IGF 2021 - Day 0 - Event #99 Global Road(s) to Digital Sovereignty

The following are the outputs of the captioning taken during an IGF virtual intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



>> MODERATOR: Ladies and gentlemen, welcome to Global Roads to Digital Sovereignty. My name is Michal Rekowski and I'm a program director of the Kosciuszko Institute, a non-partisan Polish think tank specializing in cybersecurity and digital technologies.  The Kosciuszko Institute is also the organizer of the CYBERSEC, European Cybersecurity Forum. 

     Ladies and gentlemen, last decade saw an emergence of a concept that is playing an increasingly important role in global politics and global technology governance.  Digital sovereignty is on the rise everywhere from South America to Asia and from Europe to Africa. 

     Today we hope to share with you various perspectives on the matter.  I will have a great pleasure to moderate today's panel discussion.  And please let me welcome our distinguished guests.  Joining us tonight are Capitaine Romaric Agbagla, Chief Technology Officer of the Togo Digital Agency.  Welcome, sir. Ms. Nathalia Lobo, Director of Sector Policy of the Secretariat of Telecommunications of Brazil.  Welcome, madam. Professor Ang Peng Hwa of the Nanyang Technological University in Singapore.  Welcome, Professor.  And Professor Paul Timmers, Research Associate at the University of Oxford and Professor of the European University Cyprus.

     As you can see, we have a panel of tremendous speakers.  For years now, there have been a growing feeling that the expansion of the global internet present a challenge to states and societies capacity to master their own fate. 

     In the most common understanding, the digital sovereignty denotes state or society efforts to reestablish their authority over the internet and ensure that their interests are protected in the accelerating digital revolution. 

     The first two decades of the global growth of the internet were accompanied by the underlying belief that the decentralized and open character of digital networks would eventually empower the citizens and bring about democratization to all corners of the world.

     We could bring examples of how the internet actually challenges sovereignty authority in popular uprisings in different parts of globe.  But that feeling seems to fade now as states re-establish themselves. 

     On the other hand, the largest technology companies from both America and Asia have become global actors shaping daily functioning of individuals and societies with interest in every corner of the world.  These corporate actors wield immense power over various strengths of social lives, often outpacing states in their influence on crucial issues of national importance such as the direction of the economic development or dynamics of social order. 

     But they also may challenge the principles of Democratic self-determination, limiting individual's autonomy and transforming this fear of individual privacy.  As data becomes increasingly economically important and the commodification of data dominates the direction of economic growth, States start to perceive data loss resulting from transnational data flows as loss of control of sovereign assets.  Hence, we can witness the discussions on storing data within national borders.

     We should not also overlook the deepening digital divide between digitally developed and least developed countries that creates the risk of embedding the latter in a structurally disadvantaged position. 

     Then in the last few years, internet and digital technologies, in particular digital infrastructure, have been increasingly seen by policy makers as a geopolitical asset.  One that can and should be used in the pursuit of a nation's prominence.  As a consequence, digital sovereignty is on the lips of decision makers and Civil Society leaders all around the world.  But roads that lead to digital sovereignty may differ or lead through differing territories.

     There is no consensus on how they should be followed.  So let's listen to the perspectives of our distinguished speakers.  Capitaine Agbagla, I would like to ask you to take the floor and present your perspective on the digital sovereignty, please.

     >> ROMARIC AGBAGLA: Thank you, Mr. Moderator.  I don't know if you can hear me.

     >> MODERATOR: We can hear you well.

     >> ROMARIC AGBAGLA: Thank you. 

     First of all, I would like to thank you for the experience to share my feelings on the digital sovereignty. 

     To go deeper on the subject, for us digital sovereignty is the ability to have control over your own digital destiny.  Talking about data, software and hardware.

     To explain my talk, I would first draw the facts in Africa because I'm looking from the African perspective.  First of all, most of our data is hosted overseas.  All the data we are producing is either in the cloud overseas or not used in the country itself.

     We have also these facts: No major African companies in top 20 of global tech brands.  And then we are experiencing a phenomenon of vendor locking and lack of knowledge transfer in all of digital projects we are committing in here in the African continent.

