Network sovereignty

In internet governance, network sovereignty, also called digital sovereignty or cyber sovereignty, is the effort of a governing entity, such as a state, to create boundaries on a network and then exert a form of control, often in the form of law enforcement over such boundaries.

Much like states invoke sole power over their physical territorial boundaries, state sovereignty, such governing bodies also invoke sole power within the network boundaries they set and claim network sovereignty. In the context of the Internet, the intention is to govern the web and control it within the borders of the state. Often, that is witnessed as states seeking to control all information flowing into and within their borders.

The concept stems from questions of how states can maintain law over an entity such like the Internet, whose infrastructure exists in real space, but its entity itself exists in the intangible cyberspace. According to Joel Reidenberg, "Networks have key attributes of sovereignty: participant/citizens via service provider membership agreements, 'constitutional' rights through contractual terms of service, and police powers through taxation (fees) and system operator sanctions." Indeed, many countries have pushed to ensure the protection of their citizens' privacy and of internal business longevity by data protection and information privacy legislation (see the EU's Data Protection Directive, the UK's Data Protection Act 1998).

Network sovereignty has implications for state security, Internet governance, and the users of the Internet's national and international networks.

Implications for state security
Networks are challenging places for states to extend their sovereign control. In her book Sociology in the Age of the Internet, communications professor Allison Cavanagh argues that state sovereignty has been drastically decreased by networks.

Other scholars such as Saskia Sassen and Joel R. Reidenberg agree. Sassen argues that the state's power is limited in cyberspace and that networks, particularly the numerous private tunnels for institutions such as banks. Sassen further postulates that these private tunnels create tensions within the state because the state itself is not one voice. Reidenberg refers to what he terms "Permeable National Borders," effectively echoing Sassen's arguments about the private tunnels, which pass through numerous networks. Reidenberg goes on to state that intellectual property can easily pass through such networks, which incentivizes businesses and content providers to encrypt their products. The various interests in a network are echoed within the state, by lobby groups.

Internet governance
Many governments are trying to exert some forms of control over the Internet. Some examples include the SOPA-PIPA debates in the United States, the Golden Shield Project in China, and new laws that grant greater power to the Roskomnadzor in Russia.

SOPA-PIPA
With the failed Stop Online Piracy Act, the United States would have allowed law enforcement agencies to prevent online piracy by blocking access to websites. The response from bipartisan lobbying groups was strong. Stanford Law Professors Mark Lemly, David Levin, and David Post published an article called "Don't Break the Internet." There were several protests against SOPA and PIPA, including a Wikipedia blackout in response to statements by Senator Patrick Leahy, who was responsible for introducing the PROTECT IP Act. Both acts viewed as good for mass media because they limited access to certain websites. The acts were viewed as an attack on net neutrality and so were seen as potential damaging to the networked public sphere.

Golden Shield Project
The Golden Shield Project, sometimes known as Great Firewall of China, prevents those with a Chinese IP address from accessing certain banned websites inside the country. People are prevented from accessing sites that the government deems problematic. That creates tension between the netizen community and the government, according to scholar Min Jiang.

Roskomnadzor
Russia's Roskomnadzor (Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications) was created in December 2008 in accordance with President's Decree No. 1715. The agency was created to protect personal data owners' rights. According to the Russian government, the agency has three primary objectives: On 1 September 2015, a new data localization law provided Roskomnadzor with greater oversight. The law itself stipulates that any personal data collected from Russian citizens online must be stored in server databases that are physically located in Russia. It "creates a new procedure restricting access to websites violating Russian laws on personal data." Even with staunch pressure from those who promote "free flow of information," President Vladimir Putin and the Kremlin remain stolid in assertions of network sovereignty to protect Russian citizens.
 * ensuring society demand in high-quality telecommunication services as well as information and communication technologies;
 * promoting mass communications and freedom of mass media;
 * ensuring protection of citizens' rights to privacy, personal and family confidentiality.

