Can European Data become a Reality?

This past February Germany’s Chancellor Angela Merkel made a proposal for reduced telecommunications dependence on the US, instead developing Europe’s own “data hub.” Undoubtedly this move reflects an increasing sense of distrust between Germany and the US given recent reports of the US National Security Administration’s extensive surveillance of foreign allied leaders, among other targets. The plan could require companies such as Google and Facebook to maintain data centers separate from the US in Europe. Yet, taking into consideration both the development of the internet and its current state, it seems highly unlikely that Merkel’s proposal can be realistically implemented.

The internet as we know it is an improvised organization of globally distributed and autonomous networks. These networks come from various sectors of society ranging from public to private, research to commerce, and domestic to international organizations. Furthermore, each network chooses its form of protocols and technologies, meaning that there is no form of centralized governance other than voluntary technical standards and international technical identifiers. As a result of this extemporaneous development, data borders on the internet aren’t clearly defined like those we see on a map, making it incredibly difficult to envision how the EU or any individual nation would go about policing data transfer between nations. The NSA collects data on people through the use of technology like fiber-optic splitters, which would be stopped by preventing data from flowing through the US as Merkel intends. However, it also exploits poor security measures and lack of encryption in networks throughout the world to obtain data, and this wouldn’t be stopped by simply keeping data within Europe’s borders.

Still, a few functions like the assignment of IP addresses and control of the root zone of the Domain Name System (DNS) were previously controlled by the US government and continue to maintain very strong ties to it. They currently fall under the Internet Assigned Numbers Authority (IANA), part of a nonprofit American corporation which functions under a US Department of Commerce contract. Recent revelations of mass surveillance by the NSA of international and domestic data have undermined trust in the IANA and its overarching organization, the Internet Corporation for Assigned Names and Numbers (ICANN). In response, many organizations called for the globalization of these functions in the Montevideo Statement on the Future of the Internet Cooperation, released in late 2013, including the heads of ICANN itself. It is important to note, however, that though these actions symbolize increased mistrust with respect to the US and data, globalization of these functions would have no impact on the NSA’s ability to monitor networks globally.

Merkel’s sentiments fall along these same lines and are reflective of the nation’s painful past during which many citizens suffered constant and extreme surveillance by secret police under both the Nazi regime and the Communist government of East Germany. Current NSA surveillance, though conducted through a new medium, is raising similar concerns throughout the world. Moreover, it appears that Obama’s declaration of the end of NSA’s watch on Merkel was misleading. Recent reports suggest continued surveillance of high-ranking German officials close to Merkel, along with hundreds of German business leaders, despite Obama’s previous orders.

Yet, Merkel isn’t the only one with these concerns. Many politicians are moving to address their citizens’ concerns regarding data privacy; a TRUSTe study on UK privacy concerns indicated that 54% of people were more concerned about their online privacy as compared to a year ago, and 94% were concerned about their online privacy in general. And these concerns translate into economic consequences: companies like Runbox, a Norwegian e-mail client, have seen a massive increase in subscription this year simply because they host their data on servers outside the United States.

In this vein, the EU’s Justice Commissioner Viviane Reding has developed a series of regulations regarding data privacy and regulation that have serious implications for how companies with an online presence act in Europe. Her plan calls for one set of regulations across Europe rather than 28 separate sets of regulations for companies to deal with and the right for citizens to be informed if their data has been shared with third parties. Companies have taken issue with the idea, mainly because it would require them to demonstrate a need to store data on its users in order to do so. They take further issue now that over 4,000 additional amendments (the most ever on record for a single European legislative file) were passed alongside the plan last year by the European Parliament, and are widely expected to become law late this March. Provisions include a right to be forgotten which guarantees the deletion of user content and information if requested as well as company fines for data misuse for up to 5% of annual revenue or 100 million euros, whichever is lower. None of this includes increased research or implementation of encryption protocols.

Despite these corporate restrictions on data, the heart of the issue which Merkel and other politicians seem to overlook is how the NSA conducts its surveillance in the first place. Indeed, certain functions of the internet can be globalized to reduce a continued dependence on the US for internet development. But Chancellor Merkel’s and Commissioner Reding’s plans would likely do nothing to affect continued snooping by the NSA. Other than data requests from companies, the agency relies on insecure networks and other systemic loopholes to exploit information on its targets; this wouldn’t be resolved by pushing European data to remain in European networks. Instead, Germany must look towards security, rather than reorganization, if they hope to protect their data and privacy. This can be in the form of increased encryption use among other security protocols.

What is not up for debate is the fact that current relations between the US and the world are on uneven footing due to this penetrating surveillance. Without innovation and precise action on the part of other international players, we may never see an internet that rises above its initial conception as a US government-observed network.