Blog · Review Essay · Last reviewed June 19, 2026

Cyberlibertarianism and the Myth of Digital Freedom

David Golumbia's Cyberlibertarianism: The Right-Wing Politics of Digital Technology is a late, severe critique of the idea that computers, networks, platforms, encryption, free culture, open systems, and internet freedom are naturally democratic. Its AI-era value is that it treats technical liberation talk as a political form: a way of making private infrastructure look like freedom from power.

Cyberlibertarianism, in this review, means the political move that treats technical capacity as self-legitimating freedom. If a system is open, distributed, encrypted, decentralized, permissionless, innovative, or user-controlled, then law, democratic oversight, labor claims, and institutional accountability are framed as suspect before the effects are examined. Its tell is a burden shift: the people asking for rules must justify themselves, while the technical system is allowed to govern first.

The practical test is where power sits after the promised liberation: who controls compute, identity, data, defaults, protocols, logs, appeals, exits, and repair when the system becomes ordinary infrastructure.

The Book

Cyberlibertarianism: The Right-Wing Politics of Digital Technology was published by the University of Minnesota Press on November 12, 2024, after Golumbia's death in 2023. The publisher lists the paperback at 480 pages, with paperback ISBN 9781517918149, ebook ISBN 9781452972497, and hardcover ISBN 9781517918132. BiblioVault lists the same bibliographic record and places the book near information technology, media and internet, social media, social aspects, and right-wing extremism.

The table of contents is a useful map of the argument. After a publisher's note, a foreword, and a preface titled "The Critique of Cyberlibertarianism," the book moves through chapters on the dogma of cyberlibertarianism, its forms and functions, Section 230 and multistakeholderism, the printing-press analogy, free culture, political myths, the far right, and an epilogue on computers without cyberlibertarianism.

This is not a neutral survey of digital politics. It is a polemic, and it knows it. Golumbia's earlier The Cultural Logic of Computation criticized computationalism as a cultural authority. Cyberlibertarianism carries that suspicion into the politics of the internet: the habit of treating digital systems as if their technical form already contained the political virtues people want from them.

Definition

The useful definition is narrow enough to preserve distinctions. Cyberlibertarianism is not love of computers, not defense of encryption, not free software, not privacy advocacy, not open research, and not ordinary suspicion of state abuse. It is the stronger claim that digital systems possess a political virtue because of their technical form, and that public oversight therefore looks like interference with freedom rather than part of freedom's infrastructure.

That claim usually appears as a sequence. First, a system is described as open, distributed, permissionless, decentralized, frictionless, borderless, censorship-resistant, disruptive, or self-organizing. Second, the description is treated as a political verdict. Third, institutions that ask about taxation, labor, civil rights, consumer protection, moderation, privacy, safety, procurement, antitrust, or due process are framed as obsolete, authoritarian, or captured. Fourth, the private technical layer becomes the place where real governance happens.

The test is not whether one of the adjectives is true. A tool can be genuinely encrypted, a protocol can be meaningfully decentralized, and a model can be distributed with usable weights. The cyberlibertarian move happens when that technical fact is made to answer a different question: whether affected people have remedy, whether workers have voice, whether civil rights survive deployment, whether public institutions can audit the system, and whether concentrated private actors can be made accountable.

That is the pattern this review tracks. It does not say that every open tool is a trick. It says that openness must be audited as a social arrangement, not worshiped as a moral property. A tool can reduce one form of control while increasing another. The question is not whether the tool has liberating features. The question is who can use those features, who is governed by them, and who has remedy when they fail.

Hard Cases

The hard cases are the ones where the freedom claim is partly true. Section 230, for example, is not merely an anti-regulatory slogan. The current U.S. Code says interactive computer service providers and users are not treated as the publisher or speaker of another information content provider's material, and it separately protects certain good-faith blocking and filtering. That legal structure can support small forums, moderation, and user speech. It becomes cyberlibertarian only when intermediary immunity is treated as proof that no further due-process, transparency, competition, privacy, or civil-rights obligations can attach to powerful platforms.

