Part III - Grassroots Contestations of Digital Sovereignty

8 Circumventing the “Sovereignization” of the Russian Internet Toward an Infrastructure-Based Sociology of Digital Sovereignty and Its Resistances in Russia

Olga Bronnikova , Françoise Daucé , Ksenia Ermoshina , Valéry Kossov , Benjamin Loveluck , Francesca Musiani , Bella Ostromooukhova , Perrine Poupin , and Anna Zaytseva

8.1 Introduction

In the first decade of the twenty-first century, characterized by relatively high levels of freedom in digital innovation, the technical constraints on the construction of the Russian Internet (RuNet) have remained mostly invisible to its users (Deibert & Rohozinski, 2010). However, since the early 2010s, the increasingly strict regulations imposed by the government have made these aspects more evident (Oates, 2013; Soldatov & Borogan, 2015; Gritsenko, Wijermars, & Kopotev, 2021). In particular, Roskomnadzor (RKN), the federal government communications control body,¹ has seen its jurisdiction and reach rapidly extended to domains as varied as the control of online content, the right to block websites, and the registering of blocked websites, with a substantially increased possibility of censorship. RKN’s control relies on its important nexus of relations and collaborations with actors that maintain and keep the internet operational and propose connectivity solutions to users including access providers and owners of digital businesses.

This scenario has led to a particular and Russia-specific instantiation of the “digital sovereignty” label, which has taken hold in the past decade, not only offering a telling example of how state-centric formations of digital sovereignty may be structured, but also highlighting the limits of such model, showing how it might be challenged by grassroot initiatives. In this regard, the Russian context illustrates the tension between two types of digital sovereignty as outlined in the introduction to this book: state-centered digital sovereignty and “personal” digital sovereignty struggles as a response to the increasing constraints on digital and civil liberties imposed by the State. Indeed, Russian authorities are actively pursuing a digital sovereignty strategy that focuses on an autonomization and “sovereignization” of the RuNet through the adoption of new laws to counter foreign influences and agents, as well as their devices and applications. Exemplars of this tendency are what have become known as the Sovereign Internet Law, adopted in 2019 with the official aim of protecting the country from cyberattacks, and the law against Apple, passed in 2020 with the objective of having all smartphone devices in Russia to preload a host of “Russian-made” applications (Musiani et al., 2019).

In this context, since 2018, the ResisTIC (Criticism and circumvention of digital borders in Russia)² project team endeavors to analyze how different actors of the RuNet resist and adapt to the recent wave of the so-called authoritarian and centralizing regulations, with a particular focus on online resistance that reveals so far lesser-known social practices and techniques for circumventing online constraints. These circumventions expose the limits of what the introductory chapter to this volume considers as state digital sovereignty and the underlying tensions that this type of digital sovereignty inevitably unleashes against competing forms of individual digital sovereignty, echoing a long history of social inventiveness in the last decades of the Soviet period when many Soviet citizens routinely transgressed and reinterpreted the norms and rules of the socialist state (Yurchak, 2013). These “arts de faire” were notably visible in their use of communication infrastructures (Zakharova, 2020).³ They are also in line with the protests that emerged after the demise of the USSR. Since the 1990s, Russian society has been neither apathetic nor resigned, as shown by the local mobilizations contributing to the development of citizen activism (Kleman, et al., 2010) or the large demonstrations against electoral fraud in 2011 and 2012 (Gabowitsch, 2016).

One of the project’s primary objectives is to explore the extent to which control and circumvention strategies are embedded in and conducted by means of the infrastructure of the RuNet; our aim has been to shed light on the complex relationship between technical devices and algorithms (Brousseau, Marzouki, & Méadel, 2012; Musiani, 2013) in the Russian digital sphere, and the politics and markets taking shape in the country. As the project moves toward its conclusion (June 2022), this chapter proposes to take stock of the project’s different fieldworks and insights concerning the theme of this book, at the crossroads of digital sovereignty, data, and infrastructure – both its development and its uses, oftentimes very creative and subversive. Beyond the Russian case, understood as a “laboratory” of broader tendencies in internet governance worldwide, the project seeks to contribute to a conceptualization of the changing patterns in politics as it is exposed to information and communication technology (ICT) in the modern world.

The chapter undertakes an infrastructure-based sociology of the RuNet, focusing on the technical devices and assets involved in surveillance and censorship, and on the strategies of resistance and circumvention “by infrastructure” that follow. In the tradition of Science and Technology Studies (STS), we understand the “infrastructural” quality of the network of networks, and its multitude of physical and logical apparatuses, as relational and conditional; infrastructures can be more usefully understood in terms of function than form. Thus, beyond objects whose infrastructural aspect is immediately obvious, such as bridges or pipes, a number of artifacts and entities that populate and shape the network of networks could be described as infrastructure because they have an infrastructural function – because they help to structure, shape, enable, or constrain our “being-together” on and with the internet. In this sense, internet infrastructures include physical objects, for example, submarine cables that carry global telecommunications or data centers that host our digital content, and objects that are a priori much less concrete, such as internet protocols, applications, and software (see, e.g., Musiani, 2018 for further discussion of this point).

The analyses presented in the chapter are based on original data, both quantitative and qualitative (interviews and observations on the field). In addition to the presentation of the case studies, a recurring point of interest is a reflexive assessment of our methods, in particular those related to field survey, which can be problematic and sensitive in Russia because of the constraints on researchers and the protection of interviewees, but is extremely useful as it allows to question the preconceptions attached to the RuNet and renew our understanding of the role of infrastructure in digital control and circumvention.

The empirical core of the chapter will provide an overview of a number of studies undertaken by the ResisTIC project team in the past few years. While the presentation of the case studies will, by necessity, be relatively brief, presenting them together will allow to draw some general conclusions about the state of infrastructure-based digital sovereignization in Russia; interested readers will be able to delve deeper into the case studies by means of a special issue of the open access First Monday journal (Daucé & Musiani, 2021).

Before we delve into the case studies, however, we seek to outline the particular relationship that exists in Russia between law and infrastructure as means of control, as it has taken shape in the past few years. In response to the Russian government’s increasingly coercive grip, direct political confrontation is difficult and risky; thus, we argue that the use of infrastructure is a way to indirectly bypass constraints and coercion. A number of dynamic behaviors, which can be qualified as infrastructure-based ruse and resistance, have emerged in close response to legislation. Russian “digital resisters” adapt to new laws and invent new techno-legal tweaks that challenge the Russian lawmaker. Understanding this dialectic is of vital importance to understand the context in which the initiatives described below, between promotion of and resistance to digital sovereignty by means of infrastructure, take place.

8.2 The Relationship between Law and Infrastructure in Russian Digital Sovereignty Strategies

The regulation of internet infrastructure began in a firm manner since 2012 with new laws such as 139 FZ,⁴ which establishes a legal framework for the system of filtering websites included in the “blacklist” of digital resources, whose illicit nature may be defined by various state institutions. This law introduces a new relationship between the infrastructure providers and the state. Indeed, the law obliges internet service providers (ISPs) to inform site owners of the need to remove pages with illegal information or to block access to sites listed in the register prepared by RKN. Initially, the law prohibits content relating to child pornography, suicide, or drug use. However, the new Law 398 FZ extends blocking practices to the sites calling for unauthorized public protest actions considered “acts of extremism”⁵; for example, media such as Grani.org were banned on Russian territory for their publications dedicated to actions in support of the people prosecuted for participating in political protests on Bolotnaya Square in 2012. The prosecutor’s office also deemed Kasparov.ru’s website as “extremist,” in an article related to the annexation of Crimea. Since March 2014, “nonsystem” political opposition sites⁶ have been blocked under the law.

These blocking attempts, as well as RKN’s “manual” control of ISPs – that is, the case-by-case verification of the blocking of prohibited sites – have proven to be ineffective. From 2015, RKN is therefore imposing Revizor boxes on operators, which automatically check whether prohibited resources have been blocked by ISPs. The new monitoring system entails additional costs for ISPs due to installation of hardware and software components and the high fines for noncompliance to the law (Stadnik, 2021). The web community is responding to blocking practices with the increasingly common use of virtual private networks (VPNs) or Tor software, dynamic IP addresses, and mirror sites.

In parallel with these information control practices, the Russian authorities are attempting to regulate the RuNet by law, targeting its infrastructure more directly. On July 21, 2014, the President signed Law 242 FZ,⁷ which requires private internet players to store the personal data of Russian users on servers physically located on Russian territory. The Law 531 FZ⁸ prescribes the hosting on Russian territory of all sites of Russian public authorities. These measures are justified by the need for data security for the population and the State in a tense international context linked, inter alia, to the conflict with Ukraine, and to a broader context in which cyberattacks from Russia to US, and vice-versa, happen on a regular basis (Sanger & Perlroth, 2019) and, to some extent, the need for a RuNet is seen by the Russian government as a cybersecurity strategy. Ultimately, the application of the law 242 FZ has been postponed until October 30, 2022.

The trend of repatriation of digital resources and data continues with the so-called Yarovaya Law 374 FZ.⁹ This time the legislator modifies the nature and quantity of data that would be controlled by the state in the context of the fight against terrorism. Indeed, the law obliges operators to store telephone conversations, SMS, videos, and emails of users for a period ranging from 30 days to 6 months. The encryption keys must be made available to security services upon request. Given the significant cost to operators, it was expected that their storage capacity would increase by 15% annually. However, the application of this rule was temporarily suspended in 2020 because of the pandemic, which caused an explosion in the number of video and other content exchanges, making it impossible to store such a large volume of data (Peškova, 2020).

All this legislation aimed at territorializing infrastructure of the RuNet finds a general framework in the Doctrine of Information Security (Presidency of the Russian Federation, 2016). This document provides definitions of critical infrastructures, emphasizing the territorial anchoring of information systems and communication networks.

The Doctrine gave rise to the Law 90 FZ called “on the Sovereign Internet,” which came into force on November 1, 2019. Indeed, it takes up the notion of sovereignty of the Russian digital space and tasks the government with ensuring the stable functioning of its critical infrastructure by taking control of the traffic exchange points, all autonomous systems and the system of national domains ru. and рф. The law also provides for the establishment of state control over cross-border traffic by the infrastructure that will ensure network routing in case of the impossibility of connection to foreign servers. In addition, it requires ISPs to install Deep Packet Inspection (DPI) filtering equipment. RKN has been given the power to set routing policy for ISPs and to ensure centralized network management. To this end, tests were planned to simulate the situation where RuNet would be disconnected from the external network. However, after a first test in December 2019, others were canceled in 2020, officially due to the pandemic. In January 2021, the Ministry of Digital Development announced that the final plan for the exercises would be decided after the end of the pandemic (Pâtin, 2021). In contrast, COVID-19 did not become an obstacle for Twitter throttling in 2021,¹⁰ which was done with the use of DPI equipment. Furthermore, the pandemic did not prevent the passage of Law 19 FZ, which holds operators accountable for not installing DPI equipment.¹¹

The process of RuNet sovereignization continues to develop according to the guidelines of the Information Security Doctrine, with Law 425 FZ mandating foreign hardware manufacturers to preinstall Russian software on electronic devices sold in Russia from April 1, 2021 (Presidency of the Russian Federation, 2016, art. IV, sect. 23, par. з). The so-called “anti-Apple” law has been met with an unfavorable response from other major computer brands including Microsoft and Intel. However, even the most resistant, such as Apple, have found a compromise with the government: Russian applications are proposed as opt-in mechanism for the device buyer, without the device manufacturer preinstalling them (Kodačigov, 2021).

