Sovereign Data in International Relations

In the wake of Edward Snowden's leak of NSA secrets,  surveillance, privacy and the nature of information have dominated headlines. Thesigers has been toying with the notion of "sovereign data" for a while, and the atmosphere is clearly ripe for a more focused exploration of its meaning. We asked leading scholars to engage critically with the concept. In this first essay in a series, Tim Stevens reminds us that these basics of international relations have been in flux for some time.

--

by Tim Stevens

 

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather …[1]

 

There are probably few discussions of the new information technologies and their interactions with government and the state that are undertaken in ignorance of these words. Although it has become almost clichéd to quote from it, John Perry Barlow’s ‘A Declaration of the Independence of Cyberspace’ (1996) set the tone—combative, utopian, passionate, noble even—of much subsequent Internet activism and continues to inflect the ongoing debate about the proper relationship between ‘cyberspace’ and the state.[2] It is no coincidence that Barlow’s cri de coeur has been adopted most recently by Anonymous, that loose affiliation of Internet-savvy activists currently outwitting the world’s governments and companies.[3]

Although the idealism of all but the most ardent cyber libertarian has been somewhat tempered in the intervening years by often bruising encounters with political authority and big business, Barlow threw down a challenge to traditional notions of political sovereignty that has yet to be satisfactorily resolved. In declaring ‘our virtual selves immune to your sovereignty’, Barlow suggested in stirring prose that the existing international order would have to be revised to account for this new ‘world that is both everywhere and nowhere’.  Cyberspace independent of the extant system of sovereign states remains a distant dream—as Barlow would freely, if perhaps wearily, admit.Meanwhile, the issue of how international politics affects and is affected by the Internet and global information flows has become one of the most important intellectual and practical issues of our time.

The Internet is often held to be paradigmatic of contemporary globalisation, that nebulous concept that has spawned a thousand treatises and many more disagreements as to its meaning and import. David Held and his colleagues, in their much-cited book, Global Transformations (1999), defined globalisation as ‘a process (or set of processes) which embodies a transformation in the spatial organization of social relations and transactions—assessed in terms of their extensity, intensity, velocity and impact—generating transcontinental or interregional flows and networks of activity, interaction, and the exercise of power’.[4]-

Such academic verbiage can, in this case, I think, be excused on account of the complexity of its subject matter.   Trying to compress the enormous diversity and scale of phenomena identified as ‘globalised’ or ‘globalising’ into a definition pithy enough to be analytically and practically useful would vex even the most agile intellect. It should be clear, however, that the concepts of networks and flows are integral to understanding the global dynamics of capital, ideas, influence, people, goods and services in late modernity. These global networks and flows are, in many theories of contemporary politics and economics, both the agents of structural change and the structures through which change is effected. Of all the transformations thereby catalysed, perhaps none holds more allure (for the radical) or elicits more concern (from the ‘traditionalist’) than the prospect of the decline of the state in the face of globalisation.

At the heart of the tussle between ‘old’ and ‘new’—to gloss unforgivably a fearsomely complex web of social, economic, cultural and political relations—is the notion of ‘sovereignty’ itself. Frequently, the common dynamic at the heart of the predictions and prognoses of state decline is identified as the ‘erosion’ of sovereignty. Arguments predicated upon this formulation imply that globalisation is gradually chipping away at that which makes a state a state -  that is, its independent ‘sovereign’ authority over a given territory. Or, as Held and his co-authors define it in common usage, a ‘claim to the rightful exercise of political power over a circumscribed realm’.[5] Under these conditions, argued noted anthropologist Arjun Appadurai in Modernity at Large (1996), ‘the nation-state, as a complex modern political form, is on its last legs’.[6]

As these scholars recognise, however, sovereignty is not an objective state of nature but something that has to be created, maintained and adjusted over time. As such, sovereignty has a history, a genealogy, over the course of which its meaning has shifted, specific to the historical time in which it is manifest. Nor is sovereignty a singular concept. In our own time, sovereignty is plural, denoting different aspects of politics, law and the constitution of government and the state, and with diverse implications for analyses of global life. It follows, therefore, that when claims are made of the significance of the Internet and global flows of information to the global order of sovereign states, that we identify exactly two things: what form of sovereignty is being drawn attention to and what the actual effects of these new informational environments are.

