Network sovereignty explained

In internet governance, network sovereignty, also called digital sovereignty or cyber sovereignty, is the effort of a governing entity, such as a state, to create boundaries on a network and then exert a form of control, often in the form of law enforcement over such boundaries.[1]

Much like states invoke sole power over their physical territorial boundaries, state sovereignty, such governing bodies also invoke sole power within the network boundaries they set and claim network sovereignty. In the context of the Internet, the intention is to govern the web and control it within the borders of the state. Often, that is witnessed as states seeking to control all information flowing into and within their borders.

The concept stems from questions of how states can maintain law over an entity such like the Internet, whose infrastructure exists in real space, but its entity itself exists in the intangible cyberspace. According to Joel Reidenberg, "Networks have key attributes of sovereignty: participant/citizens via service provider membership agreements, 'constitutional' rights through contractual terms of service, and police powers through taxation (fees) and system operator sanctions."[2] Indeed, many countries have pushed to ensure the protection of their citizens' privacy and of internal business longevity by data protection and information privacy legislation (see the EU's Data Protection Directive, the UK's Data Protection Act 1998).

Network sovereignty has implications for state security, Internet governance, and the users of the Internet's national and international networks.

Implications for state security

Networks are challenging places for states to extend their sovereign control. In her book Sociology in the Age of the Internet, communications professor Allison Cavanagh argues that state sovereignty has been drastically decreased by networks.[3]

Other scholars such as Saskia Sassen and Joel R. Reidenberg agree. Sassen argues that the state's power is limited in cyberspace and that networks, particularly the numerous private tunnels for institutions such as banks.[4] Sassen further postulates that these private tunnels create tensions within the state because the state itself is not one voice.[5] Reidenberg refers to what he terms "Permeable National Borders," effectively echoing Sassen's arguments about the private tunnels, which pass through numerous networks.[6] Reidenberg goes on to state that intellectual property can easily pass through such networks, which incentivizes businesses and content providers to encrypt their products.[7] The various interests in a network are echoed within the state, by lobby groups.

Internet governance

Many governments are trying to exert some forms of control over the Internet. Some examples include the SOPA-PIPA debates in the United States, the Golden Shield Project in China, and new laws that grant greater power to the Roskomnadzor in Russia.

SOPA-PIPA

With the failed Stop Online Piracy Act, the United States would have allowed law enforcement agencies to prevent online piracy by blocking access to websites. The response from bipartisan lobbying groups was strong. Stanford Law Professors Mark Lemly, David Levin, and David Post published an article called "Don't Break the Internet."[8] There were several protests against SOPA and PIPA, including a Wikipedia blackout in response to statements by Senator Patrick Leahy, who was responsible for introducing the PROTECT IP Act. Both acts viewed as good for mass media because they limited access to certain websites. The acts were viewed as an attack on net neutrality and so were seen as potential damaging to the networked public sphere.[9]

Golden Shield Project

See main article: Golden Shield Project. The Golden Shield Project, sometimes known as Great Firewall of China, prevents those with a Chinese IP address from accessing certain banned websites inside the country. People are prevented from accessing sites that the government deems problematic. That creates tension between the netizen community and the government, according to scholar Min Jiang.[10]

Roskomnadzor

See main article: Roskomnadzor. Russia's Roskomnadzor (Federal Service for Supervision inthe Sphere of Telecom, Information Technologies and Mass Communications) was created in December 2008 in accordance with President's Decree No. 1715. The agency was created to protect personal data owners' rights. According to the Russian government, the agency has three primary objectives:

On 1 September 2015, a new data localization law provided Roskomnadzor with greater oversight. The law itself stipulates that any personal data collected from Russian citizens online must be stored in server databases that are physically located in Russia. It "creates a new procedure restricting access towebsites violating Russian laws on personal data."[12] Even with staunch pressure from those who promote "free flow of information," President Vladimir Putin and the Kremlin remain stolid in assertions of network sovereignty to protect Russian citizens.[13]

Other examples

China's approach could also be repeated in many other countries around the world.[14] One example was the Internet censorship in the Arab Spring, when the Egyptian government in particular tried to block access to Facebook and Twitter. Also, during the 2011 England riots, the British government tried to block Blackberry Messenger.

