The United States has initiated a ban on Kaspersky, which requires the company to halt its business in the US by September. The Russian influence over the company and the resulting conflict of loyalty and care to their customers and host government are the reasons for this decisive action. In the context of the recent cyberattacks accompanying the war in Ukraine, this development raises the question of whether other countries could exploit their tech sectors for espionage and cyberattacks. If all governments are the same in this respect, it would underscore open-source software’s crucial and often overlooked role in achieving digital sovereignty, an essential aspect of data security and privacy.
What is Digital Sovereignty?
In the geopolitics of software development, the concept of Digital Sovereignty has recently gained significant momentum. From restrictions on the usage of Huawei products to public code with public money initiatives, countries have flexed their purchasing and contracting power to enhance cybersecurity, increase resistance to espionage, and boost the local economy. A formal definition could be: Digital sovereignty is not just an idea but a pressing need for a nation to have the authority and control over its digital infrastructure, data, and technology. Open-source software is the empowering tool that allows nations to take control of their digital destiny.
It is often more of an overreaching theme than a concerted effort. Let’s take the EU as an example. The restrictions on Huawei in the EU stem from cybersecurity concerns. The pushback against US social media companies and big tech is based on data privacy regulations. Finally, the funding for AI comes from a push for innovation and competitiveness. They all fit neatly into digital sovereignty, yet the sub-themes, not the overreaching topic, motivate these initiatives. Understanding this interconnectedness is crucial for grasping the urgency of the digital sovereignty issue.
Apple, FISA, and TikTok: Are all Governments the same?
It is easy to dismiss all governments as acting in a protectionist and self-serving manner. After all, what is the difference between the FBI and NSA asking companies to break encryption, Russia doing the same with Kaspersky, and China with TikTok?
Ultimately, it comes down to the values of the government and society. Do we see government espionage as something acceptable to keep public order, or should the government have to justify its action to the people to justify its existence? While the FISA courts in the US certainly aren’t perfect and should be reformed, they are still a far cry from the level of executive powers enjoyed in other countries around the world.
Nevertheless, even in democracies, it is a duty to each of us to protect our liberties, privacy, and freedom from overreach. “Why would you need to hide something if you did nothing wrong?” should never be an acceptable argument to snoop into a personal life.
Governments will always try to undermine privacy for their benefit. Whether to protect themselves from opposition in autocracies or having voters see them as “doing something” against crime and terrorism in democracies, the push to act is strong. Likewise, tech companies have a strong incentive to accept the government proposition. From jail time for executives and company dissolutions to goodwill in government contracting, companies have many reasons to act. Even profit incentives, such as AI training data, can come into play.
Open-Source: The Key to Digital Sovereignty
When companies build spyware into their products, whether for their own or the government’s benefit, it is hard for us to detect it. Is a connection to a server just an innocent check for updates, or is the software transmitting data?
Open-source allows you to look into the source code or hire someone to analyze the code. The Open-Source definition requires licenses to grant you ten essential rights for a license to be considered Open-Source. The availability of the sources is right there at number 2.
Unfortunately, the right in itself isn’t of much value unless we utilize them. Many essential projects are low on time and resources. Thus, we should consider contributing to the respective projects to enjoy digital sovereignty. Whether by having in-house developers, paying maintainers, or donating to fix bugs, all of them ensure that more people are utilizing and reading open-source code, protecting each of us against government incursions.
Start Planning for Digital Sovereignty
The Kaspersky ban should warn all of us that software has become an espionage tool and weapon for governments worldwide. For individuals, businesses, and society, this represents a significant danger to our freedoms, economy, and intellectual property.
As business leaders, we must start seeing an attack on digital sovereignty as a risk factor. Thus, we must have IT plans built on open-source and software verification. We cannot rely on vendors and governments to protect us from attacks.
While open source has some shortcomings, especially in accessibility, if we work together, we can quickly mitigate those for a fraction of the price of a successful espionage attack. Thus, let us all get together to say no to corporate and governmental espionage, take control of our data, and embrace digital sovereignty with open-source software.