Adam Smith said that the road to certainty passes through the valley of ambiguity – Germany’s stance on cross-border data flows is no exception.
Germany is increasingly accused of being engaged in a digital protectionism, and commandeering the rest of Europe into policies aimed at ‘information sovereignty’ and counter the threat of the data-driven ‘Industrie 4.0’.
While the politically important German telecom and publishing sector openly argue for a ‘data Schengen’ that would effectively push US competition out of Germany or Europe, the government has been more cautious, preferring to talk in ambiguous terms – not least because German exporters face such barriers overseas.
Adam Smith said that the road to certainty passes through the valley of ambiguity – Germany’s stance on cross-border data flows is no exception.
The federal government recently adopted a set of guidelines aiming to increase the ‘flexibility and security’ of its government-run IT systems.
Germany’s 200 or so different government agencies run 1,300 data services centres, causing functional overlap and economic inefficiencies.
The new proposal, drafted by Germany’s interior ministry, advocates the consolidation of government-run IT systems and IT services centres.
So far, this is in good order. Efficiency and order – sound like good governance that we come to expect.However, the proposal is accompanied by a far-reaching move towards data localisation: for external cloud and software services to be purchased by Germany’s public authorities the government’s new guidelines (Resolution 2015/5 of the federal governments IT Council) stipulate that sensitive information (including government secrets and infrastructure information) have to be stored on servers within Germany.
The last nail in the coffin
At first sight, such requirements may sound reasonable in the post-Snowden environment; NSA was after all listening into the Chancellor’s phone calls.
Also, a serious attack on the IT systems of the Bundestag caused parliamentarians to question government agencies’ cyber security competences.But such notions are built on a very common misconception that data security is a function of where the data is physically located.
In contrary, centralising data in one country increases both the potential risk, but also the scale of the damage that hackers can cause.
Rather than fighting fire with fire by prosecuting business, Germany should exercise its moral higher ground to force other governments into a system built on mutual legal assistance – where governments are held accountable for their laws, not firms who try to abide by them. But it seems as the imperative of looking tough took priority over being effective.
In the long term
Many private firms increasingly or exclusively rely on cloud-based storage and data processing. According to a recent Eurostat survey, 19 per cent of European firms used cloud computing in 2014, primarily for email hosting and storage services.
46 per cent of those companies used advanced cloud services including financial and accounting software applications, customer relationship management and other business applications.
In general, a government-imposed limitation of vendor choices artificially restricts competition, incurs higher cost and prevents innovative business models from gaining ground and scale.
Accordingly, data localisation destroys well-functioning digital business models, increases the risk of successful attacks due to data concentration, and undermines the international competitiveness of digital and traditional exporters – all of which is at the detriment of the German economy.
photo credit: Erwin Brevis
Protectionist policies, such as recently adopted German retrictions on public sector cloud use, can ultimately translate into a threat for the open and global structure of the Internet, argues Daniel Castro, Vice President of the Information Technology and Innovation Foundation and Director of the Center for Data Innovation
The Digital Post: Newly adopted German rules for government cloud computing means official data can only be processed in Germany. What is your opinion?
Daniel Castro: This is an unfortunate development, both for Germany and for others. First, countries like Germany should be an ally in support of free trade, and by enacting these types of non-tariff barriers to trade it gives cover to other countries who want to enact protectionist measures.
Second, by restricting access to foreign cloud providers, Germany is “cutting off its nose to spite its face.” Germany organizations benefit from having access to the best cloud providers, and many of these are foreign companies. This will raise costs and decrease productivity for affected organizations.
Third, there is little real benefit in terms of privacy and security to storing data within the country versus abroad. Countries should be working to clarify any distinctions. This is one reason my think tank has called for a “Geneva Convention on the Status of Data” to determine when government agencies can lawfully request access to data.
Most developed countries should be able to agree to common standards and abide by them. The end goal should be a data free trade zone that extends globally.
The Digital Post: Ever since the Snowden revelations came out, German PM Angela Merkel has been advocating for a separate European communication network/infrastructure. What might be the implications of such project, if it ever is implemented?
Daniel Castro: United States and Europe are allies on many issues, and it would be counterproductive to build separate infrastructure rather than working together towards a common goal.
Neither wants the other to spy on them, so they should be able to come to terms to upgrade the infrastructure we already share.