Multistakeholder governance has the same split. ICANN describes its model as bottom-up governance where stakeholders can be heard and shape policy for the internet's unique identifier systems. That is not the same as corporate self-rule. The test is whether the process has representation, public records, appeal, conflict-of-interest controls, and power to bind dominant actors, or whether "stakeholders" becomes a polite word for whoever can afford to stay in the room.

Encryption, free software, open standards, and interoperability should be judged with the same discipline. They can protect dissidents and ordinary users from state and corporate surveillance. They can also be invoked by powerful firms to avoid duties around abuse, labor, competition, accessibility, and redress. Golumbia's argument is most useful when it sharpens those distinctions instead of flattening them.

Freedom as Infrastructure Politics

The core target is not ordinary love of computers. It is the political story that says networked technology should be understood first as liberation from state, law, bureaucracy, gatekeeping, expertise, institutions, copyright, moderation, borders, identity, central banks, or public accountability. Golumbia calls that story cyberlibertarianism.

The argument matters because "freedom" in digital politics often travels without an institutional subject. Whose freedom? Freedom from which constraint? Freedom for users, firms, states, developers, advertisers, dissidents, workers, publishers, trolls, platforms, model vendors, or infrastructure owners? A slogan can sound universal while allocating power very precisely.

In Golumbia's reading, the pattern is recurrent. A technical system is described as open, distributed, permissionless, decentralized, disruptive, neutral, global, borderless, or self-organizing. Those words make public institutions look slow and obsolete. Then a private technical layer becomes the practical site where speech, payment, identity, ranking, search, association, reputation, work, and knowledge are governed.

That is why the book belongs beside The Internet Revolution, Consent of the Networked, The Stack, and The Network State. All four ask some version of the same question: when a system says it has escaped old sovereignty, what new sovereignty has it installed?

The answer is usually layered. A speech system depends on cloud infrastructure, payment rails, app stores, identity rules, recommendation logic, advertising markets, copyright filters, and law-enforcement interfaces. A crypto system depends on exchanges, stablecoin issuers, wallets, bridges, analytics firms, security vendors, developer governance, and tax treatment. An AI system depends on compute, data supply, model access, product defaults, policy layers, tool permissions, benchmark culture, procurement contracts, and interface trust. Freedom is never located only in the user-facing slogan.

The Anti-Institutional Machine

Golumbia is strongest when he treats anti-institutional rhetoric as an institutional machine of its own. The internet is often imagined as an exit from hierarchy, but exit does not abolish power. It can move power into protocols, terms of service, defaults, cloud providers, app stores, ranking systems, venture capital, payment rails, standards bodies, moderation vendors, advertising markets, and charismatic technical elites.

Alexander R. Galloway's b2o review sharpens this point by reading the book through the politics of disorder. The rhetoric of decentralization can present disorder as emancipation while producing another order: one governed by markets, protocols, de facto hubs, and infrastructural dependence. In that frame, the absence of a visible center does not mean the absence of control. It means control has learned to speak in the grammar of openness.

The same move appears in crypto politics, free-speech absolutism, some forms of free-culture rhetoric, and the most naive versions of open technical release. The promise is that users will be freed from gatekeepers. The recurring result is that users meet another gate: wallet keys they cannot recover, exchanges they cannot audit, platforms they cannot govern, archives they cannot contextualize, models they cannot inspect, or networks whose largest nodes are private companies.

This is the anti-institutional machine: public institutions are declared illegitimate because they are slow, flawed, coercive, or corrupt; private technical institutions are then allowed to govern because they do not look like institutions.

The Current Context

By June 19, 2026, the governance record makes the old neutral-pipe story hard to sustain. The EU Digital Services Act treats marketplaces, social media networks, app stores, and travel or accommodation platforms as governed online services, with user rights around removal explanations, appeals, illegal-content flagging, minors, feed options, ad transparency, dark patterns, seller verification, and heightened systemic-risk duties for the largest platforms. For very large online platforms and search engines above 45 million monthly EU users, the DSA adds duties such as systemic-risk assessment, independent audit, vetted researcher access, non-profiling recommender options, and public ad repositories. The Digital Markets Act separately targets gatekeeper power in core platform services such as search engines, app stores, and messenger services, aiming at fairer and more contestable digital markets.

