/article-lookup/doi/10.1111/1468-2346.12504>
Dubnick MJ and Frederickson HG, Accountable Governance: Problems and Promises (ME Sharpe 2014) <https://books.google.co.uk/books?id=M32XUtMBSh4C>
Dutton WH and Peltu M, ‘The Emerging Internet Governance Mosaic: Connecting the Pieces’ (2007) 12 Information Polity 63 <https://www.oii.ox.ac.uk/archive/downloads/publications/FD5.pdf>
Thompson DF, ‘Moral Responsibility of Public Officials: The Problem of Many Hands’ (1980) 74 American Political Science Review 905 <http://www.journals.cambridge.org/abstract_S0003055400169515>
 Dennis F Thompson, ‘Moral Responsibility of Public Officials: The Problem of Many Hands’ (1980) 74 American Political Science Review 905, 905 <http://www.journals.cambridge.org/abstract_S0003055400169515>.
 Madeline Carr, ‘Public-Private Partnerships in National Cyber-Security Strategies’ (2016) 92 International Affairs 43, 43 <https://academic.oup.com/ia/article-lookup/doi/10.1111/1468-2346.12504>.
 William H Dutton and Malcolm Peltu, ‘The Emerging Internet Governance Mosaic: Connecting the Pieces’ (2007) 12 Information Polity 63, 8 <https://www.oii.ox.ac.uk/archive/downloads/publications/FD5.pdf>.
 Melvin J Dubnick and H George Frederickson, Accountable Governance: Problems and Promises (ME Sharpe 2014) xxi <https://books.google.co.uk/books?id=M32XUtMBSh4C>.
 Mark Bovens, Robert E Goodin and Thomas Schillemans, The Oxford Handbook Public Accountability (Mark Bovens, Robert E Goodin and Thomas Schillemans eds, Oxford University Press 2014) 250 <http://www.oxfordhandbooks.com/view/10.1093/oxfordhb/9780199641253.001.0001/oxfordhb-9780199641253>.