Notes
-
[1]
Professor at the Institut Français de Géopolitique (French Institute of Geopolitics), Université Paris-VIII, and Castex Chair in Cyberstrategy. (Circle of Partners of the IHEDN, with the support of the Airbus Group Foundation).
-
[2]
Based in Washington, DC, this organization has been rated for the third consecutive year the premier think tank on questions of defense and national security by the Global Go To Think Tank Index, an annual report by the University of Pennsylvania on think tanks in the United States.
-
[3]
Master’s student at the Institut Français de Géopolitique, Université Paris-VIII.
-
[4]
Or more precisely, the global interconnection of equipment for the automated processing of digital data, according to the definition of the French Network and Information Security Agency (ANSSI), 2011. Although information and communication systems are not confined to the Internet, it is the Internet that has given rise to what is known today as “cyberspace.”
-
[5]
Nicolas Madelaine, “Louis Pouzin: L’Internet doit être refait de fond en comble,” Les Échos (May 24, 2013): 23.
- [6]
-
[7]
“The Battle for Power on the Internet: Bruce Schneier at TEDx Cambridge 2013,” YouTube video, published on September 25, 2013 by TEDxTalks, consulted on February 16, 2013, https://www.youtube.com/watch?v=h0d_QDgl3gI
-
[8]
By way of comparison, the tax on companies where physical persons hold at least 75% of the capital is 33.1% of all profits (impots.gouv.fr).
- [9]
-
[10]
A military unit of cyber-operations and the NSA.
- [11]
-
[12]
The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for coordinating the system of Internet addresses and domain names (www.icann.org).
1In 1997, in an article entitled “Internet géopolitise le monde,” Hérodote was upfront: “Instead of delaying geopolitical conflicts, the Internet seems to multiply and complicate them” (Douzet 1997). Against the tide of optimistic voices that heralded nothing less than the end of geography, in that article we pointed out the geopolitical stakes involved in the compelling expansion of information and communication systems across the world:
The Internet is itself an issue in numerous geopolitical conflicts, leading to strategies of domination by nations with divergent interests that seek to control the content, operation, and economic development of the network. It is a highly strategic weapon for the security of nations… and above all an extremely powerful instrument in power rivalries between groups, minorities, and political, religious, and economic forces at both the local and the global level.
3If there were ever any reason to doubt it, the Edward Snowden revelations on the US National Security Agency’s massive surveillance programs clearly demonstrated the extent to which geography is doing well and geopolitics retains its full relevance for understanding the conflicts of the modern world. This is the argument made in this issue by James A. Lewis, researcher at the Center for Strategic and International Studies (CSIS), [2] who demonstrates that the impact of the revelations on international negotiations varies depending on the country in question but that overall, despite the digital revolution, the strategic interests and objectives of states remain unchanged for the time being. The cartography of surveillance carried out by Louis Pétiniaud [3] in this issue reveals the significance of political borders, even at the point when technology crosses them. Yet at the beginning of the 1990s, the dazzling growth of communications freed from the constraints of time and space carried the promise of a democratization and pacification of the world through the spread of democratic ideas and values. The emergence of a cyberspace born of the interconnection of networks even represented the advent of a “global village,” in the image of the dream formulated thirty years earlier by Marshall McLuhan (1964). Historically, the expansion of communication networks gave rise to the utopia of a better world (Musso 2003; Mattelart 2009). Yet the Internet has given rise to as many problems as promises.
4The exponential growth of the Internet has revolutionized our way of life, transformed our economy, tremendously expanded our means of communication, and opened many horizons we have just begun to explore. It has also given rise to severe cross-border tensions, with a profusion of conflicts among a multitude of actors over its control and regulation. Tensions have centered on the emergence of new threats linked to cybercrime, or the use of computer networks in political conflicts, military combat, economic warfare, intelligence operations, and the use of soft power. With the rise of Big Data and Open Data, there are increasing debates around the issues of respect for private life, protection of the freedom of expression, and other individual liberties. The Snowden affair touches on all of these issues simultaneously because in cyberspace, as we will see, they are inextricably linked.
5For a long time, these issues remained within the purview of a small community of experts with a scientific and technological background. Today, they have dramatically entered the public sphere because as a result of the massive development of the Internet (with nearly three billion users) and its omnipresence in our daily lives, many of the technical decisions have become political and strategic. A number of participants (individuals, groups, start-ups) have taken advantage of—and profited from—the growth of networks with sometimes astonishing resourcefulness and creativity, for better or worse. Governments, the military, corporations, and citizens now need to better understand these challenges in order to attend to their own interests and develop coherent strategies for taking advantage of the new opportunities while managing the accompanying risks. This is especially true for states, whose sovereign powers are challenged by multiple actors in cyberspace, be they criminals, hackers, activists, large private corporations, dissidents, non-state actors, or other states. Although these issues of authority and power arise outside the traditional territories of geopolitics, geopolitics is an indispensable tool for analyzing them.