 

Sovereignty?

Although a skeptic of the transformational novelty of globalisation, the ‘realist’ scholar of international relations Stephen Krasner provides us with a useful typology for exploring the inter-relations of information technologies and sovereignty. In his influential book, Sovereignty: Organized Hypocrisy (1999), Krasner drew attention to four ways in which sovereignty is represented and understood: domestic sovereignty; interdependence sovereignty; international legal sovereignty; and, Westphalian sovereignty.[7] At the risk of plunging down a rabbit-hole of academic mumbo-jumbo, each in turn requires a short explanation, after which we can begin to examine how these different forms of sovereignty are affected by the informational flows and networks of contemporary global intercourse.

Domestic sovereignty is perhaps the most readily understood and is closely allied with the traditional meaning of sovereignty within Western political philosophy. It connotes the organisation of public authority within territorial bounds and also the abilities of those domestic authorities to make policy and regulate behaviour effectively. Respectively, these characteristics speak to authority and to control, two non-identical concepts that do not occur together in any of the other three forms of sovereignty. Domestic sovereignty in this sense is what Hobbes referred to in Leviathan (1651) as the Soul ‘giving life and motion to the whole body [politic]’.[8] This form of sovereignty is essential for the existence of the state and to its ability to provide welfare and security to the citizens who have invested in it authority to the exclusion of any other.

Interdependence sovereignty is a matter of control, specifically the ability to regulate the flows of people, materials, capital, ideas, diseases and so on that traverse territorial boundaries, virtual and geographical. As we shall see, this is the principal mechanism at work in the ‘erosion’ of sovereignty.

International legal sovereignty refers to the principle by which states mutually recognise one another’s independence as equal members of the international community of states. Westphalian sovereignty is based upon the norm of non-intervention in the domestic affairs of other states and is therefore concerned with states’ rights to determine their internal political arrangements to the exclusion of external sources of authority. These forms of sovereignty, then, are principally concerned with the nature and character of authority, rather than control

It is obvious that these forms of sovereignty will interact with one another in various ways. For example, intervention by country A in the internal affairs of country B, say, through military means, may violate the principles of both international legal and Westphalian sovereignty. On the other hand, if country B invites country A to undertake military actions within its territorial borders, Westphalian sovereignty is breached but international legal sovereignty is not. Many other such scenarios may be identified in both the ordinary and exceptional workings of international politics and other forms of exchange.

Although this multi-faceted system of sovereignty is based upon a host of rules, laws, conventions and norms, Krasner maintains that sovereignty is compromised so often and in so many ways that perhaps the most powerful mechanism at work in this assemblage of sovereign forms is, as the subtitle of his book portends, one of ‘organised hypocrisy’, in which these institutional norms are ‘enduring but frequently ignored’. The ongoing debate over intervention in Syria—and before that, Libya—clearly signals the existence of these norms and the willingness to breach Syrian sovereignty (international legal and Westphalian) for political ends.

A sense should be emerging that a given entity or phenomenon will affect different types of sovereignty in different ways. The focus here is on the existence and growth of global ‘cyberspace’, the ‘infosphere’, or whatever term we choose to describe the Internet and related technologies and the political and socioeconomic practices, communities and norms thereby enabled and sustained. Although frequently identified as a principal agent of the erosion of sovereignty, ‘the Internet’—here used as a catch-all term for these various phenomena—does not affect all forms of sovereignty equally.