Those laws do not prove that regulation solves the problem. They prove something more modest and important: platform power is now treated as institutional power. The debate is no longer whether private technical systems govern public life. It is which layer should be accountable, under which jurisdiction, with what evidence, and with what remedy for users and communities.

The same shift has arrived in AI. NIST's AI Risk Management Framework is voluntary, but its purpose is institutional: it helps organizations manage risks to individuals, organizations, and society across design, development, use, and evaluation. NIST's 2026 AI Agent Standards Initiative is even more direct about the new frontier: agents that act on behalf of users need standards, protocols, authentication, identity, authorization, interoperability, and security evaluation. NIST's NCCoE project on software and AI agent identity and authorization puts the same point in enterprise terms: systems that can take actions with limited human supervision need standards-based ways to identify, manage, and authorize access and actions.

The EU AI Act adds another vocabulary discipline. General-purpose AI model rules began applying on August 2, 2025, and most AI Act rules, including Article 50 transparency duties for certain AI-generated or manipulated content, are scheduled for August 2, 2026. The Commission's General-Purpose AI Code of Practice is a voluntary compliance tool for safety, transparency, and copyright obligations; it is not a substitute for the Act or proof that every signatory's deployment is safe. That distinction matters because compliance instruments can become another freedom story if they are treated as legitimacy without evidence.

Open-weight AI adds a harder version of the same argument. NTIA's 2024 report on dual-use foundation models with widely available model weights describes benefits such as broader participation, market decentralization, and confidentiality from local use, while also warning about national-security, safety, privacy, civil-rights, accountability, and oversight risks. The report did not call for immediate restrictions on open weights; it called for monitoring, evidence, audits, disclosures, research, risk portfolios, thresholds, and readiness to act if risks rise. That is the opposite of pure faith in openness or pure fear of openness. It is institutional learning.

The Open Source Initiative's Open Source AI Definition 1.0 also helps discipline the vocabulary. It distinguishes real freedoms to use, study, modify, and share an AI system from mere access to a finished artifact. For machine-learning systems, it treats data information, code, and parameters as part of the preferred form for making modifications. That matters because "open" can mean public weights, open code, permissive licensing, reproducible training, public data documentation, open research, or simply a marketing posture. These are not interchangeable.

The AI-Age Reading

Read in 2026, Cyberlibertarianism is not mainly a book about generative AI. That is precisely why it is useful. The AI debate has inherited decades of internet political vocabulary: openness, permissionless innovation, frictionless access, self-regulation, decentralization, democratization, disruption, sovereignty, censorship resistance, voluntary standards, and the claim that regulation will freeze the future.

Those terms do real work. They frame open-weight model release as freedom before asking who bears downstream risk. They frame training-data extraction as innovation before asking who supplied the archive. They frame answer engines as access before asking which institutions have been displaced. They frame agentic commerce as autonomy before asking whose payment rails, identity systems, and dispute mechanisms will govern delegated machine action. They frame anti-regulatory speed as realism before asking who benefits from moving faster than public law.

The book helps separate genuine public capability from private escape. Public compute, auditable standards, open research, interoperable tools, encryption for vulnerable users, accessible archives, and repairable software can strengthen democratic life. But those goods do not become democratic by being digital. They become democratic when people can inspect them, contest them, govern them, leave them, repair them, and build counterpower around them.

AI firms now use a familiar double move. They present their systems as too transformative for old rules and too beneficial to slow down. That is cyberlibertarianism's old rhythm with a new model card. The system claims to democratize intelligence while concentrating compute, data, talent, distribution, cloud contracts, interface defaults, and institutional dependency.

The archive problem is central. When AI systems summarize public records, ingest open repositories, route users through answer engines, or turn social media into training material, they do not merely expand access to culture. They can change who gets credited, what evidence remains visible, which institutions lose traffic or revenue, and which communities become raw material for products they cannot govern. Freedom language is thin if it celebrates circulation while ignoring provenance, consent, compensation, correction, and preservation.

The agent layer makes this more concrete. If software can browse, buy, schedule, message, code, negotiate, summarize records, apply for services, and move money on a user's behalf, freedom depends on more than model access. It depends on permission scopes, revocation, logs, identity binding, delegated authority, tool safety, dispute handling, and fallback paths when automation misfires. An agent that acts for the user can also become the new gate through which a platform, vendor, employer, school, insurer, or public agency governs the user.

