This week, Iran added another point to the ongoing campaign for cyber sovereignty led by countries like China, Russia, and Saudi Arabia. The Supreme Council of Cyberspace, Iran’s institution in charge of regulating cyberspace, stated in a directive that “Foreign messaging companies active in the country are required to transfer all data and activity linked to Iranian citizens into the country in order to ensure their continued activity.” Much like China, Iran already blocks popular web platforms such as Facebook and Twitter even though many netizens use Virtual Private Network (VPN) technology to circumvent internet controls and access these sites through servers hosted abroad.
This new law reflects the alarming trend of a push for localization of data storage and a breakup of the internet. Earlier this year, for example, China passed a new cybersecurity law and introduced additional regulations regarding the publishing of digital contents by foreign companies and institutions operating in China. Furthermore, Beijing is attempting to change its laws concerning the registration of domains. According to the proposed revisions, foreign entities would have to file their domains with a Chinese registrar if their web presence was hosted on a server inside China.
Russia, Iran, and China all push for cyber sovereignty
Russia is another major country which is sponsoring the concept of cyber sovereignty. Just like Tehran, Moscow is asking foreign enterprises and institutions to store data of Russian netizens inside Russia. While most of the Western companies refuse to do so, the Chinese are happily complying. After all, Beijing only removed a similar directive from the new cybersecurity law after it drew harsh criticism from Washington. Moscow and Beijing also agree that they should not rely on foreign technology firms and attempt to strengthen their own domestic tech sectors.
For Western businesses, public institutions, and NGOs operating in these countries, the new laws pose a serious challenge. In fact, many international companies and organizations have so far neglected the potentially serious implications of the changing digital ecosystems and operate web presences that are not in line with the regulations of their host country. While, for the time being, they may get away with operating in a legal grey zone, it makes them very vulnerable to attack. International institutions should remember that during the last couple of years, cyberspace has become a key priority of governments around the globe, not least because issues of national security and information control as well as economic interests are all linked to the digital world.
A wake-up call is mandatory
In the short-term, MNCs and international organizations should devise adequate cyber strategies of their own that address the push for cyber sovereignty, the changing regulatory framework, and the cross-border flow of data. In many cases, high-level executives remain oblivious to the problem and a wake-up call is needed. From a broader perspective, the best bet for foreign companies operating in the digital space is to invest in constant innovation and effective marketing. Take China as an example: by and large, the country remains far from producing superior technology and creating world-class consumer brands that match the appeal of their Western counterparts. At the same time, the growing and increasingly affluent Chinese middle-class remains hungry for Western products such as the iPhone for which they are willing to pay a premium. It is this quality and branding advantage that Western businesses should try to maintain in order to use Chinese demand to their advantage. Modern end-to-end encryption technology can be another powerful weapon: if done correctly, companies won’t be able to decrypt (and hand over) data sent from one user to another. This technology could make data localization essentially useless. But regardless of the counter-measures, international companies and institutions should not turn a blind eye to the fact that they may get blocked. The current push for digital sovereignty can only be reversed through the introduction of global standards and rules for cyberspace. This remains a daunting task and requires a concerted effort by Western governments.