 

International legal sovereignty

The system of international legal sovereignty is, for example, almost completely unaffected—at least, directly—by the Internet. John Perry Barlow’s assertion of the sovereign independence of ‘cyberspace’ may have been a brave statement of intent but it has come to precisely naught. Also in 1996, legal scholars David Johnson and David Post published in the Stanford Law Review their more refined argument for the recognition of cyberspace as a sovereignty entity in the international political system.[9] Because cyberspace lacked traditional territorial borders, they argued—noting also the non-corporeal nature of the activities carried out ‘there’—it makes little sense to apply laws contingent upon physical location uncritically to this environment.

Cyberspace is thereby perceived as a global ‘space’ beyond traditional international legal sovereignty and should be allowed to develop its own laws and norms. As Johnson and Post noted: ‘The laws of any given place must take into account the special characteristics of the space it regulates and the types of person, places, and things found there’. Tim Wu, a high-profile professor at Columbia Law School, also suggested as long ago as 1997 that states should respect an ‘emergent cyberspace sovereignty’, which, according to him, some states were already doing.[10] Wu was correct, however, to be cautious about the prospects of states allowing even a ‘minimally sovereign cyberspace’, a prescient observation given the present unwillingness of governments to even appear to cede ‘independence’ to any portion of the Internet or the communities and practices associated with it.

Why is this so? Why is international legal sovereignty unaffected by the most extensive and potentially disruptive technological creation in human history? Sovereignty, according to Emmanuel Wallerstein, is a ‘claim’ that can only derive legitimacy from reciprocal recognition. International legal sovereignty is ‘a hypothetical trade’ in which states engage strategically, as a means to minimise inter-state tension and instability.[11] ‘Cyberspace’ is not a state. There is no central authority to whom representation might be made, or who can speak on its behalf. It is not constituted along the lines of a state, exactly why legal scholars have suggested it is somehow ‘beyond’ traditional legal sovereignty. As such, it will not be admitted to a community of states, even given powerful arguments as to why this conditionality should not be extended to the Internet and why it should be considered sovereign on its own terms.

This may appear a somewhat specious and circular argument, serving only the interests of existing states. To ‘grant’ de jure, or to recognise de facto, Internet sovereignty would be a precedent too far for the international community, particularly as states all have vested interests in asserting their own influences over the Internet, as will be discussed further below. This is not to say that activities contingent upon or further enabled by the Internet might not throw up challenges for international legal sovereignty—the embedded role of the Internet in secessionist and independence movements, for example, is a contemporary given—but the Internet itself is not likely to upset the international legal aspect of sovereignty any time soon.

 

Westphalian sovereignty

Violations of Westphalian sovereignty occur when external actors interfere in the workings of domestic political authority. In the last few years, we have seen, for example, a rise in the incidence of state or state-sponsored computer network operations against the networked assets of sovereign states. Whether conducted in peacetime (Estonia 2007) or war (Georgia 2008), the possible role of Russian security services in these operations would constitute breaches of Westphalian sovereignty. Computer network exploitation (e.g., ‘cyber espionage’ or sabotage) would also violate Westphalian sovereignty, as the targets are usually located within the borders of another country. The Stuxnet worm is an example of this form of sabotage, conducted against an Iranian nuclear plant by a probable joint US-Israeli covert operation.

Westphalian sovereignty may also be breached by invitation and mutual consent, such as in cross-border counter-cyber crime operations. The exception is tolerated in this case because the potential outcome is adjudged beneficial to both parties. The surrender of a degree of Westphalian sovereignty is the basis of an agreement like the Council of Europe’s Convention on Cyber Crime (2001). Ratifying states pool resources to tackle a transnational problem while implementing internal legal changes (harmonisation) and agreeing to a degree of cross-border criminal investigation. Westphalian sovereignty is breached consensually whilst still respecting international legal sovereignty. Of course, the perceived threat to Westphalian sovereignty is a key reason why states like Russia are still not signatories to the Convention.