Response to Internet governance

Many believe that the government has no right to be on the Internet. As Law Professor David Post at the University of Georgetown argued, "'[States] are mapping statehood onto a domain that doesn't recognize physical boundaries,'" at least in the context on the internet. He went on to say, "'When 150 jurisdictions apply their law, it's a conflict-of-law nightmare.'"[15] Some proponents of the internet, such as John Perry Barlow, argued that the current form of the Internet is ungovernable and should remain as open as possible. Barlow's essay was written about the 1990s Internet, and while it has changed very much since then, the ideas in his work are still salient in the ongoing debates surrounding the future of the Internet. In his essay A Declaration of the Independence of Cyberspace, he advocated that governments should stay out of the internet.[16]

Network Sovereignty can affect state security, law enforcement on the internet, and the ways that private citizens use the internet, as many people attempt to circumvent the protections and legal devices, placed by many governments on the Internet, by using tools such as VPNs.

Impact of VPNs

Virtual Private Networks (VPNs) are a significant tool to allow private citizens to get around network sovereignty and any restrictions their government may place on their access to the internet. VPNs allow a computer to route its Internet connection from one location to another. For example one would connect from a connection at point A to a connection at point B, and to others, it would appear that they are accessing the Internet from point B even if they are in point A. For example, in China, VPNs are used to access otherwise-blocked content. Yang gives the example of pornography stating that with VPN, "smut that's banned in the US can wind its way into American homes through electrical impulses in, say, Amsterdam." In that example, by using VPNs, an Internet user in the United States could access banned material that is hosted in Amsterdam by accessing through a server, hosted in Amsterdam, to make it appear that the user is in Amsterdam, based on the IP address. Therefore, citizens have a way around network sovereignty, simply by accessing a different server through a VPN. That greatly limits how governments can enforce network sovereignty and protect their cyberspace borders. Essentially, there is no way that a government could prevent every citizen from accessing banned content by means such as VPNs.

Rationales

Protection of national traffic

One of the most significant reasons for enforcing network sovereignty is to prevent the scanning of information that travels through other countries. For example, any internet traffic that travels through the United States is subject to the Patriot Act and so may be examined by the National Security Agency, regardless of the country of origin. Jonathan Obar and Andrew Clement refer to the routing of a transmission from a point in state A to another location in state A through state B as Boomerang Routing.[17] They provide the example of traffic from Canada being routed through the United States before returning to Canada, which enables the United States to track and examine the Canadian traffic.

Copyright protection

Governments may want to enact network sovereignty to protect copyright within their borders. The purpose of SOPA-PIPA was to prevent what was effectively deemed theft. Content providers want their content to be used as intended because of the property rights associated with that content.[18] One instance of such protection is in e-commerce.

E-commerce

Currently, private networks are suing others who interfere with their property rights.[19] For the effective implementation of e-commerce on the Internet, merchants require restrictions on access and encryption to protect not only their content but also the information of content purchasers. Currently, one of the most effective ways to regulate e-commerce is to allow Internet service providers (ISPs) to regulate the market.[20] The opposing argument to regulating the internet by network sovereignty to allow e-commerce is that it would break the Internet's egalitarian and open values because it would force governments and ISPs to regulate not only the Internet's content but also how the content is consumed.[21]

Role of WIPO

The World Intellectual Property Organization is a United Nations body, designed to protect intellectual property across all of its member states.[18] WIPO allows content to traverse various networks through their Patent Cooperation Treaty (PCT). The PCT allows for international patents by providing security for content providers across state borders.[22] It is up to states to enforce their own network sovereignty over these patents. Global standards for copyright and encryption are viewed as one way that governments could cooperate.[23] With global standards it is easier to enforce network sovereignty because it builds respect for intellectual property and maintains the rights of content creators and providers.[24] It is possible that governments may not be able to keep up with regulating these initiatives. For example, in the 1995 Clipper Chip system, the Clinton administration in the United States reneged on its original policy because it was deemed that it would soon be too easy to crack the chips.[18] One alternative proposed was the implementation of the digital signature, which could be used to protect network sovereignty by having content providers and governments sign off the content, like for a digital envelope.[18] This system has already been implemented in the use of Wi-Fi Protected Access Enterprise networks, some secured websites, and software distribution. It allows content to pass through borders without difficulty because it is facilitated through organizations such as WIPO.[18]

Countries

In his 2015 book Data and Goliath, American security expert Bruce Schneier says the cyber sovereignty movement, in countries such as Russia, China, France and Saudi Arabia, was given an enormous boost by the 2013 revelations of widespread international NSA surveillance, which those countries pointed to as justification for their activities and evidence of U.S. hypocrisy on Internet freedom issues.[25]

In 2018, the United States adopted the CLOUD Act, which allows United States law enforcement to obtained data stored by United States-based companies outside of the United States.[26] Numerous countries responded with measures to keep data located in their own borders.

