In its latest International Cyberspace and Digital Policy Strategy, the Department of State promoted a technological future that supports “digital solidarity,” a term that repackages the United States’ long held position of preserving an open Internet via the collaboration of similarly-minded nations to align their goals with one another.  This position stands in marked contrast with the one espoused by the governments of China and Russia that maintain that every country has the inherent right to manage its own digital sovereignty, no different than the territorial, maritime, and even horizontal air space boundaries that specifically mark the sovereign territory of a nation state.  The debate between the two positions has been one of the central tenets of why United Nations efforts to codify state norms of responsible behavior and other Internet-related governance issues continually stall in meetings.

The discussion perseveres largely because the global cyber environment continues to favor criminal activities, regardless of if they are the sophisticated mechanisms conducted by nation states, or the rampant financially motivated attacks of cybercrime gangs.  Cybercrime is expected to increase to USD $23.84 trillion by 2027, and the constant uptick of data breaches indicate that things are not expected to get better anytime in the near future.  What is painfully clear is that current efforts are not working to ameliorate the situation, despite governments implementing cybersecurity strategies and engaging in international discussions and promises to partner against these threats.  So, the question remains: does the international community continue to follow the same path it is, or try something different to impact the situation?

Critics of digital sovereignty point out that such measures further facilitate authoritarian tendencies to control and censor information, create “fragmented Internet governance,” and otherwise derail any collaborative efforts to root out cyber malfeasance.  While all of these are certainly possible, there have been very few instances where digital solidarity has addressed any of these points.  For example, Internet governance was long dominated by the United States and Western interests with the rest of the world falling in line.  However, as one prominent think tank pointed out, the more countries got adopted the Internet, the more interest they had in how the Internet was governed and being equal shareholders in a globally connected space.  This seems logical if one believes in the merits of globalization.  Still, arguments can be made that influencing and coercing other states to comply is its own form of authoritarianism, only done under the umbrella of digital solidarity.  This my way or the highway” dictum further dismisses valid though contrarian voices to a potential solution.  To make a deal that takes into consideration many voices there must be compromise, something that continues to elude the drivers of cyber solidarity. 

There are other arguments levied against cyber sovereignty to include its potential to hamper technological innovation via the protectionism that would impact foreign companies and promote domestic ones.  Another is that cyber sovereignty would have the adverse effect of reducing global risk, obstructing global cooperation and engagement.  While these seem legitimate concerns, governments do not need to embrace cyber sovereignty to implement protectionist policies that could impact innovation by outright banning or restricting their presence in a country, which has already been done by democratic states.  With respect to impacting global efforts to reduce cyber risk, there is nothing that currently prohibits governments from engaging one another if they so desire to do so.

In fact, agreements between governments continue to be made between nations and international organizations on cybersecurity collaboration independent of formal cyber solidarity.  Yet despite these bilateral and multilateral engagements, there has been little progress made to put a dent in the swath of cybercrime perpetuating across the globe.  Successful joint law enforcement efforts to indict and arrest cybercrime gangs and disrupt their operations have proven to have limited effect.  Like the mythological Hydra, more heads tend to pop up with more than willing criminals stepping in to fill the void.  And with respect to censorship, even democratic countries have demonstrated a willingness to do so under the purview of protecting themselves.  The United States has demonstrated it will apply pressure on social media (e.g., Facebook and Twitter) to proactively identify and remove accounts conducting questionable activities.  Even the United Kingdom’s Online Safety Act, which allows the government to bypass its own legal processes by designating “speech as ‘harmful’ when it cannot for whatever reason be outlawed.” Such hypocrisy is routinely called out by the Chinese.

With global efforts continually falling short, cyber sovereignty may be a viable option to help stem that very cyber risk.  The control excised by a government could be restrictive on human rights, it can also strengthen a country’s cybersecurity posture.  This becomes important because the international community can then hold a state accountable for any hostile activity transpiring from within its borders.  Any failure to demonstrate responsible behavior such as arresting and prosecuting the perpetrators or facilitating their extradition could result in political and/or economic consequences from the international community, or international organizations like the International Criminal Court or United Nations.  This would put pressure on those states known to provide safe haven to cybercriminal gangs, hacktivists, and private entities known to be affiliated with cyber malfeasance.  “Plausible deniability” would no longer be an acceptable state government excuse.  Even if a country’s networks were exploited as a “hop site,” they would still be responsible for their part in a consequential attack.

And while some view technological protectionism as a blow to globalization, it can help build and promote a state’s own technology sector, encouraging domestic development and innovation, and thereby bolstering economic stability and potential for economic growth.  It would give developing countries a chance to compete against other nations rather than forcing them to be reliant on foreign technology.  This is not good news for large international companies that have operated with the benefit of being a global supplier for years.  There doesn’t seem to be a good argument other than loss of profit for these companies as to why this should not happen.

There is some evidence to suggest that cyber sovereignty is gaining popularity among non-authoritarian nations.  Notably, according to a recently published International Data Corporation report, there is substantial interest in governments in the Asia Pacific (APAC) region for sovereign cloud solutions, a move influenced by geopolitical conflicts, hostile cyber activity, data protection, and digital trade policies.  And APAC does not appear alone in this regard.  The European Union (EU) looks to be gravitating toward its own version of digital sovereignty.  Indeed, one think tank suggests that the EU appears to be looking to expand its own indigenous technologies and have a larger role in establishing global governance norms, something that would have potential impact on the EU-U.S. relationship.  The EU’s digital sovereignty would be consistent with its own concept of rights, a theme that has been espoused by China and other pro-sovereignty governments. 

Many will contend that the Internet was intended to expand the free flow of information.  That may have worked at its inception, but that was before geopolitics and economics factored so prominently into today’s technological landscape.  Today, even democracies have shied away from complete transparency, moving the goal posts of what acceptable behavior looks like.  If states truly are interested in preserving this open “democratic” model, they need to demonstrate that commitment in what they do, not what they say.  If not, then it makes sense that states take it upon themselves to ensure that their portions of the Internet are managed, policed for aberrant cyber activity, and secured to the best of their abilities, and be held accountable by global stakeholders when they are not.  And that’s when cyber solidarity would carry the most weight, and potentially have a behavior-altering effect.