In a way, we are already in a low-level continuous conflict in cyberspace. China is not the only country that is engaging, through direct or indirect state action, in massive cyber operations against other countries’ political and economic structures. We are in the midst of one of those historic shifts when offensive technologies are cheaper and more powerful than defensive ones….
Ensuring the protection and integrity of data is indeed a vital issue. But this has very little to do with where data are stored. Attackers based in China recently broke into the U.S. Office of Personnel Management and stole files with sensitive information on federal employees that compromised some 22 million people. Chinese and Russian hackers routinely penetrate secure industrial and government networks in the U.S. and Europe. And several countries are tapping underwater cables carrying the world’s communications. So what problem does data localization actually solve?
The solution to privacy concerns lies not in data localization, but in the development of secure systems and the proper use of encryption. Data storage actually means the continuous transfer of data between users, with no regard for Westphalian borders. Security in the digital world is based on technology, not geography….
The OECD has just issued a report highlighting how data-driven innovation will increasingly drive the economies of the future. Crucially, it stresses “the need to promote the ‘openness’ in the global data ecosystem and thus the free flow of data across nations, sectors, and organizations….”
Europe also faces some important choices. The EU must not allow a muddled understanding of digital realities to give rise to profoundly damaging digital protectionism. It must overcome the institutional barriers that make it seemingly impossible to forge a common position on external cyber policy. And it needs to take the foreign policy implications of its actions seriously: When EU countries talk about data localization, others do, too.
Finally, the U.S. needs to adapt as well. It must accept that it is no longer the only global cyberpower, and that its own behavior must comply with globally accepted norms to which all must adhere.
The Internet has already become the world’s most important infrastructure. But this is only the beginning: soon it will be the infrastructure of all other infrastructures. Policies born of confusion, chaos and confrontation have no place in this new world of opportunities.
Carl Bildt is chairman of the Global Commission on Internet Governance and former Prime Minister of Sweden.