On January 28, the UK government was set to announce whether it would allow Huawei, the Chinese information and communication technologies provider, to develop its 5G infrastructure. Given Brexit and its need to form new alliances, the decision was marked as a significant moment for the UK’s trade future. Leading up to the day of the decision, the UK was subjected to a significant amount of pressure from the United States government to reject any deal with Huawei. (Similar pressure was exercised towards any other US ally considering to use Huawei’s 5G infrastructure). In a tweet sent by US Secretary of State, Mike Pompeo, the day before the decision was due, he made the claim that Britain’s decision would effectively be one of sovereignty.
We can debate the merits of this claim, but the thing that I want to focus on is the often-use of the word ‘sovereignty’ in conjunction to the Internet and technology. It is interesting to observe how in almost every single discussion about the role governments should have in the Internet, the term ‘sovereignty’ pops up. Terms like “digital sovereignty”, “technological sovereignty” or “Internet sovereignty” have become commonplace.
But, does sovereignty help advance the Internet governance conversations?
The answer is an emphatic ‘no’; sovereignty adds an extra layer of complexity and only pushes states further apart while, simultaneously, it undermines and fragments the Internet. Sovereignty and the Internet are – prima facie – two irreconcilable concepts.
Born out of the effort to connect networks with one another, the Internet was originally designed to not recognize any geographical boundaries. Its design embodies a true decentralized structure in the sense that it is both architecturally decentralized – it runs on multiple computers – as well as politically– no central authority has power over those networks. This decentralized nature has further allowed the various autonomous networks to interconnect with one another irrespective of where in the world they are located. In fact, since its inception, one of the Internet’s distinguishable characteristics has been its global reach: “any endpoint of the Internet can address any other endpoint, and the information received at one endpoint is as intended by the sender, wherever the receiver connects to the Internet. Implicit in this is the requirement of global, managed addressing and naming services”.
Sovereignty, on the other hand, is all about strict geographical boundaries. It refers to the legal autonomy of the state to act independently and without constraints within its own territory. Under its Rousseaunian tradition it reflects the power of the state emerging from its people and for the people.
In the context of geopolitical disputes for transnational communication technologies, sovereignty is currently seen as the construction of a governance system with the ability to coordinate and manage exchanges that may or, may not, address primarily issues of privacy/data protection and security. In this context, its application is one of scale. Historically, countries always sought to impose some sort of domestic legislation to the Internet, but, at the same time, most of them equally understood and respected the need for network autonomy and integrity. Over the past few years, however, there has been a significant shift in this thinking, with an increasing number of countries now actively seeking to centralize control over the Internet. For any country interested in the governance of the Internet, the claim to sovereignty is a claim to power.
Such a Foucauldian approach considers sovereign power as a constant negotiation about the validity of claims of knowledge and truth, which dictates the power dynamics within a system. In this context, we can observe countries, like Russia and China, racing to codify their own notions of sovereignty in international law, much in the same way, the West was integrating its ideas of “universal values” when the Internet first emerged and for the best part of the its commercial history.
Three distinguishable forms of “Internet sovereignty” have emerged thus far.
The first one is China’s vision of sovereignty which is predominantly attached to notions of national security and securitization. (Russia is also part of this thinking, but its vision and technology implementation is not nearly as advanced as China’s.) China’s Internet sovereignty is all about the right of national governments to supervise, regulate and censor all electronic content that passes through its borders – what Bill Bishop has referred to as the “invisible birdcage”. In China, “Internet sovereignty” first appeared in a 2010 White Paper, which indicated that “within Chinese territory the Internet is under the jurisdiction of Chinese sovereignty. […] To build, utilize and administer the Internet well is an issue that concerns national economic prosperity and development, state security and social harmony, state sovereignty and dignity, and the basic interests of the people”. Since then and through a series of laws focusing primarily on cybersecurity, China has increasingly placed chokepoints on its Internet infrastructure, requiring network operators to store data within China and allowing Chinese authorities to conduct spot-checks on the network operations of any company operating out of China. On December 1st, 2019, China rolled out its Cybersecurity Multi-level Protection Scheme (MLPS 2.0), aiming to create a system that is able to monitor every activity in China: Internet, mobile, WeChat type social networks, cloud systems, national and international email – everything. The framework’s goal is not to empower users or even allow companies to make money; it is an attempt to centralize control over key network operations to the Chinese government. With this strategy China does not seek to close itself out of the global Internet but, instead, to strengthen global network integration.