These situations are new iterations of established practices but the technologies involved—and their apparent developmental acceleration—present an additional challenge to the integrity of Westphalian sovereignty. As the global volume of automated and directed probes and small-scale incursions into computer systems continues to increase, governments and companies are investing in ‘active defence’ security systems. These systems are authorised to respond to attempted and actual compromises of friendly networks with retaliatory actions against assets often located outside a given country’s territorial borders. The geographical location of the original source of an attack is less important to the defender than the attempt to neutralise the threat at source, in so doing likely breaching the Westphalian sovereignty of a second or even third party.

As automation increases, therefore, so does the overall level of sovereignty violation and Westphalian sovereignty becomes almost irrelevant to these forms of computer network operations, even if any one of the billions of interventions annually might be used as diplomatic or political leverage against another state, regardless of whether the violation was intentional. International attempts to foster ‘rules of the road’ for state actions in cyberspace are, in part, attempts to engender an environment in which states may undertake routine violations of Westphalian sovereignty while reducing potential misunderstanding of others’ actions and the miscalculation of political responses.

 

Domestic sovereignty

If Westphalian sovereignty relates to the principle of non-intervention in the internal affairs of other states, domestic sovereignty refers to the manner in which those internal affairs are conducted. Specifically, how is domestic authority organised and how effective is the degree of control which those political structures exert? The Internet has impacted both domestic authority and control and can therefore be said to be an important factor in the ongoing transformation of domestic sovereignty.

In their efforts to control and regulate the use of the Internet within territorial borders, governments have implemented new policy and legislation and instituted new structures and organisations. In the UK, for example, the Office of Cyber Security and Information Assurance (OCSIA) provides strategic leadership across government on both domestic and international ‘cyber’ issues. Police forces are charged with implementing the provisions of counter-terrorism legislation criminalising certain forms of Internet usage and curtailing freedom of online expression. Intelligence agencies like the National Security Agency (NSA) and GCHQ have turned their gaze from foreign threats to populations at home. Dozens of countries worldwide manipulate Internet traffic in order to prevent their citizens gaining access to online material they deem deleterious to national integrity, identity and security.

What is striking—and usually not acknowledged by Western policymakers—is that their regulatory and organisational moves have much in common with those states whose governments are often the subject of Western opprobrium and condemnation. One can, it seems, defend NSA’s domestic surveillance regimes whilst simultaneously condemning China’s internal intelligence and monitoring activities. One can criminalise ‘terrorist’ propaganda at home whilst also promoting digital political activism abroad. (One can also, of course, fire ‘cyber weapons’ anonymously at Iran whilst threatening military action against anyone who might even tentatively probe Department of Defense networks.)

When viewed in such ultramontane fashion, there appear to be many double standards at work in political discourse when it comes to protecting domestic sovereignty. From the strategic perspective of a state attempting to preserve its integrity, authority and control over domestic matters, however, these are quite logical positions to hold concurrently. Given the importance of the Internet in promoting dissent and mobilising activism, one can quite understand why governments would wish to act in such a fashion within their own borders and, for strategic reasons, support quite different policies abroad. This may not be ethical or desirable but it is at least comprehensible. What is clear is that the Internet has great potential to disrupt domestic sovereignty, whilst also providing important avenues for states to reassert that sovereignty within their own borders.

 

Interdependence sovereignty

Interdependence sovereignty is principally a matter of control. Specifically, it speaks to regulation of flows of material and immaterial entities across  national borders, whether this be capital, goods, ideas, people, diseases, or any other of the flows that characterise late modern globalisation. Many of the issues of domestic sovereignty outlined above are catalysed or exacerbated by the steady degradation of interdependence sovereignty. It is this form of sovereignty to which commentators allude—often unwittingly—when invoking the ‘erosion’ of sovereignty. The importance of transnational flows to domestic politics is summarised by Krasner, who observes that if ‘a state cannot regulate what passes across its borders, it will not be able to control what happens within them’.