Geopolitics and the Conquest of Cyberspace
6How can geopolitics help us understand the conflicts taking place in cyberspace? The methodological challenge is as daunting as it is stimulating. Geopolitics studies rivalries of power and influence over a territory at various levels of analysis. It is interested in the dynamics of a conflict over a territory, the contradictory representations and strategies of the stakeholders for control and appropriation of the territory, and how those stakeholders defend their interests within this territory. Territory is thus at the center of the analysis, which immediately poses a problem when we analyze cyberspace: Is cyberspace a new form of territory? If so, what are its boundaries, and what are the limits of sovereignty over such territory?
7It remains necessary to understand what we mean by cyberspace. There is no objective and commonly accepted definition but rather several more or less specific definitions that reflect the concerns and interests of the actors involved. Like the Chinese, the Russians seldom use the term “cyberspace,” which might refer to a separate space, one that crosses borders, and prefer to speak of the “Internet” or “information security,” thus bringing the discussion back to something that is within the scope of state activity. However, for pedagogical purposes, we can offer a minimal definition. Cyberspace is both the Internet [4] and the “space” it generates, that is, an intangible space in which de-territorialized exchanges between citizens of all nations take place instantaneously, thus effectively abolishing any notion of distance. While the definition of the Internet is technical and commonly accepted as the worldwide computer network connecting over 40,000 autonomous networks using the same language, descriptions of the space it generates are subject to contradictory interpretations inspired by images from science fiction, activism, politics, or even marketing. The famous “Cloud” only adds to the semantic fog.
A Layered Architecture
8Cyberspace is sometimes represented as a structure composed of superimposed layers, like a mille-feuille pastry whose different layers can interact with each other. According to some authors, it can be broken down into three, four, five, even seven layers. At each layer of this structure, power rivalries occur between participants over what are often highly technical questions that pose challenges that are highly geopolitical, as we will see.
9To simplify, we will present four layers. The first layer is physical and made up of submarine and land-based cables—the actual backbone of the Internet—radio relays, and computers. The physical infrastructure of the Internet therefore consists of a wide range of equipment installed in a territory and subject to the constraints of physical and political geography. It can be built, altered, destroyed, or connected to or disconnected from the network. The article by Jérémy Robine and Kavé Salamatian in this issue demonstrates the importance of this infrastructure and the strategic issues it raises, showing that because it is geo-localizable, it is the least difficult to map when attempting to make a cyber-geography. In his contribution to this publication, Kevin Limonier analyzes with supporting maps the strategic development of the Russian infrastructure and the representations that underlie it. Physical infrastructure was designed in a spirit of openness and for maximum circulation of information, without any integrated security. One of the founding fathers of the Internet, Louis Pouzin, even concludes in an interview that to secure the Internet, it would have to be rebuilt from top to bottom. [5]
10The second layer is the logical infrastructure. This includes all the services that facilitate the transmission of data between two points in the network. This allows for the information, which is divided into small packets of data, to be moved from sender to recipient. The logical architecture is based on an essential standardization, a common language that makes it possible for all computers in the world to communicate with each other, namely the Internet protocol (TCP/IP). These services include routing (the choice of the route along which the packets of data travel between two networks), naming (names identifying the elements of the network or the users), and addressing (which converts the series of numbers representing the addresses into words that are intelligible to users). Here again, some aspects can be geo-localized at the cost of a number of technical challenges (routes taken, domain names, IP addresses). The interview with Bertrand de La Chapelle in this journal provides an account of the debates and claims surrounding the issue of addressing due to the strong symbolic control the United States still exerts through the authority of the Secretary of Commerce. For his part, Dominique Lacroix in this issue shows the economic and political stakes involved in the acquisition of domain names.
11The third layer is composed of the applications, the user-friendly computer programs that allow everyone to use the Internet (Web, email, social networks, search engines, etc.) without knowing anything about computer programming. The Snowden affair has amply demonstrated the issues involved in the worldwide success of applications provided by a number of large corporations (Google, Facebook, Amazon, etc.) to which users entrust their private data, which are then ingeniously exploited by marketing teams or the country’s intelligence services, a development Stéphane Frénot and Stéphane Grumbach see as the new Black Gold of the economy in their contribution to this issue. Data do not evaporate into the clouds (or the Cloud) but are stored on servers managed by private or public entities.
12The fourth layer consists of information and social interaction, sometimes called “cognitive” or “semantic.” More specifically, this includes users as well as real-time discussions and exchanges across the world, and is the most difficult layer to grasp and represent from a geographic viewpoint. However, it is not the least relevant from a geopolitical perspective once we have determined which countries are the most “friendly” on Facebook, in what languages the content is available in certain areas of the world, or where revolts on social networks or disinformation campaigns against a government or an institution begin.
