Tag Archives: internet and US interests

Living in the Russian Digital Bubble

Vladimir Putin, Russia’s president, has portrayed his aggression on the Ukrainian border as pushing back against Western advances. For some time he has been doing much the same online. He has long referred to the internet as a “CIA project”. His deep belief that the enemy within and the enemy without are in effect one and the same… Faced with such “aggression”, Mr Putin wants a Russian internet that is secure against external threat and internal opposition. He is trying to bring that about on a variety of fronts: through companies, the courts and technology itself.

In December 2021, VK, one of Russia’s online conglomerates, was taken over by two subsidiaries of Gazprom, the state-owned gas giant. In the same month a court in Moscow fined Alphabet, which owns Google, a record $98m for its repeated failure to delete content the state deems illegal. And Mr Putin’s regime began using hardware it has required internet service providers (ISPS) to install to block Tor, a tool widely used in Russia to mask online activity. All three actions were part of the country’s effort to assure itself of online independence by building what some scholars of geopolitics, borrowing from Silicon Valley, have begun calling a “stack”.

In technology, the stack is the sum of all the technologies and services on which a particular application relies, from silicon to operating system to network. In politics it means much the same, at the level of the state. The national stack is a sovereign digital space made up not only of software and hardware (increasingly in the form of computing clouds) but also infrastructure for payments, establishing online identities and controlling the flow of information

China built its sovereign digital space with censorship in mind. The Great Firewall, a deep-rooted collection of sophisticated digital checkpoints, allows traffic to be filtered with comparative ease. The size of the Chinese market means that indigenous companies, which are open to various forms of control, can successfully fulfil all of their users’ needs. And the state has the resources for a lot of both censorship and surveillance. Mr Putin and other autocrats covet such power. But they cannot get it. It is not just that they lack China’s combination of rigid state control, economic size, technological savoir-faire and stability of regime. They also failed to start 25 years ago. So they need ways to achieve what goals they can piecemeal, by retrofitting new controls, incentives and structures to an internet that has matured unsupervised and open to its Western begetters.

Russia’s efforts, which began as purely reactive attempts to lessen perceived harm, are becoming more systematic. Three stand out: (1) creating domestic technology, (2) controlling the information that flows across it and, perhaps most important, (3) building the foundational services that underpin the entire edifice.

Russian Technology

The government has made moves to restart a chipmaking plant in Zelenograd near Moscow, the site of a failed Soviet attempt to create a Silicon Valley. But it will not operate at the cutting edge. So although an increasing number of chips are being designed in Russia, they are almost all made by Samsung and TSMC, a South Korean and a Taiwanese contract manufacturer. This could make the designs vulnerable to sanctions….

For crucial applications such as mobile-phone networks Russia remains highly reliant on Western suppliers, such as Cisco, Ericsson and Nokia. Because this is seen as leaving Russia open to attacks from abroad, the industry ministry, supported by Rostec, a state-owned arms-and-technology giant, is pushing for next-generation 5g networks to be built with Russian-made equipment only. The country’s telecoms industry does not seem up to the task. And there are internecine impediments. Russia’s security elites, the siloviki, do not want to give up the wavelength bands best suited for 5g. But the only firm that could deliver cheap gear that works on alternative frequencies is Huawei, an allegedly state-linked Chinese electronics group which the siloviki distrust just as much as security hawks in the West do.

It is at the hardware level that Russia’s stack is most vulnerable. Sanctions imposed may treat the country, as a whole,  like Huawei is now treated by America’s government. Any chipmaker around the world that uses technology developed in America to design or make chips for Huawei needs an export license from the Commerce Department in Washington—which is usually not forthcoming. If the same rules are applied to Russian firms, anyone selling to them without a license could themselves risk becoming the target of sanctions. That would see the flow of chips into Russia slow to a trickle.

When it comes to software the Russian state is using its procurement power to amp up demand. Government institutions, from schools to ministries, have been encouraged to dump their American software, including Microsoft’s Office package and Oracle’s databases. It is also encouraging the creation of alternatives to foreign services for consumers, including TikTok, Wikipedia and YouTube. Here the push for indigenization has a sturdier base on which to build. Yandex, a Russian firm which splits the country’s search market with Alphabet’s Google, and VK, a social-media giant, together earned $1.8bn from advertising last year, more than half of the overall market. VK’s vKontakte and Odnoklassniki trade places with American apps (Facebook, Instagram) and Chinese ones (Likee, TikTok) on the top-ten downloads list.

