I attended my very first Open Source Week at the United Nations. Because of some other events, I got here a day late and in the middle of a session, but I arrived at a great time: the topic under discussion was “open source and digital sovereignty”, a subject of much recent debate. Listening to the discussion unfold, I was reminded of why I have grown increasingly frustrated – and pessimistic – about most open source discourse. As I have mentioned elsewhere, open source is an artifact of the naive 90s, when we were all convinced that as long as everyone in the world had internal access and a computer, we would break down walls and make oppression a thing of the past.
As the panelists were discussing topics related to digital sovereignty, they brought up many great points – infrastructure, community access, the role of open source programs, the importance of transparency, for both data and software. But as I listened, I realized there was a subtext that was going unmentioned: the reason that digital sovereignty has become such a hot-button issue is that a certain country, along with its large, multinational tech companies, has been deemed untrustworthy, triggering much Sturm and Drang about how the data of much of the world seems to be all flowing into the coffers of big American tech. Before I go any further, let me acknowledge that they are right to be concerned, and I’m glad other countries have finally noticed the inherent risks of the global imbalance of tech. I just wish they had noticed 20 years earlier. That said, I think it’s important to ask the question of what question are we actually trying to solve and what does success look like.
Sovereignty as Nationalism
Because national sovereignty is the initial driver of this conversation, much of the discussion has focused on where data, services, and software live, as if the same broken governance that defines American tech is magically better if it’s located in, say, Germany, France, or the UK. While I enjoy taking a good swing at Simon Wardley, I have to confess that his skepticism of the sovereignty discourse seems to be on point. Following his train of thought led me to this post by Christian Edelmann. It now occurs to me that this fixation on the location of services has led us to ask and answer the wrong question: “are American companies too powerful?” and “how do we shift the balance of power, geopolitically?” I won’t argue that those aren’t important questions, but I think they miss the larger points, namely: “what does success look like?” and “how can we guarantee privacy and access in a multi-national tech world?” I understand that there are complicating factors here. If an American company does its best to treat people’s ownership and access to their data as a human right, that doesn’t mean that its government will have the same respect, so the question of sovereignty cannot function independently of nation states.
There is a very real risk that nation states will treat sovereignty as a geopolitical power exercise and not a guarantee of people’s and communities’ rights. Indeed, when you see communications from UK and EU governments, it’s in a reactionary form of “how do we distance ourselves from the USA”. The problem with this approach is that it is ripe for exploitation. We risk ending up in a place worse than where we came from.
The Open Source Question
Must of the discussion about the role of open source was in the form of how to guarantee transparency and open access to software, data, and services. After the panel was over, I was discussing this with another attendee, who said that keeping everything open source will be essential to preventing companies from exploiting people. While I’m a big fan of the transparency of open source, where have we heard this before? Over the last 20 years, we have seen countless examples of vendors exploiting open source code to create proprietary services that violate people’s privacy and prevent them from ownership of their data. Clearly, mandating open source doesn’t prevent companies or governments from implementing mass surveillance systems. Having witness this in the cloud computing and now AI markets, no one should be naive enough to believe that keeping software open source will be enough to protect constituents from “the new oil”.
Which brings me to the motivations of companies participating in this discussion and advocating for digital sovereignty and open source transparency. It should be noted that none of the tech companies I’ve heard discussing sovereignty have mentioned human rights. In fact, during yesterday’s panel, the concept of human rights as they pertain to privacy and access was entirely missing. This is an oversight. It will be far too easy for tech vendors to reimplement tools of mass surveillance in their respective countries. In this scenario, “sovereignty” becomes shorthand for monopolistic business practices conducted under the aegis of pro-nationalism, not pro-people.
Human Rights of Digital Sovereignty
In contrast to the panel discussion on open source and digital sovereignty, I next attended a breakout session on “Data Governance and the Public Good”, where the subject of human rights came up exactly once, which is better than none. I’m not a fan of repeating the mistakes of the past. In the early 2000s, it was commonplace to disregard the involvement of nation states as violating the feel-good order of the day involving international ad hoc communities, coming together under a common purpose. That line of thinking is still dominant, although less so. At least now most open source community participants acknowledge the benefits of governments sponsoring a digital commons and digital public infrastructure, which necessarily requires flourishing open source communities. Now that nation states are getting involved, we face a different risk; one where governments are all too happy to watch open source proliferate and repeat the actions of the past, except this time in the name of sovereignty and on their national turf. In both cases – discounting government involvement and inviting government-fostered surveillance and exploitation – the results stem from a reluctance to explicitly tie these efforts to the protection of human rights.
What does it mean to protect everyone’s right to privacy while also guaranteeing access to essential services, in the public and private sectors? I have yet to see examples of what an explicit declaration of human rights in the age of cloud and AI would look like. My chief concern is that allowing nation states to define the meaning of digital sovereignty will go no further than locking their respective populations into the same underhanded schemes but with different owners. We can and should do better than that. Let’s define the outcomes we want and then determine the best way to achieve them. The data and software can live in any number of places, as long as our human rights are respected. It doesn’t have to be consigned to a specific geographic location.
If we allow nationalism to be branded as digital sovereignty, we will have failed.