The adoption of new laws regulating the internet infrastructure reduces opportunities of circumvention for digital companies, the media, NGOs, and simple users. However, the digital ecosystem is organizing itself to cope with the constraints of the legislation. First, there are legal means such as appeals against court decisions or even legal recourse against RKN decisions. Second, the RuNet community continues to seek for technical solutions to adapt to restrictive rules. Finally, the proliferation of punitive laws and the high rate of their adoption are turning against the state, which is failing to enforce them in a regular and systematic manner throughout the Russian territory. This diminishes the effectiveness of the law and leads to the slowing down of the sovereignization process.

8.3 Sovereignization and Resistance “By Infrastructure” in the RuNet: Insights from the Field

We now turn to the empirical core of the chapter, which provides an overview of a number of studies undertaken by the ResisTIC project team in the past few years. We focus on both the technical devices and assets involved in sovereignization processes, and the strategies of resistance and circumvention “by infrastructure” that follow.

8.3.1 “Black Boxes” and Strategies of Internet Service Providers

One of the key levers of control over the RuNet is the legal framework targeting ISPs. These private technical intermediaries ensure the routing of internet traffic toward end users, and in Russia, they represent a vibrant and diverse market with many actors of different sizes, providing an overall good quality of service. Digital sovereignty policies regarding ISPs seek to achieve two main objectives: enabling surveillance of the traffic and ensuring compliance with censorship regulation. Moreover, the technical solutions to cater for these regulations need to be “made in Russia.” A domestic industry of surveillance and censorship has thus flourished, which affects the ISP market in different ways.

We explored this industry through a two-year fieldwork in 2017–2019, including in-depth interviews with ISP representatives, a web-ethnography of ISP forums and chats, and a content analysis of professional documentation (Ermoshina, Loveluck, & Musiani, 2022). Our research focused on the vendors of surveillance and censorship solutions and on the “black boxes” known as “middleboxes,” which ISPs must implement on their infrastructures: actual physical boxes that are plugged on the network, but also software solutions and distributed technical devices and equipment. By drawing on both STS and the political economy of information and communication networks, we sought to understand their functioning and the ambiguities and controversies they generate, as well as assessing the liabilities, technical impediments, and economic costs that weigh on ISPs, and the strategies they devise in order to circumvent them or negotiate compromises.

We focused on two types of “black boxes” that ISPs need to embed within their infrastructure. The first one is known as SORM (System for Operative Investigative Activities), and it is used to collect and store metadata and internet traffic, which must be made available to the authorities upon request as lawful interception. Though SORM must be installed at the ISP’s expense, it is controlled by the FSB (the Russian Federal Security Service) via a terminal and can be accessed by other agencies and police departments (tax, customs, border police, etc.). SORM-1 was set up in 1995 for wiretapping and phone surveillance, before adapting to the internet in 1998 as SORM-2, and it has evolved several times since then. The latest iteration was defined by the “Yarovaya” 374-FZ4 and 375-FZ laws passed in 2016 (and somewhat loosened in 2018): the law now requires all telecom providers to store metadata for 3 years and content such as data, voice calls, images, and text messages for 30 days. The hefty costs of this system and the long delays in specifying the certifications have drawn criticism on the part of ISPs – who must choose between various expensive solutions, are never completely sure they are complying with the regulation, and may also face legal responsibilities in the case of data breaches. Indeed, not only are there different ways of conforming to the regulation, but misconfigurations of SORM are also common. Moreover, requirements are different according to ISP size and to mitigate these different risks, various strategies are adopted such as sharing solutions between ISPs or even buying already “SORMed” traffic from bigger actors. Finally, SORM is contested not only because it is costly but also because it involves cumbersome compatibility issues with existing ISP infrastructures, because most of the stored traffic is encrypted and therefore unusable, and because the FSB often uses other ways to access specific information. It is said to mainly benefit a small number of firms who have gained quasi-monopolistic positions on the market, and who benefit from existing ties with the Defense sector.

The second type of “black box” we focused on is the solution needed to filter the traffic and make it “RKN-compliant” – blocking any website that RKN (Roskomnadzor, the Russian federal executive body responsible for media and telecommunications) has added to its “black list” of banned websites. Although ISPs previously received blocking requests on a case-by-case basis, a centralized list was set up in 2012 after the protests against electoral fraud, and was further expanded especially after the Ukrainian crisis in 2014. There is no unique “law on censorship” however, but many existing laws that have been amended to include responsibility for publishing “illegal” content. This category is only vaguely defined and decisions to ban content are made with no oversight, paving the way for politically motivated suppressions.¹² Moreover, precise requirements such as standardized “blockpages” and guidelines for traffic filtering were only issued in 2018. Prior to that, vulnerabilities in the mechanism meant that activists could leverage DNS-based “guerilla” tactics to block other websites – including at one point the Ministry of Justice main website – as a sign of protest. With no standardized blockpages, these could also be used by ISPs to criticize censorship and promote circumvention tools such as VPNs. Today, there are still different available methods for blocking websites, which range from homemade scripts to hardware devices, cloud-based solutions, and DPI-blocking software, but attempts have been made to standardize the blocking procedures. And with an increasingly voluminous blocklist, cobbled-up solutions have gradually become increasingly difficult to maintain. Nevertheless, ISPs still actively seek to avoid complying completely with censorship – in order to reduce their costs but also to remain attractive to their clients. Some even engage in selective censorship or try to fool the system in various ways, such as blockpages or the so-called “DNS guerillas” (see Ermoshina, Loveluck, & Musiani, 2022).

Both SORM and RKN-compliance must be implemented if ISPs want to avoid being fined. However, none of them are standardized and the certification processes are lengthy. ISPs therefore often find themselves in uncharted waters, where they must interpret these requirements and often experiment in order to find a balance among imprecise (yet strict) rules, technical feasibility, and economic costs. These gray areas present strong uncertainties for ISPs but also opportunities. Our research shows that along with ethical and political concerns, Russian surveillance and censorship policies generate inefficiency and potential corruption of the market and affect the overall topology of the RuNet. However, we also highlight that ISPs develop different forms of technical, legal, economic, and sometimes political resistance. Far from a vertical, centralized, and all-powerful model of State control, the regulation of surveillance and censorship shows that control – though burdensome – is only partial, often inefficient and fraught with contradictions, opening up spaces for resistance and evasion.

8.3.2 The “Telegram Ban”: RuNet between Infrastructural Dependency and Resistance

These resistance tactics of both technical experts and users have become especially visible through the case of the “Telegram ban,” a two-year long attempt by RKN to block one of the most famous messaging applications in Russia. The “Telegram ban” should be approached as a sociotechnical controversy that unveils the close dependencies of RuNet vis-à-vis global internet infrastructures. Indeed, this case questions both technical and geopolitical boundaries as it opposes the strong government-originated discourse on the Russian “Sovereign Internet” (Freiberg, 2014) and the transnational character of material internet infrastructures. This “Telegram ban” favors a better understanding of both the threat of balkanization of the internet and the “turn to infrastructure” (Musiani et al., 2016) in RuNet governance, as it makes visible the ensemble of sociotechnical and legal mechanisms used to exercise control over RuNet.

Created in 2013 by the Durov brothers, Telegram fell under scrutiny of the Russian political police in the space of a few years: on July 14, 2017, the Russian FSB requested decryption keys for all messages sent and received via Telegram, in accordance with the 2016-approved Yarovaya Law. Telegram did not satisfy the FSB’s request, and after a second request to provide the keys in March 2018, Telegram’s lawyers explained that it was cryptographically impossible because of the way in which encryption works in Telegram. In response, on April 16, 2018, Telegram was officially blocked by RKN. However, Telegram was never completely blocked on the territory of the Russian Federation. Users could access all of its services rather easily – sometimes even without any circumvention tools because small and medium ISPs did not always comply with RKN’s requirements to block the app. This inability of governmental agencies to successfully block Telegram raised concerns as to the efficiency of RKN and technical expertise of its employees.

This trust in Telegram, according to our interviews (see also Maréchal, 2018), lies not so much with the technology, but with its main developer, Pavel Durov, his reputation, and his political position. Indeed, Telegram became so influential in Russia that governmental institutions kept maintaining their own official Telegram channels, probably so as to maintain some kind of influence within this platform. Interestingly, and ironically, the Russian government itself kept on using Telegram as one of its primary means for official communications during the COVID-19 pandemic, despite the fact that the tool was still officially blocked until June 2020. As the official Telegram statistics show, Telegram’s Russian audience has doubled since 2018 and the ban did not impact this growth.

Telegram has attracted tech user communities that have chosen it as their primary messenger, not only for daily one-to-one communication but also for professional chats. Telegram’s API has engendered a dynamic user-driven development of the bot and bridge ecosystem that made Telegram something “bigger than just a messenger, a new kind of social network” – as one of our respondents puts it. Telegram has evolved into a hybrid network with multiple functions and purposes, offering shelter to censored media using Telegram as a circumvention tool to deliver content to their audiences, allowing public group chats and proposing tools to promote cultural and political events and gatherings, organize surveys, create and distribute cultural and artistic content, generate stickers, and process payments.

There is no single history of the Telegram ban, but several ways to tell this story, competing chronologies and narratives that trace it back to different moments in the history of the RuNet – itself a rather controversial one. The defenders of Telegram do not interpret the ban as an isolated case but analyze it in a broader context of “the war on RuNet,” while pro-governmental media, on their end, frame the Telegram ban as “the (legitimate) war on terrorism.” The difference in framing strategies unveils how an instant messenger becomes in itself an instrument used to build and distribute concurrent political narratives about what RuNet has been and how it should function in the future. The Telegram ban crystallizes two competing paradigms: the one mourning RuNet’s “Golden Age,” based on free competition and cooperation between tech professionals, absence of censorship and centralized regulation, transnational circulation of tools, services, and people; and the other that affirms the necessity of stronger, infrastructure-driven control of RuNet’s “borders” and content production and circulation. Both paradigms include a third party: the complex network of foreign, mostly US-made, services such as Google or Amazon Web Servers that actually become crucial for the functioning and well-being of RuNet. While the Telegram ban unveils these fundamental dependencies on foreign infrastructures, it paradoxically becomes the trigger for faster “sovereignization” – the relocalization of servers, data, and services – of the Russian segment of the global network.

Indeed, the very circumvention mechanisms used by Telegram (such as IP hopping) relied on Amazon and Google Web servers to temporarily host the elusive messenger. Access restrictions to Telegram were extended to all third parties providing infrastructural support for the infamous messenger. In April 2018, eighteen million IP addresses were blocked, including hundreds of IPs of Amazon, Google, and other major web services. This method, dubbed by Telegram defenders as “carpet blocking,” turned out to be quite inefficient: only 18 IP addresses out of three million blocked Amazon addresses were actually used by Telegram.