13Cyberspace, then, is composed of all those layers at the same time, a combination of interconnected computer networks and increasingly mobile devices (telephones, tablets, and soon refrigerators, bracelets, sports footwear, etc.), human networks, and data flows. This space encompasses difficult-to-grasp de-territorialized information and exchanges and is formed by a material infrastructure installed on physical territory and even in outer space thanks to satellites. Depending on who uses it and why, the term “cyberspace” can refer to a physical infrastructure or to something completely different, all in a conceptual blur.
14However, geopolitics can provide an indispensable tool for understanding cyberspace through the analysis of representations. A representation is a construction, a way of seeing things, of assembling ideas in a more or less rational and coherent way with a function to play in geopolitical conflicts. Although it is based on objective facts, it retains a profoundly subjective character. Representations are not neutral; they influence cyberspace actors since they can serve the strategic aims of some to convince, disturb, excite, or mobilize others (voters, activists, investors, military forces, Internet users, etc.).
Planting the Flag in Cyberspace
15Cyberspace is not a territory in the geographical sense of the term, or “an area in which a human group lives and considers to be its collective property” (Lacoste 2003), or as a state would view it, “a portion of terrestrial space delimited by its borders and over which it exercises its authority and jurisdiction” (Lacoste 2003). Yet it is perceived as a space in which human beings interact, like a territory, a perception Alix Desforges demonstrates in her article on representations of cyberspace in this issue.
16Paradoxically, the concept of cyberspace emerged for two completely opposite reasons. It first appeared in 1984 in Neuromancer, a science fiction novel by William Gibson, which describes a three-dimensional space of “infinite complexity,” generated electronically, in which participants connect to each other through computers. It thus offers a mental representation of the data and information stored in the depths of the information systems of all humanity, which generations of Internet users appropriate.
17This representation permeated the imaginations of Internet pioneers, who in 1990, well before the Internet became available to the broader public, founded the Electronic Frontier Foundation (EFF), a direct reference to the pioneer frontier that, according to Frederick Jackson Turner, molded American democracy. John Perry Barlow, a founding member, would even go on to publish in 1996 a “declaration of independence for cyberspace,” in which he asserted that cyberspace possesses its own sovereignty and that in this “civilization of the mind,” the laws of governments in the physical world do not apply [6]. In her article, Alix Desforges shows how the spirit of the 1960s counter-culture inspired the very architecture of the network, which was designed in a spirit of openness, self-management, and freedom of exchange and expression. Strongly decentralized and without a center, it was expected that information would always circulate whatever blockages may occur. This sense of freedom brought by a world in which everything produced by the human mind can be “reproduced and distributed endlessly at no cost” continues to motivate a number of “hacktivists,” who fight against any attempt to impede the free circulation of information on the Internet.
18After falling into disuse for a while, the term “cyberspace” reappeared in state discourses, beginning in the 2000s, as a territory to conquer, control, monitor, and re-appropriate, a territory on which state borders, sovereignty, and laws should be respected, and above all as a threat to national security and national interests.
19The 2007 attacks against Estonia were a wake-up call for a number of governments, including France, which suddenly became aware of their lack of preparation faced with such threats. Hostilities were triggered by the moving of a statue in Tallinn praising the former Soviet government. Government sites, national defense in particular, but also banks and other public services, were subjected to a massive denial of service (DDoS) attack. Botnets, networks of tens of thousands of zombie computers—that is, infected by a malicious program permitting remote control of computers without the users’ knowledge—simultaneously inundated the country’s servers with requests until complete paralysis (Black Screen) occurred, depriving the population of access to online public services, up to several days for some of them. Despite the body of technical and political evidence pointing to Russia, the government denied any responsibility. The following year, cyberattacks against Georgia demonstrated how these attacks could happen in support of conventional forces in the context of an armed conflict. Following this incident, a number of countries seriously strengthened their capabilities and sought to increase their control and power in cyberspace, starting with France.
20Stéphane Dossé, an official in the Ministry of Defense, could not have put it more clearly: “It thus appears necessary for states to ‘plant the flag’ in the spaces they occupy in order to exercise all their sovereign functions, colonize virgin spaces, and be prepared to confront adversaries in this space” (Dossé 2010). The 2013 French White Paper on National Defense and Security is explicit in this respect: cyberspace is a strategic priority, and cybernetic weapons are now part of the arsenal.
Cyberspace: States Counter-Attack
21Few states had anticipated the strategic challenges the rapid expansion and interconnection of information and communication systems would represent. Only a few, such as Russia and China, which historically are highly aware of the importance of information, or the United States, always at the forefront of technological advances, began strategic analyses very early. Initially, innovation was the work of creative and insightful individuals and small entrepreneurial groups that took advantage of the power and scope of these new and weakly regulated capabilities. In fact, individuals and start-ups are the source of the exceptional successes that have profoundly changed our way of life (in terms of leisure, collective financing of projects, activism, marketing, etc.) and opened up immense opportunities. However, hackers, criminals, and mercenaries have also been able to get hold of these tools quickly and effectively, which led to a reaction by political and institutional authorities. Bruce Schneier, an expert in IT security, clearly explains the tensions between “distributed” power (activists, dissidents, hackers, criminals) and “traditional” power (governments, large corporations, institutions) in cyberspace. [7] He shows how the strong accessibility and decentralization of the system initially privileged small actors—including malicious ones—by offering them coordination capabilities and an effectiveness that seemed to make them unbeatable. Today, the traditional players are taking their revenge with incommensurable means and power and above all a firm determination to confront the challenges.