Herein lies one of the great challenges to the modern state. Governments wish to encourage global information flows as drivers of economic growth—and, from a Western perspective, the spread of democratic norms and ideals. But they also wish to control those same flows where they channel and mediate political agitation and other challenges to the status quo.  Situations arise in which the US State Department makes very public pronouncements about supporting global ‘Internet freedom’ and openness, yet can also call for what is effectively Internet censorship in the wake of Wikileaks. Although global Internet freedom and national security are not logically mutually exclusive, in practice they are very difficult to reconcile and the pursuit of both will always, one imagines, leave governments open to charges of inconsistency, if not outright hypocrisy, whilst legitimising repressive practices elsewhere.

It is also hard to imagine how any government can achieve both objectives simultaneously, without significantly altering the technical operation of the Internet. One of the core dynamics of contemporary ‘cyber’ policy is the conflict between ‘control of the desired’ and ‘control of the dangerous’. This tension arises from the inability to maintain interdependence sovereignty in a world of global information flows. In the final account, this is precisely the characteristic of the Internet which has enabled it to flourish and become so productive and important. Presently, given the inherent insecurity of Internet architecture and design, the only reasonably effective way of reasserting sovereignty over the Internet is to turn it off, everywhere. Hardly a reasonable solution to any problem, however thorny and seemingly intractable.

 

The state strikes back

The Internet has a great effect on sovereignty but not on all forms of sovereignty. It does not greatly affect the international legal sovereignty that informs the international order of sovereign states. It does facilitate violations of Westphalian sovereignty but these are essentially new expressions of old tactics, important though they are. Where the Internet appears to really be ‘eroding’ sovereignty is through its innate tendency to ride roughshod over territorial border controls, thereby facilitating all manner of challenges to domestic authority and control. In these aspects, in particular, the Internet is a threat to state sovereignty.

But the Internet does not act ‘on its own’, any more than ‘the state’ is itself a unitary or cohesive actor. All of the dynamics discussed above are the result of billions of interactions of code, machines, people, institutions and, crucially, markets. The state is no longer the sole international actor, if it ever was. Authority is now also located ‘beyond the state’, in Susan Strange’s words, in markets and supranational institutions, and the state is consequently in ‘retreat’.[12] Perhaps like a wounded animal, however, it should be no surprise that ‘the state’, so cornered, is fighting back.  With respect to reasserting sovereignty against the forces of the Internet, there are many ways in which it is doing so.

The previously noted attempts to shore up domestic sovereignty by exerting control over trans-border information flows are clear attempts to bolster national integrity and authority. In one sense, these are also attempts to translate territorially sovereign borders into the Internet realm, by implementingcontrol technologies at data chokepoints, submarine cable landing sites, and so on. Although these do not necessarily correspond to geographic state borders, they are a digital equivalent, leading some to suggest a potential future ‘balkanisation’ of the global Internet into nationally identifiable zones. Given that upwards of 90% of Internet infrastructure is owned and operated by the private sector, who ordinarily gain from unrestricted transnational flows of information, it is difficult to see how achievable—let alone desirable—this would be. It would certainly require substantial government investment, legislation, regulation and policing to be even remotely viable, although dozens of governments are embarking on a variety of control mechanisms, precisely along this trajectory.[13]

The decline in the ability to control trans-border flows of information also facilitates breaches of Westphalian sovereignty. In order to counteract this tendency, governments are investing in technologies which either automatically breach the sovereignty of others, or can be deployed to do so in more targeted circumstances. In addition to ostensibly ‘defensive’ measures, ‘cyber weapons’ are being developed that can attack and compromise foreign assets with potentially remarkable accuracy. However, these are not trivial undertakings, either in terms of the necessary investment in their development or in the possible effects of their deployment. Releasing a ‘cyber weapon’ is potentially no less politically significant than a conventional weapon, even if the physical effects might be quite different. In both cases, a politically-motivated breach of sovereignty has occurred. A massive investment in both defensive and offensive ‘cyber’ capabilities almost ensures that violations of sovereignty will become even more common in future. At the automated level, they will be normal rather than exceptional, an accelerated condition of ‘organised hypocrisy’.

