Technological Sovereignty: Missing the Point?

An Analysis of European Proposals after June 5, 2013

Executive Summary

European government officials and public figures have promoted a variety of proposals for gaining ​“technological sovereignty” in response to the media reports that began emerging in June 2013 on foreign surveillance. Our research identified proposals from over a dozen countries in Europe that range from the construction of new undersea cables to stronger data protection rules made by top decision-makers and other public figures. The current German government’s coalition agreement, for example, explicitly states that it will ​“take efforts to regain technological sovereignty.” Some of these statements and proposals qualify as simple posturing to address political pressure. Others have been more seriously debated publicly. 

This report finds that many of the proposals do not effectively protect against foreign surveillance. Moreover, some of them, especially technical proposals forcing localized data storage or routing, are likely to negatively affect a free and open Internet. Other proposals attempt to use the political window of opportunity to redirect limited resources and funding for political purposes, leading to suboptimal investments and policy outcomes. The specific impact often depends on how a proposal is implemented. That’s why Europe needs to focus more on its responsibility to ensure globally an open, free, and secure Internet. Actively promoting proposals for greater control within Europe will limit Europe’s ability to present itself as a global advocate of a free and open Internet. Without greater nuance, other governments could use the proposals to justify their own actions, including those that do not protect, but violate, human rights.

Many technological sovereignty proposals were advanced with the goal of securing data and privacy. The majority of proposals focus on the physical location of data as a security mechanism. But data privacy and security depend primarily not on where data is physically stored or sent, but on how it is stored and transmitted. Moreover, the debate thus far has focused narrowly on the transatlantic dimension, but the problem of data privacy and security is much bigger. The proposals most likely to protect against any foreign surveillance focus on the use of encryption tools. These deserve greater attention from policymakers. The debate on the use of encryption tools includes discussing the local government’s ability to conduct domestic law enforcement efforts, which has been the subject of an emerging and important debate in the United States and the United Kingdom.

The goal of this report is to provide a more nuanced, technically informed analysis of these proposals, in the hope that it will lead to a more productive discussion. The main contribution of this paper is a systematic mapping and impact assessment of existing proposals, using the Organisation for Economic Cooperation and Development (OECD) Principles for Internet Policy-Making and a traffic-light system to visualize the proposals’ impact. The mapping and impact assessment provide a more detailed analysis of technical proposals so that they could have have long-lasting effects on the architecture of the Internet. This assessment can serve as a toolbox for policymakers, so that they can better assess the nature, feasibility, and viability of the proposals. Europe has a responsibility to lead by example in ensuring an open, free, and secure Internet. This report strives to advance this goal.

The full policy paper is available for download.

…

This paper is part of a joint project by GPPi and New America’s Open Technology Institute called Transatlantic Dialogues on Security and Freedom in the Digital Age.