How can James Mulvenon trust the Internet when he can’t even trust his own refrigerator?
“I discovered in my own network logs last night [the refrigerator] was surreptitiously going through my home network to communicate back to its manufacturer to download the latest firmware,” Mulvenon, the vice president of Defense Group’s intelligence division, told an audience at the Brookings Institution Thursday. “When I think about digital trust in this context, it’s difficult.”
Mulvenon was part of a panel that discussed how countries are growing skeptical about sharing data across their own borders, thus causing the Internet to become a balkanized platform. While the panel examined how this behavior affects the global economy, many of the ideas discussed mirrored what government agencies wrestle with: how to balance the open nature of the Internet while defending against illicit behavior.
Mulvenon said this balance is very philosophical in nature with the public fighting for the “cyberpunk libertarian origins of the network” while countries and governments are trying to protect and enforce their own laws.
“This is a big philosophical battle that we’re fighting right now,” he said. “A lot of countries like China and Russia look at the structural aspects of the architecture as it relates to sovereignty and say ‘Naturally, we have a right to not only protect the network but police the content on that network.’ ”
Mulvenon said he is a firm believer that countries should be allowed to enforce whatever laws they want in regards to Internet behavior if it’s proliferating through infrastructure within their borders.
“My personal opinion is there is no global commons in cyberspace,” he said. “The actual structural architecture of the Internet, the node of the network, resides within the sovereign boundaries of a nation-state that is governed by its own laws, the data travel over submarine cables or satellite connections that are owned by companies that are incorporated by governments with their own sovereign laws. There is no part in the architecture – except for little specks on sea, land and other places – that doesn’t fall into the Westphalian sovereignty border.”
While countries consider data localization laws as ways to enforce their sovereignty, Richard Saldago, Google’s director of information security and law enforcement, said countries need to consider how those laws could hamper their own economy.
“A country says ‘You’ve got to have a data center in our jurisdiction and you’ve got to put some class of user data in that data center,’ it presents tremendous inefficiencies,” Saldago said. “An awful lot of companies use the services of Google and Amazon and Salesforce and lots of other companies to run their businesses to take advantages of the efficiencies that are offered by the cloud. Really what happens if a country imposes data localization requirements [is] it harms those companies that want to take advantage of scale.”
Another factor Saldago said governments should consider is that data localization can ultimately make data less secure.
“If you start imposing artificial rules on what the network architecture is supposed to look like, you start losing those benefits and start exposing data to security threats that otherwise can be easily engineered around,” he said. “In the long run, I think data localization requirements are really very bad not just for the companies that are taking advantage of true cloud networks but also the countries who are taking advantage.”
Mulvenon later said he believes trust will be restored when encryption eventually becomes standard for the majority of Internet users.
“The basis for trust in my daily life is robust, transparent encryption,” he said. “But it also has to be easy enough for my mother to use. It can’t be that you can only be a crypto-paranoid if you run GPG on the command line. It has to be something that is baked in to a basic level of what we are doing.”
Even with countries and companies wringing their hands over how data moves across borders, U.S. Coordinator for International Communications & Information Policy Daniel Sepulveda doesn’t see the Internet fragmenting into something different than what it is today.
“At the end of the day, there is literally not a country that has chosen to not connect to the global Internet,” Sepulveda said. “There is a discussion by some politicians in some countries about constructing intranets inside their country and disassociating themselves from the global internet. That is actually not happening.”
The entire discussion on encryption and data localization is available to watch on C-SPAN.