The greater threat to both U.S. and German interests are from China, so there is an opportunity to put aside past issues and come together to confront a looming issue.
The Digital Post: You often speak about the rise of “data nationalism” across the world. What is this phenomenon about?
Daniel Castro: Many countries are trying to pass laws and regulations to keep data within their borders, such as by requiring data to be processed locally. One reason countries are doing this is because they believe it will help create jobs, such as construction jobs for data centers.
But the net impact is very negative, as it raises the cost of doing business for the rest of the economy, and many businesses are increasingly dependent on cloud infrastructure. Moreover, some rules limit cross-border data flows which means a multinational company will run into serious issues as it tries to operate on a global scale.
The Digital Post: Is data nationalism a threat to the current structure and functioning of the Internet? Why?
Daniel Castro: Yes. The primary benefit of the Internet is that it is a global, open network available to all. Protectionist policies can chip away at this ideal until we are eventually left with a series of disjointed national or regional Internets.
Policymakers should be very concerned about overreacting to short-term fears about data privacy at the expense of damaging the potential growth of data-driven innovation in the Internet economy.
photo credits: grinwithoutacat
Will large emerging countries manage to reshape internet governance around their national interests? One thing is sure: tomorrow’s internet will not resemble today’s.
In recent years, global issues connected to the internet and its uses have vaulted into the highest realm of high politics. Among these issues internet governance is now one of the most lively and important topics in international relations.
It has long been ignored and restricted to small silos of experts; however, the leaks disclosed by Edward Snowden on large-scale electronic surveillance implemented by US intelligence agencies triggered a massive response to the historical “stewardship” of the internet by the United States.
Not surprisingly, the stakes are high: today 2.5 billion people are connected to the internet, and by 2030, the digital economy is likely to represent 20% of the world’s GDP. In emerging countries, the digital economy is growing from 15% to 25% every year.
Studies evoke 50 even 80 billion connected “things” by 2020. Beyond mere figures, internet governance sharpens everyone’s appetite – from big corporations to governments – for the internet has taken up such a place in our lives and touches on so many issues, such as freedom of expression to privacy, intellectual property rights, and national security.
It is worth underlining that the issue is particularly complex. For some, the governance of the internet should respect free market rules – a deregulated vision carried by the Clinton-Gore administration in the 1990s –, or remain self-regulated by techno-scientist communities as conceived of by libertarian internet pioneers.
For others, the advent of the internet in the area of law-making implies a return to the old rules and instruments, but this would mean putting aside the mutations produced by its practices, most importantly the expansion of expression and participation. For others, again, the ultimate legitimization would consist in adopting a Constitution or a Treaty of the internet which would elevate its governance to the global level.
De-Westernizing the internet?
A number of countries have criticized American “hegemony” over the internet (infrastructure, “critical resources” such as protocols, the domain names system, normative influence, etc.). To a large extent, the internet is the ambivalent product of American culture and the expression of its universalist and expansionist ideology.
As U.S. policymakers emphasized the importance of winning the battle of ideas both during the Cold War and in the post-2001 period, the ability to transmit America’s soft power via communications networks has been perceived as vital.
Consequently, in recent years, particularly since the Arab uprisings, governments around the world have become more alert to the disruptive potential of access to digital communications. Demographic factors are also behind calls for change: over the next decade, the internet’s centre of gravity will have moved eastwards.
Already in 2012, 66% of the world’s internet users lived in the non-Western world. However, the reasons for questioning the U.S.’s supremacy also lie in these countries’ defiance of the current internet governance system, which is accused of favoring the sole interests of the U.S.
While critical of the status quo, large emerging countries do not constitute a homogeneous block. Back in December 2012 in Dubai, when the Treaty to revise the International Telecommunication Regulations (ITRs) was closely negotiated, some countries such as India, the Philippines and Kenya had rallied behind the U.S.
The Dubai negotiations nevertheless showed that these “swing states” – countries that have not decided which vision for the future of the internet they will support – are increasingly asserting their vision in order to get things moving.
Placed under the auspices of the United Nations-led International Telecommunications Union (ITU), the Dubai meeting therefore served as a powerful tribune to both contest American preeminence and call for multilateral internet governance.
