In internet governance, network sovereignty, also called digital sovereignty or cyber sovereignty, is the effort of a governing entity, such as a state, to create boundaries on a network and then exert a form of control, often in the form of law enforcement over such boundaries.[1]
Much like states invoke sole power over their physical territorial boundaries, state sovereignty, such governing bodies also invoke sole power within the network boundaries they set and claim network sovereignty. In the context of the Internet, the intention is to govern the web and control it within the borders of the state. Often, that is witnessed as states seeking to control all information flowing into and within their borders.
The concept stems from questions of how states can maintain law over an entity such like the Internet, whose infrastructure exists in real space, but its entity itself exists in the intangible cyberspace. According to Joel Reidenberg, "Networks have key attributes of sovereignty: participant/citizens via service provider membership agreements, 'constitutional' rights through contractual terms of service, and police powers through taxation (fees) and system operator sanctions."[2] Indeed, many countries have pushed to ensure the protection of their citizens' privacy and of internal business longevity by data protection and information privacy legislation (see the EU's Data Protection Directive, the UK's Data Protection Act 1998).
Network sovereignty has implications for state security, Internet governance, and the users of the Internet's national and international networks.
Implications for state security
editNetworks are challenging places for states to extend their sovereign control. In her book Sociology in the Age of the Internet, communications professor Allison Cavanagh argues that state sovereignty has been drastically decreased by networks.[3]
Other scholars such as Saskia Sassen and Joel R. Reidenberg agree. Sassen argues that the state's power is limited in cyberspace and that networks, particularly the numerous private tunnels for institutions such as banks.[4] Sassen further postulates that these private tunnels create tensions within the state because the state itself is not one voice.[5] Reidenberg refers to what he terms "Permeable National Borders," effectively echoing Sassen's arguments about the private tunnels, which pass through numerous networks.[6] Reidenberg goes on to state that intellectual property can easily pass through such networks, which incentivizes businesses and content providers to encrypt their products.[7] The various interests in a network are echoed within the state, by lobby groups.
Internet governance
editMany governments are trying to exert some forms of control over the Internet. Some examples include the SOPA-PIPA debates in the United States, the Golden Shield Project in China, and new laws that grant greater power to the Roskomnadzor in Russia.
SOPA-PIPA
editWith the failed Stop Online Piracy Act, the United States would have allowed law enforcement agencies to prevent online piracy by blocking access to websites. The response from bipartisan lobbying groups was strong. Stanford Law Professors Mark Lemly, David Levin, and David Post published an article called "Don't Break the Internet."[8] There were several protests against SOPA and PIPA, including a Wikipedia blackout in response to statements by Senator Patrick Leahy, who was responsible for introducing the PROTECT IP Act. Both acts viewed as good for mass media because they limited access to certain websites. The acts were viewed as an attack on net neutrality and so were seen as potential damaging to the networked public sphere.[9]
Golden Shield Project
editThe Golden Shield Project, sometimes known as Great Firewall of China, prevents those with a Chinese IP address from accessing certain banned websites inside the country. People are prevented from accessing sites that the government deems problematic. That creates tension between the netizen community and the government, according to scholar Min Jiang.[10]
Roskomnadzor
editRussia's Roskomnadzor (Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications) was created in December 2008 in accordance with President's Decree No. 1715. The agency was created to protect personal data owners' rights. According to the Russian government, the agency has three primary objectives:
- ensuring society demand in high-quality telecommunication services as well as information and communication technologies;
- promoting mass communications and freedom of mass media;
- ensuring protection of citizens' rights to privacy, personal and family confidentiality.[11]
On 1 September 2015, a new data localization law provided Roskomnadzor with greater oversight. The law itself stipulates that any personal data collected from Russian citizens online must be stored in server databases that are physically located in Russia. It "creates a new procedure restricting access to websites violating Russian laws on personal data."[12] Even with staunch pressure from those who promote "free flow of information," President Vladimir Putin and the Kremlin remain stolid in assertions of network sovereignty to protect Russian citizens.[13]
Other examples
editChina's approach could also be repeated in many other countries around the world.[14][15] One example was the Internet censorship in the Arab Spring, when the Egyptian government in particular tried to block access to Facebook and Twitter. Also, during the 2011 England riots, the British government tried to block Blackberry Messenger.
