The Netherlands has a reputation for being a liberal, broad-minded place that is open to the world. Its scholars in Internet governance have emphasized the need for a globally recognized “public core” of the Internet. But apparently the virus of digital sovereignty has affected a significant portion of the Internet community there. And as is always the case, behind the normative appeal of digital sovereignty lurks self-interested economic interest groups.
In early February the registry for the .NL top-level domain, the non-profit Stichting Internet Domeinregistratie Nederland (SIDN) decided that it wanted to outsource a few functions to Amazon’s cloud service (AWS). They decided to abandon their aging and clunky in-house registration software DRS5 and collaborate with the Canadian country code top-level domain operator CIRA to “become co-owners of their powerful domain registration platform: Fury.” To make Fury even easier to access, SIDN decided to transfer the platform to the public cloud together with the Canadians over the next 2 years. SIDN’s chief technology officer, Loek Batten, wrote that “An additional advantage is that we can then offer Fury as a kind of ‘DRS-as-a-service’ to other registries.” SIDN claimed that no European cloud company can provide the required services.
This was greeted by a storm of protest by the Netherlands’ own little crop of digital sovereigntists. Some of the outcry was plainly unfair and irrational. The collaborative effort with other ccTLDs (Canada, New Zealand, Ireland) was ignored, and the role of Amazon was exclusively highlighted. The economic benefits to NL of becoming a paid service provider to other registries was ignored, or criticized as greed. The right of a registry operator to decide their own best supply options was overlooked. Silly claims that using AWS public cloud will lead to US government control were made. Some self-interested trade associations of Dutch registrars and cloud operators made it clear that they want special consideration when it comes to SIDN’s business, and want to use governmental threats to force SIDN to negotiate with them..
A common theme in this debate is that the Netherlands needs “digital autonomy.” Autonomy, however, means people and organizations can make their own choices. Forcing Internet users or companies in NL to use Dutch service providers or to place their servers in a specific geographical location does not support anyone’s autonomy, it diminishes it. The idea that everyone who lives inside the small, arbitrarily defined lines on maps defining the Netherlands has a collective interest in forcing everyone else to use facilities and services located in that territory is a primitive anachronism. What, exactly, are the benefits of doing that? What are the dangers and risks of not doing that? Isn’t one of the virtues of the internet is that it allows people anywhere in the world to share resources and collaborate on supply?
Opponents are floating the idea that using AWS constitutes a security risk. But the cybersecurity or data security of NL operations has nothing to do with its geographical location. Cyber attacks on infrastructure can come from anywhere in the world; as long as you are connected to the Internet, being in the territory of the Netherlands offers no special safety. The success or failure of an attack will depend on technical protections and resilience, not on the nationality of the operator or the location of the server. In fact, many AWS servers are in Europe, and a larger, more redundant operation like AWS may well be more secure than poorly run or less redundant facilities that happen to be located in the Netherlands.
The political appeal of digital sovereignty has allowed critics of the SIDN deal to raise the interest of the Ministry of Economic Affairs, but we wonder how far this will go. If it’s such a terrible thing to use cloud services provided by an American company, should the Dutch all stop using semiconductors designed by Americans? Shall they all abandon their iPhones and Android phones, because of the taint of the USA? What about products from China – will NL now reproduce the US panic about how any product or service from an evil nation is a national security risk that should be banned? How about disconnecting your cables and radio channels connecting the NL to the United States and China and Russia? because exposing the Netherlands to their bad actors is surely a compromise of your autonomy.
Let’s call digital sovereignty by its real name: it’s an ugly form of chauvinism and protectionism that is completely against the spirit of the Internet. Leave digital sovereignty to the Chinese, Russians and other authoritarian states and go back to supporting a globally interconnected, open market for digital products and services. If you want to impose security and privacy regulations on the .NL domain you can do that without restricting the nationality of the vendors people can use.
I have experienced UN sanctions against Yugoslavia, when the network connections were cut. So, I prefer to have my data in my country. You never know when you could become an enemy on whom sanctions could be imposed.
Mirjana: domain, and you want to be accessible to the world, you WANT to have the data associated with those DNS records accessible to everyone in the world, otherwise your domain, email, websites cannot be accessed.
Thank you for providing such a good example of the false ideas behind digital nationalism. If telecom connections were cut to the Netherlands for some reason, an .NL top level domain that was purely local would go down precisely because it was in the Netherlands. No one outside the Netherlands would be able to reach it, and no one in the world outside the Netherlands who tried communicate with the NL domain would be able to do so. Even users in the Netherlands trying to reach other Dutch users would have trouble because the DNS needs to query the root servers, which are outside the country. In fact, hosting the TLD service in a multinational cloud provider would make it harder for the NL to be cut off. That’s why Ukraine moved a lot of its government data to Microsoft cloud when the war started, and this helped them to maintain connectivity.
I know many Europeans are, historically, really into castles and walls, but it’s not feudal times any more. It is a serious error to believe that you can somehow retain Internet connectivity and protect security by creating a little digital island and not allowing any foreign connections or storage. And by the way, when it comes to DNS, what does it mean to say “I prefer to have my data in my country”? Does it mean you only want to communicate with people in your own country? Fine, get off the Internet and use the postal system. If you have a
“Even users in the Netherlands trying to reach other Dutch users would have trouble because the DNS needs to query the root servers, which are outside the country.” Really? According to https://dnswatch.com/dns-docs/root-server-locations, four of the constellations of root servers have an instance or two in Amsterdam. One of these is even operated from that city.
Niall is right. F is in over 300 locations around the world, so free root service is almost always local. But RFC 8806 describes how to run root service on a local resolver. Most users get no advantage from this but it’s exactly the kind of thing that governments want in their back pocket.
Thank You!!!!! Hsv cured……………………..
Contact: herpestreatmentdoctor g ma i l … c o m…