Add this to your list of parties spoilt by the Internet revolution: national sovereignty.

We all know that the borderless nature of the Internet is stretching longstanding technical and legal definitions. But recently, my colleague Richard Aceves and I got to talking about the mish-mash that social media is making of culture, language, and national identity. It should come as no surprise that cultures and languages are being diluted by the global online discussion, in the same way that the advent of television and radio had a dampening effect on certain regional spoken colloquialisms and accents. Richard will examine some cultural questions in a forthcoming blog post, while I’ll be discussing the psychological impact on national sovereignty.

Judging by the proliferation of Internet policies and legislation, it is pretty clear that bureaucrats and politicians in capital cities around the world are worried that the Internet (with special thanks to social media) is simultaneously eroding both their authority and their national identity.

Companies are pioneering ways to comply with host government demands, which can expose them to criticism by customers far removed culturally and politically. Google has launched an annual transparency report that enumerates host government orders and Internet outages, for example. Twitter and Facebook have instituted policies for dealing with conflicts between their business models and the requirements of governments. These policies recognize the legal jurisdiction of public authorities within their borders, but make it clear that these policies are not observed outside them.

Other companies may be impatient with the slow pace of government decisions. The Weather Channel approached the U.S. National Weather Service about naming winter storms, but when the NWS was slow to respond, the Weather Channel went ahead and, with the viral muscle of Twitter (and to the frustration of government meteorologists) named the recent Nor’easter “Nemo”. Google revealed last week a new addition to its mapped territory: the Democratic People’s Republic of Korea. This appears to have been done without the consent of the government, and includes locations of things like gulags, which Pyongyang ostensibly would not want publicized.

Faced with the prospect of rapidly eroding control over the national dialogue, some authorities are acting to throw up new barriers and controls. These efforts may be necessary from a security perspective, when each additional portal to the outside world increases a system’s vulnerability. Think of Iran, which is said to have created a closed, national Internet. These actions may be more to demonstrate power than maintain security, as in Egypt, where a court has ordered that YouTube be blocked for one month for carrying a film that insulted Muslims.

Other nations have more or less successfully reinterpreted old laws governing speech and commerce, repurposing the spirit of pre-Internet laws for a world that could scarcely have been imagined when those laws were committed to the books. Indeed, many governments have proven so effective at regulating aspects of Internet use that without an organized resistance to government regulatory creep, the truly free Internet may someday be relegated to a Wikipedia page on the history of globalization.

That would be unfortunate, because those of us carrying around the sum total of the world’s knowledge in our pockets today—particularly those of us who came of age in a pre-Internet world—sense the potential of a free and global Internet. Even in a world where ideas and networks must be protected from attack and theft, the Internet—as smarter people than me have said—wants to be free.

What does this mean for information security professionals? Let’s put our data into context—remember the who, what, where, and why, as we seek to protect our networks. We might call it the “think global, act local” of cyber security. In our rush to put out fires and send out patches, keep motivations in mind.


Jean Gordon Kocienda

Global Threat Analyst

Corporate Security Programs