     What is at stake?  This is digital economy.  Because this is a growing part of our economy, this is an opportunity to create jobs and to have sustainable development.  This is a way to control our own destiny, not impose or influenced by third parties.

     In the fact also I forgot to mention that the digital -- what I call the digital manipulation through social network, if you don't have the control on those technology, your population is open to any kind of manipulation coming from those mass media.

     What are our perspectives?  All of our own data on this matter, Togo just built a tier three data center in order to host their own data they are producing, and also find a way to exploit it and generate wealth from it. 

     Secondly, we want to increase presence in digital open-source projects.  Our future digital law will require every major project to use open-source technology as feasible as possible. 

     We don't want to reinvent the wheel, but we need to customize and integrate.  So going from open source we should have our custom systems.  We want to promote our one technological initiative.  For example, Togo is the first sub- Saharan country joining the EU Digital COVID Certificate Network.

     So we set up -- we set up internally a platform to generate COVID-19 pass and we just integrate this platform with the European Union COVID Certificate Platform.

     We are also building what we call public service platform, one shop for the citizen for D to C, and C to D.  We want also to think regionally, not individually.  Togo is part of the West African unique identification for regional integration and inclusion program led by the World Bank.  This is about the IT. 

     And we also want to secure our internet connection, so we are working on that on two aspects.  First aspect is to have -- to promote our own exchange points, our local exchange points, and to diversify the source of internet.

     So we are working toward to have a second undersea cable for internet services.  This is all I have to say about the digital sovereignty.  Thank you.

     >> MODERATOR: Thank you, Captain.  Professor Ang, the floor is yours.

     >> HWA PENG ANG:  Thank you for the honor of being the first to ask a question. And I'm asking Paul from Oxford.

     I just came from a session at Veganet, the academic guys.  And I heard a colleague talking about digital sovereignty in Europe, your colleague Dr. Giovanni Gregorio. 

     So this is a surprising turn of events for me because it was not so long ago that only people talking about digital sovereignty were superpowers and they basically wanted to flex their offline muscles into the online space. 

     So for Europe, is there a shared framework or set of principles that the European Union looks at for digital sovereignty?  Are there members with different notions of digital sovereignty? And do Member States need to come together to have a collective approach to digital sovereignty?  And if so, if there is such a collective approach, how successful can they be if they are not collective?

     >> PAUL TIMMERS: Thank you for the question.  Let me take it right away, if Michal agrees and will let me do that.

     Also, thank you very much for inviting me to this event to the IGF which has a very special place at least for me in my thinking about the digital world.

     Well, one thing that is perhaps good to stress is, you know, a little bit close to what Captain Agbagla just said, digital sovereignty is actually more the means in the digital world to safeguard your sovereignty. 

     So it's about your knowledge, your capabilities.  It is about how much you can do, your capacity and how much control that you have to safeguard your sovereignty.  So digital sovereignty is perhaps a new term.  Sovereignty is actually not so much a new term for the European countries because they have always been working together to share sovereignty under the European Treaties. 

     Even you might say that has increased over the years to share and to prove sovereignty at European level.  So perhaps not so strange that digital sovereignty in the sense of let's also safeguard our sovereignty collectively in the digital world in that sense has come up quite strongly.

     Your question is there then a common approach to that depends I think very much on how people from the various countries are stepping into this domain of digital sovereignty.  If they have very strong national security hat on, then it's quite difficult to get to common ground.  If they actually see that national security can be best safeguarded in many cases by working together, things really change. 

     Then something of a common perspective emerges.  And I would call that a triple win perspective, win-win-win perspective.  Let me illustrate that very briefly.

     If, for example, you want to protect your networks against cyber incidents, cyber threats, cyber attacks, then each of the countries in Europe are actually too small, even the largest ones are too small to do that completely on their own. The networks are very much interconnected, the markets are interconnected.  Disturbance in one country will spill over into trade in other countries.  So there an interest to protect your national economic security by working together.  So actually your national sovereignty will be better protected by working together.  That's one win.