Governance and Safety

The governance implication is not "ban the new thing" or "let the new thing route around every rule." It is to treat freedom claims as claims about institutional design. Any system that mediates speech, identity, money, work, knowledge, education, care, housing, political participation, or legal status needs a visible account of power.

A serious freedom claim should answer six questions before deployment: which old gate is being removed, which new gate is being installed, who bears foreseeable misuse, who can audit the system, who can reverse a harmful decision, and who can leave without losing identity, livelihood, records, audience, or safety. If the answers are private, contractual, or unavailable, the rhetoric has outrun the governance.

For platforms, that account includes content rules, recommender-system explanations, ad libraries, seller verification, appeals, dispute settlement, researcher access, risk assessment, data minimization, privacy controls, and antidiscrimination safeguards. Ranking Digital Rights' methodology is useful here because it evaluates governance, freedom of expression and information, privacy, algorithmic-system disclosure, identity policies, government demands, and grievance mechanisms rather than accepting company narratives at face value. Its 2025 Big Tech Edition is a reminder that the gap is current: the strongest companies improved some disclosures, but major blind spots remained around private requests, human-rights impact assessments, targeted advertising, and government-demand transparency.

For AI systems, the account must include model access, training-data documentation, compute dependencies, evaluation limits, incident reporting, post-deployment monitoring, privacy, security, redress, procurement terms, vendor exit, public-sector capacity, and civil-liberties safeguards. For agents, it must also include authentication, authorization, tool permissions, transaction caps, audit logs, revocation, clear human control, and a path for contesting actions taken by delegated software.

For open-weight and open-source AI, the safety question should be precise. Open access can support research, competition, public-interest adaptation, local deployment, and privacy-preserving use. It can also lower barriers for misuse, safety-feature removal, hard-to-recall deployment, and ambiguous accountability. NTIA's monitoring approach and OSI's definition both push against slogans: one asks for evidence of marginal risks and benefits, the other asks what is actually available for study, modification, and sharing.

The practical standard is institutional symmetry. If a company, protocol, model provider, or agent ecosystem gains power to classify, rank, exclude, persuade, transact, or intermediate public life, affected people need some mix of notice, explanation, appeal, audit, privacy, portability, interoperability, public evidence, and real exit. Otherwise the system has not escaped governance. It has privatized it.

Belief Formation

The most durable part of the book is not the list of people and organizations Golumbia criticizes. It is the anatomy of a belief loop. Digital technology is described as inherently liberating. People adopt it inside institutions. The adoption changes speech, work, memory, commerce, politics, and social coordination. Those changed conditions are then cited as proof that older institutions can no longer govern the world. The conclusion was built into the deployment.

That is recursive reality in political form. A platform creates the conditions under which the platform looks necessary. A crypto system creates a community whose distrust of public institutions becomes evidence for more crypto. An answer engine rewrites the information environment and then measures user behavior inside that rewritten environment. A model provider becomes the normal front end to work and then cites workplace dependence as proof of inevitability.

Cyberlibertarian belief is especially sticky because it borrows moral force from real harms. States do surveil. Bureaucracies do fail. Censorship exists. Public institutions can be violent, slow, racist, incompetent, captured, or humiliating. The mistake is not noticing those failures. The mistake is treating private technical exit as if it solves them rather than often rerouting them through less accountable systems.

For AI governance, that distinction is practical. A healthy suspicion of state abuse should produce due process, transparency, appeal rights, privacy, procurement limits, democratic oversight, labor voice, and civil-liberties safeguards. It should not become a blank check for private infrastructure to decide the operating conditions of public life.

Where the Book Needs Friction

Cyberlibertarianism is useful because it refuses the easy story that technology is neutral until bad people misuse it. But the refusal can become too expansive. Not every open-source developer, encryption advocate, free-culture organizer, privacy lawyer, civil-liberties group, digital archivist, dissident technologist, or anti-censorship activist is part of one right-wing formation. Some are fighting corporate power, state violence, surveillance, censorship, monopoly, and exclusion in concrete ways.

