The Netherlands has a reputation for being a liberal, broad-minded place that is open to the world. Its scholars in Internet governance have emphasized the need for a globally recognized “public core” of the Internet. But apparently the virus of digital sovereignty has affected a significant portion of the Internet community there. And as is always the case, behind the normative appeal of digital sovereignty lurks self-interested economic interest groups.
In early February the registry for the .NL top-level domain, the non-profit Stichting Internet Domeinregistratie Nederland (SIDN) decided that it wanted to outsource a few functions to Amazon’s cloud service (AWS). They decided to abandon their aging and clunky in-house registration software DRS5 and collaborate with the Canadian country code top-level domain operator CIRA to “become co-owners of their powerful domain registration platform: Fury.” To make Fury even easier to access, SIDN decided to transfer the platform to the public cloud together with the Canadians over the next 2 years. SIDN’s chief technology officer, Loek Batten, wrote that “An additional advantage is that we can then offer Fury as a kind of ‘DRS-as-a-service’ to other registries.” SIDN claimed that no European cloud company can provide the required services.
This was greeted by a storm of protest by the Netherlands’ own little crop of digital sovereigntists. Some of the outcry was plainly unfair and irrational. The collaborative effort with other ccTLDs (Canada, New Zealand, Ireland) was ignored, and the role of Amazon was exclusively highlighted. The economic benefits to NL of becoming a paid service provider to other registries was ignored, or criticized as greed. The right of a registry operator to decide their own best supply options was overlooked. Silly claims that using AWS public cloud will lead to US government control were made. Some self-interested trade associations of Dutch registrars and cloud operators made it clear that they want special consideration when it comes to SIDN’s business, and want to use governmental threats to force SIDN to negotiate with them..
A common theme in this debate is that the Netherlands needs “digital autonomy.” Autonomy, however, means people and organizations can make their own choices. Forcing Internet users or companies in NL to use Dutch service providers or to place their servers in a specific geographical location does not support anyone’s autonomy, it diminishes it. The idea that everyone who lives inside the small, arbitrarily defined lines on maps defining the Netherlands has a collective interest in forcing everyone else to use facilities and services located in that territory is a primitive anachronism. What, exactly, are the benefits of doing that? What are the dangers and risks of not doing that? Isn’t one of the virtues of the internet is that it allows people anywhere in the world to share resources and collaborate on supply?
Opponents are floating the idea that using AWS constitutes a security risk. But the cybersecurity or data security of NL operations has nothing to do with its geographical location. Cyber attacks on infrastructure can come from anywhere in the world; as long as you are connected to the Internet, being in the territory of the Netherlands offers no special safety. The success or failure of an attack will depend on technical protections and resilience, not on the nationality of the operator or the location of the server. In fact, many AWS servers are in Europe, and a larger, more redundant operation like AWS may well be more secure than poorly run or less redundant facilities that happen to be located in the Netherlands.
The political appeal of digital sovereignty has allowed critics of the SIDN deal to raise the interest of the Ministry of Economic Affairs, but we wonder how far this will go. If it’s such a terrible thing to use cloud services provided by an American company, should the Dutch all stop using semiconductors designed by Americans? Shall they all abandon their iPhones and Android phones, because of the taint of the USA? What about products from China – will NL now reproduce the US panic about how any product or service from an evil nation is a national security risk that should be banned? How about disconnecting your cables and radio channels connecting the NL to the United States and China and Russia? because exposing the Netherlands to their bad actors is surely a compromise of your autonomy.
Let’s call digital sovereignty by its real name: it’s an ugly form of chauvinism and protectionism that is completely against the spirit of the Internet. Leave digital sovereignty to the Chinese, Russians and other authoritarian states and go back to supporting a globally interconnected, open market for digital products and services. If you want to impose security and privacy regulations on the .NL domain you can do that without restricting the nationality of the vendors people can use.
The post The Dutch in the grip of Internet nationalism appeared first on Internet Governance Project.
Source: Internet Governance Forum