Collateral damages caused by these blockings had an important effect on the politicization of particular segments of RuNet users (e.g., small entrepreneurs whose websites were accidentally blocked). These new “concerned publics” (Geiger et al., 2014) were either involved into collective action or engaged into usage and understanding of circumvention technologies. Researchers have observed a wider adoption of privacy-enhancing technologies and circumvention tools such as VPN and Tor. A vibrant market of proxies for Telegram developed, while popular opposition media helped raise user awareness about internet censorship and circumvention.

During the first months of The Telegram ban, tech activists developed a new repertoire of contention (Tilly, 2002) ranging from disobedience (ISPs using various tricks to avoid blocking Telegram) to hacktivist actions. The Telegram ban also led to a rise of offline activism focused on internet freedom. A wave of demonstrations “For Telegram” took place across the country. The instant messenger became, at least for Spring and Summer 2018, a contextual point of unity for various anti-governmental movements.

Telegram was officially unbanned in June 2020, for two main reasons explained by the Ministry of Communication: first, the “technical impossibility” to effectively block it, and second, because Telegram has agreed to block specific channels related to drug sale or terrorism; a less-official but no less important reason was the need to share information via governmental channels during the COVID-19 pandemic. While the outcome of the battle for Telegram shows the inefficiency of the infrastructural apparatus and of the censorship methods used by RKN, there are indications that the Russian authorities, RKN in particular, may also have learned some lessons from the case, in terms of how they could adapt their “sovereignization” strategies by being more “hybrid” and acting at both the infrastructure and content governance levels (buying popular Telegram channels, sponsoring ideological content by their means).

8.3.3 Yandex.News, “Official” News Ratings, and Their Circumvention

Russia is one of the very few countries where search is not monopolized by Google, with Yandex owning a share of over 45% – thus making it a prized national champion of the Russian digital economy. Yandex has also developed other services such as Yandex.News, which presents a selection of topics and articles to reflect the themes most widely covered by the media at a given moment. The algorithms deployed by Yandex.News and Google.news can be perceived as an “invisible hand” deciding which topics will be singled out as relevant and which news outlets will be pushed on the forefront according to sometimes unfathomable criteria (Brake, 2017).

The controversies that arose after 2012 in Russia put an end to the belief in the objectivity of the aggregator. Control over the public sphere stepped up again in 2014, during the conflict with Ukraine and the occupation of Crimea. Yandex.News was accused of partiality by the authorities for providing visibility to information that didn’t align with the official narrative. This led to the adoption in 2016 of a law on news aggregators, designed to extend control to such intermediaries and specifically targeting Yandex.News. It became legally responsible for any content published in its results (and at risk of heavy fines in case of violations), unless the selected media are officially registered with RKN. As a consequence all non-registered media as well as all foreign media (such as the BBC in Russian, as well as exiled media such as Meduza) disappeared from the Top 5 results. An audit of the aggregation algorithm we conducted in 2020 (Daucé & Loveluck, 2021) strikingly shows the concentration of information on Yandex.News among 14 large media players: public press agencies, state-funded media, leading newspapers, and mainstream online publications. This is a much narrower range than the results observed by Nechushtai and Lewis (2019) in the case of Google News in the US for instance where, although a small selection of 14 outlets also dominated the aggregator, a long tail of other publications also figured in the results.

Media players and news professionals, along with the new hurdles they face, are gradually developing critical views of the role and functioning of platforms and their algorithms – uncovering the political stakes of these key infrastructures. Controversies, regulations, and concentration of information lead to a delegitimation of the algorithm in the eyes of journalists, as well as web professionals and programmers who seek ways to bypass it. Some of them consider the service to be useless. As Lev Gershenzon, the former head of Yandex.News, remarked in 2016: “Aggregators make sense (…) only when there is something to aggregate. If all independent, interesting, professional publications on a federal scale can be counted on the fingers of one hand, rocket technology for their aggregation and processing is not needed – you can simply add them to your bookmarks” (Gershenzon, 2016). The idea of closing the service seems to have been considered by Yandex executives themselves. According to well-known journalist A. Plyushchev, from Ekho Moskvy:

Well, you know, I once talked to A. Volozh, the head of Yandex, and that was before the law on aggregators was passed. And he told me that if the law was adopted, he would close the service. (…) Well, the law was softened a bit, and the service, as you can see, did not close. I still doubt if that was the right decision. Because, well, I think, unfortunately, the state did everything possible to manipulate both the media and extraction in search engines.¹³

In May 2018, in an open letter to Yandex CEO Yelena Bunina, A. Plyushchev advised her to shut down the Yandex.News service or to rename it Yandex.Propaganda.¹⁴

However, closing the aggregator is not the only option. Excluded from Yandex’s rankings since 2016, independent media carry out dissemination actions on social networks to bypass the aggregator. They have migrated and relocated to other spaces and new types of distribution, disseminating their content on social media such as Facebook, Twitter, Instagram, or Telegram. The example of Meduza, a Riga-based online newspaper created by Galina Timchenko after she was fired from the news website Lenta.ru in 2014, is very enlightening here. According to its own metrics, in 2020, traffic came mostly from direct connections and social networks, which is presented as a badge of honor with its traffic being “certified organic.” Meduza does not obtain any traffic from Yandex.News (compared with Lenta.ru, Kommersant, and RBK, which are more dependent on the aggregator). It has an active presence on social networks, which is consistent with the new information practices of the younger generation. Since 2016, a growing gap between how people experience news on Yandex.News and on social networks is noticeable. A media consumption study carried out by the Levada Sociological Center in Russia in February 2020 showed that people over 40 years old get their information mainly from official websites or from television, while younger people (18–39 years old) secure it mostly from social networks.¹⁵

Another scenario to bypass Yandex.news concerns the creation of an alternative aggregator. In 2019, from abroad, Telegram founder Pavel Durov announced his intention of developing a news aggregator on his platform: “We have a chance to create the first effective and free news aggregator in the history of the Internet,” said Durov. “We can start recommending articles from the Recommended Articles block after reading each article in Telegram, gradually bringing it into service with an hourly selection and a global search on all the news in the world” (Eremenko & Brzygalova, 2019). In the context of the failed blocking of Telegram in Russia, P. Durov announced his aggregator will be beyond the control of the Russian security services and political censorship, unlike local operators. He invited Yandex.News developers to participate in the creation of his service and announced a competition to develop an algorithm from the Data Clustering Contest. Its first round took place in spring 2020 and was won by “Mindful Squirrel” (contestants appear on the platform under animal aliases to ensure fairness and transparency in testing). However, according to experts, “Mindful Squirrel” is actually Ilya Gusev, who works as a machine learning engineer at Yandex.News. In this way, the Telegram news aggregator is built on the skills of Yandex engineers, who themselves contribute to the circumvention of the aggregator they work for. This singular case highlights the agentivity of web engineers circulating in a plural technical world where cooperation is possible beyond the opposition displayed between the major internet actors. They thus contribute themselves to the bypassing of the infrastructures they built.

8.3.4 Online Repression of Local Environmental Movements as a “Sovereignization” Process

Processes of circumventing online constraints are also enacted by “ordinary” citizens and activists in far-off Russian regions. We analyzed one of these processes in the frame of a specific case study: citizens have been fighting since July 2018 against a waste landfill project designed to dispose of half a million tons of Moscow waste per year in a swampy area in a remote site called Shies, 1,200 km north of Moscow. A protest camp was set up and maintained to physically preserve the site, joined by people from all over Russia.

Activists do not themselves mobilize the notion of “digital sovereignty.” The phenomenon of RuNet sovereignization is, however, a phenomenon whose effects on protest practices are felt on a daily basis. In other words, there are indeed practices of protection among mobilized inhabitants vis-à-vis the state’s digital repression and surveillance, but no discourse on sovereignty or sovereignization as such, either to contest it or to appropriate the term, as we see in activist or indigenous movements in other countries (Couture & Toupin, 2019).

If we consider sovereignty as a discourse, a performative action of the state, sovereignty is “a speech act to (re-)establish the claimant’s position as absolute authority, and to legitimise its exercise of power” (Werner & de Wilde, 2001). In the Shies case, the question of authority, power, and the rule of law was raised by habitants when they discovered that forest areas had been cut down near Shies and a building site was under construction. The project was started illegally from the point of view of Russian law, that is, without any state ecological, health, and technical expertise, public hearings, or legislative decree. In response to the Shies mobilization, the state did not question the illegal development project; instead, it repressed protest activities, including online ones. If the State had forced the project owner to bring the project into conformity with the law, this would have been another form of sovereignization.

The online repressions take place in a political context where uprisings across the Middle East and North Africa (the so-called Arab Spring), Europe (the Indignados in Spain), and the US (the Occupy Wall Street protest) have received a great deal of attention from the Russian government (Nocetti, 2015). Other revolts in post-Soviet countries, such as Ukraine (2013–2014), Armenia (2018), and Belarus (2020), where social media played a prominent role, confirmed this trend. After 2012, the regime started to more closely monitor online media and social platforms. Oligarch Alisher Usmanov’s Mail.ru group, with close ties to the Kremlin, bought VKontakte and since, the government has had no difficulty blocking groups or accessing personal data of site users. In this way, Russia develops a strong “data sovereignty,” as it attempts to “subject data flows to national jurisdiction […] with an emphasis on safeguarding national security” (Polatin-Reuben & Wright, 2014: 1). In 2014, with conflict rising in Ukraine, the crackdown against critical voices and opponents in Russia became even greater. Pavel Durov, the VKontakte (the Russia-developed dominant social network in the country) founder, lost control of his company and left the country because of political pressure. Like other local grassroots movements, the Shies one mainly use VKontakte. Activists use it despite the potential privacy and security risks this platform has posed to users since 2014.

The repressive practices against the Shies mobilization can be seen as attempts from the state to reassert its own sovereignty and that of its allies, the private waste sector. Repression related to VKontakte either took place offline, and meticulously documented online by activists in groups, or enacted entirely online. As for the first type, the blockade of fuel transfers and trucks by activists led to conflicts with site guards, with injuries and arrests in the ranks of activists, which in turn led to trials. Other cases of offline repressions documented online were related to the meetings organized by activists. For the second type, repressions were carried out online, or related to the internet directly. They included internet shutdowns at critical moments, seizing activists’ audio, video, and computing equipment, blocking, deleting, or hacking groups and personal accounts, and carrying out legal trials based on material related to online groups.

After an initial moment of surprise derived from the first group blockings, the communities devised reaction strategies. At each blocking, a new group was created on VKontakte and activists intensively shared the link with others. Moreover, activists were making clones of VKontakte groups: the contents were copied simultaneously to Telegram and Instagram. A minority of activists exit platforms that implement stricter surveillance regimes and technologies (as VKontakte), moving, for example, to Telegram. But even so, most kept an account on VKontakte. Local activists, as the substantial majority of ordinary citizens, even those who are physically on the front line of local struggles, do not use free software, servers, and encryption-based technologies, as telecommunications, digital, and internet surveillance is the norm and routine for them; further, they do not trust digital services to protect them from privacy threats. They have the belief, inherited from the Soviet times, that “the State knows everything about everyone anyway.”