Other examples
China's approach could also be repeated in many other countries around the world. One example was the Internet censorship in the Arab Spring, when the Egyptian government in particular tried to block access to Facebook and Twitter. Also, during the 2011 England riots, the British government tried to block Blackberry Messenger.

Response to Internet governance
Many believe that the government has no right to be on the Internet. As Law Professor David Post at the University of Georgetown argued, "'[States] are mapping statehood onto a domain that doesn't recognize physical boundaries,'" at least in the context on the internet. He went on to say, "'When 150 jurisdictions apply their law, it's a conflict-of-law nightmare.'" Some proponents of the internet, such as John Perry Barlow, argued that the current form of the Internet is ungovernable and should remain as open as possible. Barlow's essay was written about the 1990s Internet, and while it has changed very much since then, the ideas in his work are still salient in the ongoing debates surrounding the future of the Internet. In his essay A Declaration of the Independence of Cyberspace, he advocated that governments should stay out of the internet.

Network Sovereignty can affect state security, law enforcement on the internet, and the ways that private citizens use the internet, as many people attempt to circumvent the protections and legal devices, placed by many governments on the Internet, by using tools such as VPNs.

Impact of VPNs
Virtual Private Networks (VPNs) are a significant tool to allow private citizens to get around network sovereignty and any restrictions their government may place on their access to the internet. VPNs allow a computer to route its Internet connection from one location to another. For example one would connect from a connection at point A to a connection at point B, and to others, it would appear that they are accessing the Internet from point B even if they are in point A. For example, in China, VPNs are used to access otherwise-blocked content. Yang gives the example of pornography stating that with VPN, "smut that's banned in the US can wind its way into American homes through electrical impulses in, say, Amsterdam." In that example, by using VPNs, an Internet user in the United States could access banned material that is hosted in Amsterdam by accessing through a server, hosted in Amsterdam, to make it appear that the user is in Amsterdam, based on the IP address. Therefore, citizens have a way around network sovereignty, simply by accessing a different server through a VPN. That greatly limits how governments can enforce network sovereignty and protect their cyberspace borders. Essentially, there is no way that a government could prevent every citizen from accessing banned content by means such as VPNs.

Protection of national traffic
One of the most significant reasons for enforcing network sovereignty is to prevent the scanning of information that travels through other countries. For example, any internet traffic that travels through the United States is subject to the Patriot Act and so may be examined by the National Security Agency, regardless of the country of origin. Jonathan Obar and Andrew Clement refer to the routing of a transmission from a point in state A to another location in state A through state B as Boomerang Routing. They provide the example of traffic from Canada being routed through the United States before returning to Canada, which enables the United States to track and examine the Canadian traffic.

Copyright protection
Governments may want to enact network sovereignty to protect copyright within their borders. The purpose of SOPA-PIPA was to prevent what was effectively deemed theft. Content providers want their content to be used as intended because of the property rights associated with that content. One instance of such protection is in e-commerce.

E-commerce
Currently, private networks are suing others who interfere with their property rights. For the effective implementation of e-commerce on the Internet, merchants require restrictions on access and encryption to protect not only their content but also the information of content purchasers. Currently, one of the most effective ways to regulate e-commerce is to allow Internet service providers (ISPs) to regulate the market. The opposing argument to regulating the internet by network sovereignty to allow e-commerce is that it would break the Internet's egalitarian and open values because it would force governments and ISPs to regulate not only the Internet's content but also how the content is consumed.