     Secondly, if you work together, then you also are building up new digital assets collectively.  And a good example is actually Built EU.  That's a joint asset.  It's owned by everybody.  And actually it is something that as an asset is something that belongs to all Europeans.  So it's a sovereign asset, too.  And so you're building up critical infrastructures that span the continent, you're building up new facilities like data spaces or dot-eu that are shared.  So that was the second win.

     The third win, if you build up a -- collectively, jointly, a stronger digital assets and a stronger position in cybersecurity you also have more of a voice in the world exactly as you mentioned.  You know, in between the professional powers Europe feels that it has to have a place and has to have a voice in the world.  And you can only do that credibly if you have got also something to fall back upon if you have your national or collective sovereign assets.  So it also strengthens the external dimensional sovereignty.  So I think you can also talk about it like a triple win.

     >> MODERATOR: Thank you, Professor Timmers.  Now I would like to ask Director Lobo to give your perspective on digital sovereignty.  Please, the floor is yours. Director Lobo, I think you're muted.

     >> NATHALIA LOBO: Hello.  Do you hear me?

     >> MODERATOR: Yes, we can hear you.

     >> NATHALIA LOBO: Okay, thank you very much.  I'm sorry here.

     First, I would like to compliment everyone.  Thank you very much for calling me for this panel.  It is a pleasure to join you all here today.  Though it may be this morning, this afternoon, or this evening. 

     So before touching the specific concept of the digital sovereignty, I would like to provide some basic information on how Brazil approaches the issue of governance in the digital environment.

     Back in '95, Brazil established a national internet steering committee that from the outset was modeled as a multi-sector stakeholder governance mechanism bringing together government, private sector, academia and Civil Society. 

     In 2014, new and specific internet legislation was approved known as the Brazilian Internet Bill of Rights, the maximum of internet.

     Brazil as well is an active participant in international internet governance mechanisms.  Indeed, Brazil hosted the 2015 edition of this Internet Governance Forum in the City of Joao Pessoa. 

     Over the years, the internet grew tremendously in Brazil.  Nowadays we have over 4.8 million domains registered in Brazil and the Sao Paolo internet exchange is one of the largest in the world. 

     Brazil has a very vast population of around over two thousand -- two hundred and ten million people.  And has -- is the fifth greatest territory in the planet.  Summing up 8.5 million square kilometers.

     So despite the challenges, we are making much significant progress in expanding network infrastructure and providing connectivity all over the country.  The most recent numbers show that over 81% of households in Brazil have either fixed or mobile broadband service subscriptions. 

     Internet use in homes is also noticeably gender balanced in Brazil with 79% of women and girls and 75% of men and boys using internet. 

     So in 2017, with the increasing role of the digital technologies in the economy and in the services provided by government, along with the impact of digital technology on the daily lives of citizens, Brazil developed a national digital transformation strategy.  This strategy is based on the whole of government approach to digital issues with broad engagement of the private sector and of society at large. 

     This strategy, published in late 2018, is built along nine pillars and covers both enablers of digital transformation including network infrastructure, R & D, trust, capacity building and international cooperation and builders of the digital transformation per se, digital transformation of the economy and of government. 

     The strategy is modeled on a four-year sliding window period to take account of technological development and institutional developments.  In 2020, this strategy was peer reviewed by the OECD Committee at Digital Economy Policy as part of the growing digital initiative.

     Based on the strategic actions set forth in the national digital transformation strategy over the last four years, several normative instruments and policy initiatives have matured including a national digital government strategy, a national cybersecurity strategy.  Now Brazil ranks 18th globally in the International Telecommunications Union's Global Cybersecurity Index.  A national artificial intelligence strategy with reference in the OECD, AEI Policy Observatory, and a functional functioning national data protection authority along with specific legislation on personal data protection which shows many concepts of the European framework and GDPR.

     So in short, I would say that our view of digital sovereignty is based on combining, on the one hand, openness and innovation.  And on the other hand, regulation where deemed necessary always through a national consensus-driven process.  Thank you.