Protest repression tools are continuously experimenting. Each protest case is an opportunity to test and search for effective technologies to block and filter out critical content and hold trials based on online materials. There is a continuum of the infrastructures and territories that are under the authority of the state and that are subject to a reassertion of power in critical situations: from the classic ones, such as landmass (with the landfill project), to digital content. Faced with repression, activists are learning and using new techniques of circumvention.

8.3.5 Google and US-based Tech Giants as “Recommendable” Tools in RuNet Digital Security Practices

Unlike in other so-called authoritarian regimes (e.g., China and Iran), Google remains legally accessible in Russia and is widely used, including by political leaders and pro-government media. This positions Google as a core actor in negotiations on digital freedoms between authorities and actors of civil society in Russia. Its position is further strengthened by the close dependence of the Russian economy and communication networks on internet giants. Indeed, a strong embeddedness of the Russian internet sector in the global IT ecosystem has been highlighted on several occasions, in particular during the aforementioned blocking of Telegram.

Nevertheless, Google’s relations with Russian authorities are tense. Although the company has been present on the Russian market since 2005, the Russian authorities began to take a close interest in it after the mobilizations in 2011–2012: YouTube was widely used to disseminate evidence of electoral fraud. Several other cases have subsequently set Google against the Russian state, especially following the law on blocking prohibited content in Russia and the localization of data of Russian citizens on Russian territory. But the peak of the tensions was reached in May 2021, when Google was the first of the Big Tech companies in Russia to take legal action against RKN following the latter’s request to remove the links on the demonstrations in support of Alexei Navalny.

In the polarized context of “information warfare,” Western sanctions against Russia and a growing divide between civil liberties activists and the pro-government camp, any regulation of global internet companies, often seen as desirable in liberal regimes, is discredited in the eyes of Russian activists for free internet as synonymous with the internet’s subordination to state surveillance and a threat to freedom of expression. In contrast to their Western colleagues, Google is considered mostly reliable by activists for internet liberties in Russia. This trust is based on the monitoring of Google’s Transparency Reports. As noted by a digital security trainer for civil society NGOs in Russia, “while for countries (…) participating in the ‘five eyes’ intelligence alliance, 80 to 90% of requests for information from the authorities are met, for Russia these figures represent only a few %.”¹⁶ This trust is, of course, not exempt from paradox, since Google Transparency Reports are, with some naïveté, considered here as an authoritative source providing a complete picture of what foreign companies may do with the personal data of RuNet users, neglecting both possible and acknowledged biases that do exist in this kind of documents.

Our contacts rely also on their own databases and measurement tools. For example, the “Map of repression on the Internet” (a project of the Internet Protection Society) lists only a few cases related to internet giants,¹⁷ whereas 95% of them concern posts in VKontakte.¹⁸ As to digital security trainers, they draw on their own internal “incident database”: very few incidents involving Google services have been relayed in post-Soviet countries.¹⁹

While not always being deeply concerned about Google’s involvement in “surveillance capitalism,” internet freedom defenders point out the same phenomenon for Russian technology companies: “In Russia, there are two logics of surveillance capitalism. On the one hand, companies that want to collect the maximum amount of behavioral data. On the other hand, there are some traditions and logics of citizen surveillance that allow the authorities to perceive this data as their property. The number of actors who can use it is really unlimited.”²⁰ Despite pointing out that Google has fairly similar commercial strategies in a variety of countries, our respondents nevertheless underline the specificities of the Soviet context, marked by the porosity between public and private spheres and the total distrust in political institutions, which arguably still impact post-Soviet societies (Svenonius & Björklund, 2018). Thus, different experts in digital security for civil security actors understand and convey to their audiences the risks associated with the registration of technology companies in the Russian jurisdiction. Thanks to this positive “publicity” by the expert community, Google is used by multiple civil society organizations and activists in Russia in their everyday work for the usability, security, and efficiency of its various services. Indeed, several of our interlocutors pointed out the danger of “physical infiltration” by malicious people that NGOs are facing. Services such as Google Workspace (formerly GSuite) allow differentiated access to data for different NGO employees. In addition, many NGOs cannot afford to hire an IT manager to maintain digital architecture. In this case, the use of open-source solutions appears too difficult to them.²¹ This situation of dependency upon Google demonstrates that Russian NGOs have little choice, given the chronic lack of resources and various threats from the Russian authorities.

However, the NGOs dependency upon Google is also due to the role played by the company in the technological assistance to the nonprofit sector. Indeed, while having a reputation for being practical, Google services, such as Google Workspace, are quite expensive for NGOs. Thus, Google, with other Big Tech actors, has partnered with NGOs via its global TechSoup²² program to provide its services and devices (cloud storage, Google “AdWords,” YouTube Premium, etc.); as with similar, private-sector promoted initiatives such as Facebook’s Free Basics,²³ Google’s strategy via such programs likely goes beyond philanthropy and assistance, and may be connected to the well-documented history of cooperation between US tech giants and national security agencies. The example of Teplodigital program also shows the efficiency of the worldwide efforts made by the company to consolidate the hold of its “soft power” beyond conventional means of lobbying, such as a long-term work with the nonprofit sector, in particular, with NGOs defending internet freedom and digital rights, “influential in civil society and devoted to myriad missions, including shaping technology and privacy policy” (Jewler, 2015). Presenting itself internationally as a defender of free speech and a sponsor of human rights organizations and of international Human Rights events, Google is thus criticized to fund “those who might otherwise raise alarms about its practices” (Ibid., 2015).

More specifically for the Russian case, nonprofits’ partnerships with Big Tech actors appear paradoxically as a fallback solution, given the particularly tense context in which NGOs function in Russia, operating in quasi-“cold war” conditions, drastically reducing the opportunities for funding by international foundations and favorable to the official hunt for foreign influences. “My state is my main enemy” seems to be a formula that sums up well the polarized quasi-war situation in which the civil activists find themselves in their daily activities as well as in their social and professional representations. This trust in Google is indeed defined by this crude arithmetic of threats and power relations: “the enemy of my enemy is my friend.” Thus, the American Net giant is valued for what it is otherwise criticized for: its monopolistic position, which allows it to resist the Russian state and to comply only partially with its legislation.

8.3.6 “Shadow Libraries” as Knowledge Disseminators, between Conformity and Repression

Online user-generated “shadow” libraries may be seen as troublemakers that challenge the Russian sovereignization project in several ways. First, by disseminating texts without regard to their legal status, they defy the state’s increasing willingness to enforce copyright on the Russian web. Second, they challenge the cultural dimension of sovereignty: by creating an autonomous, uncensored text-sharing space, they thwart the Russian government’s desire to control the cultural consumption of internet users by filtering their access to cultural goods. And finally, by developing and promoting tools to circumvent website blocking, the administrators and users of shadow libraries contribute to public resistance to the sovereignization project.

Long blamed for numerous copyright infringements, especially by the US Creative industries (Kirya, 2011), Russian federation authorities gradually developed copyright legislation that not only meets global standards, but is aligned with its strictest versions (Alekseeva et al., 2013, p. 69). New internet control tools introduced in the 2010s have ensured its compliance on Russian territory. A year after the FZ-139 law adoption, in 2013, an “anti-piracy law” designed to apply the black-listing and blocking mechanism to copyright-infringing sites entered into force. Mobilizations against the “Russian SOPA” were numerous (Zasursky, 2016, pp. 62–63), and different struggles for digital freedoms converged in a common struggle for a “free RuNet.” However, the “anti-piracy” legislation has been reinforced ever since, integrating more actors and amplifying penalties.

In this context, Russian “shadow” mass-literature libraries, access to which was progressively blocked on the Russian territory since 2015, developed different survival strategies. A major concern is to ensure the sustainability and growth of the collections, which depends on the vitality of the community that nurtures it. Major sites, such as Librusec and Flibusta, operate in a Wiki-like way: texts and annotations are uploaded and corrected by the users themselves, thus ensuring the exponential growth of collections. Librusec’s administrator, Ilya Larin, relies on both code and text sharing – which he calls “cross-pollination” – to guarantee the survival of the ecosystem. Torrent distribution in one of the alternative dissemination channels. Torrents allow users to download the entire archives onto their computers, accompanied by a program that transforms it into a database for convenient use. Once the full database is installed on the computer, the user may download its updates. Thus, the library’s collection is replicated many times and kept not only online, but also offline. Its ability to be restored anytime makes its total disappearance impossible. The server on which the main collection is stored is also of great importance for the security of the library. The legislation of the country the hosting is located in must be sufficiently tolerant of copyright infringements.

Another important concern of these libraries is to ensure access to the collections on the Russian soil. The first way consists of multiplying “mirrors” in locations that are considered safe. For example, the .lib domain, ruled by Emercoin, is regarded as such thanks to its decentralized structure. In its current form, the Domain Name System root is under the centralized authority of Internet Corporation for Assigned Names and Numbers (ICANN, a Los Angeles–based nonprofit). In this system, every DNS record is kept by the DNS provider and can be blocked under political or commercial pressure; however, in a decentralized DNS each record is managed solely by its owner, and is readable by all users on the network²⁴. Networks that guarantee anonymity, like Tor and “Invisible Internet Project” (i2p), are also suitable to escape national constraints, which leads shadow libraries to have their “representatives” there²⁵.

The second way focuses on instructing users. Since the beginning of site blockages, libraries and forums have displayed lists of the technical means to escape the communication barriers created by RuNet service providers at RKN’s request. This dissemination of circumvention knowledge seems to be omnipresent and circulates through many channels: mailings, posts on social networks, or YouTube tutorials. The proposed solutions include the change of DNS server, browsers with turbo mode (Opera, Chrome, and Yandex),²⁶ or embedded VPN, special plug-ins for browsers, VPN services, Tor browser, and the use of anonymizers. Expert community members explain to nontechnical users how each method works and present its advantages and disadvantages (which are usually speed of execution versus simplicity of use). This mastering of circumvention tools today becomes a part of the know-how of every person visiting the shadow libraries.

In addition to the torrents mentioned earlier, library users and administrators compete in creativity to organize the distribution of new archive updates. Here again, the proliferation of means and media is the rule. For example, Librusec.ucoz, a forum common to several shadow libraries and which acts as a safe harbor in case the internal forum is inaccessible, has a section called “Our Tortuga”²⁷ centralizing the links to the updates of Librusek and Flibusta databases via free file-sharing sites.

In parallel to these friendly sites, the communities use social networks and messaging. For example, a bot on the Russian social media VKontakte allowed, for a while, to make a quick search in the shadow libraries and thus facilitate access in case of breakdown or blocking.²⁸ In June 2019, VKontakte and the publishing house Eksmo concluded a settlement according to which the social network has to check the legal status of all the books downloaded by users. However, this did not lead to the disappearance of the bot: in September, it was transferred to a safer storage medium.²⁹ After the tightening of VKontakte’s attitude toward illegal content, some shadow libraries began to actively use Telegram bots to distribute books, since this messenger was known to be tolerant to illegal content, thanks to the libertarian worldview of its owner, Pavel Durov. However, by August 2020, these bots would have stopped working, supposedly as a result of an agreement between Telegram and the Russian authorities.

