How governments view powerful tools like the internet often determines how they treat them. In the West, governments have sought to let citizens freely and openly engage with cyberspace – for trade, culture, and civic discourse. Others, such as Russia and China, see the internet as a powerful tool to consolidate their power domestically and a threat to their sovereignty internationally. But doing so disregards the economic, social, and cultural globalization that the internet has helped manifest. The Cipher Brief’s Levi Maxey spoke with Chris Inglis, the former Deputy Director of the National Security Agency, about why governments might understand digital sovereignty differently and the negative impacts a fragmenting of the global digital commons could have.
The Cipher Brief: How do various forms of government view their digital sovereignty differently?
Chris Inglis: It goes back to cultural differences rooted in traditions and different experiences. There are three questions underneath it. First and foremost, what is the role of any strategic asset in a given society? In the United States, the principle role of the internet is to be placed at the disposal of the citizens of the republic and aid and abet the aspirations of a citizen to use at his or her own free will. In a place like China, or even more so in Russia, the role of a strategic asset such as the internet is first and foremost to sustain the integrity of the nation-state. So you arrive at two different conclusions then about how you then treat a strategic asset such as the internet when you consider its purpose.
The second question would be the distinction between private assets and public assets, and in the case of the United States, the attributes that arise from that, such as privacy versus security equities. In the United States, our framing document says that we cherish both of those, and therefore try to align and pursue both of those at the same time, when in fact it might sometimes look like a contest. In other societies, such as Russia, for example, there is a much lower standard given to the role of the right of privacy when it perhaps comes into contention with national security and state security.
And the third question, which we saw outplay in 2016, is determining the value of information. In the United States, true information is more valuable. That is also true in any Western society. But in the place like Russia, what we increasingly perceive is the value of information has more to do with whether it is impactful, not whether it is true. Therefore it is appropriate to use information that is not true if it is impactful and benefits the state’s services.
TCB: Is pushing sovereignty on cyberspace essentially physically cutting it off from global networks, or is sovereignty more gradual through data localization laws or national encryption standards?
Inglis: The internet is ultimately useful to achieve at least three things: collaboration, competition, and conflict. In the case of collaboration, it is generally more useful if we don’t describe boundaries and if we don’t withhold information from certain parties. Collaboration is best done without preconditions. But if you bias your views towards the internet towards competition or conflict – where knowledge is power – then you want to exercise some degree of control over that information. Balkanization aids and abets their control over that information. But you are not going to achieve individually the same results that you might have collectively. So at the same time Balkanization aids and abets sub-optimization of the use of information.
Nation-states that have different views of information, the role of data, or its value, than the United States, therefore might prefer balkanization. If a nation-state is biased to the flourishing of collaboration, and seeks to use data to try to stop problems that do not recognize geographic physical boundaries – such as solving cancer or the creation of a global weather prediction system – then it doesn’t want balkanization. But it all depends on how you view the answer to those first three questions.
TCB: If countries begin to rely on their own software and hardware for security reasons and to bolster their own tech industries, would this help or harm U.S. signals intelligence collection? In other words, would controversial U.S. signals intelligence collection under FISA 702 become less necessary if countries’ began relying on their own national technology platforms to communicate?
Inglis: Justifying and overseeing intelligence was a much cleaner thing back in the days when the physical infrastructure aligned with the sovereign authorities. When there was literally an away field and a home field, it was easy to say I will defend on my field, and I will exploit on somebody else’s. The internet then changed all the rules of where information was, sometimes creating a home field advantage at the downside of having the challenge of how to separate the data that is now comingled with data on an adversary.
So yeah, you can crisp that up, but the downside is that to go with that balkanization, then you are sub-optimizing the ability of societies to collaborate across those boundaries and to achieve a technological breakthrough that comes from diversity of intellects, perspectives, and cultures across those boundaries. The conflict of ideas that takes place within a given society, if it is somewhat monolithic, then there is far less risk than a conflict of ideas that takes place across national boundaries – and that is where some of the greatest breakthroughs are yet to be had.
TCB: Is there a level of hypocrisy when countries who engage in offensive cyber operations abroad but then condemn it when others do it against them, calling it an infringement on their sovereignty?
Inglis: We need to understand that we live in a bit of a glass house, and therefore, the things we practice could become the norms for others who might practice those things against us. There is a certain symmetry here, which is that what we can do to others, can easily be done to us. There are very low barriers to entry – it doesn’t require extraordinary capabilities to do anything, frankly, in cyberspace. Any feature can be picked up, turned around, and used in the reverse direction. In that sense, the old adage, don’t through stones in a glass house because you live in that house and the impacts will come back to you, is true in cyberspace.
TCB: What impact is general economic globalization have on an individual country’s digital sovereignty?
Inglis: The interesting bit over the last two or three years, as we have had this sometimes very visible, sometimes quiet, debate about aligning privacy and collective security – whether that is domestic security, whether that is national security – is that the debate is really a three-part debate. The first two things we are trying to align are privacy interests and collective security. The preamble of the Constitution talks about both of those, it uses the word “and” instead of choosing one over the other.
But we are increasingly practicing our economies and our technical innovation in an international forum. And therefore, whatever alignment we find in those first two has to work across national boundaries. So what Apple was arguing two or three years ago during the discussion about the phone found in San Bernardino, was that there are three things that we have got to figure out how to align – privacy, collective security, and the ability of individuals and organizations to thrive and succeed in an international environment. So whatever alignment we come up with needs to increasingly work in an international context. That is possible with a lot of likeminded nations. It gets more difficult with nations who have a fundamentally different view of the role of the internet and the way to ascribe value to data. But that is really what we are trying to figure out in this environment.
TCB: How does this idea of a global digital commons impact the discussion around sovereignty?
Inglis: Well the United States embraces it. Our State Department has articulated what we think are the values we attribute to cyberspace – that is free and open access to the internet. Therefore, the global commons is a great good. However, that is not without some responsibility and accountability for individuals and nation-states who operate there. There will be some accountability for people who put information where the truth of it, use of it, safety of it is deemed negative. Similarly, there will be some accountability for those that access information through it. Therefore, trying to align that in a world that increasingly doesn’t naturally align physical and virtual boundaries is hard. There is great promise to be found in collaboration in and across cyberspace. Therefore, we should be pushing for that.