For Europe, sovereignty means independence from the dominant US technology companies. Europe started flirting with “digital sovereignty” as a response to the Snowden revelations in 2013. A 2014 research paper by the Global Public Policy Institute (GPPi) and New America’s Open Technology Institute identified around 12 European countries using the term or considering practical policy solutions to its end. These policies ranged from the construction of new undersea cables to stronger data protection rules; they detailed different layers of extreme with some going as far as to suggest forced data localization and routing rules. Although most of these proposals never materialized, Europe has integrated sovereignty in its recent digital strategy. Last year, Ursula Von Der Leyen, Europe’s chief Commissioner stated that “it is not too late to achieve technological sovereignty in some critical areas.” Similarly, her number two and the EU’s competition czarina, Commissioner Margrethe Vestager argued that digital sovereignty can be achieved through “the development of key value chains and technologies that are of strategic importance for Europe” and which should be “open, truly European, innovative and lead to widespread knowledge dissemination”.
And, then there is the case of India. India presents a big oxymoron being both the largest democracy in the world and the world leader in deploying Internet shutdowns as a political tool to assert its sovereignty. Since August 2019, India has sanctioned the longest Internet shutdown ever to occur in a democracy, in the disputed Kashmir region. Discretionary and vague legal rules regarding the control the government can exercise over India’s Internet service providers has further enabled the government to restrict or limit access on regional and district levels. But, it is its data localization laws that further indicate India’s direction towards a more sovereignty-based Internet. A series of recent laws require different forms of data, from governmental to heath and financial to be stored in India. Additionally, India’s data protection legislation lays out the conditions under which “critical” and “sensitive” data are to be stored locally; this includes, financial, health and biometric information. An official document by the Committee of Experts on data protection acknowledged that although “laws facilitating cross-border data flows […] greatly foster research, technology development and economic growth”, critical personal data should be processed only in India with no cross-border transfer allowed.
So, what does this all mean and why should we care?
For the state, to view the Internet as nothing more than an extension of its sovereignty right should not come as a surprise. The key role of states is to make more of life ‘legible’ as James Scott has convincingly argued – this means to better record and measure human affairs in an effort to make them easier to manage. However, the drive for ‘legible’ or readable structures that can be easily understood and regulated often comes with a fatal flaw; in the top-down drive to simplify and formalize our understanding of complex systems, we sometimes disregard the local and practical knowledge critical to managing the complexity. To this end, our expectations that the state should – or would for that matter – see the Internet in a different fashion must be moderated. With this in mind, what is the impact sovereignty has on the current state of play?
The first point of this consideration is the pressure sovereignty places on the Internet. Although as we said previously, it should be expected that governments apply rules of sovereignty in all aspects of international relations, including the Internet, the stricter the application of those rules, the more danger there is for the Internet to splinter and fragment. And, by this we don’t mean that the global Internet will cease to exist; rather, it will not be neither desirable nor beneficial for people and networks to participate in the global Internet. Its resilience, which depends on the very fact that networks are diversely spread around the world, will diminish and with it any need for interoperation.
The other problem is how sovereignty contributes to state actors not being willing to collaborate. States are already split in their views of the Internet – a split that grows bigger. A UN resolution by Russia in the last days of 2019 on cybercrime, demonstrated the increasing division amongst the views of states. The resolution, which was opposed by the US and Europe but backed by China, passed 79 to 60, with 33 abstentions. And, although we should not be sounding the alarm bells yet, still this resolution indicates a clear move towards a more sovereign based approach for the Internet, which does not create any conditions for collaboration. In fact, sovereignty is the antithesis to collaboration and, this constitutes a problem. The Internet’s past is based on collaboration. Its future also depends on it.
Why is all this important? Because, whichever nation manages to crack the sovereignty code, will also determine the Internet we will end up using. Will it be an open and global space based on interoperation and mutual agreement? Or, will it be a closed and fragmented model based on geographical boundaries and cultural relativism.