In the Name of Security
22States are returning in force to cyberspace in the name of defending their sovereign power. Difficulty in stopping cyberattacks is likely to affect their ability to ensure national security and national defense. In particular, there is a concern about the protection of vital infrastructures, which if disrupted or sabotaged could endanger civilian populations. Representations of this threat fuel the most dire analyses and debates among experts over the possibility—not very probable, undemonstrated, but impossible to exclude—that a cyberattack could cause millions of deaths or even bring down a country. In fact, Olivier Kempf in this issue questions the idea of cyberterrorism, showing that the connection between terrorism and cyberspace is not as obvious as the dominant discourse leads one to believe and in part masks what terrorism might be in cyberspace. For his part, Rodrigo Nieto-Gómez analyzes in this issue the construction of this American representation and the role it plays in security policies, which aims at criminalizing hackers and encouraging a culture of secrecy in an area that draws its strength from innovation.
23Beyond terrorist acts, the issue of controlling information is crucial. The capability to collect, analyze, and manipulate information can offer a strategic advantage to an enemy and casts doubt on the reliability of one’s own information. Cyberattacks can directly disrupt communications, confuse the enemy, even affect its operational capabilities, which increasingly depend on networks for their coordination and operation. Standard strategies of deterrence and defense have reached their limits because it is difficult to pinpoint the origin of such attacks due to limited capacities for definitely identifying who is behind an attack and why. In addition, the low cost and ready accessibility of the technology strengthen the power of small players against major ones. Countries that are the most dependent on the networks are also the most vulnerable to attacks but also the most capable of developing the resilience of their networks, constructing offensive capabilities and seizing new opportunities offered by the networks to increase their effectiveness and power.
24Since ideological warfare is also conducted on social networks, in our democracies, governments cannot always ignore strong opposition from public opinion before embarking on an armed conflict. Moreover, jihadists provide rapid radicalization kits online and practical methods for enacting individual terrorism, which sometimes catches the major powers unawares.
25Maintaining internal security and public order is also challenged by crime, whether organized or not, which operates through the networks. This can be a matter of unauthorized access, theft or destruction of data, even in the broadest sense any criminal act perpetrated via the networks (bank heists, confidence tricks, identity theft, etc.). The problem of attribution is made more difficult by the volatility of the evidence. Without rapid intervention, evidence can disappear from the screen in an instant. Moreover, the possibility of operating remotely complicates the process of investigating, apprehending, and indicting a suspect. Crime easily crosses borders via the networks, which is not the case for police forces. If criminal and victim are located in the same country, the authorities can act quickly. But when the criminal, the victim, or the systems used are located in different countries, it is necessary to resort to international procedures of cooperation involving the police and the courts, which are often too slow to be effective. There are jurisdictional boundaries in cyberspace, and the police cannot enter foreign networks without official authorization, even to catch a criminal.
26Security issues lead governments to actively monitor what is happening in cyberspace at the risk of abuses and attacks on individual freedoms, as the Snowden affair revealed. For authoritarian states, surveillance and control of cyberspace are essential to the protection of the government because the main threat is likely to come from within the country. Although increased circulation of information can weaken authoritarian governments, the networks are also formidable tools for detecting, identifying, and monitoring dissidents or any bête noire targeted by the government. The article on China by Frédérick Douzet in this issue shows how the government has up to now demonstrated creativity in adapting to these new challenges.
Issues of Sovereignty
27The interview published in this issue with Bertrand de La Chapelle, founder of the Internet and Jurisdiction project, emphasizes the extent to which the exercise of sovereignty has become more complex for states because jurisdictional boundaries are more fluid and intermingled in cyberspace. Activities in cyberspace are often cross-border, and it is sometimes difficult for a state to enforce respect for its laws and regulations, even on its national territory and by its own citizens, particularly when the service used is supplied by a foreign corporation. What constitutes a jurisdiction in cyberspace is quite often the product of power rivalries rather than a consensual legal definition. For example, a recurring conflict involves the protection of the freedom of expression, which is subject to restrictions in France in ways that are unacceptable in US law. For example, in 2012, anti-Semitic comments posted in French on Twitter in a nauseating contest of jokes under the hashtag #UnBonJuif (#AGoodJew) led to a trial of strength between the French judiciary and the American company. It took ten months of procedural wrangling before Twitter agreed to deliver to French courts the data that would allow identification of some of the authors. In fact, the giant Internet companies—the notorious GAFA (Google, Amazon, Facebook, Apple)—have acquired such economic power that they can afford to exert their own power and not submit so easily to the legal system of a state that demands the suppression of content or information about users. In the case of authoritarian governments, the protection of users can turn out to be salutary, but it can cost the company access to a profitable market.
