Google offers its VPN also to Italian users, and Apple is preparing to do the same with a similar service, as is – on the activist side – Mozilla. The security of individuals increases (perhaps), the sovereignty of the State decreases (indeed). Moreover, the cybersecurity agency can do nothing about it. The analysis of Andrea Monti, adjunct professor of Digital Law at the University of Chieti-Pescara – Initially published in Italian by Formiche.net
A few days ago, Google extended the availability of its VPN service, which encrypts network traffic and prevents it from being intercepted at the device level, to Italian customers using the Android operating system. Apple is preparing to do the same with a private relay service, activated simultaneously as the release of the new operating systems for computers and mobile terminals. Mozilla – the NGO that developed the Firefox browser – has also extended a service to Italy that is in direct competition with that of the two Big Tech companies.
WHY THESE SERVICES ARE CRITICAL
Although similar services were already available on the market, the new fact is that they are now conveyed by subjects who (in the case of Apple and Google) control all the mobile devices in circulation and (together with Mozilla) distribute the most popular browsers in the world. It makes it easier to reach directly hundreds (or, as far as Italy is concerned, tens) of millions of users. It drastically increases the diffusion of these tools.
When confronted with this possibility, it is inevitable to reopen the old debate on the impact of all this on national security, the protection of critical infrastructures, and the possibility of the police to prevent and repress criminal actions. Before that, however, it would be necessary to assess the impact of the industrial policies (and not only) of Big Tech on the Italian strategy for the protection of digital sovereignty, which was already announced at the time of the first Conte government and reaffirmed with the establishment of the Agency for Cybersecurity.
THE PRIVATISATION OF PUBLIC DIGITAL SOVEREIGNTY
Taken as such, VPNs and Private Relays could be considered simply marketing tools that capitalise on the insecurity of internet services and the desire (and sometimes obsession) of users to have ‘privacy’ when connecting to sites and online platforms.
However, a look through a lens with a wider field of view reveals a different picture. Masters of the digital ecosystem no longer limit themselves to orientate the market through their own product choices, as has historically been the case through software management, but are even replacing States, altering the balance of power with and among sovereign nations.
A few macroscopic aspects worth mentioning: the private sector has a monopoly on social interaction and consensus through content-sharing platforms, it controls public DNS resolvers in DoH mode (i.e. systems that allow users to be directed to websites without them knowing what they are looking for) without the State being able to intervene, it collects internet traffic data that are indispensable for anti-terrorism and police investigations, it has given itself the power to carry out preventive investigations into potentially unlawful actions and, lastly, the power not to intercept network connections through VPNs and Private Relays. Moreover, the entities providing these services are subject to US jurisdiction. They, therefore, are not obliged to comply with orders and requests coming from the authorities of other countries, except for the unlikely application of international judicial cooperation agreements when they exist.
POLITICAL SOLUTIONS AND STRATEGIC CHOICES
It is evident that in such a scenario, a State – and Italy, for that matter – other than the US is in a position of substantial subordination to the private technology industry. Despite the expectations of politicians and institutions, not even the newly created Italian Agency for Cybersecurity will be able to intervene since it has no powers over services provided from outside Italy. One could almost paraphrase Humphrey Bogart in Deadline and say: that’s the Internet, honey. And there is nothing you can do about it! Nothing!
However, not all hopes are lost as it would be possible to adopt political solutions based on strategic choices similar to those thought for the web tax. Just as, regardless of the practical feasibility, it is a well-established opinion that Big Tech should pay taxes in the countries where their customers are located, in the same way, it should be decided that, regardless of their registered office, these companies should cooperate directly with the countries where they provide their services in compliance with the law and the rights of citizens, under penalty of (at least) expulsion from the local market.
Declaring the applicability of such a law outside national borders would not be an exquisite solution for the general theory of law scholars. However, it would solve an extremely urgent political problem and already has illustrious precedents in the US with the Cloud Act, Europe with the Data Protection Regulation, and China with the National Security Act.
The question is whether there is the political will to make such a choice, which is as unpopular as it is necessary to balance private ends against the higher interest of the State.