Response to Internet governance
editMany believe that the government has no right to be on the Internet. As Law Professor David Post at the University of Georgetown argued, "'[States] are mapping statehood onto a domain that doesn't recognize physical boundaries,'" at least in the context on the internet. He went on to say, "'When 150 jurisdictions apply their law, it's a conflict-of-law nightmare.'"[16] Some proponents of the internet, such as John Perry Barlow, argued that the current form of the Internet is ungovernable and should remain as open as possible. Barlow's essay was written about the 1990s Internet, and while it has changed very much since then, the ideas in his work are still salient in the ongoing debates surrounding the future of the Internet. In his essay A Declaration of the Independence of Cyberspace, he advocated that governments should stay out of the internet.[17]
Network Sovereignty can affect state security, law enforcement on the internet, and the ways that private citizens use the internet, as many people attempt to circumvent the protections and legal devices, placed by many governments on the Internet, by using tools such as VPNs.
Impact of VPNs
editVirtual Private Networks (VPNs) are a significant tool to allow private citizens to get around network sovereignty and any restrictions their government may place on their access to the internet. VPNs allow a computer to route its Internet connection from one location to another. For example one would connect from a connection at point A to a connection at point B, and to others, it would appear that they are accessing the Internet from point B even if they are in point A. For example, in China, VPNs are used to access otherwise-blocked content. Yang gives the example of pornography stating that with VPN, "smut that's banned in the US can wind its way into American homes through electrical impulses in, say, Amsterdam."[16] In that example, by using VPNs, an Internet user in the United States could access banned material that is hosted in Amsterdam by accessing through a server, hosted in Amsterdam, to make it appear that the user is in Amsterdam, based on the IP address. Therefore, citizens have a way around network sovereignty, simply by accessing a different server through a VPN. That greatly limits how governments can enforce network sovereignty and protect their cyberspace borders. Essentially, there is no way that a government could prevent every citizen from accessing banned content by means such as VPNs.[citation needed]
Rationales
editProtection of national traffic
editOne of the most significant reasons for enforcing network sovereignty is to prevent the scanning of information that travels through other countries. For example, any internet traffic that travels through the United States is subject to the Patriot Act and so may be examined by the National Security Agency, regardless of the country of origin. Jonathan Obar and Andrew Clement refer to the routing of a transmission from a point in state A to another location in state A through state B as Boomerang Routing.[18] They provide the example of traffic from Canada being routed through the United States before returning to Canada, which enables the United States to track and examine the Canadian traffic.
Copyright protection
editGovernments may want to enact network sovereignty to protect copyright within their borders. The purpose of SOPA-PIPA was to prevent what was effectively deemed theft. Content providers want their content to be used as intended because of the property rights associated with that content.[19] One instance of such protection is in e-commerce.
E-commerce
editCurrently, private networks are suing others who interfere with their property rights.[20] For the effective implementation of e-commerce on the Internet, merchants require restrictions on access and encryption to protect not only their content but also the information of content purchasers. Currently, one of the most effective ways to regulate e-commerce is to allow Internet service providers (ISPs) to regulate the market.[21] The opposing argument to regulating the internet by network sovereignty to allow e-commerce is that it would break the Internet's egalitarian and open values because it would force governments and ISPs to regulate not only the Internet's content but also how the content is consumed.[22]
Role of WIPO
editThe World Intellectual Property Organization is a United Nations body, designed to protect intellectual property across all of its member states.[19] WIPO allows content to traverse various networks through their Patent Cooperation Treaty (PCT). The PCT allows for international patents by providing security for content providers across state borders.[23] It is up to states to enforce their own network sovereignty over these patents. Global standards for copyright and encryption are viewed as one way that governments could cooperate.[24] With global standards it is easier to enforce network sovereignty because it builds respect for intellectual property and maintains the rights of content creators and providers.[25] It is possible that governments may not be able to keep up with regulating these initiatives. For example, in the 1995 Clipper Chip system, the Clinton administration in the United States reneged on its original policy because it was deemed that it would soon be too easy to crack the chips.[19] One alternative proposed was the implementation of the digital signature, which could be used to protect network sovereignty by having content providers and governments sign off the content, like for a digital envelope.[19] This system has already been implemented in the use of Wi-Fi Protected Access Enterprise networks, some secured websites, and software distribution. It allows content to pass through borders without difficulty because it is facilitated through organizations such as WIPO.[19]