28The economic and financial sovereignty of states is also put to the test. Networks considerably quicken the circulation of goods and financial flows, which facilitates tax evasion and the spread of international financial crises. Dominique Lacroix’s article shows that corporations applying for new domain names are concentrated in tax havens. The reorganization of Yahoo!’s activities in Europe around its Irish subsidiary (where corporate tax is levied at 12.5%) [8] could lead to a transfer of the tax base of various European subsidiaries of that corporation. Moreover, networks also increase the risk and scale of economic espionage and the theft of intellectual and industrial property or even business secrets. Danilo D’Elia, in this issue, analyzes these risks and shows the potential for the geopolitical conflicts they conceal. The same is true of the economic and financial power of nations, to the point where the interests of the private sector merge with those of the nation, and the cybersecurity of corporations can be raised to the level of national interest. It goes without saying that there is a substantial and flourishing market for cybersecurity, which also encourages involvement by governments.
The Emergence of New Threats
29Although some of these threats are not new, they spread through cyberspace diffusely, rapidly, and powerfully on an unprecedented scale. Whether it is a question of the quantities of information stolen from corporations by Chinese hackers (according to the Mandiant report, 2013), the 1.7 million files taken by Snowden, the unbelievable amount of data collected by NSA, or the 30,000 Aramco computers sabotaged in an attack in 2012, the consequences occur quickly, powerfully, and sometimes on an unprecedented scale.
30Some of these challenges are unique to cyberspace, including difficulty in identifying and proving the origin of an attack, difficulty in anticipating, preventing, or stopping that attack, confusion over sovereignty and jurisdictions, the rapid development of technology and the continual reconfiguration of networks, which requires rapid and constant adaptation to the changing environment, the possibility of developing cyber-experimental weapons, difficulty in conducting field trials for these weapons and uncertainty over their effects, which also depend on the resistance capabilities of the target, and finally the fact that the best attack is the one that is not detected. Cyberspace is defined by several countries as a new military domain (or environment) alongside land, sea, air, and space. But unlike these, it is not a natural environment. Everything that happens in it is the product of human action and cuts across all the other domains.
31Consequently, the strategies developed by states to defend their sovereignty and maximize their power in cyberspace have geopolitical consequences we must be concerned with and that in turn give rise to serious questions, even new threats.
Why Do the Geopolitics of Cyberspace?
32The technical ramifications of cyberspace conflicts could be discouraging for citizens—as well as for researchers in the human and social sciences—and this is not by chance since these questions have long been handled by a small community of experts. Why should we be interested? The answer is because it is about the world in which we want to live in. Due to the omnipresence of information and communication systems in our everyday lives, the decisions that will be made will affect all aspects of our lives, and because some powers have been developed without any discussion of possible counter-balances, safeguards, or processes of democratic control.
33We are at a turning point, and many of us, including a number of our elected officials, are uncovering the tools, programs, and policies large corporations, governments, and even criminals have developed to defend their interests and maximize their power or their profits in cyberspace. Although the old strategic paradigms and international rules of the game seem unsuitable, new ones have yet to be developed. The speed of technological development largely surpasses that of the formulation of an international consensus and a new legal framework or the ability of our laws to adapt. Moreover, the culture of secrecy and the lack of trust between partners slows down these efforts. We are at a crossroads, and the path we choose to follow is likely to have major implications for our future. Three areas in particular deserve our attention.
Peace and Collective Security
34The first issue is that of peace and collective security. Several articles in this issue demonstrate the extent to which inflated representations of threats dominate the debate. In particular, the US approach is characterized by an escalation in both rhetoric and capabilities, one of the driving forces of which is the rivalry with China. As part of a clear strategy of acquiring informational supremacy, the Chinese government collects by any means—licit and illicit—technological, industrial, economic, political, and military information, which causes serious concern in the United States (see the article by F. Douzet).
35Over the course of the last two years, an avalanche of revelations in the press—from experts, members of Congress, even from the White House—has exposed the risks from cyber threats to the security and prosperity of the nation, with increasingly direct accusations against China. Director of Intelligence Jim Clapper has even stated before the Senate Select Committee on Intelligence in January 2012 that the cyber threat will surpass threats from the terrorists [9].
36Despite widespread federal restrictions, the budget for cyber defense increased by $800 million in 2013, and the US Cyber Command [10] created in 2010 should see an increase in its staff from 900 to 4,900 in the coming years. The Snowden affair demonstrated the extent to which the United States has aggressively collected vast quantities of information through various networks at the risk of losing the trust and cooperation it had built with other nations. However, James A. Lewis in this issue places the significance of the revelations into perspective, which were no surprise to the Chinese or Russians and presented no fundamental challenge to international negotiations. Nevertheless, the question of trust remains a thorny one, with many officials ready to repeat the adage that “there are no friends in cyberspace.”
