Internet |
---|
Internetportal |
In internet governance, network sovereignty, also called digital sovereignty or cyber sovereignty, is the effort of a governing entity, such as a state, to create boundaries on a network and then exert a form of control, often in the form of law enforcement over such boundaries. [1] [2] [3] [4]
Much like states invoke sole power over their physical territorial boundaries, state sovereignty, such governing bodies also invoke sole power within the network boundaries they set and claim network sovereignty. In the context of the Internet, the intention is to govern the web and control it within the borders of the state. Often, that is witnessed as states seeking to control all information flowing into and within their borders.
The concept stems from questions of how states can maintain law over an entity such like the Internet, whose infrastructure exists in real space, but its entity itself exists in the intangible cyberspace. According to Joel Reidenberg, "Networks have key attributes of sovereignty: participant/citizens via service provider membership agreements, 'constitutional' rights through contractual terms of service, and police powers through taxation (fees) and system operator sanctions." [5] Indeed, many countries have pushed to ensure the protection of their citizens' privacy and of internal business longevity by data protection and information privacy legislation (see the EU's Data Protection Directive, the UK's Data Protection Act 1998).
Network sovereignty has implications for state security, Internet governance, and the users of the Internet's national and international networks.
Networks are challenging places for states to extend their sovereign control. In her book Sociology in the Age of the Internet, communications professor Allison Cavanagh argues that state sovereignty has been drastically decreased by networks. [6]
Other scholars such as Saskia Sassen and Joel R. Reidenberg agree. Sassen argues that the state's power is limited in cyberspace and that networks, particularly the numerous private tunnels for institutions such as banks. [7] Sassen further postulates that these private tunnels create tensions within the state because the state itself is not one voice. [8] Reidenberg refers to what he terms "Permeable National Borders," effectively echoing Sassen's arguments about the private tunnels, which pass through numerous networks. [9] Reidenberg goes on to state that intellectual property can easily pass through such networks, which incentivizes businesses and content providers to encrypt their products. [10] The various interests in a network are echoed within the state, by lobby groups.
Many governments are trying to exert some forms of control over the Internet. Some examples include the SOPA-PIPA debates in the United States, the Golden Shield Project in China, and new laws that grant greater power to the Roskomnadzor in Russia.
With the failed Stop Online Piracy Act, the United States would have allowed law enforcement agencies to prevent online piracy by blocking access to websites. The response from bipartisan lobbying groups was strong. Stanford Law Professors Mark Lemly, David Levin, and David Post published an article called "Don't Break the Internet." [11] There were several protests against SOPA and PIPA, including a Wikipedia blackout in response to statements by Senator Patrick Leahy, who was responsible for introducing the PROTECT IP Act. Both acts viewed as good for mass media because they limited access to certain websites. The acts were viewed as an attack on net neutrality and so were seen as potential damaging to the networked public sphere. [12]
The Golden Shield Project, sometimes known as Great Firewall of China, prevents those with a Chinese IP address from accessing certain banned websites inside the country. People are prevented from accessing sites that the government deems problematic. That creates tension between the netizen community and the government, according to scholar Min Jiang. [13]
Russia's Roskomnadzor (Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications) was created in December 2008 in accordance with President's Decree No. 1715. The agency was created to protect personal data owners' rights. According to the Russian government, the agency has three primary objectives:
On 1 September 2015, a new data localization law provided Roskomnadzor with greater oversight. The law itself stipulates that any personal data collected from Russian citizens online must be stored in server databases that are physically located in Russia. It "creates a new procedure restricting access to websites violating Russian laws on personal data." [15] Even with staunch pressure from those who promote "free flow of information," President Vladimir Putin and the Kremlin remain stolid in assertions of network sovereignty to protect Russian citizens. [16]
China's approach could also be repeated in many other countries around the world. [17] [18] One example was the Internet censorship in the Arab Spring, when the Egyptian government in particular tried to block access to Facebook and Twitter. Also, during the 2011 England riots, the British government tried to block Blackberry Messenger.
