In the wake of this year’s surveillance scandal, it is to be expected that some governments and national telecommunications operators want to steer their citizens’ and customers’ internet traffic away from the U.S. and other members of the “Five Eyes” espionage alliance, where possible. But what does that mean in practice?
Germany’s biggest telco, Deutsche Telekom, recently proposed keeping all domestic internet traffic within national borders. In other words, if someone in Germany wants to visit a German website, that traffic would not be routed through the U.S. or Britain, and would therefore not be up for interception by those countries’ data-addicted intelligence services.
The proposal, apparently made at a secret meeting between DT and the German government on October 1st, was reported on Saturday by Wirtschaftswoche and subsequently confirmed by the company itself.
A proposal for mainland Europe
In a statement emailed to me on Monday, a Deutsche Telekom spokesman said:
“Telekom is strongly in favor of keeping German Internet traffic within national borders (‘national routing’). The next step would see this solution expanded to include Schengen countries. Secret services of countries outside this area would then find it much more difficult to access this data traffic.
“This suggestion finds its limits where content from overseas is used, of course. Still in the US a national routing is already in place. This shows that such a routing is possible. In addition to this measure, we now urgently need the European Data Protection Regulation, in order to achieve uniform, high-caliber data protection standards.”
The statement went on to bemoan the effect the surveillance scandal is having on the public’s trust in cloud services. It called on politicians to “step up when it comes to stopping espionage by allied states” but noted that telecoms firms “can also play a role in improving the security of their customers’ communications.”
So, how realistic is this proposal, and what would its effect be?
The best point of comparison here is Brazil, whose president, Dilma Rousseff, has been extremely vocal about her plans to make the Brazilian internet, as it were, more independent of the U.S.
While some have suggested that Brazil’s strategy could lead to a “fracturing” of the internet, in reality the steps Rousseff has been touting are already underway, and they amount more to beefing up local capacity than balkanization. Brazil has been pumping up its bandwidth for a while and new cables are being laid directly between Brazil and Africa — and also between Brazil and its South American neighbors.
While the intercontinental undersea cables could be relatively easily tapped (I do sometimes wonder what former U.S. president Jimmy Carter makes of his namesake submarine being used for such things), doing the same to the terrestrial cables would be trickier.
This is more-or-less analogous to what Deutsche Telekom is proposing for Europe: greater security for intra-regional communications, without cutting off the region from the outside. (As opposed to China’s setup, which effectively involves a single internet gateway to the country — handy for implementing the Great Firewall, and much easier to close down if the government were minded to do so.)
What is particularly interesting about DT’s proposal is that it comes from a private company (albeit one in which the state holds a minority stake). After all, the internet is made up of commercial networks, and it’s those companies that need to play ball, whatever their governments say.
Telekom’s proposals require the participation of other European telcos, such as Vodafone(s vod) and Telefonica(s tef), if they are to work. That’s a big hurdle to leap, but it’s not the biggest.
The main problem with the proposal is the patchwork nature of your typical modern webpage. It’s all very well to say you want Herr Schmidt of Hannover to not have his traffic routed via the U.S. when he reads Der Spiegel, for example, but it’s not nearly that simple — a Spiegel story comes with a Facebook(s fb) “Like” button, a Google+(s goog) “+1” button and a Twitter button. Certainly in the case of the Like button, Herr Schmidt is being tracked by the U.S. firm whether or not he is also signed into Facebook.
Of course, Facebook and Google have data centers on the European mainland (and Microsoft(s msft) is planning the same). There are certain benefits to be gained there, mainly better latency, but the U.S. Patriot Act would potentially compel those companies to hand over data on European customers no matter where their data centers are sited. So that’s not really much of a help, from a security standpoint, when it comes to keeping these hotchpotch pages regional.
Deutsche Telekom seems to be well aware of this problem, and doesn’t appear to have figured out how to solve it yet. The firm’s spokesman told me:
“Where traffic can be routed within Germany we would suggest to do it — not more and not less. We’ve just started the debate, we’ll see where this will lead us.”
The only way to really make this work would be to gradually promote and strengthen Europe’s own technology industry, so that internet users there don’t default to U.S. services like they currently do. Because right now, European telcos could band together and keep certain surfing within national or regional borders all they want, but that would only protect a very limited subset of Europeans’ online activity.
And the same goes for Brazil.