37The United States was also behind what many consider to have been the first act of “cyberwar,” an experimental attack or a kind of third way between coercive diplomacy and armed attack. In 2012, David Sanger revealed in the New York Times how the Stuxnet virus, developed in cooperation with the Israeli secret services, infected the centrifuges at Iran’s Natanz facility in order to slow down that country’s nuclear program.
38The revelations of the past two years as well as recent statements lead one to believe that the cyber arms race has begun. Several countries have recently increased the development of their cyber defense and cyber capacities. For example, France and Great Britain announced during 2013 the development of offensive capacities. In 2011, the United States—followed by France in 2013—clearly stated that a large-scale cyber-attack could be considered an act of war and that they would reserve the right to respond by any means appropriate. For their part, the Russians denounce the militarization of cyberspace while developing their own capabilities.
39The article in this issue by Martin Libicki, researcher at the RAND Corporation and author of pioneering work on deterrence in cyberspace, points to the potential escalation of conflicts in the event of a conventional response to a cyber-attack. According to this researcher, damage would be more limited if reprisals were to remain in cyberspace, though this would certainly be less of a deterrent. On the other hand, Oriane Barat-Ginies, doctor in international law, presents also in this issue the arguments of the expert authors of the Tallinn Manual (2013), a series of legal recommendations on the applicability of international law to cyberspace, which justifies legitimate defense and the recourse to conventional arms in response to a cyber-attack considered the equivalent of armed aggression.
40The risk of escalation should be taken seriously because as these two articles demonstrate, there is no guarantee that a conflict that begins in cyberspace will remain there. Moreover, the collateral effects of cyber weapons are poorly known, and the idea of “surgical strikes” in cyberspace expressed by American officials is worrying.
41In this context, analogies with the atmosphere of the Cold War are increasing. In Foreign Policy, David Rothkopf (2013) even advances the idea of a “cool” war, a little warmer and more “cutting-edge” than the Cold War, writing that: “The purpose of Cool War is to be able to strike out constantly without triggering hot war while also making hot wars less desirable… or even necessary.”
42Is it necessary to recreate alliances of the Cold (or Cool) War type? Must we share the pessimistic view of international relations as a zero-sum game and increase our capabilities? Or is this a new opportunity to re-think the context of collective security by involving countries such as Russia and China? Although these two countries have demonstrated their desire to cooperate in drawing up international rules, strong disagreements remain, as James Lewis shows in his article. Martin Libicki’s article demonstrates that strategic thinking aiming to prevent escalation is indispensable but complex and that the debate is far from settled.
43The question is also what kind of framework for collective security can be built. While a European defense structure was already difficult to build, this is even more true of one designed for cyber-defense. First, given the sensitive nature of the technology, the sharing of capacities is perceived as giving up sovereignty and what it can reveal about strengths and weaknesses. Jean-Loup Samaan and Vincent Joubert in this issue show that the European Union and NATO have included these questions in their strategic priorities and taken similar initiatives. However, the distribution of roles and activities remains vague. For the moment, there is hardly any coordination between the two, and constraints on sovereignty seems a difficult issue to overcome. Moreover, disparities in capabilities are very wide between allied countries, and the nations that have the most advanced capabilities view them as an area of national sovereignty and give priority to cultivating bilateral arrangements, in particular with the United States.
44Second, the trans-Atlantic discussion is complicated by inseparable economic issues. The Snowden affair threw harsh light on the dependence of European countries on large American corporations for their data (accessible by the government) and for their equipment, for which the main alternative—which is even more problematic—is China. Some point to the naivety of Europeans, who today focus on the question of sovereignty within the context of the opening of economic markets. Can cyber security for the economic prosperity of Europe be built independently from cyber defense? What can Europe do through regulations, technical standards, and industrial policies to improve its cyber security? What alternative is there to Chinese or American equipment? National markets seem too limited to be competitive, but how can we build confidence between nations and develop common political and industrial solutions? Finally, can and should a sovereign solution be developed?
45These questions are pressing because beyond the security threats, the mass of digital data is continually expanding. How should these data be protected, and who should do so?
Democracy and Individual Freedom
46In future, more and more personal data will be accessible online more or less openly. With Open Data, all types of public data provided by administrative entities will eventually become accessible, making available new tools for information and transparency likely to improve the democratic process. We can hope that France in particular, where the communication of public data is far from being achieved, can benefit from this opening. However, aside from the risks of criminal or accidental disclosure of personal data, there is also the question of corporate and government access.
47There is one thing at least about Edward Snowden on which everyone agrees: his revelations launched a debate that would probably not have happened otherwise. Whistleblowers who had earlier attempted to draw attention to the practices of the NSA did not receive much coverage. An explosion of global scope was necessary for public awareness to develop into a political issue. The trauma of the September 11, 2001 attacks was no longer sufficient to overshadow the debate. The question now is this: How do we reconcile democracy and surveillance?