Many believe that the government has no right to be on the Internet. As Law Professor David Post at the University of Georgetown argued, "'[States] are mapping statehood onto a domain that doesn't recognize physical boundaries,'" at least in the context on the internet. He went on to say, "'When 150 jurisdictions apply their law, it's a conflict-of-law nightmare.'" [19] Some proponents of the internet, such as John Perry Barlow, argued that the current form of the Internet is ungovernable and should remain as open as possible. Barlow's essay was written about the 1990s Internet, and while it has changed very much since then, the ideas in his work are still salient in the ongoing debates surrounding the future of the Internet. In his essay A Declaration of the Independence of Cyberspace, he advocated that governments should stay out of the internet. [20]
Network Sovereignty can affect state security, law enforcement on the internet, and the ways that private citizens use the internet, as many people attempt to circumvent the protections and legal devices, placed by many governments on the Internet, by using tools such as VPNs.
Virtual Private Networks (VPNs) are a significant tool to allow private citizens to get around network sovereignty and any restrictions their government may place on their access to the internet. VPNs allow a computer to route its Internet connection from one location to another. For example one would connect from a connection at point A to a connection at point B, and to others, it would appear that they are accessing the Internet from point B even if they are in point A. For example, in China, VPNs are used to access otherwise-blocked content. Yang gives the example of pornography stating that with VPN, "smut that's banned in the US can wind its way into American homes through electrical impulses in, say, Amsterdam." [19] In that example, by using VPNs, an Internet user in the United States could access banned material that is hosted in Amsterdam by accessing through a server, hosted in Amsterdam, to make it appear that the user is in Amsterdam, based on the IP address. Therefore, citizens have a way around network sovereignty, simply by accessing a different server through a VPN. That greatly limits how governments can enforce network sovereignty and protect their cyberspace borders. Essentially, there is no way that a government could prevent every citizen from accessing banned content by means such as VPNs.[ citation needed ]
One of the most significant reasons for enforcing network sovereignty is to prevent the scanning of information that travels through other countries. For example, any internet traffic that travels through the United States is subject to the Patriot Act and so may be examined by the National Security Agency, regardless of the country of origin. Jonathan Obar and Andrew Clement refer to the routing of a transmission from a point in state A to another location in state A through state B as Boomerang Routing. [21] They provide the example of traffic from Canada being routed through the United States before returning to Canada, which enables the United States to track and examine the Canadian traffic.
Governments may want to enact network sovereignty to protect copyright within their borders. The purpose of SOPA-PIPA was to prevent what was effectively deemed theft. Content providers want their content to be used as intended because of the property rights associated with that content. [22] One instance of such protection is in e-commerce.
Currently, private networks are suing others who interfere with their property rights. [23] For the effective implementation of e-commerce on the Internet, merchants require restrictions on access and encryption to protect not only their content but also the information of content purchasers. Currently, one of the most effective ways to regulate e-commerce is to allow Internet service providers (ISPs) to regulate the market. [24] The opposing argument to regulating the internet by network sovereignty to allow e-commerce is that it would break the Internet's egalitarian and open values because it would force governments and ISPs to regulate not only the Internet's content but also how the content is consumed. [25]
The World Intellectual Property Organization is a United Nations body, designed to protect intellectual property across all of its member states. [22] WIPO allows content to traverse various networks through their Patent Cooperation Treaty (PCT). The PCT allows for international patents by providing security for content providers across state borders. [26] It is up to states to enforce their own network sovereignty over these patents. Global standards for copyright and encryption are viewed as one way that governments could cooperate. [27] With global standards it is easier to enforce network sovereignty because it builds respect for intellectual property and maintains the rights of content creators and providers. [28] It is possible that governments may not be able to keep up with regulating these initiatives. For example, in the 1995 Clipper Chip system, the Clinton administration in the United States reneged on its original policy because it was deemed that it would soon be too easy to crack the chips. [22] One alternative proposed was the implementation of the digital signature, which could be used to protect network sovereignty by having content providers and governments sign off the content, like for a digital envelope. [22] This system has already been implemented in the use of Wi-Fi Protected Access Enterprise networks, some secured websites, and software distribution. It allows content to pass through borders without difficulty because it is facilitated through organizations such as WIPO. [22]
