A lot of talk these days about “Digital Sovereignty”. Whereby well-meaning people like to think that they can keep control of their data by ensuring that the data are kept in a certain legal or geographical area and somehow never leave.
But that is probably fundamentally flawed. Among other things one should consider:
- Internet pipes do not stop at geographical boundaries. Stuff flows everywhere and you cannot stop it. Which is what makes the Internet so useful and so cheap. Recent discussions in Switzerland for constructing a multi-billion dollar “special” Internet for the military (and banks no less) seem highly problematic.
- The stuff that runs the Internet probably does not come from your country. For years we have been told to avoid Chinese telecoms equipment. And now we find Cisco and others complaining that their equipment is tampered with systematically.
For any threat I might want to avoid by domiciling data in my geography, I can imagine a straightforward attack that keeps that threat very much alive even if we close the pipes at the borders. The bribed or disgruntled data center or telco employee always has been and always will be attack vector #1.
Much better to think about proper, meaning end-to-end, encryption applied within my personal jurisdiction. If only I have the keys then I can use public servers and services across the globe and I get all the benefits and none of the risks.
If you’re still skeptical take a look at this recent announcement about Visa and Mastercard moving their servers into Russia. Digital sovereignty indeed!