48The processes of democratic control are in large part unknown to most citizens, even to elected officials. In the United States, despite very specific procedures (at least on paper), they have clearly not worked. Fierce legal debates are ongoing, and many consider that the government has overstepped its bounds and trampled on the civil liberties of citizens. While fatalism seems to have prevailed in French reactions, German public opinion is heavily mobilized. Memories of the Stasi are not so far away. Although secrecy is often demanded by intelligence officials to preserve the effectiveness of investigations, in our current societies, it is becoming increasingly difficult to maintain secrets, even for governments, and Snowden may well have emulators.
49Creating safeguards, debating procedures for democratic control (who decides, where, how, and when?), and establishing procedures for evaluating surveillance programs (financed with public funds) all make it possible to protect individual freedoms, the core values of democracy. Moreover, these actions also contribute to granting those values greater legitimacy.
50The stakes are high. Our medical files, political opinions, school results, sexual orientation, purchases, travels, friends, the friends of our friends, the friends of the friends of our friends…, all this information and much more can be the subject of investigation and cross-checking and makes it possible to establish a profile of astounding accuracy. In fact, much of it is already accessible, often even made freely available by the users of social networks and blogs.
51The question of safeguards is clearly an important one in connection with corporations, which are not subject to democratic control but only to the law and sometimes to forced collaboration with their government. Here again, consideration should be given to compromises between the undeniable advantages of the use of data by corporations, which analyze our tastes, memorize our choices, and then offer custom-made services, and the potential for infringements on our freedoms.
52Enormous economic stakes lie behind and frame these debates. The article in this issue by Stéphane Grumbach and Stéphane Frénot, researchers at INRIA, shows the extent to which the capability to collect but also to cross-reference, analyze, and use data has become the driving force of the economy in our societies. The domination of American corporations in online services combined with their expertise in processing data and the power of the United States to impose technical standards gives them an undeniable strategic advantage in the future opening of public data markets. Here again, issues of sovereignty are evident, and the Snowden affair might complicate negotiations for free-trade agreements. Even so, these agreements will not seriously be questioned and the ball is in the court of the Europeans who, contrary to some emerging countries, have not produced any Internet champions.
53Again the question of Europe arises along with the capacity of Member States to unite in order to create economic and political leverage against the giants of the Internet. Reform of European law on the protection of personal data would allow standardization of the patchwork of national European legislations, thereby encouraging the mobility of corporations in Europe, and would also strengthen the protection of citizens. For example, such reform would require corporations that collect personal data to obtain the explicit consent of users, institute the right to be forgotten (i.e., the possibility of erasing data), and establish a single agency to manage litigation. Yet, despite the Snowden affair, a proposal for such reform was postponed in 2015 following particularly intensive lobbying by large American corporations and serious disagreements among Member States. Much work remains to be done.
The Future of the Internet
54National strategies contribute to shaping the Internet, and again, the stakes are high. Following revelations on massive surveillance, including of her own phone, Brazil’s President Dilma Rousseff expressed the wish to be separate from the US-centered Internet and called for the organization of a summit on Internet governance in Brazil in April 2014 [11]. Bertrand de La Chapelle points to the stakes involved during his interview published in this issue. Hannes Ebert and Tim Maurer show in this issue that emerging countries, where the number of Internet users is growing rapidly, strongly dislike American supremacy over the architecture and governance of the Internet as well as its domination in equipment, services, content, and management of data and are developing strategies aiming to increase their influence. The BRICS, in cooperation with twenty African states, have even launched a project designed to lay over 32,000 km of their own submarine cable linking Russia, China, India, South Africa, Brazil (the BRICS themselves) and the United States. However, the BRICS are not a homogeneous group and do not all share the same democratic traditions, as Hannes Ebert and Tim Maurer show in their article.
55A number of democratic states are concerned about the issue of the “balkanization of the Internet,” a physical and political fragmentation of the network that would threaten the free and open character behind its original success. China, Russia, Iran, Saudi Arabia, and North Korea have implemented strategies designed to control their networks, from the physical infrastructure to the content in circulation. Kevin Limonier’s article clearly shows the representations and strategies implemented by Russia to defend the concept of a sovereign Internet. In fact, these states promote control of the Internet by states within the International Telecommunication Union (ITU). International negotiations regularly come up against two crucial points brought up by Western states: respect for human rights (freedom of expression, access to information, respect for private life), and the inclusion of non-state participants in a model of multi-stakeholder governance, as Bertrand de La Chapelle explains. For China, Russia, and others, these questions belong exclusively to the sovereignty of states. The economic and political interest in staying connected is sufficiently strong for the basic common structure not to have been called into question, at least up to now.
56The revelations of the NSA programs, the rise of emerging democratic countries such as Brazil and India, and the efforts of ICANN [12] to take regional demands into account are beginning to shake things up. At stake is nothing less than the future of the Internet. How do we create a space for all nations and an environment sufficiently secure to maintain the free and open character of networks?