This diverse system is obviously less vulnerable to sanctions—which are nothing like as appealing a source of leverage here as they are elsewhere in the stack. Making Alphabet and Meta stop offering YouTube and WhatsApp, respectively, in Russia would make it much harder for America to launch its own sorties into Russian cyberspace. So would disabling Russia’s internet at the deeper level of protocols and connectivity. All this may push Russians to use domestic offerings more, which would suit Mr Putin well.

As in China, Russia is seeing the rise of “super-apps”, bundles of digital services where being local makes sense. Yandex is not just a search engine. It offers ride-hailing, food delivery, music-streaming, a digital assistant, cloud computing and, someday, self-driving cars. Sber, Russia’s biggest lender, is eyeing a similar “ecosystem” of services, trying to turn the bank into a tech conglomerate. In the first half of 2021 alone it invested $1bn in the effort, on the order of what biggish European banks spend on information technology (IT). Structural changes in the IT industry are making some of this Russification easier. Take the cloud. Its data centres use cheap servers made of off-the-shelf parts and other easily procured commodity kit. Much of its software is open-source. Six of the ten biggest cloud-service providers in Russia are now Russian…The most successful ones are “moving away from proprietary technology” sold by Western firms (with the exception of chips)…

Information Flow

If technology is the first part of Russia’s stack, the “sovereign internet” is the second. It is code for how a state controls the flow of information online. In 2019 the government amended several laws to gain more control of the domestic data flow. In particular, these require ISPS to install “technical equipment for counteracting threats to stability, security and functional integrity”. This allows Roskomnadzor, Russia’s internet watchdog, to have “middle boxes” slipped into the gap between the public internet and an ISPS’ customers. Using “deep packet inspection” (DPI), a technology used at some Western ISPS to clamp down on pornography, these devices are able to throttle or block traffic from specific sources (and have been deployed in the campaign against Tor). DPI kit sits in rooms with restricted access within the ISPS’ facilities and is controlled directly from a command center at Roskomnadzor. This is a cheap but imperfect version of China’s Great Firewall.

Complementing the firewall are rules that make life tougher for firms. In the past five years Google has fielded 20,000-30,000 content-removal requests annually from the government in Russia, more than in any other country. From this year 13 leading firms—including Apple, TikTok and Twitter—must employ at least some content moderators inside Russia. This gives the authorities bodies to bully should firms prove recalcitrant. The ultimate goal may be to push foreign social media out of Russia altogether, creating a web of local content… But this Chinese level of control would be technically tricky. And it would make life more difficult for Russian influence operations, such as those of the Internet Research Agency, to use Western sites to spread propaganda, both domestically and abroad.

Infrastructure

Russia’s homegrown stack would still be incomplete without a third tier: the services that form the operating system of a digital state and thus provide its power. In its provision of both e-government and payment systems, Russia puts some Western countries to shame. Gosuslugi (“state services”) is one of the most-visited websites and most-downloaded apps in Russia. It hosts a shockingly comprehensive list of offerings, from passport application to weapons registration. Even critics of the Kremlin are impressed, not least because Russia’s offline bureaucracy is hopelessly inefficient and corrupt. The desire for control also motivated Russia’s leap in payment systems. In the wake of its annexation of Crimea, sanctions required MasterCard and Visa, which used to process most payments in Russia, to ban several banks close to the regime. In response, Mr Putin decreed the creation of a “National Payment Card System”, which was subsequently made mandatory for many transactions. Today it is considered one of the world’s most advanced such schemes. Russian banks use it to exchange funds. The “Mir” card which piggybacks on it has a market share of more than 25%, says GlobalData, an analytics firm.

Other moves are less visible. A national version of the internet’s domain name system, currently under construction, allows Russia’s network to function if cut off from the rest of the world (and gives the authorities a new way to render some sites inaccessible). Some are still at early stages. A biometric identity system, much like India’s Aadhaar, aims to make it easier for the state to keep track of citizens and collect data about them while offering new services. (Muscovites can now pay to take the city’s metro just by showing their face.) A national data platform would collect all sorts of information, from tax to health records—and could boost Russia’s efforts to catch up in artificial intelligence (AI).