Countries
editIn his 2015 book Data and Goliath, American security expert Bruce Schneier says the cyber sovereignty movement, in countries such as Russia, China, France and Saudi Arabia, was given an enormous boost by the 2013 revelations of widespread international NSA surveillance, which those countries pointed to as justification for their activities and evidence of U.S. hypocrisy on Internet freedom issues.[26]
In 2018, the United States adopted the CLOUD Act, which allows United States law enforcement to obtained data stored by United States-based companies outside of the United States.[27]: 248 Numerous countries responded with measures to keep data located in their own borders.[27]: 248
China
editCyber sovereignty, known in Mandarin as 网络主权, has been a mainstay of Chinese Internet policy in recent years, and the international promotion of cybersovereignty forms an integral part of Chinese foreign policy, although it remains ill-defined within Chinese discourse.[14] Generally, China advocates for internet sovereignty and tends to prioritize cybersecurity.[27]: 121 The Great Firewall is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic.[28] The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google Search,[29] Facebook,[30] Twitter,[31] Wikipedia,[32][33] and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations.[34][35]
Chinese policymakers became increasingly concerned about the risk of foreign surveillance, foreign data collection, and cyberattacks following the 2010s global surveillance disclosures by Edward Snowden, which demonstrated extensive United States intelligence activities in China.[27]: 129, 250 As part of its response, the Chinese Communist Party in 2014 formed the Cybersecurity and Information Leading Group and the National People's Congress passed the 2017 Cyber Security Law.[27]: 129, 250 The Cybersecurity Law contains stringent data localization requirements.[27]: 250
China's 2021 Data Security Law formed part of the country's response to the United States CLOUD Act.[27]: 251 The Data Security Law creates a data classification framework based on national security principles and avoiding the extraterritorial reach of the CLOUD Act or similar foreign laws.[27]: 251 It protects core data with data localization requirements, and broadly defines core data to include data related to national and economic security, citizens' welfare, significant public interests, and important data.[27]: 251 The Data Security Law mandates that data transfer to foreign law enforcement or judicial agencies requires official approval.[27]: 251 It also empowers the Chinese government to conduct national security audits over firms operating in China which gather user data.[36]
The 2021 Personal Information Protection Law, like the Data Security Law, includes a provision meant to counter the extraterritorial reach of the CLOUD Act or similar foreign laws.[27]: 251
In 2022, the Cyberspace Administration of China issued measures and guidelines on security assessments for cross-border data transfers as part of an effort to institutionalize data transfer review mechanisms.[27]: 251
Writing in 2024, academic Pang Laikwan concludes that China likely has strongest cyber sovereignty in the world.[37]: 80
France
editProject Andromède launched in 2009, with the aim to spend €285 million on "cloud souverain" or sovereign cloud.[38][39] The government spent €75 million on each of its two national champions, Cloudwatt and Numergy, but these two sold only €8 million worth of services, combined.[40] On January 1, 2020, all services were terminated and clients were advised their data was deleted.[41]
Ireland
editIn 2023, Ireland's Data Protection Commissioner imposed record EUR 1.2 billion fine on Meta for transferring data from Europe to the United States without adequate protections for EU citizens.[27]: 250
Germany
editopenDesk is a project to create administrative workspaces to enable digital sovereignty, initiated in 2023 by the German Federal Ministry of the Interior (BMI) and the public IT service provider Dataport.[42] There is collaboration with a team of open-source specialists from Collabora, Nextcloud, OpenProject, OpenXchange, Univention, XWiki, and others[43]
Russia
editThe Sovereign Internet Law is a set of 2019 amendments to existing Russian legislation that mandate Internet surveillance and grants the Russian government powers to partition Russia from the rest of the Internet, including the creation of a national fork of the Domain Name System.[44][45][46][47][48][49]
Vietnam
editAs part of its data localization requirements, Vietnam requires that Google host servers for Vietnam within the country.[50]
See also
editReferences
edit- ^ Obar, Jonathan; Clement, Andrew (1 July 2013). "Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty": 2. doi:10.2139/ssrn.2311792. SSRN 2311792.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Reidenberg, Joel R. (1996). "Governing Networks and Rule-Making in Cyberspace". Emory Law Journal. 45: 928.
- ^ Cavanagh, Allison (1 April 2007). Sociology in the Age of Internet. McGraw-Hill International. p. 41. ISBN 9780335217250.