China

See main article: Great Firewall.

Cyber sovereignty, known in Mandarin as 网络主权, has been a mainstay of Chinese Internet policy in recent years, and the international promotion of cybersovereignty forms an integral part of Chinese foreign policy, although it remains ill-defined within Chinese discourse.[27] Generally, China advocates for internet sovereignty and tends to prioritize cybersecurity. The Great Firewall is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic.[28] The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google Search,[29] Facebook,[30] Twitter,[31] Wikipedia,[32] [33] and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations.[34] [35]

Chinese policymakers became increasingly concerned about the risk of foreign surveillance, foreign data collection, and cyberattacks following the 2010s global surveillance disclosures by Edward Snowden, which demonstrated extensive United States intelligence activities in China. As part of its response, the Chinese Communist Party in 2014 formed the Cybersecurity and Information Leading Group and the National People's Congress passed the 2017 Cyber Security Law. The Cybersecurity Law contains stringent data localization requirements.

China's 2021 Data Security Law formed part of the country's response to the United States CLOUD Act. The Data Security Law creates a data classification framework based on national security principles and avoiding the extraterritorial reach of the CLOUD Act or similar foreign laws. It protects core data with data localization requirements, and broadly defines core data to include data related to national and economic security, citizens' welfare, significant public interests, and important data. The Data Security Law mandates that data transfer to foreign law enforcement or judicial agencies requires official approval. It also empowers the Chinese government to conduct national security audits over firms operating in China which gather user data.[36]

The 2021 Personal Information Protection Law, like the Data Security Law, includes a provision meant to counter the extraterritorial reach of the CLOUD Act or similar foreign laws.

In 2022, the Cyberspace Administration of China issued measures and guidelines on security assessments for cross-border data transfers as part of an effort to institutionalize data transfer review mechanisms.

Writing in 2024, academic Pang Laikwan concludes that China likely has strongest cyber sovereignty in the world.[37]

France

Project Andromède launched in 2009, with the aim to spend €285 million on "cloud souverain" or sovereign cloud.[38] [39] The government spent €75 million on each of its two national champions, Cloudwatt and Numergy, but these two sold only €8 million worth of services, combined.[40] On January 1, 2020, all services were terminated and clients were advised their data was deleted.[41]

Ireland

In 2023, Ireland's Data Protection Commissioner imposed record EUR 1.2 billion fine on Meta for transferring data from Europe to the United States without adequate protections for EU citizens.

Germany

openDesk is a project to create administrative workspaces to enable digital sovereignty, initiated in 2023 by the German Federal Ministry of the Interior (BMI) and the public IT service provider Dataport.[42] There is collaboration with a team of open-source specialists from Collabora, Nextcloud, OpenProject, OpenXchange, Univention, XWiki, and others[43]

Russia

See main article: Sovereign Internet Law. The Sovereign Internet Law is a set of 2019 amendments to existing Russian legislation that mandate Internet surveillance and grants the Russian government powers to partition Russia from the rest of the Internet, including the creation of a national fork of the Domain Name System.[44] [45] [46] [47] [48] [49]