8.4 Conclusions

This chapter has sought to provide an analytical overview of the ongoing processes related to infrastructure-based digital sovereignization in Russia, drawing from three years of fieldwork conducted in the frame of the ResisTIC project. Our overview of case studies has highlighted four recurring dynamics in the Russian state’s attempt to enforce digital sovereignty by infrastructure, as well as in strategies of circumvention and evasion enacted by different groups of actors, from civil society organizations to technical actors and “ordinary citizens.”

First, we have observed how the Russian government seeks to raise a series of obstacles against foreign techniques and alternative infrastructures, considered as “subversive.” Second, our research sheds light on the “collateral damage” resulting from the technical implementation of these infrastructure-based coercive measures, and the (often infrastructure-based, as well) attempts to remedy or mitigate this collateral damage; in doing so, it shows in parallel the extent to which such measures are frequently ineffective with respect to their intended purpose (on this point, see also Musiani et al., 2016). Third, we have followed the creation and development of new “digital national champions” under an increasingly close government supervision, which leads to pressures and manipulations exerted by the State on particular platforms and their algorithms, as well as to countermoves that can be surprising from the standpoint of a Europe- or United States-based scholar, such as, the trust in American “Net giants” as powerful actors able to stand up to the Russian government. Finally, we have highlighted the emergence of critique and circumvention initiatives among internet users vis-à-vis “governance by infrastructure,” and we have observed how these reactions contribute to the emergence of new forms of “resistance by infrastructure.” This approach by case studies provides a nonlinear, nuanced, and complex understanding of the specificities of RuNet governance, which mirrors the national conception of digital sovereignty, often described as a strictly centralized, top-down, and efficient information control system. Our chapter has proposed to pay attention to microtechniques of circumvention and shows how the discourse on internet sovereignty (and the subsequent demand for all information control technologies to be “made in Russia”) is currently giving way to two important paradoxes in the country. On the one hand, it can lead groups of activists and users whose main priority is to escape the Russian government’s surveillance, control, and sovereignization to end up spontaneously subjecting themselves to surveillance, control, and “sovereignization” originating in the United States. On the other hand, it opens up technical and legal opportunities for mundane resistances and the existence of “parallel” RuNets, where particular instantiations of informational freedom are still possible.

8.5 Overture: Ukraine, Internet as a Tool (and Battlefield) of War?

On February 24, 2022, the Russian military offensive against Ukraine is accompanied by an immediate reinforcement of censorship on the media as well as controls and blockages of the internet in Russia. The process of co-opting the internet as a tool in the warmongering policy of the Russian state is suddenly accelerating and making it possible to tighten the grip on the public space in the context of the war. This justifies the brutal tightening of the network of constraints that already weighed on both the actors and the digital infrastructures in Russia. On the one hand, the law is amended in a more restrictive sense, prohibiting any criticism of the army or any evocation of the term “war” (qualified as “special military operation”). This censorship leads many media to give up their publications. Criminal proceedings are initiated against independent journalists and opponents of the war while the repository of “foreign agents,” kept by the Ministry of Justice, is considerably longer.

When it comes to internet infrastructures, the topic of this chapter, the government is blocking international social networks (Facebook, Instagram, etc.) and strengthening its control over local digital players (VKontakte, Yandex, etc.). These decisions come as, under the effect of sanctions, a number of foreign digital operators have left the country and disconnected their infrastructure from the Russian network. The invasion of Ukraine by Russia, and the retaliatory international sanctions, makes visible the manifold dependencies of the Russian surveillance and censorship industry on foreign components, infrastructure, and know-how: for example, the lack of filtering software traditionally supplied by Western firms, such as Sandvine and Nokia, is heavily impacting the monitoring and blocking activities of the Russian government. Furthermore, this results in techno-legal loopholes and gray areas that create both uncertainty and opportunity for technical actors, such as internet service providers. It also leads to paradoxical situations for the government, such as the fact that, despite the discourse on sovereignty and despite the sanctions, the Russian central bank continues to use European certificates in order to give a stamp of approval to the activity of the RuNet technical actors.

While all of these dynamics are currently evolving at a steady pace and conclusions cannot yet be drawn from the situation, one thing is clear: internet governance has never been as close to a “global war” (DeNardis, 2014) as today, and the upcoming months and years will keep on providing illustrations of this problematic trend.

Acknowledgments

In addition to ResisTIC, several authors (F. Daucé, K. Ermoshina, B. Loveluck, F. Musiani) would like to acknowledge the research project that supports them at the time of this book’s publication on the topic of this chapter, DIGISOV “Digital Governance and Sovereignty in a Fractured World: Competing States and Circulating Norms” (2024-2027) ANR-23-CE53-0009-02, funded by the French National Agency for Research (ANR).

9 Brazilian Activism in Mastodon Sovereignty Discourses between Cyberlibertarianism and State-Centrism

Tales Tomaz

9.1 Introduction

One of the most resilient elements of the digital culture has been the free and open source software (FOSS) movement, which began with the purpose of developing software whose code is open, modifiable, and shareable. This activism has given birth to well-known initiatives such as Linux operating systems, the web browser Mozilla Firefox, the website creator WordPress, and the web server software Apache and Nginx, which together serve more than 60% of the most popular websites (W3techs.com, 2022). For the movement, technological infrastructure is too important to allow proprietary lock-in, an argument that resembles the rhetoric of control and autonomy over devices, software and data of digital sovereignty discourses (Couture & Toupin, 2019; Pohle & Thiel, 2020). More specifically, it belongs to the “commons digital sovereignty,” explained in the introduction of this book, which seeks to create digital public goods from the bottom-up, beyond state and corporate control.

The rise of corporate digital platforms led the FOSS movement to articulate specific sovereignty discourses and practices with regard to social media as well, advancing the model of federation. In this model, social networks should adopt open and interoperable protocols, allowing users to reach contacts across different federated networks (Gehl, 2015; Mansoux & Abbing, 2020). Since Elon Musk’s takeover of Twitter (now X), this alternative model of social networking has attracted more attention, as its spearhead Mastodon became the favorite destination of millions of Twitter users disappointed with the prospects of Musk’s leadership (Chambers, 2022). Mastodon is a Twitter-like software released in 2016 by the German developer Eugen Rochko that allows people to connect to the “Fediverse,” the ecosystem of federated social media, accounting for nearly 90% of its current active users according to the stats website “The Federation.”¹ Even corporate social media are slowly moving in this direction, as Meta anticipates EU regulation and plans to implement federation with the Fediverse and Mastodon in its newly launched Threads (MacManus, 2023).

There is already scholarly literature on federated social media and, more specifically, Mastodon exploring some social and political aspects: interoperability in the Fediverse as a model for competition in digital markets (Brown, 2020); the restructuration of online social interaction promoted by Mastodon’s design choices (Zulli et al., 2020); and internal pressures on Mastodon toward centralization (Raman et al., 2019). A dense discussion about federated social media appears in an essay by Mansoux and Abbing (2020), where they assert that the Fediverse represents a turning point in the politicization of FOSS activism toward a less neutral understanding of technological openness. Such a bold claim opens up the possibility that the Fediverse activism also advances a different understanding of digital sovereignty in comparison with FOSS historical claims. However, to the author’s knowledge, no literature on the Fediverse has addressed so far this issue. Furthermore, in countries from the Global South, FOSS activism has articulated digital sovereignty discourses that differ from the widespread narratives in rich countries, with the state as an active player supporting and implementing open technologies to achieve geopolitical sovereignty (Schoonmaker, 2018). Nonetheless, research on federated social media still misses the discussion about the participation of peripheral countries and their own appropriation of sovereignty discourses. This chapter aims to contribute to closing this gap in literature by investigating how Brazilian activists on Mastodon articulate concepts and practices related to digital sovereignty discourses and how this narrative relates to traditional claims within the FOSS movement.

In the first part, I discuss the relations of FOSS activism with digital sovereignty discourses. There is a growing body of literature dealing with the assumptions, implications, complexities, and contradictions of discourses on digital sovereignty, and this chapter will concentrate on the approaches by Stéphane Couture and Sophie Toupin (2019) and Julia Pohle and Thorsten Thiel (2020). In the second part, I analyze the digital sovereignty claims in Brazilian activism around Mastodon. For this, I briefly explain the context of the emergence of federated social media, as well as their political assumptions and implications that are relevant for digital sovereignty discourses. Finally, relying on data about country participation on Mastodon, participant observation and interviews with administrators and moderators of communities oriented to Brazilian people, I sketch an understanding of digital sovereignty by Brazilian Fediverse activists – narratives, actors, and the role of this technology in fulfilling their normative expectations – and discuss their presence and influence in the global movement, considering specifically the geopolitical dimension of their activism.

9.2 FOSS Activism in Digital Sovereignty Discourses

The roots of the FOSS movement lie in the 1980s, when hacker Richard Stallman (2002) started to develop software under the so-called “copyleft” licenses, that is, whose legal status sought to protect the right of users to further examine the code, modify it, and distribute new versions. Because of the influence of its founder, the ethical thinking emerged from this movement is called by Rappaport (2018) “Stallmanism.” Indeed, the hacker culture assigns great importance to some key figures, playfully called “Benevolent Dictators for Life” (BDFL), and Stallman is considered to be the first of them. Since then, the movement consolidated and expanded, playing a decisive role in the emergence of the digital commons and the culture of peer production (Benkler, 2006; Lessig, 2006). Gabriela Coleman (2004) argues that the FOSS movement is ultimately a struggle for freedom of speech by rethinking the naturalness of intellectual property, which in the 1980s had been extended into coding by public regulation in the interest of the corporate software industry. FOSS activists consider that this alliance between state and corporate power restrains freedom to work with computing and coding and, by extension, hackers’ freedom to express themselves (Coleman, 2004). Free software participants, thus, struggle to conserve, reinforce, and spread the software through which they communicate, collaborate, and coordinate themselves.

The community that follows the free software principles and ethical thinking is defined by Christopher Kelty (2008) as a “recursive public,” “a public that is vitally concerned with the material and practical maintenance and modification of the technical, legal, practical and conceptual means of its own existence as a public” (p. 3). Furthermore, by protecting the right of expression in code, FOSS activism intends to safeguard an important dimension of political freedom. They believe in the necessity to “include within the spectrum of political activity the creation, modification, and maintenance of software, networks, and [related] legal documents,” as these forms of expression “can both express and ‘implement’ ideas about the social and moral order of society” (Kelty, 2008, p. 8). In other words, not only the content expressed by technologies, but also their technical materiality matters, as it creates infrastructures that actually allow for expression and circulation of ideas, sometimes in very unexpected ways. Expanding freedom to use, examine, modify, and share source code is a way of assuring political debate regarding one of the most important realms of contemporary societies, namely the information and communication infrastructure.

