Faced with the U.S. National Security Agency’s widespread surveillance, and the disturbing commercial practices of GAFA 1, how do we — in France and Europe — regulate an internet that is omnipresent in our lives?
Digital sovereignty? In 1996, there were fewer than 100 million Internet users worldwide, and for many of them, fed a steady diet of libertarian cyberculture, the formula would have been a borderline oxymoron. “You have no sovereignty where we gather,” wrote John Perry Barlow, American poet and internet pioneer, addressing “Governments of the Industrial World” in the still famous “Declaration of the Independence of Cyberspace.” For this specimen of the “Californian ideology,” if there was sovereignty it could only be that of “virtual personalities” liberated from the “tyranny” of the physical world.
Twenty years later, the network of networks connects more than 3 billion earthlings. Far from the independent cyberspace of the post-hippie imagination, it has instead witnessed a replaying of political, social and economic relationships. “The principles that reign on the Internet — self-regulation and circulation without hindering information — are currently being called into question and discussed by societies laying claim to their sovereignty and demanding that laws applicable in their territory be respected,” claims geographer Boris Beaude in his book Les Fins d’Internet 2 (Fyp, 2014).
For Bernard Benhamou, a former inter-ministerial delegate on internet use and now secretary general of the Institut de la Souverainete Numerique 3, what is at stake is the ability to “master all technologies, as much from an economic point of view as from a social and political one,” and to “make up our minds, so that we have our own technological trajectory.”
But who decides what and how? It’s the plural sovereignties that are based on and compete for this Internet that nobody governs.
1. The Debates on Internet Governance
“We have owned the Internet,” Barack Obama stated last year in an interview with the website Recode. “Our companies have created it, expanded it, perfected it in ways that they can’t compete.” This declaration of ownership is debatable, but it reminds us that the United States remains a dominant force as a result of the history that has brought together the private sector, universities and the U.S. Defense Advanced Research Projects Agency in developing the network.
The actual technical management of the internet falls under the jurisdiction of several U.S.-based international entities, such as the Internet Engineering Task Force, which works on communication protocols, and the World Wide Web Consortium, which deals with web standards. The Internet Corporation for Assigned Names and Numbers, which coordinates domain name management, is under the supervision of the U.S. Department of Commerce until the end of 2016. A similar number of organizations participate in “internet governance,” according to the accepted formula. It brings together countries, businesses and civil society in accordance with a so-called “multi-stakeholder” model that aims to allow the preservation of a unique, open and decentralized network.
But this model is the subject of fierce debate. At the World Conference on International Telecommunications in Dubai in December 2012, several countries tried to get internet regulation brought under the auspices of the UN — in vain. Among others, China, Russia and Saudi Arabia, at whom fingers are regularly pointed with regard to their network censorship and surveillance, defended the “sovereign right” of governments to “regulate the national Internet segment.” In addition to the United States, European countries and private sector companies opposed this proposal.
2. Post-Snowden Personal Data Concerns
Edward Snowden’s revelations about the NSA’s massive surveillance operations have changed the structure of the debate. In 2014, after being targeted by the American agency’s wiretaps, now-impeached Brazilian president Dilma Rousseff spearheaded the campaign demanding a thorough reform of internet governance. But the spotlight has mainly been shone on the issue of the major American digital players accumulating personal data. “Snowden made us aware of the extent to which data is being concentrated,” summarizes Laurent Chemla, a member of both Squaring the Net, an association defending freedoms, and of the scientific council of the ISN.
Indeed, it was after the exposure of NSA surveillance that the Court of Justice of the European Union decided in October 2015 to invalidate the safe harbor agreement on the transfer of personal data from Europe to the United States. This is now being renegotiated. For Bernard Benhamou, “the question of ‘data residency’ is on the table” — in other words, the principle of localizing data in the Internet user’s territory. He submits that this would be “not only a tool for protecting freedoms, but also for developing industrial strategy.”