Conclusion
57Cyberspace has become the object of power rivalries between stakeholders, a scene of confrontation, and a highly powerful tool in geopolitical conflicts. However, conflicts for or in cyberspace are not separable from traditional geopolitical power rivalries. On the contrary, they are both the expression and a new dimension of such rivalries, present at all levels of analysis, and should be taken into account as part of a multi-scalar approach.
58The geopolitical issues of cyberspace are closely connected to political, economic, social, and cultural considerations. Through its multi-scalar and interdisciplinary approach, which can even incorporate the use of computer science and mathematics, geopolitics allows us to broach these questions in all their complexity.
59The technical dimension of the debates will undoubtedly require dedicated effort on the part of readers. But it is worth the effort. It is not only issues of power and security in cyberspace that are important, but also the values we defend as a democratic nation and wish to see govern the world we are building.
Bibliography
Bibliography
- APT1 – Exposing One of China’s Cyber Espionage Units, Mandiant, 2013.
- French White Paper on National Defence and Security, Ministry of Defence, Paris, 2013.
- Cattaruzza, Amaël and Frédérick Douzet. 2013. “Le Cyberespace au cœur de tensions géopolitiques internationales.” Défense et Sécurité Internationale (special issue), 32.
- Desforges, Alix. 2013. “Les frontières du cyberespace.” In Des frontières indépassables? edited by Frédérick Douzet and Béatrice Giblin. Paris: Armand Colin.
- Dossé, Stéphane. 2010. “Vers une stratégie de milieu pour préparer les conflits dans le cyberespace?” Défense et Sécurité Internationale, 59.
- Douzet, Frédérick. 1997. “Internet géopolitise le monde.” Hérodote, 86–87: 222–233.
- Douzet, Frédérick. 2007. “Les Frontières chinoises de l’Internet.” Hérodote, 125: 127–142.
- Douzet, Frédérick. 2013a. “Chine: Cyberstratégie, l’art de la guerre revisité.” Diploweb, September 12. www.diploweb.com
- Douzet, Frédérick. 2013b. “Chine, États-Unis: La Course aux cyberarmes a commencé.” Sécurité Globale, 23.
- Gibson, William. 1984. Neuromancer. New York: Ace.
- Kempf, Olivier. 2012. Introduction à la cyberstratégie. Paris: Économica.
- Lacoste, Yves., ed. 1993. Dictionnaire de géopolitique. Paris: Flammarion.
- Lacoste, Yves. 2003. De la géopolitique aux paysages: Dictionnaire de la géographie. Paris: Armand Colin.
- Mattelart, Armand. 2009. Histoire de l’utopie planétaire: De la cité prophétique à la société globale. Paris: La Découverte.
- McLuhan, Marshall. 1964. Understanding Media: The Extensions of Man. New York: McGraw-Hill.
- Musso, Pierre. 2003. Critique des réseaux. Paris: Presses Universitaires de France.
- Rothkopf, David. 2013. “The Cool War.” Foreign Policy, 20.
- Sanger, David. 2013. “In Cyberspace, New Cold War.” New York Times, February 24.
- Schmitt, Michael N. (ed.), Tallinn Manual on the International Law Applicable to Cyber Warfare, Cambridge University Press, 2013.
- Virilio, Paul. 1997. “Un monde surexposé.” Le Monde diplomatique, August.
Notes
-
[1]
Professor at the Institut Français de Géopolitique (French Institute of Geopolitics), Université Paris-VIII, and Castex Chair in Cyberstrategy. (Circle of Partners of the IHEDN, with the support of the Airbus Group Foundation).
-
[2]
Based in Washington, DC, this organization has been rated for the third consecutive year the premier think tank on questions of defense and national security by the Global Go To Think Tank Index, an annual report by the University of Pennsylvania on think tanks in the United States.
-
[3]
Master’s student at the Institut Français de Géopolitique, Université Paris-VIII.
-
[4]
Or more precisely, the global interconnection of equipment for the automated processing of digital data, according to the definition of the French Network and Information Security Agency (ANSSI), 2011. Although information and communication systems are not confined to the Internet, it is the Internet that has given rise to what is known today as “cyberspace.”
-
[5]
Nicolas Madelaine, “Louis Pouzin: L’Internet doit être refait de fond en comble,” Les Échos (May 24, 2013): 23.
- [6]
-
[7]
“The Battle for Power on the Internet: Bruce Schneier at TEDx Cambridge 2013,” YouTube video, published on September 25, 2013 by TEDxTalks, consulted on February 16, 2013, https://www.youtube.com/watch?v=h0d_QDgl3gI
-
[8]
By way of comparison, the tax on companies where physical persons hold at least 75% of the capital is 33.1% of all profits (impots.gouv.fr).
- [9]
-
[10]
A military unit of cyber-operations and the NSA.
- [11]
-
[12]
The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for coordinating the system of Internet addresses and domain names (www.icann.org).