- ^ Sassen, Saskia (2000). "The Impact of the Internet on Sovereignty: Unfounded and Real Worries". Understanding the Impact of Global Networks in Local Social, Political and Cultural Values (PDF). Nomos Verlagsgesellschaft. pp. 198–209. Archived from the original (PDF) on 27 February 2014. Retrieved 23 January 2014.
{{cite book}}
: CS1 maint: location missing publisher (link) - ^ Sassen, Saskia. "The Impact of the Internet on Sovereignty: Unfounded and Real Worries". Understanding the Impact of Global Networks in Local Social, Political and Cultural Values (PDF). Nomos Verlagsgesellschaft: Baden-Baden. pp. 198–209. Archived from the original (PDF) on 27 February 2014. Retrieved 23 January 2014.
- ^ Reidenberg, Joel R. (1996). "Governing Networks and Rule-Making in Cyberspace". Emory Law Journal. 45: 913.
- ^ Reidenberg, Joel R. (1996). "Governing Networks and Rule-Making in Cyberspace". Emory Law Journal. 45: 914.
- ^ Benkler, Yochai; Hal Roberts; Rob Faris; Alicia Solow-Niederman; Bruce Etling (July 2013). "Social Mobilization and the Networked Public Sphere: Mapping the SOPA-PIPA Debate". Cambridge, MA: Berkman Center for Internet & Society: 34.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Benkler, Yochai; Hal Roberts; Rob Faris; Alicia Solow-Niederman; Bruce Etling (July 2013). "Social Mobilization and the Networked Public Sphere: Mapping the SOPA-PIPA Debate". Cambridge, MA: Berkman Center for Internet & Society: 10.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Jiang, Min (2010). "Authoritarian Informationalism: China's Approach to Internet Sovereignty". SAIS Review of International Affairs. 30 (2): 71–89. doi:10.1353/sais.2010.0006. S2CID 154005295. Retrieved 23 January 2014.
- ^ "Роскомнадзор - Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (ROSKOMNADZOR)". rkn.gov.ru. Retrieved 6 October 2015.
- ^ "News Data Protection: NOERR" (PDF). News Data Protection: NOERR. NOERR. 1 June 2015. Retrieved 10 June 2015.
- ^ "Putin Says Russia Under Pressure for Defending Its Sovereignty". Bloomberg.com. 3 July 2015. Retrieved 6 October 2015.
- ^ a b Tai, Katharin; Zhu, Yuan Yi (September 2022). "A historical explanation of Chinese cybersovereignty". International Relations of the Asia-Pacific. 22 (3): 469–499. doi:10.1093/irap/lcab009.
- ^ "Democratic Republic of Congo internet shutdown shows how Chinese censorship tactics are spreading". CNN. 2 January 2019. Retrieved 10 December 2019.
- ^ a b Yang, Catherine (14 June 1997). "Law Creeps Onto the Lawless Internet". Business Week. Archived from the original on 28 June 1997. Retrieved 28 January 2014.
- ^ Barlow, John Perry. "A Declaration of the Independence of Cyberspace". Electronic Frontier Foundation. Archived from the original on 23 October 2013. Retrieved 28 January 2014.
- ^ Obar, Jonathan; Clement (1 July 2013). "Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty". Social Science Research Network: 1–12. SSRN 2311792.
- ^ a b c d e Davis, J.C. (Summer 1998). "Protecting intellectual property in cyberspace". IEEE Technology and Society Magazine. 17 (2): 12–25. doi:10.1109/44.682891.
- ^ Zekos, Georgios I. (2006). "State Cyberspace Jurisdiction and Personal Cyberspace Jurisdiction". International Journal of Law and Information Technology. 15 (1): 1–37. doi:10.1093/ijlit/eai029.
- ^ Zekos, Georgios I. (2002). "Legal problems in cyberspace". Managerial Law. 44 (5): 45–102. doi:10.1108/03090550210770614.
- ^ Post, David G. (1 May 2000). "What Larry Doesn't Get: Code, Law, and Liberty in Cyberspace". Stanford Law Review. 52 (5): 1439–1459. doi:10.2307/1229518. JSTOR 1229518.
- ^ "PCT FAQs" (PDF). World Intellectual Property Organization. Archived from the original (PDF) on 25 June 2008. Retrieved 20 March 2014.
- ^ Reidenberg, Joel R. (1996). "Governing Networks and Rule-Making in Cyberspace". Emory Law Journal. 45: 918.