3. Sovereign and Economic Rivalries
This conflict is playing out on all fronts. “The Internet is dominated by oligopolies that are becoming more powerful than countries, with consequences for individual freedoms and the exercising of rights,” denounced Delphine Batho, a member of the French Parliament and the Socialist Party. “It’s also a major economic problem, to the extent that the entire economy is reconfigured by digital — the possession and use of data creates value. The European economy is being siphoned off; it is no longer possible to just let things take their course.”
During debates in the French National Assembly on the bill “Pour une Republique Numerique,” 4 the member of parliament for the Deux-Sevres department put forward an amendment — which was accepted by members from both the left and the right — asking the government for a “report on the possibility of creating a digital sovereignty commission.” This body’s main mission would be to set up a “sovereign operating system” and “data encryption protocols.” The French Senate struck out these provisions, retaining only the aim of “exercising, in cyberspace, national sovereignty and individual and collective rights and freedoms protected by the republic.” But in the meantime, the idea of a “made in France” operating system to compete with Windows or Mac OS has been lambasted by numerous experts.
“If the aim is to redevelop an operating system from scratch, then technically it’s nonsense,” Guillaume Poupard, the head of Anssi, a French cybersecurity agency, said in January. “If the aim is for it to be controlled by the state to add a load of rubbish to it, then I will oppose it.” For Bernard Benhamou, this idea would be like “rebuilding a citadel.” Delphine Batho defends the idea: “It’s not a case of the state having control over data. The sovereign operating system is obviously part of an open and collaborative vision,” or one of free and open software. Nevertheless, the high stakes of the “sovereign cloud,” aimed at competing with Amazon & co.’s data storage, show that a French rubber stamp does not guarantee users will adopt it.
4. Private Lives Pitted Against the State
The question is particularly sensitive as a way to curb the wishes of governments and, since Snowden, is also a critical issue for businesses. They need to re-establish the trust of their users. In the United States, but also in the U.K. and France, the authorities are fighting an increasingly open war against encryption, which is accused of hindering the fight against terrorism. We saw this in the high-profile battle that played out between Apple and the FBI relating to access to the data contained on the smartphone of one of the perpetrators of the San Bernardino attack.
“The demand for sovereignty must stop the moment you get to the ‘pillars of the temple,’ at which point the entire ecosystem is threatened,” says Bernard Benhamou. This is the whole problem caused by limiting encryption. Or by “back doors,” secret ways of accessing software or material that will sooner or later fall into the hands of those other than their intended recipients. In France, the Commission Nationale de l’Informatique et des Libertes, 5 recently adopted a position firmly in favor of encryption and against back doors.
5. What Sovereignty for Users?
The debate is complex and crucial. It simultaneously affects the exercising of fundamental freedoms, industrial concerns and the geostrategic balance of power. “It’s not as complicated as all that,” says Laurent Chemla ironically. “The aim is for more democracy and more freedoms. Whether it’s the stranglehold of unavoidable major companies or state surveillance, the battle is against both.” It’s about “giving the user sovereignty over their own data,” not “closing the borders.” Digital sovereignty is — no more and no less — an extension of popular sovereignty. Bernard Benhamou insists on the fact that digital sovereignty “only makes sense if it is exercised in a democratic framework.” He favors both a European bedrock, and a “larger trans-Atlantic agreement on ‘digital democracy.’” How do we counter the justification behind data capture without risking the network being “Balkanized”? How do we protect the rights of citizens in the network? In this complex game of powers and counter-powers, there’s also a question about the utopian aspects of the Internet. And furthermore, at a time of disenchantment, it’s a question about the future of a network with no center and no borders.
1. Editor’s note: An acronym common in the French media that stands for Google-Apple-Facebook-Amazon.↩
2. Editor’s note: Translated as “The Purpose of the Internet.”↩
3. Editor’s note: Translated as the “Digital Sovereignty Institute.”↩
4. Editor’s note: Translated as “For a Digital Republic.”↩
5. Editor’s note: Translated as the “National Commission on Informatics and Liberty.”↩