     >> MODERATOR: Thank you, Director.  And now I would like to give the floor to Professor Timmers to ask the question.  And also I would like to ask all of you to stress your responses to two minutes as we are running out of time.  Professor Timmers, the floor is yours.

     >> PAUL TIMMERS: So a question for Captain Agbagla.  Thank you very much for your presentation, I found it also really interesting. 

     Now one of the things that you might wonder about is if we talk about digital sovereignty, in European, for example, you might say the regional collaboration between the 27 Member States.  Do you see something similar in Africa?  And is it the African Union that kind of provides the common framework for digital sovereignty in Africa?  And would that work because of course there have been kind of precursors like, for example, the collaboration in the Convention on Cybersecurity and Personal Data Protection which is there since 2014. 

     But of the 55 countries, it's only 14 that have signed.  So how do you see that developing in Africa?

     >> ROMARIC AGBAGLA: Thank you, Professor.  And thank you also for your previous insight. Obviously, we are on the same wavelength.  If you want to go farther, you need to go together.

     And for me, there was no response -- there is no individual response, so we need a regional answer, and we need to do that together. 

     But there is a few key challenges.  First of all, this is the leadership talking about the Convention of Malibu, the 2014 Cybersecurity Convention and GDPR.

     There are only a few country who sign it because of the lack of leadership.  People don't understand what is really at stake.  So we need the leadership, but we need also the education for them.  That is why the Cybersecurity Summit Togo want to organize but was postponed for the next year.  It is about to share knowledge and increase literacy on this matter.

     And so we really, really need to increase the leadership and education on this matter and also promote digit literacy in the region so that people can better understand what is at stake. 

     We don't have yet the same level of network and connections like Europe or in America, but certainly we are moving toward that.  So we should learn from those region, for the initiative in those region and we should incorporate at early stage all of the necessary -- all of the necessary amendments in order to have a good regional response.  I don't know --

     >> MODERATOR: Thank you, Captain Agbagla.  And I would also ask you to ask a question to the next speaker.

     >> ROMARIC AGBALA: Okay, thank you.

     Director Lobo, in 2014 Brazil has introduced the Brazil Internet Bill of Rights, sometimes also called the internet's constitution.  You just talked about it. 

     What is the meaning of this document?  And does it create a Brazilian way of regulating the digital revolution within the society?  What are its core values and what can we learn from this example?  What are some we can learn?

     >> NATHALIA LOBO: Yeah, well, I agree with the assessment that it is the Brazilian way of regulating the digital revolution. 

     But this legislation was developed in a very democratic process including public hearings, discussion in committees before being voted and approved in Congress in 2014.  This legislation includes provisions for rights and guarantees for internet users, responsibilities for personal data and private communications protection, keeping of records of connections and access deprecation, and liabilities for any damages arising from content generated by third parties, specifically excluding intermediaries such as internet service providers. 

     As well this legislation includes definitions for net neutrality including what is considered reasonable network management by network operators. Finally, it also defines the role of public authorities in ensuring the application of the law.

     So I believe this legislation was quite in balance for the time back in 2014 and it remains an important guidance for the regulation of internet in the country.

     >> MODERATOR: Thank you, Director.  It is your turn to ask the question.

     >> NATHALIA LOBO: Okay then.  Professor Ang, when faced with challenges to digital sovereignty, states and societies react with different strategies ranging from more open and democratic, and more closed and autocratic.

     What tendencies do you see in this context in southeast and east Asia?  It is known that China has a rather pronounced concept of its digital or internet sovereignty.  What about other countries in the region?  How do you see it?

     >> HWA PENG ANG: Thank you for the question.  Actually, Professor Timmer has given some broad answers to this. 

     In my neck of the woods actually we don't talk that much about digital sovereignty.  And let me give an analogy.  I ask people, the diplomats of every country we were at a meeting once and asked everybody like, you know, you guys know that USA controls the internet.  And practically they said you want to be sovereign, but they said we don't mind, you know, they are holding the ball, they have the rules that are fair, they let us play.  We will play futbol with them.  But you can let us have the ball and have the fair rules, you know.

