Digital Sovereignty has exactly the same problem that Cybersecurity has / always has had: it is an abstract concept which has been co-opted by the state, the state having mistaken it for a political and administrative goal that it is in their gift to create and bless, rather than an emergent property of a properly fostered, educated and equipped citizenry.

---

In case this is unclear: it’s the difference between “being equipped with armies to wage conflict” versus “having a healthy population capable of withstanding conflict”; it’s a phenomenon you see when there is a pandemic and suddenly the government has to stop waging war by other means and instead tell people to please wash their hands – to stop pursuing a Great Firewall and instead tell people to install anti-malware.

In respect of digital sovereignty: there is also a risk of jingoism and political capture: digital sovereignty is the capability to “go it alone in the wilderness” – except that the internet is a global wilderness and if you want to “go it alone” you risk turning into China with a huge, expensive, yet permeable firewall around you and a self-isolated and gradually fermenting population.

Basically: Digital Sovereignty as-discussed is largely analogous to Brexit.

See how that worked out.

Instead what actually needs to be done for digital sovereignty is: sensible individual and national provision a-la “disaster preparedness” – but that is far less appealing to nationalist drum beating / “let’s hate Social Media for being too American” / “let’s hate the cloud for being too American“ / “what do you mean we have to invest in our own neckbeard technology startups rather than tell them what to make?”

Digital sovereignty is a clusterfuck. It’s the wrong approach, by the wrong people, captured by the wrong political interests, in pursuit of the wrong goal, all being done badly and with a bunch of excitable cheerleaders on the sidelines who think it’s their proxy-war against “Surveillance Capitalism.”

What we actually need is:

• online digital citizens freely preferring to use
• locally resilient infrastructure in a global context
• with built-in disaster preparedness

Put differently:

• we need everyone to want to do ISO27001
• of their own accord
• and for their own benefit
• and with a globally politically-aware threat model
• otherwise Goodhart’s Law will kill the entire endeavour

In a single sentence:

• we need cyber “preppers”

…but the state generally doesn’t like it when individuals become in any sense sovereign of their own accord, so it’s not the dominant narrative even though it’s analogous to people washing their hands and wearing a mask both to resist and prevent spreading of infection.

If you don’t take this approach then you’re either:

• telling a bunch of fat organisations to nerd harder and expecting it to improve matters where there are “boots on the ground”, or else:
• pretending that central government can do anything concrete to fix the actual risks without turning the nation into a Digital Hermit Kingdom