Excerpt from Digital geopolitics: Russia is trying to build its own great firewall, Economist, Feb. 19, 2022

Q-Day: the Behind-The-Scenes Internet

In cybersecurity circles, they call it Q-day: the day when quantum computers will break the Internet. Almost everything we do online is made possible by the quiet, relentless hum of cryptographic algorithms. These are the systems that scramble data to protect our privacy, establish our identity and secure our payments. And they work well: even with the best supercomputers available today, breaking the codes that the online world currently runs on would be an almost hopeless task.

But machines that will exploit the quirks of quantum physics threaten that entire deal. If they reach their full scale, quantum computers would crack current encryption algorithms exponentially faster than even the best non-quantum machines can. “A real quantum computer would be extremely dangerous,” says Eric Rescorla, chief technology officer of the Firefox browser team at Mozilla in San Francisco, California.

As in a cheesy time-travel trope, the machines that don’t yet exist endanger not only our future communications, but also our current and past ones. Data thieves who eavesdrop on Internet traffic could already be accumulating encrypted data, which they could unlock once quantum computers become available, potentially viewing everything from our medical histories to our old banking records. “Let’s say that a quantum computer is deployed in 2024,” says Rescorla. “Everything you’ve done on the Internet before 2024 will be open for discussion.”

But the risk is real enough that the Internet is being readied for a makeover, to limit the damage if Q-day happens. That means switching to stronger cryptographic systems, or cryptosystems. Fortunately, decades of research in theoretical computer science has turned up plenty of candidates. These post-quantum algorithms seem impervious to attack: even using mathematical approaches that take quantum computing into account, programmers have not yet found ways to defeat them in a reasonable time.

Which of these algorithms will become standard could depend in large part on a decision soon to be announced by the US National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. In 2015, the US National Security Agency (NSA) announced that it considered current cryptosystems vulnerable, and advised US businesses and the government to replace them. The following year, NIST invited computer scientists globally to submit candidate post-quantum algorithms to a process in which the agency would test their quality, with the help of the entire crypto community. It has since winnowed down its list from 65 to 15. In the next couple of months, it will select a few winners, and then publish official versions of those algorithms. Similar organizations in other countries, from France to China, will make their own announcements…

Although NIST is a US government agency, the broader crypto community has been pitching in. “It is a worldwide effort,” says Philip Lafrance, a mathematician at computer-security firm ISARA Corporation in Waterloo, Canada. This means that, at the end of the process, the surviving algorithms will have gained wide acceptance. “The world is going to basically accept the NIST standards,” he says. He is part of a working group that is monitoring the NIST selection on behalf of the European Telecommunications Standards Institute, an umbrella organization for groups worldwide. “We do expect to see a lot of international adoption of the standard that we’ll create,” says Moody…

China is said to be planning its own selection process, to be managed by the Office of State Commercial Cryptography Administration... “The consensus among researchers in China seems to be that this competition will be an open international competition, so that the Chinese [post-quantum cryptography] standards will be of the highest international standards,” says Jintai Ding, a mathematician at Tsinghua University in Beijing. Meanwhile, an organization called the Chinese Association for Cryptologic Research has already run its own competition for post-quantum algorithms. Its results were announced in 2020, leading some researchers in other countries to mistakenly conclude that the Chinese government had already made an official choice…

Fully transitioning all technology to be quantum resistant will take a minimum of five years and whenever Q-day happens, there are likely to be gadgets hidden somewhere that will still be vulnerable, he says. “Even if we were to do the best we possibly can, a real quantum computer will be incredibly disruptive.”