     So they don't worry much about sovereignty.  But because we talk about data and so forth there is a greater awareness now about data and some consequence arising about sovereignty.

     But I don't see a lot of it.  I think part of the reason is that we are in the backyard of China and then we are kind of in the Pacific part of the USA, so we are trying to balance both interests to be sovereign but keeping both countries, both superpowers in mind.

     >> MODERATOR: Thank you, Professor.  It is now your turn to ask the next question.

     >> HWA PENG ANG: Ask the question, okay. 

     So I was thinking that, you know, Brazil passed the Data Protection Law in 2018 and created the Data Protection Agency.  So what is the considerations that you used to guide the development of these laws?  And to really remind people of the resource curves, you know.  Yeah.

     >> NATHALIA LOBO: Well, I must here again say that the Data Protection Law in Brazil is a piece of legislation developed in a very democratic process and came at a time of increased concern of the violation of legitimate rights of users, of internet users.

     So it shares many common elements with the European GDPR and in this sense it is, indeed, quite specific revelations placed in there.  To ensure application of the law, we created a National Data Protection Authority, the NDPA.  The authority has responsibilities to inspect the application of the law, develop additional norms and guidance for interpretation of the law, provide communication channels to inform the public and to receive complaints from users about companies not respecting the law. Apply sanctions to those who violate the law and interact with other entities of the same nature in other countries.

     Of course, given the global nature of internet, the challenge is to ensure that personal data protection is applied on the international scene.  So this requires assessing the degree of equivalents of other data protection regimes so as to achieve interoperability.  In fact, this is currently a central topic of discussions in multilateral and other international forums on digital economy.

     >> MODERATOR: Thank you, Director.  Absolutely, it is your turn.

     >> NATHALIA LOBO: I will be asking Captain Agbagla.  Togo is in the course of implementation of its digital strategy that sees some ambitious targets like the provision of biometric space on digital ID to its citizens or building a technology powered ecosystem that will enable economic innovation. 

     Developing and implementing domestic innovations is important but often it requires a reach out to foreign technology providers to obtain the base solutions which may result in dependence on third parties thus limiting sovereignty.

     What does Togo do to keep balance between accelerating its digital development and strengthening its digital sovereignty?

     >> MODERATOR: You are on mute.

     >> ROMARIC AGBAGLA: Thank you.  I already touched on that.  Our core principles re, first of all, promote our own internet system and technology and we need to do it in our own way.  That is the first core principle. 

     Secondly, we want to use open-source software as feasible as possible.  Even if in the core system or in the world of open-source software we do have well-supported open source and we want to go world open source so we can customize and we can integrate in our own systems.

     And thirdly, if we can't go with open-source software, we need to ensure that we have a knowledge transfer and hosting our own data in the same way.

     >> MODERATOR: Thank you.  And it is your turn to ask the next speaker a question.

     >> ROMARIC AGBAGLA: Yes.  Professor Timmers, in Europe you can see both the EU and the national government to be increasingly active in different forms of building data sovereignty from joint cloud initiative to regulating data laws that aim to tackle numerous problems from over reliance on external technology providers to commodification of users’ data in global economy.

     As of the end of 2021, what do you consider to be the single biggest challenge to European digital sovereignty?  What consequences can it have and what are Europeans doing to address it?

     >> PAUL TIMMERS: Thank you for this question.  So I think the word for the biggest challenge is fragmentation.  And that's fragmentation in terms of political views, in terms of leadership.  And I like that you also mentioned that.  And also in terms of money, that the money is not being pooled sufficiently because it is a big world.

     And the consequence of that is that the notion and the pursuit of digital sovereignty can be watered down.  You may like it or not, but it can also lead to really blatant weaknesses in the critical infrastructures if we don't collaborate because we are so fragmented.  Now, what can you do about it? 

     Well, the whole digital sovereignty kind of notion and movement is a response to external pressures.  Geopolitical tensions, dominance of digital platforms that takes away sovereignty from governments, and the risks of cyber incidents and the explosive rise of cyber attacks and cyber incidents. 