Publishers Weekly's review called the book provocative but questioned whether all of its evidentiary claims are equally well supported. Other critics, including Patrick D. Anderson in Logos and Tom MacWright, object that the book can lump unlike actors together and push some claims harder than the evidence carries. Even a sympathetic review by Z.M.L. at LibrarianShipwreck says the argument would have benefited from more historical grounding and clearer detail about what democracies should regulate, alter, keep, or dismantle.

Those objections matter. The book is strongest as a diagnostic of rhetoric, institutional incentives, and political pattern. It is weaker when it reads every technical-liberty claim as if it has the same politics. A useful AI-era translation has to preserve distinctions: encryption for abuse survivors is not the same thing as corporate resistance to privacy law; open research is not the same thing as unretractable capability release; free software commons are not the same thing as platform firms wrapping extraction in the language of openness.

The other limit is constructive. Golumbia's answer is broadly democratic control, but "democratic control" has to become operational before it can govern AI systems. That means public capacity, technical expertise inside government, accountable procurement, independent audits, worker voice, appeal mechanisms, standards that do not become capture, rights to refuse or exit, public-interest compute, and institutions that can act without becoming surveillance machines themselves.

What This Changes

The practical lesson is to audit freedom claims as infrastructure claims. When a platform, protocol, model provider, crypto project, open-release campaign, standards body, or AI company says it is democratizing power, ask where power will actually sit after adoption.

Who owns the servers? Who sets the defaults? Who can change the protocol? Who can see the logs? Who can revoke access? Who pays for compute? Who handles abuse? Who profits from scale? Who can appeal? Who can fork in practice, not just in theory? Who has to become machine-readable to participate? Who is told that public oversight is impossible, obsolete, or authoritarian?

Then translate the slogan into a maintenance question. If the claim is "open," ask open to whom, in what preferred form, with which provenance records, and with what practical ability to modify or fork. If the claim is "decentralized," ask where hosting, identity, payment, governance, security response, and discovery recentralize. If the claim is "permissionless," ask who absorbs fraud, abuse, harassment, safety failures, and irreversible mistakes. If the claim is "self-regulation," ask who can compel evidence when the operator would rather publish a trust narrative.

Cyberlibertarianism makes those questions harder to avoid. Its best contribution is not that it proves all digital technology is right-wing. That claim is too blunt. Its best contribution is that it shows how anti-institutional stories can make concentrated technical power feel like liberation.

The AI era needs less awe at escape stories and more attention to the institutions that remain after the escape. A system that weakens public accountability while increasing private dependency is not freedom simply because it runs on code. It is governance with a better slogan.

Source Discipline

This review separates book metadata, publisher framing, critical reception, current legal duties, standards work, and interpretation. University of Minnesota Press, BiblioVault, and JSTOR support bibliographic and table-of-contents claims. Publishers Weekly, Galloway, LibrarianShipwreck, Anderson, and MacWright are cited as reception and critique, not as final arbiters of the book's accuracy.

Regulatory and standards sources are category-specific. Section 230 is U.S. intermediary-liability law, not a general theory of internet freedom. ICANN's multistakeholder model is a governance claim about internet identifiers, not proof that every private platform or standards process is democratically accountable. The Digital Services Act, Digital Markets Act, and AI Act are EU legal frameworks, not global law and not proof of compliance. NIST's AI Risk Management Framework, AI Agent Standards Initiative, and NCCoE agent identity work are U.S. standards and risk-management efforts, not statutes. NTIA's open-model report is a U.S. policy report about dual-use foundation models with widely available weights. The Open Source AI Definition is a civil-society definition of open source AI, not a safety guarantee. Ranking Digital Rights is a civil-society accountability benchmark, not a regulator.

That distinction is part of the argument. Technical openness does not prove democratic effect. Regulatory duty does not prove enforcement success. Open weights are not the same thing as open source. API access is not the same thing as inspectability. Civil-liberties defense is not the same thing as corporate anti-regulation. A useful politics of digital freedom keeps those categories separate.

This article makes no claim that any AI system is conscious, divine, or AGI. It treats models, platforms, protocols, cloud services, and agents as institutional systems that route power through technical design, economic incentives, law, and organizational control.

Sources

Book links are paid affiliate links. As an Amazon Associate I earn from qualifying purchases.


Return to Blog · Return to Books