Excerpts from Davide Castelvecchi, The race to save the Internet from quantum hackers, Nature, Feb. 8, 20202

Addictive Ads and Digital Dignity

Social-media firms make almost all their money from advertising. This pushes them to collect as much user data as possible, the better to target ads. Critics call this “surveillance capitalism”. It also gives them every reason to make their services as addictive as possible, so users watch more ads…

The new owner could turn TikTok from a social-media service to a digital commonwealth, governed by a set of rules akin to a constitution with its own checks and balances. User councils (a legislature, if you will) could have a say in writing guidelines for content moderation. Management (the executive branch) would be obliged to follow due process. And people who felt their posts had been wrongfully taken down could appeal to an independent arbiter (the judiciary). Facebook has toyed with platform constitutionalism now has an “oversight board” to hear user appeals…

Why would any company limit itself this way? For one thing, it is what some firms say they want. Microsoft in particular claims to be a responsible tech giant. In January  2020 its chief executive, Satya Nadella, told fellow plutocrats in Davos about the need for “data dignity”—ie, granting users more control over their data and a bigger share of the value these data create…Governments increasingly concur. In its Digital Services Act, to be unveiled in 2020, the European Union is likely to demand transparency and due process from social-media platforms…In the United States, Andrew Yang, a former Democratic presidential candidate, has launched a campaign to get online firms to pay users a “digital dividend”. Getting ahead of such ideas makes more sense than re-engineering platforms later to comply.

Excerpt from: Reconstituted: Schumpeter, Economist, Sept 5, 2020

See also Utilities for Democracy: WHY AND HOW THE ALGORITHMIC
INFRASTRUCTURE OF FACEBOOK AND GOOGLE MUST BE REGULATED
(2020)

Over Your Dead Body: the Creation of Internet Companies

Jeff Kosseff’s “The Twenty-Six Words That Created the Internet” (2019) explains how the internet was created. The 26 words are these: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” They form Section 230 of the Communications Decency Act, itself a part of the Telecommunications Act of 1996.   Section 230 shields online platforms from legal liability for content generated by third-party users. Put simply: If you’re harassed by a Facebook user, or if your business is defamed by a Yelp reviewer, you might be able to sue the harasser or the reviewer, assuming you know his or her identity, but don’t bother suing Facebook or Yelp. They’re probably immune. That immunity is what enabled American tech firms to become far more than producers of content (the online versions of newspapers, say, or company websites) and to harness the energy and creativity of hundreds of millions of individual users. The most popular sites on the web—YouTube, Twitter, Facebook, eBay, Reddit, Wikipedia, Amazon—depend in part or in whole on user-generated content…

Because of section 230, the U.S. was able to cultivate online companies in ways that other countries—even countries in the developed world—could not….American law’s “internet exceptionalism,” as it’s known, is the source of mind-blowing technological innovation, unprecedented economic opportunity and, a great deal of human pain. The book chronicles the plights of several people who found themselves targeted or terrorized by mostly anonymous users… Each of them sued the internet service providers or websites that facilitated these acts of malice and failed to do anything about them when alerted. And each lost—thanks to the immunity afforded to providers by Section 230.

Has the time come to delete the section?

Excerpt from Barton Swaim, ‘The Twenty-Six Words That Created the Internet’ Review: Protecting the Providers, WSJ, Aug. 19, 2019

Why a Dumb Internet is Best

Functional splintering [of the internet] is already happening. When tech companies build “walled gardens”, they decide the rules for what happens inside the walls, and users outside the network are excluded…

Governments are playing catch-up but they will eventually reclaim the regulatory power that has slipped from their grasp. Dictatorships such as China retained control from the start; others, including Russia, are following Beijing. With democracies, too, asserting their jurisdiction over the digital economy, a fragmentation of the internet along national lines is more likely. …The prospect of a “splinternet” has not been lost on governments. To avoid it, Japan’s G20 presidency has pushed for a shared approach to internet governance. In January 2019, prime minister Shinzo Abe called for “data free flow with trust”. The 2019 Osaka summit pledged international co-operation to “encourage the interoperability of different frameworks”.

But Europe is most in the crosshairs of those who warn against fragmentation…US tech giants have not appreciated EU authorities challenging their business model through privacy laws or competition rulings. But more objective commentators, too, fear the EU may cut itself off from the global digital economy. The critics fail to recognise that fragmentation can be the best outcome if values and tastes fundamentally differ…

If Europeans collectively do not want micro-targeted advertising, or artificial intelligence-powered behaviour manipulation, or excessive data collection, then the absence on a European internet of services using such techniques is a gain, not a loss. The price could be to miss out on some services available elsewhere… More probably, non-EU providers will eventually find a way to charge EU users in lieu of monetising their data…Some fear EU rules make it hard to collect the big data sets needed for AI training. But the same point applies. EU consumers may not want AI trained to do intrusive things. In any case, Europe is a big enough market to generate stripped, non-personal data needed for dumber but more tolerable AI, though this may require more harmonised within-EU digital governance. Indeed, even if stricter EU rules splinter the global internet, they also create incentives for more investment into EU-tailored digital products. In the absence of global regulatory agreements, that is a good second best for Europe to aim for.