More fundamentally, these tensions reflect another conception of the internet, which lays on a double foundation: on the national level, the claim that states have sovereign power over the management of the internet; and on the international level, the preeminence of states over other stakeholders, and the notion of intergovernmental cooperation to debate internet governance.
To this end, the arguments developed fit into a geostrategic context which has been reshaped by the emergence of new poles of influence. They are aimed at making the internet an instrument of both the domestic and foreign policies of one country. The preservation of state order, the fight against cybercrime, and the defense of commercial interests are several illustrations of elements that can be used to justify and advance the questioning of the current system.
China, given its demographic, economic and technological weight, is emblematic of the current “game”. Overall, China has sought to adopt a pragmatic approach: if Beijing does not agree with the concept of the Internet Governance Forum (IGF) – the so-called “multi-stakeholder” principle would not guarantee an equal representation between the different stakeholders and regions of the world. It nevertheless integrated ICANN’s Governments Advisory Committee in 2009, and is now very active in promoting its own standards within the organizations where technical norms are negotiated.
Russia, for its part, has put forward several initiatives at the U.N. over the last fifteen years – all of which have built upon a firm opposition to the U.S. and have defended a neo-Hobbesian vision in which security considerations and the legitimacy of states to ensure their digital/information sovereignty play a critical role. Moscow has thus been active within U.N. intergovernmental agencies such as ITU, and regional ones such as the Shanghai Cooperation Organization (SCO) and the BRICS forum.
And then came Snowden
The stances taken by emerging countries unsurprisingly found favorable echoes after Edward Snowden’s revelations in June 2013. If Russia opportunely stood out by granting asylum to Snowden, Brazil promptly expressed its dissatisfaction.
President Dilma Rousseff, herself a victim of NSA wiretapping, took the lead of a virtuous crusade against the status quo: with the loss of the U.S.’s moral leadership, their stewardship over the agencies which manage the Internet is less tolerated. At the U.N. General Assembly, Rousseff somewhat aggressively criticized Washington, as such showing a will to federate emancipation towards the U.S. dependency.
Brasilia then intensified its diplomatic offensive by announcing an international summit on Internet governance – called NETmundial – to take place in April 2014 in Sao Paulo. In the meantime, Brazilian authorities promulgated the Marco Civil bill, a sort of Internet Constitution which guarantees freedom of expression, protection of privacy and net neutrality. Is the Brazilian stance in a post-Snowden context purely opportunistic?
Interestingly, Brazil appears to be taking the middle ground between the two governance “models” that have been under discussion so far – the multi-stakeholders and the multilateral – in a context where the Europeans have stepped aside.
Since the first World Summit for Information Society (WSIS) in 2005 Brasilia has been promoting free software and advancing a global internet governance model based on its own domestic model. Rousseff’s words fit into a long-term perspective, which sees in the opening of a new international scene – the Web – an opportunity to take the international lead, after the relative failures of former President Lula to position Brazil on international security issues.
The world is not flat
Will large emerging countries manage to reshape internet governance around their national interests? In the shift that was the last ITU’s WCIT meeting in Dubai in December 2012, the excessively polarized debates between self-proclaimed partisans of an “open and free” internet and the supporters of a governance resting on territorial sovereignty sparked off a strained discourse over a “digital Cold War” preceding an “internet Yalta”.
Since Snowden’s revelations emerged, the American reaction has particularly focused on storytelling: since states around the world question the U.S. oversight over the internet, it is because they want to fragment and “balkanize” the global internet – a discourse largely passed on by U.S. Net giants.
Well, the commercial strategies of the major internet companies themselves tend to intensify the fragmentation of online public spaces by creating distortions in internet users’ access to information and content sharing, that is to say by reducing both the openness and pluralism that have made the internet a great social value.
Here lies a powerful engine for contest, as it has been recently the case in Western Europe. Borders do reappear where they were not necessarily expected: Google, Apple or Amazon are building their own ecosystem, from which it is becoming hard to get out.
One thing is sure: tomorrow’s internet will not resemble today’s. Already the power of search engines diminishes the importance of the domain names system; cloud computing, the Internet of things and the spread of mobile internet are starting to radically transform practices and produce new complexities with regards to the internet’s outline and governance.
It is also certain that the situation will remain at a dead end if the two broad and opposed conceptions of the internet persist: a new space of freedom or a new instrument of control.
Photo credit: Paul Downey