     So actually external pressure works, you might say.  And you see it also in Europe.  The behavior of China threatening.  The threat of political instability in the United States. Conflict with Russia.  Pandemic.  These are all external forces that help that fragmentation becomes less and that people start politically also to work together more. 

     And you see it happening right now in Europe.  There's much more common approach emerging and also decision making is actually speeding up. 

     You must be helped by good leaders.  You cannot -- well, okay, they say people elect the leaders that they deserve.  But I am reasonably optimistic that a number of good leaders at this moment in Europe and also new leaders coming so I think actually there will be an acceleration of the approach to digital sovereignty in Europe.  I'm fairly optimistic about it. 

     Now there is one thing that I do want to mention and that also relates a little bit to one of the questions that was posed in the chat.  I'm not at all convinced that digital sovereignty means that you do everything within your own continent and on your own.  As a matter of fact, quite often actually you can protect your sovereignty best by working together globally.  And internet governance is actually a good example of that.  Everybody wins if we do that collectively at the global level.

     >> MODERATOR: Thank you, Professor.  And please ask the last question of this discussion.

     >> PAUL TIMMERS: So to Professor Ang, I really would like to hear your opinion about how successful such collective approach to technology governance and internet governance is of course what you have in mind, especially how successful they can be? 

     And how different is it if you work together at the global level from when you do this at the regional level?  And what does that then actually mean to work on technology governance at the global level for digital sovereignty?  Does it fit with that? 

     And so there I would be interested to hear from you especially for the global level what are the most important lessons that you can learn when we look at regional efforts like in Asian or like at the European level.

     >> HWA PENG ANG: Okay, I will answer in two minutes. 

     I would say to look at nuclear weapons as an example of how collective attempts might be to do the governance.  And my short answer is that I think that the collective attempts would only succeed when the countries involved, states involved and governments involved in these attempts at collective governance see a benefit. 

     In the case of nuclear weapons, you can see it was really stupid.  You are creating your nuclear waste and you are creating dangers for yourself.  I recently learned that actually a nuclear bomb actually dropped in I think North Carolina.  Good thing the good Carolina is not in the tough, right?  So we can see the potential dangers there. 

     So I think in this context that this is context that I think that social media might be next thing to regulate.  I think we can see harm from that.  And it is benefit from regulating this harm. 

     It is not just hate speech but also even for just so-called normal use we are seeing psychological harm from excessive use of social media.  So I can expect some collective attempts here.  By collective, I don't mean all working together.  I mean for sharing best practices, what works. 

     So in the same way as what Professor Timmers talked about how you don't have to necessarily have it on your own land.  In the similar collective attempts will be with other people and not necessarily even like together but learn from each other.

     I would say that in this context also that probably AI will not have collective governance here because right now countries see benefit from not regulating it.  And I think U.S. just withdraw from some talks talking about regulating AI use in warfare. 

     And then countries fell that well, if I regulate, if I tie my hand, I shouldn't do it.  Obviously the big picture here is the issue of benefit. 

     We are watching, there is no -- I don't see any collective attempts.  I had actually asked some official to consider a hotline for reporting child pornography.  I know there is one in Europe.  We've had more than one in Europe.  There is none in Asia for child pornography, and you can see some of these places that have child pornography.  So I think in region in Asia it would be much more challenging to have these kind of collective attempts.

     >> MODERATOR: Thank you, Professor. 

     So we are almost right on time.  I think I did sense a bit of optimism from what all of you have mentioned regarding the efforts to proceed to digital sovereignty.

     I take one thing that how it will develop globally will probably be shaped by the superpowers competition and the pressures that States across the world are exposed to. 

     Nevertheless, what is crucial, there are two elements from what I took from you.  One is that it makes little sense to pursue digital sovereignty individually.  The scale affects encourage States to look for ways to work together. 

     And second and what I believe would be the most visible effect of those pursuits is that they are done in a democratic way or for a democratic process that actually looks to various stakeholders to build the sense of what digital sovereignty should be and also build the means to acquire it.

     Thank you all so much for sharing your opinions.  And thank you for joining this panel.  And with that, I would conclude.  Thank you.