The preceding comments are intended to illuminate various aspects of state sovereignty and how they are affected by the Internet, associated technologies, and practices. Although some facets of sovereignty are held to fiercely and others are reasserted in global politics, it is clear also that some are voluntarily surrendered in order to achieve gains in the national interest. The mechanisms of global Internet governance and counter-cyber crime are good, if incomplete, examples of areas in which this process continues to evolve. It is likely that aspects of sovereignty will further be voluntarily relinquished in order to retain authority, control and, importantly for governments and rulers, relevance. It is equally likely that other forms of sovereignty, for the same reasons, will be defended most strongly, possibly even through force, ‘cyber’ or otherwise. What is certain is that neither the state nor the sovereignty invested in it are about to disappear, although the coming century will be a crucial one in their evolving relationship with one another and with the Internet.

--

About the author: Tim Stevens is a Research Fellow in the Dept. of War Studies, King’s College, London (KCL), an Associate of the Centre for Science and Security Studies, also at KCL, and Associate Fellow of the International Centre for the Study of Radicalisation. He earned his PhD at KCL, and is the co-author, w. David Betz, of Cyberspace and the State (Routledge, 2011).  

About Thesigers: Thesiger & Company (‘Thesigers’) is a London-based research and advisory firm, providing a wide range of services to clients whose interests and activities demand in-depth knowledge of emerging and frontier markets. Current Intelligence is Thesigers’ quarterly bulletin of current affairs, published online and in print. Registered office: 27 Old Gloucester Street, London, WC1N 3AX, England. Company registered in England and Wales.  Company registration number: 07234402. VAT number: GB 135658985. Email: enquiries@thesigers.com.

© THESIGER & COMPANY LIMITED (‘THESIGERS’) 2010-2013.  All rights reserved.  No reproduction of this essay is authorized without prior permission of the publisher. Permission to republish in whole or in part will be considered on a case-by-case basis, and may require payment of a licensing fee.

 

NOTES


[1] John Perry Barlow, ‘A Declaration of the Independence of Cyberspace’, 1996, reprinted in Peter Ludlow, ed., Crypto Anarchy, Cyberstates, and Pirate Utopias (Cambridge, MA: MIT Press, 2001), 28.

[2] Including a book of that name, co-authored by this correspondent, and upon which some of the following discussion is based; David J. Betz and Tim Stevens, Cyberspace and the State (London: Routledge, 2011).

[3] http://anonsource.org/page.php?82, accessed 10 September 2013. This version has ‘been modified to better represent the realities of the Internet as it stands’, but retains all of the earlier document’s sensibilities and bombast.

[4] David Held, Anthony McGrew, David Goldblatt and Jonathan Perraton, Global Transformations: Politics, Economics and Culture (Cambridge: Polity, 1999), 16.

[5] Held et al, 29.

[6] Arjun Appadurai, Modernity at Large: Cultural Dimensions of Globalization (Minneapolis, MN: University of Minnesota Press, 1996), 19.

[7] Stephen D. Krasner, Sovereignty: Organized Hypocrisy (Princeton, NJ: Princeton University Press, 1999).

[8] Thomas Hobbes, Leviathan, rev. edn., ed. Richard Tuck (Cambridge: Cambridge University Press, 1996/1651), 9.

[9] David R. Johnson and David Post, ‘Law and Borders—The Rise of Law in Cyberspace’, Stanford Law Review 48, no. 5 (1996): 1367-1402.

[10] Timothy S. Wu, ‘Cyberspace Sovereignty? The Internet and the International System’, Harvard Journal of Law & Technology 10, no. 3 (1997): 647-666.

[11] Emmanuel Wallerstein, World-Systems Analysis: An Introduction (Durham, NC: Duke University Press, 2004), 44.

[12] Susan Strange, The Retreat of the State: The Diffusion of Power in the World Economy (Cambridge: Cambridge University Press, 1996).

[13] See, OpenNet Initiative, https://opennet.net/.