Therefore, FOSS activism is full of references to actors and practices that restrain or enable freedom, and is directly oriented to create strategies for politicizing control over the digital infrastructure. These are typical features of digital sovereignty discourses, which “describe various forms of independence, control, and autonomy over digital infrastructures, technologies, and data” (Couture & Toupin, 2019, p. 2305). Nevertheless, digital sovereignty is a highly contested concept, with a large variety of connotations, very different actor arrangements, and competing normative practices (Couture & Toupin, 2019; Pohle & Thiel, 2020). For the structure of my argument, I will follow Couture and Toupin’s (2019) categorization with five clusters of discourses, namely “cyberspace sovereignty,” “state digital sovereignty,” “indigenous digital sovereignty,” “social movements and digital sovereignty,” and “personal digital sovereignty.”

FOSS is an important part of two of these discourses. First, free software appears in the category of social movements and digital sovereignty, which is equivalent to the “commons digital sovereignty” explained in the introduction of the book. According to this discourse, social movements should be entitled the capacity and, to a certain extent, even the responsibility to develop technological skills, programs, devices, and content outside the framework of commercial and state-sponsored infrastructures. Most initiatives in this kind of discourse promote FOSS, digital commons, encryption technologies, self-managed servers, among others (Couture & Toupin, 2019). Lately, this discourse centers on the critique of the use and ownership of users’ data by the corporate digital platforms, sometimes called GAFAM (Google, Apple, Facebook, Amazon, and Microsoft), whose surveillance business model represents a modern form of dispossession (Gosh & Couldry, 2020; Zuboff, 2019a).

Then, Couture and Toupin (2019) situate FOSS activism in the personal digital sovereignty discourse as well, which pleads for autonomy of citizens as individuals. Consumers and users should be empowered to make self-determined decisions facing commercial and state powers, including their own protection against surveillance. Measures in this case include “economic incentives for user-friendly and domestic technology development, but also the introduction of technical features allowing for effective encryption, data protection and more transparent business models” (Pohle & Thiel, 2020, p. 12).

However, the whole debate around technological sovereignty began before FOSS, tracing back to the 1960s and 1970s, when the geopolitical implications of the information and communication technologies were high on the agenda. Couture and Toupin (2019) report discussions in France, Canada, and Australia with the term “sovereignty” linked to technology, formulating an informational version of nationalistic concerns. Countries from the Global South also expressed very specific concerns in the debate. In the late 1970s, Latin American and African countries realized deep inequalities in the information technology sector, especially dependency because of their “lack of development of information productive forces such as computer and software industries” (Schoonmaker, 2018, p. 28). Data about their economies and citizens were stored and processed outside of their jurisdictions, spurring concerns on the perpetuation of global power inequalities and dominance. The discussion around strategies to tackle this power imbalance was a crucial part of the debates in the late 1970s and early 1980s around a New World Information and Communication Order (Schoonmaker, 2018). This history shows that a state-centered technological sovereignty discourse existed before the FOSS movement, and peripheral countries had a very specific position in this debate, underscoring the need of state-led action against global power inequalities.

The popularization of networked communication in the 1990s pumped up another kind of sovereignty discourse, focused rather on the promise of overcoming the state as boundary. Couture and Toupin (2019) call it the cyberspace sovereignty discourse. In this narrative, Westphalian nation-states should have no say on what the rules on the internet are supposed to be. Sovereignty here refers mostly to freedom for internet users from the state. This kind of discourse reproduces what Barbrook and Cameron (1996) called the Californian ideology, a mash-up of technological determinism and libertarian individualism that shaped technological development in the Silicon Valley. Cyberlibertarians distrust political institutions to a major extent and argue that the decentralization provided by digital technologies allows for better forms of organizing modern societies (Pohle & Thiel, 2020).

It is obvious nowadays that cyberlibertarianism is naïve regarding the power struggles in global capitalism. In fact, after some predominance of the cyberspace sovereignty, the 2010s witnessed a revival of state digital sovereignty discourses (Couture & Toupin, 2019; Pohle & Thiel, 2020). In its recent form, the most popular measure is data localization, whereby storage and processing of data should occur within national or regional jurisdictions. Some of these discourses focus more decisively on the economic dimension, highlighting the “autonomy of the national economy in relation to foreign technology and service providers” (Pohle & Thiel, 2020, p. 10). Measures here refer to incentives to the domestic economy and local competitors, usually part of a larger economic policy strategy. Couture and Toupin (2019) report a growing concern on the side of European governments throughout the 2010s, pursuing developments such as encrypted chatting functionalities, national emails, localized data storage, and restriction of European data flow within the continent (Pohle & Thiel, 2020). Despite recognition of the lack of political conditions, some scholars even plead for publicly owned or funded digital infrastructures, following the model of public service media, which could promote more democratic control over the internet (Fuchs & Unterberger, 2021; Morozov, 2019).

As with the early state-centered discourses, the Global South also positions itself considering global power imbalances. Brazil has performed a leading role among liberal democracies, especially under the presidency of Dilma Rousseff, with actions such as data localization and state investment in undersea cables (Schoonmaker, 2018). Much earlier and within a much bigger scope, China realized the need to develop its own state approach to the internet to ensure the achievement of its political, economic, and cultural goals (Jia & Winseck, 2018). Somewhat similar approaches have been either discussed or implemented in countries such as Russia and India.

Finally, Couture and Toupin (2019) identify a further category, the so-called indigenous digital sovereignty discourses, arguing for the inclusion of voices and rights of indigenous populations in the realm of digital data. They question, for example, the Western-centric prism of sovereignty based on territory jurisdiction.

All of these discourses articulate a particular arrangement of governments, market economy, and civil society as actors with possible agency over digital infrastructure, software, hardware, data, and content. Governments are addressed as either liberal democracies or authoritarian (and semi-authoritarian) regimes. Market economy is also referred to by two sets of actors: transnational companies headquartered in the United States – mostly the GAFAM – or regional/national market players. The civil society realm is divided into social movements or the individual person, usually addressed as user or consumer. According to Couture and Toupin (2019) and Pohle and Thiel (2020), FOSS actively participates in accounts that pose the first two groups – governments and market economy – as entities that control technologies, whereas the last group – civil society – should reclaim its independence and autonomy. In these accounts, the search and the agency for technological sovereignty come from civil society, not from the Westphalian nation-state or private business looking for economic sustainability. However, I argue in the following section that some peculiarities have to be considered, revealing a more complex participation of FOSS in digital sovereignty discourses.

9.2.1 FOSS in Cyberlibertarian and State Sovereignty Discourses

The first important element for a more complex understanding of FOSS claims on digital sovereignty is its relation with the cyberspace sovereignty discourse. As Coleman (2004) documented almost 20 years ago, hackers and developers often reject any deliberate politicization of their work, but FOSS clearly instantiates many liberal values. While the movement mostly relies on technical and economic rationalities as its justification, this conception is informed by a “taken for granted form of cultural liberalism,” expressed in Anglo-European ideas of individual autonomy, self-development, and a value-free marketplace for the expression of ideas (Coleman, 2004, p. 509). Since the consolidation of the surveillance business model of digital platforms, FOSS activism also stresses the liberal value of privacy, which hackers seek to embed in most of their discourses and practices (Mansoux & Abbing, 2020).

In fact, enthusiasts of FOSS and networked communication often emphasize the emancipatory potential of openness and decentralization, a typical reasoning in the liberal toolbox (Benkler, 2006; Lessig, 2006). In his philosophical inquiry on Stallman’s argument that proprietary software restricts users’ freedom and is unjust, Rappaport (2018) concludes that his ethical thinking poses an intrinsic moral value of freedom and autonomy that aligns with libertarian ethics. Ossewaarde and Reijers (2017) argue that the digital commons presuppose the atomized individual of neoliberal discourses and, at the end of the day, reinforces the cyberlibertarian ideology, a relation that is also constructed by Lund and Zuckerfeld (2020).

Coleman (2004) and Kelty (2008) warn against overstating the role of liberal ideas shaping the movement, as FOSS activism fundamentally begins not with ideologies, but practices of programming. That said, it is justifiable to argue that FOSS activism historically echoes libertarian discourses of cyberspace sovereignty in many aspects.

On the other hand, there are appropriations of FOSS activism, which ascribe a crucial role to the state in implementing technological autonomy and independence, problematizing immediate associations between FOSS activism and neoliberal thought. Recently, European activists have argued on the necessity of purposeful state investment on digital commons and FOSS as a digital sovereignty strategy (Bria, 2020, Reda, 2020). State intervention is required to protect the regional and national freedom to code software (and further forms of expressions alongside the spectrum of the digital commons) from dispossession strategies by foreign actors, fostering local digital industry and enhancing security. Following variations of this reasoning, several European municipalities have increased the presence of FOSS in their infrastructure, with Barcelona showcasing the success of this initiative (Calzada, 2017).

But even before this awakening in Europe, state power has been an active part of tech activism around FOSS activism in countries from the Global South. As early as in the 1980s, such governments articulated resistance to proprietary software and incentives to local and open-source industry. Brazil objected to the US copyright law on software until 1987, conceding after trade barriers to soya exports (Leister & Frazier, 2014). At the level of municipalities, the public sector began to embrace FOSS in the mid-1990s, whereas the federal government adopted it in 2003, under Lula da Silva’s administration. His government prioritized FOSS in public schools, and introduced support for hacker events and projects with copyleft licenses (Leister & Frazier, 2014). Much of this effort has been backpedaled since Rousseff’s term, but she still pushed forward an agenda of internet neutrality, which converges with FOSS activism in the efforts to expand the digital commons (Schoonmaker, 2018). Besides Brazil, other Latin American countries, such as Uruguay, Ecuador, Bolivia, Venezuela, and Cuba, have passed laws between 2004 and 2013 to migrate governmental data to systems operating with free software (Avila Pinto, 2018). Reportedly, India and Russia also have laws mandating open source software in several layers of state administration (Avila Pinto, 2018).

Thus, FOSS activism cannot be exclusively associated to social movements. FOSS embodies many aspects of cyberlibertarian discourses that should not be ignored, a perspective that could even undermine the organization of collectives such as social movements. At the same time, FOSS also appears on the other side of the sovereignty spectrum in variations of state-led discourses, with an early development in the Global South. State participation in the recursive publics of FOSS might sound contradictory for libertarians, but the referred actors from the Global South have rearticulated freedom discourse “beyond its original focus on individual rights and societal value” toward a geopolitical conception of “freedom within a context of relationships between states in the global economy” (Schoonmaker, 2018, p. 38).

This makes the position of FOSS activism in digital sovereignty discourses more complex, sometimes ambiguous and contradictory, beyond a straightforward identification with the social movements of the “commons digital sovereignty” narrative. Political, economic, and social developments have shaped FOSS, creating different opportunities and threats in this form of tech activism. Furthermore, the role of the Global South and its appropriation of FOSS for technological sovereignty have to be differentiated from general statements, as it not simply reproduces the efforts of US and European activists but also ascribes way more importance to state participation in a geopolitical context.