Role of WIPO
The World Intellectual Property Organization is a United Nations body, designed to protect intellectual property across all of its member states. WIPO allows content to traverse various networks through their Patent Cooperation Treaty (PCT). The PCT allows for international patents by providing security for content providers across state borders. It is up to states to enforce their own network sovereignty over these patents. Global standards for copyright and encryption are viewed as one way that governments could cooperate. With global standards it is easier to enforce network sovereignty because it builds respect for intellectual property and maintains the rights of content creators and providers. It is possible that governments may not be able to keep up with regulating these initiatives. For example, in the 1995 Clipper Chip system, the Clinton administration in the United States reneged on its original policy because it was deemed that it would soon be too easy to crack the chips. One alternative proposed was the implementation of the digital signature, which could be used to protect network sovereignty by having content providers and governments sign off the content, like for a digital envelope. This system has already been implemented in the use of Wi-Fi Protected Access Enterprise networks, some secured websites, and software distribution. It allows content to pass through borders without difficulty because it is facilitated through organizations such as WIPO.

Countries
In his 2015 book Data and Goliath, American security expert Bruce Schneier says the cyber sovereignty movement, in countries such as Russia, China, France and Saudi Arabia, was given an enormous boost by the 2013 revelations of widespread international NSA surveillance, which those countries pointed to as justification for their activities and evidence of U.S. hypocrisy on Internet freedom issues.

In 2018, the United States adopted the CLOUD Act, which allows United States law enforcement to obtained data stored by United States-based companies outside of the United States. Numerous countries responded with measures to keep data located in their own borders.

China
Cyber sovereignty, known in Mandarin as 网络主权, has been a mainstay of Chinese Internet policy in recent years, and the international promotion of cybersovereignty forms an integral part of Chinese foreign policy, although it remains ill-defined within Chinese discourse. Generally, China advocates for internet sovereignty and tends to prioritize cybersecurity. The Great Firewall is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic. The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google Search, Facebook, Twitter, Wikipedia, and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations.

Chinese policymakers became increasingly concerned about the risk of foreign surveillance, foreign data collection, and cyberattacks following the 2010s global surveillance disclosures by Edward Snowden, which demonstrated extensive United States intelligence activities in China. As part of its response, the Chinese Communist Party in 2014 formed the Cybersecurity and Information Leading Group and the National People's Congress passed the 2017 Cyber Security Law. The Cybersecurity Law contains stringent data localization requirements.

China's 2021 Data Security Law formed part of the country's response to the United States CLOUD Act. The Data Security Law creates a data classification framework based on national security principles and avoiding the extraterritorial reach of the CLOUD Act or similar foreign laws. It protects core data with data localization requirements, and broadly defines core data to include data related to national and economic security, citizens' welfare, significant public interests, and important data. The Data Security Law mandates that data transfer to foreign law enforcement or judicial agencies requires official approval. It also empowers the Chinese government to conduct national security audits over firms operating in China which gather user data.

The 2021 Personal Information Protection Law, like the Data Security Law, includes a provision meant to counter the extraterritorial reach of the CLOUD Act or similar foreign laws.

In 2022, the Cyberspace Administration of China issued measures and guidelines on security assessments for cross-border data transfers as part of an effort to institutionalize data transfer review mechanisms.

France
Project Andromède launched in 2009, with the aim to spend €285 million on "cloud souverain" or sovereign cloud. The government spent €75 million on each of its two national champions, Cloudwatt and Numergy, but these two sold only €8 million worth of services, combined. On January 1, 2020, all services were terminated and clients were advised their data was deleted.

Ireland
In 2023, Ireland's Data Protection Commissioner imposed record EUR 1.2 billion fine on Meta for transferring data from Europe to the United States without adequate protections for EU citizens.

Germany
openDesk is a project to create administrative workspaces to enable digital sovereignty, initiated in 2023 by the German Federal Ministry of the Interior (BMI) and the public IT service provider Dataport. There is collaboration with a team of open-source specialists from Collabora, Nextcloud, OpenProject, OpenXchange, Univention, XWiki, and others

Russia
The Sovereign Internet Law is a set of 2019 amendments to existing Russian legislation that mandate Internet surveillance and grants the Russian government powers to partition Russia from the rest of the Internet, including the creation of a national fork of the Domain Name System.