See also

Notes and References

  1. Obar. Jonathan. Clement, Andrew. Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty. 1 July 2013. 2. 10.2139/ssrn.2311792 . 2311792.
  2. Reidenberg. Joel R.. Governing Networks and Rule-Making in Cyberspace. Emory Law Journal. 1996. 45. 928.
  3. Book: Cavanagh, Allison. Sociology in the Age of Internet. 2007-04-01. McGraw-Hill International. 41. 9780335217250.
  4. Book: Sassen, Saskia. Understanding the Impact of Global Networks in Local Social, Political and Cultural Values. 2000. Nomos Verlagsgesellschaft. 198–209. Saskia Sassen. 23 January 2014. The Impact of the Internet on Sovereignty: Unfounded and Real Worries. https://web.archive.org/web/20140227232314/http://www.coll.mpg.de/sites/www.coll.mpg.de/files/text/sassen.pdf. 27 February 2014. dead.
  5. Book: Sassen, Saskia. Understanding the Impact of Global Networks in Local Social, Political and Cultural Values. Baden-Baden. Nomos Verlagsgesellschaft. 198–209. Saskia Sassen. 23 January 2014. The Impact of the Internet on Sovereignty: Unfounded and Real Worries. https://web.archive.org/web/20140227232314/http://www.coll.mpg.de/sites/www.coll.mpg.de/files/text/sassen.pdf. 27 February 2014. dead.
  6. Reidenberg. Joel R.. Governing Networks and Rule-Making in Cyberspace. Emory Law Journal. 1996. 45. 913.
  7. Reidenberg. Joel R.. Governing Networks and Rule-Making in Cyberspace. Emory Law Journal. 1996. 45. 914.
  8. Benkler. Yochai. Hal Roberts . Rob Faris . Alicia Solow-Niederman . Bruce Etling . Social Mobilization and the Networked Public Sphere: Mapping the SOPA-PIPA Debate. July 2013. 34. Berkman Center for Internet & Society. Cambridge, MA.
  9. Benkler. Yochai. Hal Roberts . Rob Faris . Alicia Solow-Niederman . Bruce Etling . Social Mobilization and the Networked Public Sphere: Mapping the SOPA-PIPA Debate. July 2013. 10. Berkman Center for Internet & Society. Cambridge, MA.
  10. Jiang. Min. Authoritarian Informationalism: China's Approach to Internet Sovereignty. SAIS Review of International Affairs. 2010. 30. 2. 71–89. 10.1353/sais.2010.0006. 154005295. 2014-01-23.
  11. Web site: Роскомнадзор - Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (ROSKOMNADZOR). rkn.gov.ru. 2015-10-06.
  12. Web site: News Data Protection: NOERR. 1 June 2015. 10 June 2015. News Data Protection: NOERR. NOERR.
  13. News: Putin Says Russia Under Pressure for Defending Its Sovereignty. Bloomberg.com. 3 July 2015. 2015-10-06.
  14. News: Democratic Republic of Congo internet shutdown shows how Chinese censorship tactics are spreading . 2019-01-02. CNN. 2019-12-10.
  15. News: Yang. Catherine. Law Creeps Onto the Lawless Internet. https://web.archive.org/web/19970628160515/http://www.businessweek.com/1996/19/b347472.htm. dead. 28 June 1997. 28 January 2014. Business Week. 14 June 1997.
  16. Web site: Barlow. John Perry. A Declaration of the Independence of Cyberspace. Electronic Frontier Foundation. 28 January 2014. dead. https://web.archive.org/web/20131023143120/https://projects.eff.org/~barlow/Declaration-Final.html. 23 October 2013.
  17. Obar. Jonathan. Clement. Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty. Social Science Research Network. 1 July 2013. 1–12. 2311792.
  18. Davis. J.C.. Protecting intellectual property in cyberspace. IEEE Technology and Society Magazine. Summer 1998. 17. 2. 12–25. 10.1109/44.682891.
  19. Zekos. Georgios I.. State Cyberspace Jurisdiction and Personal Cyberspace Jurisdiction. International Journal of Law and Information Technology. 2006. 15. 1. 1–37. 10.1093/ijlit/eai029.
  20. Zekos. Georgios I.. Legal problems in cyberspace. Managerial Law. 2002. 44. 5. 45–102. 10.1108/03090550210770614.
  21. Post. David G.. What Larry Doesn't Get: Code, Law, and Liberty in Cyberspace. Stanford Law Review. 1 May 2000. 52. 5. 1439–1459. 10.2307/1229518. 1229518.
  22. Web site: PCT FAQs. World Intellectual Property Organization. 20 March 2014. 25 June 2008. https://web.archive.org/web/20080625040239/http://www.wipo.int/pct/en/basic_facts/faqs_about_the_pct.pdf. dead.
  23. Reidenberg. Joel R.. Governing Networks and Rule-Making in Cyberspace. Emory Law Journal. 1996. 45. 918.
  24. Web site: World Intellectual Property Organization. Building Respect for IP. World Intellectual Property Organization. 20 March 2014.
  25. Book: Schneier, Bruce. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W.W. Norton & Company. 2015. 978-0393244816. New York.
  26. Book: Zhang, Angela Huyue . High Wire: How China Regulates Big Tech and Governs Its Economy . . 2024 . 9780197682258 . 10.1093/oso/9780197682258.001.0001.