9.3 FOSS Alternative for Social Media Platforms

More recently, FOSS activism has also been concerned with the rise of corporate social media platforms. The business model of these platforms contradicts core values of the movement (Gehl, 2015; Maxigas & Latzko-Toth, 2020). These companies use people’s interactions to collect personal data, profile users’ behavior, and sell this targeting capacity to advertisers (Gosh & Couldry, 2020; Hildebrandt, 2018; Poell et al., 2019). Because of their need of data, they promote engagement at the expense of other considerations, strive for never-ending expansion of their user base, and adopt proprietary standards in order to gain more control over data collection and processing of information. Platforms are able to use these data to leverage power across several sectors and markets, benefiting from network effects and becoming infrastructure for much of modern life, including services historically associated in Western democracies with public values (Plantin et al., 2018; Taylor, 2021; van Dijck, 2020).

This societal phenomenon can be seen as a loss of control over personal data and a fundamental infringement of the right to privacy. In the liberal tradition, privacy is a human right, not by chance enshrined in the Article 12 of the Universal Declaration of the Human Rights. Understood as a protection against invasive inquiry, privacy is crucial to self-determination, and data-driven platforms seek to undermine it (Hildebrandt, 2018). Research has shown that people desire to control the information digital entities have about them, even if they feel unable to do so (Draper & Turow, 2019).

Digital platforms can also represent a loss of control over data at a societal level. Laura DeNardis (2012) argues that these digital information intermediaries “have diminished the capacity of sovereign nation states and media content producers to directly control information flows,” representing “a loss of control over content” (p. 721). Corporate digital platforms shifted to a central position in the public information ecosystem, as they became an important source of information and news consumption for an increasing amount of people over the world, especially in the Global South (Newman et al., 2023). While established media organizations still produce the bulk of the internet content actually consumed, social media platforms organize access to and consumption of this content, involved therefore in real-time decisions about which content is allowed, promoted, or removed (Gillespie, 2018; Jakubowicz, 2015; Napoli & Caplan, 2017). By voluntarily or obligatorily assuming the task to govern content and expression, private social media platforms accrue significant opinion and political power (Belli, 2017; Helberger, 2020). Examples are the constitution of the Facebook Oversight Board and platforms’ ban of former US president Donald Trump’s accounts in early 2021, as well as the siege by app stores and hosting services of the far-right social network Parler. Given the circumstances, many of these initiatives are welcome and can be justified according to Western standards. But they also point to a deeper question on whether few (US) private corporations should have the power to both amplify and curb speech, even beyond national jurisdictions. Scholarly literature has summarized this aspect as a concern regarding the privatization of the governance (Belli, 2017; DeNardis & Hackl, 2015).

Therefore, loss of control is perceived at both individual and collective levels. Reaction from FOSS activism comes with the argument that social networking does not need to operate this way (Gehl, 2015; Maxigas & Latzko-Toth, 2020). Accordingly, activists have come up with alternatives based on the concept of federation. This concept refers to a communication system where social networks use open and interoperable protocols and software, having the capacity to run independently but still allowing their communities to reach people with accounts in other networks (Brown, 2020). In contrast, in the model of corporate social media platforms, the company enforces its own messaging protocols, operated exclusively in software run on its servers, and this way restricts access to its user base, increasing the company’s power over users and their activities. The architecture of federated social media expects to make difficult, if not impossible, such a control and oversight of digital communication by a single entity.

In the last decade, the ActivityPub standard, developed by the World Wide Web Consortium (W3C), has evolved into an established protocol for the social media willing to federate, and this group of federated social media became known as the “Fediverse.” On top of this protocol layer, a number of software applications have provided the practical features for users’ communication. Created in 2016, Mastodon became the most important Fediverse software, employed by over 90% of active Fediverse users, according to the statistics of the website “The Federation.” In December 2022, two months after the conclusion of the Musk deal over Twitter, the Mastodon community had grown from around 500,000 to 2.5 million monthly active users, most of them disillusioned Twitter migrants (Chambers, 2022).

Mastodon reproduces the microblogging functionality of Twitter with the principles of the Fediverse, meaning that any person can host it on their own servers – each server installation is technically called instance – and connect to other instances. Each of them, in turn, keep independent administration and moderation, although administrators often coordinate actions. People who do not want to host an instance – the vast majority of current internet users – can register accounts in the hundreds of open ones, being subject to their rules. If the user wants to have another administration or moderation, they can move to other open instances, import their older list of contacts, and remain in touch with them. Differently from corporate social media, Mastodon software does not provide algorithmic curation of content, so that timelines strictly follow chronological order, and content curation depends exclusively on human decision-making, by both moderators and users. Design choices create several possibilities of account and post visibility, allowing users to decide to what extent they want their communication to be public.

The Fediverse explicitly seeks to offer an alternative to corporate control over social media communication, resonating with discussions on digital sovereignty. At a first glance, its decentralized governance might recall libertarian accounts of unfettered individual control over digital data and content. Indeed, a foundational manifesto of federated social media, the text A people’s history of the Fediverse (Freedombone.net, n.d.) argues that, from the point of view of privacy and security, the ideal approach for everything in the internet would be an individual governance of data, following the peer-to-peer model, with no servers as intermediaries. This way, each peer would be able to make their own decisions about who to connect to and what data to share. However, the text acknowledges that this approach has important drawbacks. It is ultimately inefficient, as it would cause “a lot of duplicated curation effort.” Furthermore, it overwhelms individual users who do not possess the interest and the technological knowledge to make these decisions. Federation is then considered a middle ground approach. Data can be collectively governed if there is closer connection between provider and user. This allows for better trust. Offloading preferences to affinity groups improves user experience and reduces cognitive workload.

Federation can be regarded as a further development of the original idea of decentralization in the imaginary of the internet, which would challenge the hierarchical capitalist mode of production and spur emancipatory effects in societies (Benkler, 2006). As already referred in the discourse of cyberlibertarians, decentralized organization should offer “a better tailored response to the complex demands of governing modern societies than is offered by traditional forms of political organization” (Pohle & Thiel, 2020, p. 4). In other words, this imaginary assumes that technical decentralization induces political emancipation. But this understanding has always faced several tensions. In some cases, the decentralized architecture of the internet is simply regarded as a myth, since its approach to information seems to reflect rather design for control, and not decentralization (Galloway, 2004). In addition, some argue that addressing power and conflict requires coordination, so that technical decentralization often leads to centralizing effects (Bodó et al., 2021). Moreover, the internet itself did not evolve as expected into a wholesome decentralized system, displaying some features of decentralization at the infrastructural level (Winseck, 2017), but strong concentration at other levels, such as content distribution (Helberger, 2020; DeNardis & Hackl, 2015). From a critical perspective, it is possible to argue that internet decentralization did not change any structural aspect of information capitalism. Nonetheless, the tension remains, and decentralized network architectures are still seen as a possible response to the dynamics of concentration, centralization, and capture in platform capitalism (Rosnay & Musiani, 2020).

In any case, the Fediverse also diverges from the historical approach of FOSS communities in some aspects. While FOSS communities have historically focused on addressing privacy through security technologies (end-to-end encryption, peer-to-peer topologies, etc.), in the Fediverse, development has focused rather on “building moderation tools, granular visibility settings for posts, and the possibility to block other instances” (Mansoux & Abbing, 2020, p. 133). Fediverse activists usually pose their refusal to automate moderation by means of algorithmic curation as an advantage. For this reason, Mansoux and Abbing (2020) assert that the Fediverse promotes a shift from technical to social understanding of privacy.

Furthermore, Mansoux and Abbing (2020) argue that the Fediverse represents a decisive politicization of FOSS. It departs from naïve notions of neutrality and openness in original FOSS activism, embracing a kind of agonistic pluralism, in Mouffe’s (2013) sense, that acknowledges the limits of connection and openness. This is materialized by allowing not only federation, but defederation and instance blocking. This design feature has been systematically used to isolate white supremacists and other far-right extremists that resort to the Fediverse to escape moderation policies from platforms (e.g., when the far-right social network Gab adopted Mastodon software in 2019, most relevant Fediverse instances took a coordinated action to defederate it and avoid user exposure to Gab’s content). This way, “non-Western views on democracy, secularism, communities, and the individual” can still express and coordinate themselves, but no group or ideology can claim full acceptance and reach in the public discourse, as there is no centralized public sphere anymore (Mansoux & Abbing, 2020, p. 131). Many of these design choices reflected demands from the LGBTQIA+ community, which saw the universalizing and amplifying features in corporate social media platforms as prone to abuse and harassment (Valens, 2019).

Therefore, the federation expressed by the Fediverse and Mastodon understands itself as a means of transferring power control over online communication from big corporations to communities and social movements, a historical claim of FOSS activism regarding digital sovereignty. At the same time, federated social media evolved in a way that challenges neutral openness in classical FOSS discourses. Because of these characteristics, Mansoux and Abbing (2020) conclude that the Fediverse represents a turning point in the history of the FOSS movement. However, although research identifies a more sophisticated political understanding in Fediverse activism, there is little attention to the dimension of geopolitical power. This is even more striking if one considers the tension North–South in the history of digital sovereignty discourses, including the appropriation of elements of FOSS activism in peripheral countries.

In the following, I analyze Brazilian activism in Mastodon in order to shed some light on this issue. Brazil belongs to the group of Global South and BRICS countries with a relevant history in digital sovereignty debates and, as shown in the following section, has activists engaged with Mastodon as well. Nonetheless, it is not clear the dimension of their activism with regard to the broader Fediverse movement, nor the specific imaginaries of digital sovereignty that fuel these activists in the margins of global capitalism. Learning the role of geopolitical imbalances in the discourses articulated by Brazilian Mastodon activists will help to understand which digital sovereignty can be expected from this FOSS iteration in countries from the Global South.

9.3.1 Brazil in Mastodon

Following a mixed-methods approach, I collected both quantitative and qualitative data between January and June 2021. Quantitative data refer to country location of servers, users, and content production provided by the website “The Federation.” These data were cross-checked with the website “Mastodon Instances”² and my own observation, having visited all 300 communities with more than 100 users. These data have some shortcomings, but can provide a better understanding of the magnitude of the geopolitical forces shaping Mastodon.³

Then, qualitative data help to understand the ideas and practices behind the numbers of Brazilian activism. For the purpose of this research, activists are defined as administrators and moderators of instances. I conducted five semi-structured interviews with activists from four (out of six then active) instances oriented to Brazilian people or Brazilian-Portuguese speakers, including the two largest ones. Administrators were asked about the reasons for creating a Mastodon instance, their views on the actors actually controlling digital social networking, the necessary practices to achieve the desired condition, and in which sense Mastodon contributes to this. As requested by most interviewees, I have done my best effort to safeguard their anonymity by not referring to any name, gender, role, and instance affiliation (see Appendix 1 for the interview protocol).

9.3.2 Brazilian Instances

Despite the global nature of the FOSS movement and Mastodon, many activists engage in nation-related practices. At the time of data collection, the active Mastodon communities oriented to Brazilian people or Brazilian-Portuguese speakers were “Masto.donte.com.br,” “Mastodon.com.br,” “Ursal.zona,” “Colorid.es,” “Bantu.social,” and “Brasileiros.social” (see Table 9.1 and Figures 9.1 to 9.5).