Excerpts from Martin Sandbu,  Europe Should Not be Afraid of Splinternet,  FT, July 2, 2019

Facebook Denizens Unite! the right to privacy and big tech

The European Union’s (EU) approach to regulating the big tech companies draws on its members’ cultures tend to protect individual privacy. The other uses the eu’s legal powers to boost competition.  The first leads to the assertion that you have sovereignty over data about you: you should have the right to access them, amend them and determine who can use them. This is the essence of the General Data Protection Regulation (GDPR), whose principles are already being copied by many countries across the world. The next step is to allow interoperability between services, so that users can easily switch between providers, shifting to firms that offer better financial terms or treat customers more ethically. (Imagine if you could move all your friends and posts to Acebook, a firm with higher privacy standards than Facebook and which gave you a cut of its advertising revenues.)

Europe’s second principle is that firms cannot lock out competition. That means equal treatment for rivals who use their platforms. The EU has blocked Google from competing unfairly with shopping sites that appear in its search results or with rival browsers that use its Android operating system. A German proposal says that a dominant firm must share bulk, anonymised data with competitors, so that the economy can function properly instead of being ruled by a few data-hoarding giants. (For example, all transport firms should have access to Uber’s information about traffic patterns.) Germany has changed its laws to stop tech giants buying up scores of startups that might one day pose a threat.

Ms Vestager has explained, popular services like Facebook use their customers as part of the “production machinery”. …The logical step beyond limiting the accrual of data is demanding their disbursement. If tech companies are dominant by virtue of their data troves, competition authorities working with privacy regulators may feel justified in demanding they share those data, either with the people who generate them or with other companies in the market. That could whittle away a big chunk of what makes big tech so valuable, both because Europe is a large market, and because regulators elsewhere may see Europe’s actions as a model to copy. It could also open up new paths to innovation.

In recent decades, American antitrust policy has been dominated by free-marketeers of the so-called Chicago School, deeply sceptical of the government’s role in any but the most egregious cases. Dominant firms are frequently left unmolested in the belief they will soon lose their perch anyway…By contrast, “Europe is philosophically more sceptical of firms that have market power.” ..

Tech lobbyists in Brussels worry that Ms Vestager agrees with those who believe that their data empires make Google and its like natural monopolies, in that no one else can replicate Google’s knowledge of what users have searched for, or Amazon’s of what they have bought. She sent shivers through the business in January when she compared such companies to water and electricity utilities, which because of their irreproducible networks of pipes and power lines are stringently regulated….

The idea is for consumers to be able to move data about their Google searches, Amazon purchasing history or Uber rides to a rival service. So, for example, social-media users could post messages to Facebook from other platforms with approaches to privacy that they prefer…

Excerpts from Why Big Tech Should Fear Europe, Economist, Mar. 3, 2019; The Power of Privacy, Economist, Mar. 3, 2019

The Internet Was Never Open

Rarely has a manifesto been so wrong. “A Declaration of the Independence of Cyberspace”, written 20 years ago by John Perry Barlow, a digital civil-libertarian, begins thus: “Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.”

At the turn of the century, it seemed as though this techno-Utopian vision of the world could indeed be a reality. It didn’t last… Autocratic governments around the world…have invested in online-surveillance gear. Filtering systems restrict access: to porn in Britain, to Facebook and Google in China, to dissent in Russia.

Competing operating systems and networks offer inducements to keep their users within the fold, consolidating their power. Their algorithms personalise the web so that no two people get the same search results or social media feeds, betraying the idea of a digital commons. Five companies account for nearly two-thirds of revenue from advertising, the dominant business model of the web.

The open internet accounts for barely 20% of the entire web. The rest of it is hidden away in unsearchable “walled gardens” such as Facebook, whose algorithms are opaque, or on the “dark web”, a shady parallel world wide web. Data gathered from the activities of internet users are being concentrated in fewer hands. And big hands they are too. BCG, a consultancy, reckons that the internet will account for 5.3% of GDP of the world’s 20 big economies this year, or $4.2 trillion.