In his 2015 book Data and Goliath , American security expert Bruce Schneier says the cyber sovereignty movement, in countries such as Russia, China, France and Saudi Arabia, was given an enormous boost by the 2013 revelations of widespread international NSA surveillance, which those countries pointed to as justification for their activities and evidence of U.S. hypocrisy on Internet freedom issues. [29]
In 2018, the United States adopted the CLOUD Act, which allows United States law enforcement to obtained data stored by United States-based companies outside of the United States. [30] : 248 Numerous countries responded with measures to keep data located in their own borders. [30] : 248
Cyber sovereignty, known in Mandarin as 网络主权, has been a mainstay of Chinese Internet policy in recent years, and the international promotion of cybersovereignty forms an integral part of Chinese foreign policy, although it remains ill-defined within Chinese discourse. [17] Generally, China advocates for internet sovereignty and tends to prioritize cybersecurity. [30] : 121 The Great Firewall is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic. [31] The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google Search, [32] Facebook, [33] Twitter, [34] Wikipedia, [35] [36] and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations. [37] [38]
Chinese policymakers became increasingly concerned about the risk of foreign surveillance, foreign data collection, and cyberattacks following the 2010s global surveillance disclosures by Edward Snowden, which demonstrated extensive United States intelligence activities in China. [30] : 129, 250 As part of its response, the Chinese Communist Party in 2014 formed the Cybersecurity and Information Leading Group and the National People's Congress passed the 2017 Cyber Security Law. [30] : 129, 250 The Cybersecurity Law contains stringent data localization requirements. [30] : 250
China's 2021 Data Security Law formed part of the country's response to the United States CLOUD Act. [30] : 251 The Data Security Law creates a data classification framework based on national security principles and avoiding the extraterritorial reach of the CLOUD Act or similar foreign laws. [30] : 251 It protects core data with data localization requirements, and broadly defines core data to include data related to national and economic security, citizens' welfare, significant public interests, and important data. [30] : 251 The Data Security Law mandates that data transfer to foreign law enforcement or judicial agencies requires official approval. [30] : 251 It also empowers the Chinese government to conduct national security audits over firms operating in China which gather user data. [39]
The 2021 Personal Information Protection Law, like the Data Security Law, includes a provision meant to counter the extraterritorial reach of the CLOUD Act or similar foreign laws. [30] : 251
In 2022, the Cyberspace Administration of China issued measures and guidelines on security assessments for cross-border data transfers as part of an effort to institutionalize data transfer review mechanisms. [30] : 251
Writing in 2024, academic Pang Laikwan concludes that China likely has strongest cyber sovereignty in the world. [40] : 80
Project Andromède launched in 2009, with the aim to spend €285 million on "cloud souverain" or sovereign cloud. [41] [42] The government spent €75 million on each of its two national champions, Cloudwatt and Numergy, but these two sold only €8 million worth of services, combined. [43] On January 1, 2020, all services were terminated and clients were advised their data was deleted. [44]
In 2023, Ireland's Data Protection Commissioner imposed record EUR 1.2 billion fine on Meta for transferring data from Europe to the United States without adequate protections for EU citizens. [30] : 250
openDesk is a project to create administrative workspaces to enable digital sovereignty, initiated in 2023 by the German Federal Ministry of the Interior (BMI) and the public IT service provider Dataport. [45] There is collaboration with a team of open-source specialists from Collabora, Nextcloud, OpenProject, OpenXchange, Univention, XWiki, and others [46]
The Sovereign Internet Law is a set of 2019 amendments to existing Russian legislation that mandate Internet surveillance and grants the Russian government powers to partition Russia from the rest of the Internet, including the creation of a national fork of the Domain Name System. [47] [48] [49] [50] [51] [52]
As part of its data localization requirements, Vietnam requires that Google host servers for Vietnam within the country. [53]
China censors both the publishing and viewing of online material. Many controversial events are censored from news coverage, preventing many Chinese citizens from knowing about the actions of their government, and severely restricting freedom of the press. China's censorship includes the complete blockage of various websites, apps, and video games, inspiring the policy's nickname, the Great Firewall of China, which blocks websites. Methods used to block websites and pages include DNS spoofing, blocking access to IP addresses, analyzing and filtering URLs, packet inspection, and resetting connections.
China has been on the Internet intermittently since May 1989 and on a permanent basis since 20 April 1994, although with heavily censored access. In 2008, China became the country with the largest population on the Internet and, as of 2024, has remained so. As of December 2024, 1.09 billion use internet in China.
Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is often distinguished from targeted surveillance.
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.
Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used for baselining application behavior, analyzing network usage, troubleshooting network performance, ensuring that data is in the correct format, checking for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.
The Great Firewall is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic. The Great Firewall operates by checking transmission control protocol (TCP) packets for keywords or sensitive words. If the keywords or sensitive words appear in the TCP packets, access will be closed. If one link is closed, more links from the same machine will be blocked by the Great Firewall. The effect includes: limiting access to foreign information sources, blocking foreign internet tools and mobile apps, and requiring foreign companies to adapt to domestic regulations.
Center for Democracy & Technology (CDT) is a Washington, D.C.–based 501(c)(3) nonprofit organisation that advocates for digital rights and freedom of expression. CDT seeks to promote legislation that enables individuals to use the internet for purposes of well-intent, while at the same time reducing its potential for harm. It advocates for transparency, accountability, and limiting the collection of personal information.
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.
The Federal Office for Information Security is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2024 has about 1,700 employees. Its current president, since 1 July 2023, is former business executive Claudia Plattner, who took over the presidency from Arne Schönbohm.
The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or the Budapest Convention, is the first international treaty seeking to address Internet and computer crime (cybercrime) harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It was drawn up by the Council of Europe in Strasbourg, France, with the active participation of the Council of Europe's observer states Canada, Japan, the Philippines, South Africa and the United States.
Internet censorship in the United States is the suppression of information published or viewed on the Internet in the United States. The First Amendment of the United States Constitution protects freedom of speech and expression against federal, state, and local government censorship.
Cyberethics is "a branch of ethics concerned with behavior in an online environment". In another definition, it is the "exploration of the entire range of ethical and moral issues that arise in cyberspace" while cyberspace is understood to be "the electronic worlds made visible by the Internet." For years, various governments have enacted regulations while organizations have defined policies about cyberethics.
Information technology law, also known as information, communication and technology law or cyberlaw, concerns the juridical regulation of information technology, its possibilities and the consequences of its use, including computing, software coding, artificial intelligence, the internet and virtual worlds. The ICT field of law comprises elements of various branches of law, originating under various acts or statutes of parliaments, the common and continental law and international law. Some important areas it covers are information and data, communication, and information technology, both software and hardware and technical communications technology, including coding and protocols.
An Internet kill switch is a countermeasure concept of activating a single shut off mechanism for all Internet traffic.
There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced.
Internet censorship circumvention is the use of various methods and tools to bypass internet censorship.
The Stop Online Piracy Act (SOPA) was a proposed United States congressional bill to expand the ability of U.S. law enforcement to combat online copyright infringement and online trafficking in counterfeit goods. Introduced on October 26, 2011, by Representative Lamar Smith (R-TX), provisions included the requesting of court orders to bar advertising networks and payment facilities from conducting business with infringing websites, and search engines from linking to the websites, and court orders requiring Internet service providers to block access to the websites. The proposed law would have expanded existing criminal laws to include unauthorized streaming of copyrighted content, imposing a maximum penalty of five years in prison.
In Russia, internet censorship is enforced on the basis of several laws and through several mechanisms. Since 2008, Russia maintains a centralized internet blacklist maintained by the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor).
Human rights in cyberspace is a relatively new and uncharted area of law. The United Nations Human Rights Council (UNHRC) has stated that the freedoms of expression and information under Article 19(2) of the International Covenant on Civil and Political Rights (ICCPR) include the freedom to receive and communicate information, ideas and opinions through the Internet.
The Cybersecurity Law of the People's Republic of China, commonly referred to as the Chinese Cybersecurity Law, was enacted by the National People’s Congress with the aim of increasing data protection, data localization, and cybersecurity ostensibly in the interest of national security. The law is part of a wider series of laws passed by the Chinese government in an effort to strengthen national security legislation. Examples of which since 2014 have included the data security law, the national intelligence law, the national security law, laws on counter-terrorism and foreign NGO management, all passed within successive short timeframes of each other.
{{cite book}}
: CS1 maint: location missing publisher (link){{cite journal}}
: Cite journal requires |journal=
(help){{cite journal}}
: Cite journal requires |journal=
(help)