  27. Tai . Katharin . Zhu . Yuan Yi . September 2022 . A historical explanation of Chinese cybersovereignty . . 22 . 3 . 469–499 . 10.1093/irap/lcab009. free .
  28. News: Mozur . Paul . 13 September 2015 . Baidu and CloudFlare Boost Users Over China's Great Firewall . en . . live . 16 September 2017 . https://web.archive.org/web/20190124123846/https://www.nytimes.com/2015/09/14/business/partnership-boosts-users-over-chinas-great-firewall.html . 24 January 2019.
  29. Web site: google.com is blocked in China GreatFire Analyzer . live . https://web.archive.org/web/20140805232352/https://en.greatfire.org/google.com . 2014-08-05 . 2020-01-18 . en.greatfire.org.
  30. Web site: 6 March 2020 . How China's social media users created a new language to beat censorship on COVID-19 . live . https://web.archive.org/web/20200403023740/https://www.amnesty.org/en/latest/news/2020/03/china-social-media-language-government-censorship-covid/ . 3 April 2020 . 3 April 2020 . . en.
  31. News: China Blocks Access To Twitter, Facebook After Riots . Washington Post . live . 18 January 2020 . https://web.archive.org/web/20100919204716/http://www.washingtonpost.com/wp-dyn/content/article/2009/07/07/AR2009070701162.html . 19 September 2010.
  32. Web site: 4 September 2015 . Wikipedia founder defends decision to encrypt the site in China . live . https://web.archive.org/web/20180612141751/https://www.theverge.com/2015/9/4/9260981/jimmy-wales-wikipedia-china . 12 June 2018 . 17 April 2018 . The Verge.
  33. News: Skipper . Ben . 7 December 2015 . China's government has blocked Wikipedia in its entirety again . International Business Times UK . live . 2 May 2018 . https://web.archive.org/web/20180503111142/https://www.ibtimes.co.uk/chinas-government-has-blocked-wikipedia-its-entirety-again-1532138 . 3 May 2018.
  34. News: Mozur . Paul . Goel . Vindu . 5 October 2014 . To Reach China, LinkedIn Plays by Local Rules . The New York Times . live . 4 September 2017 . https://web.archive.org/web/20180613111912/https://www.nytimes.com/2014/10/06/technology/to-reach-china-linkedin-plays-by-local-rules.html?mcubz=0 . 13 June 2018.
  35. News: Branigan . Tania . 28 June 2012 . New York Times launches website in Chinese language . . live . 4 September 2017 . https://web.archive.org/web/20170904154029/https://www.theguardian.com/media/2012/jun/28/new-york-times-launches-chinese-website . 4 September 2017.
  36. Web site: Trafficking Data: China's Pursuit of Digital Sovereignty . 2022-09-27 . thediplomat.com . en-US.
  37. Book: Laikwan, Pang . One and All: The Logic of Chinese Sovereignty . 2024 . . 9781503638815 . Stanford, CA.
  38. Web site: 285 millions d'euros pour Andromède, le cloud souverain français - le Monde Informatique. https://web.archive.org/web/20111023154428/https://www.lemondeinformatique.fr/actualites/lire-285-millions-d-euros-pour-andromede-le-cloud-souverain-francais-41990.html. 23 October 2011. 21 September 2011 .
  39. "France continues to pursue its own data centre infrastructure, dubbed “le cloud souverain”, despite the closure of some of the businesses initially behind the idea." https://theconversation.com/digital-colonialism-why-some-countries-want-to-take-control-of-their-peoples-data-from-big-tech-123048
  40. "Numergy and Cloudwatt, each benefited from €75 million ($101 million) from the French government." https://gigaom.com/2013/11/18/a-guide-to-the-french-national-clouds/
  41. Web site: Cloudwatt : Vie et mort du premier "cloud souverain" de la France. 29 August 2019.
  42. Web site: 2023-09-21 . Sovereign workspace openDesk: German Ministry of the Interior provides answers . 22 Oct 2023 . Free Software Foundation Europe (FSFE).
  43. Web site: Brock . Richard . 19 October 2023 . openDesk – Collabora Online brings Digital Freedom to European Government . 22 Oct 2023 . CollaboraOffice.
  44. Web site: Schulze. Elizabeth. 2019-11-01. Russia just brought in a law to try to disconnect its internet from the rest of the world. 2021-02-28. CNBC. en.
  45. Web site: 2020-06-18. Russia: Growing Internet Isolation, Control, Censorship. 2021-02-28. Human Rights Watch. en.
  46. Web site: Epifanova. Alena. January 16, 2020. Deciphering Russia's "Sovereign Internet Law". DGAP.
  47. News: 2019-11-01. Russia internet: Law introducing new controls comes into force. en-GB. BBC News. 2021-02-28.
  48. Web site: On the Federal Law "On Amendments to the Federal Law" On Communications "and the Federal Law" On Information, Information Technologies and the Protection of Information". Federation Council of the Federal Assembly of the Russian Federation. 22 April 2019 .
  49. Web site: Law on "Sovereign Internet" adopted. The State Duma. 16 April 2019 .