How did this come to pass? The simple reply is that the free, open, democratic internet dreamed up by the optimists of Silicon Valley was never more than a brief interlude. The more nuanced answer is that the open internet never really existed.

[T]e internet, it was developed “by the US military to serve US military purposes”… The decentralised, packet-based system of communication that forms the basis of the internet originated in America’s need to withstand a massive attack on its soil. Even the much-ballyhooed Silicon Valley model of venture capital as a way to place bets on risky new businesses has military origins.

In the 1980s the American military began to lose interest in the internet…. The time had come for the hackers and geeks who had been experimenting with early computers and phone lines.  Today they are the giants. Google, Apple, Facebook, Amazon and Microsoft—together with some telecoms operators—help set policy in Europe and America on everything from privacy rights and copyright law to child protection and national security. As these companies grow more powerful, the state is pushing back…

The other big risk is that the tension between states and companies resolves into a symbiotic relationship. A leaked e-mail shows a Google executive communicating with Hillary Clinton’s state department about an online tool that would be “important in encouraging more [Syrians] to defect and giving confidence to the opposition.”+++ If technology firms with global reach quietly promote the foreign-policy interests of one country, that can only increase suspicion and accelerate the fracturing of the web into regional internets….

Mr Malcomson describes the internet as a “global private marketplace built on a government platform, not unlike the global airport system”.

Excerpts from Evolution of the internet: Growing up, Economist, Mar. 26, 2016

+++The email said Google would be “partnering with Al Jazeera” who would take “primary ownership” of the tool, maintaining it and publicizing it in Syria.  It was eventually published by Al Jazeera in English and Arabic.

Who Controls Peoples’ Data?

The McKinsey Global Institute estimates that cross-border flows of goods, services and data added 10 per cent to global gross domestic product in the decade to 2015, with data providing a third of that increase. That share of the contribution seems likely to rise: conventional trade has slowed sharply, while digital flows have surged. Yet as the whole economy becomes more information-intensive — even heavy industries such as oil and gas are becoming data-driven — the cost of blocking those flows increases…

Yet that is precisely what is happening. Governments have sharply increased “data localisation” measures requiring information to be held in servers inside individual countries. The European Centre for International Political Economy, a think-tank, calculates that in the decade to 2016, the number of significant data localisation measures in the world’s large economies nearly tripled from 31 to 84.

Even in advanced economies, exporting data on individuals is heavily restricted because of privacy concerns, which have been highlighted by the Facebook/ Cambridge Analytica scandal. Many EU countries have curbs on moving personal data even to other member states. Studies for the Global Commission on Internet Governance, an independent research project, estimates that current constraints — such as restrictions on moving data on banking, gambling and tax records — reduces EU GDP by half a per cent.

In China, the champion data localiser, restrictions are even more severe. As well as long-established controls over technology transfer and state surveillance of the population, such measures form part of its interventionist “ Made in China 2025 ” industrial strategy, designed to make it a world leader in tech-heavy sectors such as artificial intelligence and robotics.

China’s Great Firewall has long blocked most foreign web applications, and a cyber security law passed in 2016 also imposed rules against exporting personal information, forcing companies including Apple and LinkedIn to hold information on Chinese users on local servers. Beijing has also given itself a variety of powers to block the export of “important data” on grounds of reducing vaguely defined economic, scientific or technological risks to national security or the public interest.   “The likelihood that any company operating in China will find itself in a legal blind spot where it can freely transfer commercial or business data outside the country is less than 1 per cent,” says ECIPE director Hosuk Lee-Makiyama….

Other emerging markets, such as Russia, India, Indonesia and Vietnam, are also leading data localisers. Russia has blocked LinkedIn from operating there after it refused to transfer data on Russian users to local servers.

Business organisations including the US Chamber of Commerce want rules to restrain what they call “digital protectionism”. But data trade experts point to a serious hole in global governance, with a coherent approach prevented by different philosophies between the big trading powers. Susan Aaronson, a trade academic at George Washington University in Washington, DC, says: “There are currently three powers — the EU, the US and China — in the process of creating separate data realms.”