- ^ World Intellectual Property Organization. "Building Respect for IP". World Intellectual Property Organization. Retrieved 20 March 2014.
- ^ Schneier, Bruce (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. New York: W.W. Norton & Company. ISBN 978-0393244816.
- ^ a b c d e f g h i j k l m Zhang, Angela Huyue (2024). High Wire: How China Regulates Big Tech and Governs Its Economy. Oxford University Press. doi:10.1093/oso/9780197682258.001.0001. ISBN 9780197682258.
- ^ Mozur, Paul (13 September 2015). "Baidu and CloudFlare Boost Users Over China's Great Firewall". The New York Times. Archived from the original on 24 January 2019. Retrieved 16 September 2017.
- ^ "google.com is blocked in China | GreatFire Analyzer". en.greatfire.org. Archived from the original on 5 August 2014. Retrieved 18 January 2020.
- ^ "How China's social media users created a new language to beat censorship on COVID-19". Amnesty International. 6 March 2020. Archived from the original on 3 April 2020. Retrieved 3 April 2020.
- ^ "China Blocks Access To Twitter, Facebook After Riots". Washington Post. Archived from the original on 19 September 2010. Retrieved 18 January 2020.
- ^ "Wikipedia founder defends decision to encrypt the site in China". The Verge. 4 September 2015. Archived from the original on 12 June 2018. Retrieved 17 April 2018.
- ^ Skipper, Ben (7 December 2015). "China's government has blocked Wikipedia in its entirety again". International Business Times UK. Archived from the original on 3 May 2018. Retrieved 2 May 2018.
- ^ Mozur, Paul; Goel, Vindu (5 October 2014). "To Reach China, LinkedIn Plays by Local Rules". The New York Times. Archived from the original on 13 June 2018. Retrieved 4 September 2017.
- ^ Branigan, Tania (28 June 2012). "New York Times launches website in Chinese language". The Guardian. Archived from the original on 4 September 2017. Retrieved 4 September 2017.
- ^ "Trafficking Data: China's Pursuit of Digital Sovereignty". thediplomat.com. Retrieved 27 September 2022.
- ^ Laikwan, Pang (2024). One and All: The Logic of Chinese Sovereignty. Stanford, CA: Stanford University Press. ISBN 9781503638815.
- ^ "285 millions d'euros pour Andromède, le cloud souverain français - le Monde Informatique". 21 September 2011. Archived from the original on 23 October 2011.
- ^ "France continues to pursue its own data centre infrastructure, dubbed “le cloud souverain”, despite the closure of some of the businesses initially behind the idea." https://theconversation.com/digital-colonialism-why-some-countries-want-to-take-control-of-their-peoples-data-from-big-tech-123048
- ^ "Numergy and Cloudwatt, each benefited from €75 million ($101 million) from the French government." https://gigaom.com/2013/11/18/a-guide-to-the-french-national-clouds/
- ^ "Cloudwatt : Vie et mort du premier "cloud souverain" de la France". 29 August 2019.
- ^ "Sovereign workspace openDesk: German Ministry of the Interior provides answers". Free Software Foundation Europe (FSFE). 21 September 2023. Retrieved 22 October 2023.
- ^ Brock, Richard (19 October 2023). "openDesk – Collabora Online brings Digital Freedom to European Government". CollaboraOffice. Retrieved 22 October 2023.
- ^ Schulze, Elizabeth (1 November 2019). "Russia just brought in a law to try to disconnect its internet from the rest of the world". CNBC. Retrieved 28 February 2021.
- ^ "Russia: Growing Internet Isolation, Control, Censorship". Human Rights Watch. 18 June 2020. Retrieved 28 February 2021.
- ^ Epifanova, Alena (16 January 2020). "Deciphering Russia's "Sovereign Internet Law"". DGAP.
- ^ "Russia internet: Law introducing new controls comes into force". BBC News. 1 November 2019. Retrieved 28 February 2021.
- ^ "On the Federal Law "On Amendments to the Federal Law" On Communications "and the Federal Law" On Information, Information Technologies and the Protection of Information"". Federation Council of the Federal Assembly of the Russian Federation. 22 April 2019.
- ^ "Law on "Sovereign Internet" adopted". The State Duma. 16 April 2019.
- ^ Wang, Frances Yaping (2024). The Art of State Persuasion: China's Strategic Use of Media in Interstate Disputes. Oxford University Press. p. 227. ISBN 9780197757512.