The most obvious way to protect international flows of data is in trade deals — whether multilateral, regional or bilateral. Yet only the World Trade Organization laws governing data flows predate the internet and have not been thoroughly tested through litigation. It recently recruited Alibaba co-founder Jack Ma to front an ecommerce initiative, but officials involved admit it is unlikely to produce anything concrete for a long time. In any case, Prof Aaronson says: “While data has traditionally been addressed in trade deals as an ecommerce issue, it goes far wider than that.”

The internet has always been regarded by pioneers and campaigners as a decentralised, self-regulating community. Activists have tended to regard government intervention with suspicion, except for its role in protecting personal data, and many are wary of legislation to enable data flows.  “While we support the approach of preventing data localisation, we need to balance that against other rights such as data protection, cyber security and consumer rights,” says Jeremy Malcolm, senior global policy analyst at the Electronic Frontier Foundation, a campaign for internet freedom…

Europe has traditionally had a very different philosophy towards data and privacy than the US. In Germany, for instance, public opinion tends to support strict privacy laws — usually attributed to lingering memories of surveillance by the Stasi secret police in East Germany. The EU’s new General Data Protection Regulation (GDPR), which comes into force on May 25, 2018 imposes a long list of requirements on companies processing personal data on pain of fines that could total as much as 4 per cent of annual turnover….But trade experts warn that the GDPR is very cautiously written, with a blanket exemption for measures claiming to protect privacy. Mr Lee-Makiyama says: “The EU text will essentially provide no meaningful restriction on countries wanting to practice data localisation.”

Against this political backdrop, the prospects for broad and binding international rules on data flow are dim. …In the battle for dominance over setting rules for commerce, the EU and US often adopt contrasting approaches.  While the US often tries to export its product standards in trade diplomacy, the EU tends to write rules for itself and let the gravity of its huge market pull other economies into its regulatory orbit. Businesses faced with multiple regulatory regimes will tend to work to the highest standard, known widely as the “Brussels effect”.  Companies such as Facebook have promised to follow GDPR throughout their global operations as the price of operating in Europe.

Excerpts from   Data protectionism: the growing menace to global business, Financial Times, May 13, 2018

Nationalizing the Internet

Seeking to cut dependence on companies such as Google, Microsoft, and LinkedIn, Putin in recent years has urged the creation of domestic versions of everything from operating systems and e-mail to microchips and payment processing. Putin’s government says Russia needs protection from U.S. sanctions, bugs, and any backdoors built into hardware or software. “It’s a matter of national security,” says Andrey Chernogorov, executive secretary of the State Duma’s commission on strategic information systems. “Not replacing foreign IT would be equivalent to dismissing the army.”

Since last year, Russia has required foreign internet companies to store Russian clients’ data on servers in the country. In January 2016 the Kremlin ordered government agencies to use programs for office applications, database management, and cloud storage from an approved list of Russian suppliers or explain why they can’t—a blow to Microsoft, IBM, and Oracle. Google last year was ordered to allow Android phone makers to offer a Russian search engine. All four U.S. companies declined to comment.

And a state-backed group called the Institute of Internet Development is holding a public contest for a messenger service to compete with text and voice apps like WhatsApp and Viber. Russia’s Security Council has criticized the use of those services by state employees over concerns that U.S. spies could monitor the encrypted communications while Russian agencies can’t,,

On Nov. 10, 2016, Russia’s communications watchdog said LinkedIn would be blocked for not following the data-storage rules….. That same day, the Communications Ministry published draft legislation that would create a state-controlled body to monitor .ru domains and associated IP addresses. The proposal would also mandate that Russian internet infrastructure be owned by local companies and that cross-border communication lines be operated only by carriers subject to Russian regulation…

The biggest effect of the Kremlin’s internet campaign can be seen in the Moscow city administration, which is testing Russian-made e-mail and calendar software MyOffice Mail on 6,000 machines at City Hall. The city aims to replace Microsoft Outlook with the homegrown alternative, from Moscow-based New Cloud Technologies, on as many as 600,000 computers in schools, hospitals, and local agencies….“Money from Russian taxpayers and state-controlled companies should be spent primarily on domestic software,” Communications Minister Nikolay Nikiforov told reporters in September. “It’s a matter of jobs, of information security, and of our strategic leadership in IT.”

Excerpts from Microsoft Isn’t Feeling Any Russian Thaw, Bloomberg, Nov. 17, 2016