Table 9.1 Brazilian Mastodon instances: users and posts

Instance	Total Users	%	Monthly Active Users	%	Posts	%
masto.donte.com.br	454	14.6%	402	33.1%	380957	60.9%
mastodon.com.br	1482	47.7%	307	25.2%	64245	10.3%
ursal.zona	477	15.3%	294	24.2%	107033	17.1%
colorid.es	618	19.9%	161	13.2%	53577	8.6%
bantu.social	30	1.0%	30	2.5%	19297	3.1%
brasileiros.social	41	1.3%	22	1.8%	335	0.1%
TOTAL	3,102		1,216		625,444

Source: Compilation by the author, based on data available at https://the-federation.info. Latest update in June 2021.

Figure 9.1 About page of masto.donte.com.br Translation: “Masto.donte.com.br is an instance focused on Brazilian users, but users from other places (and languages) are welcome. Hate speech is prohibited. Users who do not respect the rules will be silenced or suspended, depending on the severity of the violation.”

Figure 9.2 About page of mastodon.com.br Translation: “Mastodon.com.br is an instance oriented to Brazilian-Portuguese speakers. Aiming to be an inviting and less toxic space, we intend to be an instance that welcomes people from all nationalities, ethnic groups, body formats, genders, diverse sexual identities and orientations, feminists, neurodivergents, independently from religion, race and political orientation.”

Figure 9.3 About page of ursal.zona Translation: “URSAL.zone is a moderate instance focusing on progressive, feminist and anti-fascist activists in Latin America opposed to all forms of oppression, exploitation and humiliation among human beings. Hate speech, propagation of lies and commercial pornography are prohibited. Read our Code of Conduct for more information.”

Figure 9.4 About page of colorid.es Text retrieved from their official English version: “Colorid.es (from colorides, ‘colorful people’) is an instance focused on the queer/LGBTQIAPN+ community. Anyone can make an account, but don’t be surprised if you encounter few het, cis and perisex people here. We take our rules seriously, so please read that section before making an account. Also, this is an instance primarily for Portuguese speakers. People who don’t speak Portuguese or who will also speak in other languages are welcome, though, as long as our moderation team can handle it!”

Figure 9.5 About page of bantu.social Translation: “Mastodon instance focused on non-white Brazilian people.”

The community “Brasileiros.social” was oriented to far-right supporters of former Brazilian president Jair Bolsonaro, had very low (apparently coordinated and unauthentic) activity, and was either silenced or blocked by the other networks. In late 2021, it was discontinued following up a scandal with the publication of classified documents in the instance (Poder360, 2021). All other communities were organically active and federated with one another. As evident in the descriptions, three of them (“Ursal.zona,” “Colorid.es,” and “Bantu.social”) were oriented toward specific social movements and highly moderated. The other two instances (“Masto.donte.com.br” and “Mastodon.com.br”) were more generic, but had moderation explicitly oriented to curb hate speech, harassment, and abuse, especially toward minorities and marginalized groups. For this reason, despite their different goals, these five communities were federated with one another.

9.3.3 Restoring Social Movements’ Autonomy Over Online Communication

In the Brazilian Mastodon activism, there is a clear arrangement of actors and a corresponding narrative on who has and should have control and autonomy over digital infrastructure, content, and data. Interviewees strongly endorse the critique that corporate digital platforms, the GAFAM, have excessive control over current online communication, reproducing the surveillance capitalism thesis (Zuboff, 2019b). They affirm that big companies are “monopolizing” (interviewee I2) the internet and harming the autonomy of citizens, who have to surrender their personal data to few stakeholders mostly located in foreign countries (interviewees I1, I2, I3, I4, and I5). But they also reveal concerns regarding the way state power can make use of the centralized data provided by few market companies, not only in authoritarian regimes, but also in liberal democracies, especially by the United States (interviewee I4).

While discussing this dominance, they advance a classical argument of FOSS communities: the nostalgia regarding the early days of the decentralized internet, which frames their normative expectations. All interviewees, at some point of conversation, refer to the need of returning to a stage of networked communication when the forces of commercialization did not colonize most online activities. Illustrating this argument, one interviewee said: “We have lost this spirit of the beginning of the internet, when you used IRC [messaging application], those obscure fora… And the data you put there were not monetized. These were discussions for the sake of discussions” (interviewee I4).

Accordingly, activists believe that the ideal situation would be the individual having full control of their social media data. An interviewee said: “Ideally control would be in the hands of users as individuals, at least controlling their own data” (interviewee I1). But collectives of the civil society are mentioned more often as appropriate agents of autonomy struggle in the digital realm. When asked about “sovereignty for whom,” interviewees focused on the collective organization and digital emancipation of the LGBTQIA+ community, people of color, people with disabilities, and indigenous people (interviewees I1, I2, I4, and I5). Some activists argue that these social movements should incorporate struggles for control over the digital infrastructure as part of their own struggles. One interviewee even asked: “Isn’t it absurd how progressive groups organise themselves on Facebook? It’s like Jews saying ‘let’s go to Auschwitz, we organise ourselves there and fight against the Nazis’” (interviewee I2).

This weighed approach regarding the roles and responsibilities of individuals and collectives shows that current Mastodon activism in Brazil is aware of the limitations of an unfettered individualist approach. In this sense, it distances itself from cyberlibertarian accounts that, as seen before, have historically marked much of FOSS activism. Activists fear excessively burdening citizens and users. Despite their appreciation of individual autonomy, they believe that responsibility – and the most promising results – lies on collective structures of governance (interviewees I1, I2, I4, and I5).

Furthermore, although activists concentrate on the agency of collectives from the civil society, they do not discard participation of the state in online affairs. Nothing close, however, to strong claims of state sovereignty discourses. For example, Brazilian administrators and moderators see no point in the main measure of the state digital sovereignty discourse, namely data localization (interviewees I2, I4, and I5). Server location of the Brazilian instances already indicates their flexible approach in this regard, as only one of the six communities is hosted in Brazilian territory. All others are in either the United States or Canada.

Interviewed activists are also skeptical of other ideas from the toolbox of state sovereignty discourses, such as publicly owned and managed social networking. None of them showed support to this measure, some were actually surprised about the possibility of such a debate. This does not mean that Brazilian administrators and moderators see no role for the state. “I don’t think that having a publicly-funded instance would be an advantage. Instead, it would be a good advantage if we had grants to support developers working on free software in order to bring this knowledge [to the country]. [Other possibility would be] funding for a research centre on the Fediverse at a Brazilian university” (interviewee I1). In addition, activists claim for public regulation to enforce transparency, an approach that later became central in the parliamentary proposal to regulate digital platforms (Tomaz, 2023). “Governments should not control what kinds of data are consumed, where they are transferred to or where they should be stored, but demand more transparency from these companies [digital platforms],” complemented another interviewee (interviewee I2). Thus, activism shows concern regarding the privatization of the governance of the public sphere, but from a perspective that is more akin to liberal discourses, whereby the role of the state is to offer good conditions for allowing the civil society to create its own solutions. In the case of social networking, this means regulating big business, investing in local technical knowledge, and providing population with appropriate media and data literacy (interviewees I1, I2, and I5).

Most interviewees appreciate what Mastodon offers to fulfill their normative expectations, namely to restore civil society control over social networking. Following the reasoning of the text A people’s history of the Fediverse (Freedombone.net, n.d.), interviewees adopt the argument that the Fediverse provides the conditions for a middle ground approach. It rejects platform centralization, but does not burden too much the individual. “Mastodon is a halfway, so to say, a transitional stage where power moves from the private hand to the collective, so you would be able to make collectives that can pull that power back to the user and eventually return it fully to the user,” said an interviewee (interviewee I1).

Furthermore, they value Mastodon’s rejection of algorithmic curation, which promotes more transparency regarding data. “Mastodon, despite all its problems and they are many, makes it easier to have some order because it is real people moderating, not algorithms, not big companies, not people who want your engagement for the good or the evil as long as it generates profit,” says an interviewee (interviewee I2). This confirms Mansoux and Abbing’s (2020) point on the shift to a social understanding of privacy and control.

However, the emphasis on technical affordances can still be felt in much of the conception of Brazilian administrators and moderators. This is the case when they relegate state-related investment to the technical development of free software, undermining the conditions for a political debate about publicly owned and managed instances. Another evidence comes from the fact that only one of the interviewees has no background as software developer (interviewee I3). By highlighting the technical aspect of federated social media, Mastodon activism risks reproducing some aspects of the belief in technological determinism that fueled the cyberspace sovereignty discourse.

9.3.4 Pitfalls of Resistance from the Margins

Finally, I address here the extent to which peripheral countries participate in Fediverse activism, shaping and adapting it to their specific demands. A simple comparison between the Brazilian internet population (around 160 million users in an overall population of over 210 million people) and the number of participants in Brazilian instances of Mastodon (merely 1,200 active users) exemplifies how fringe federated social media still are. The movement struggles to achieve any critical mass that would be able to meaningfully influence digital sovereignty in FOSS terms. Network effects favoring established commercial players and digital resignation, among other factors, play against such a community-led initiative. The long-term effects of the Twitter takeover by Elon Musk are yet to be seen, as this fact can be a game changer.

Even within the Fediverse itself, Brazil seems to be far away from the prominent role it has played in the broader FOSS movement in the past. Indeed, the whole Global South falls short of the contribution to the recursive public of the Fediverse. Despite constant growth since 2016, Mastodon remains largely concentrated in Europe and North America. In 2021, the United States, France, and Germany hosted 65% of all servers. Adding up Japan, this comes nearly to 80% of Mastodon instances concentrated in four rich countries. The Global South, on the other hand, is underrepresented. At that time, Brazil run 0.4% of the instances, and only China, another BRICS country, performed better (see Table 9.2). There is no evidence that this power imbalance has changed since the beginning of the Musk-motivated Twitter migration. The fivefold growth of active users since then remains astoundingly concentrated on the US and Europe. This clearly contradicts the history of geopolitical engagement of peripheral countries with FOSS, even more striking as the internet infrastructure itself has been tipping in the last two decades toward the BRICS and the Global South (Winseck, 2017).

Table 9.2 Participation of countries in Mastodon in 2021: instances, users, and posts

Country	Instances	%	Active Users	%	Posts	%
Top countries in terms of instances
US	581	24.37%	68,725	15.72%	52,177,794	14.53%
France	577	24.20%	51,340	11.74%	22,521,403	6.27%
Germany	394	16.53%	108,065	24.71%	52,035,253	14.49%
Japan	345	14.47%	118,101	27.01%	207,467,657	57.78%
China	101	4.24%	26,986	6.17%	7,601,084	2.12%
Canada	68	2.85%	3,691	0.32%	1,941	0.44%
UK	48	2.01%	7,036	0.62%	3,951	0.90%
Comparison with Brazil
Brazil	8	0.34%	1,224	0.28%	628,424	0.18%
TOTAL	2,380		437,822		358,749,149

Source: Compilation by the author, based on data available at https://the-federation.info. Latest update in June 2021. In this table, I consider only instances with more than one monthly active user.

My research does not allow to draw definitive conclusions on the reasons for this, but certainly economic constraints play a role. Costs of operating small instances, between 30 and 200 active users, vary between 50 and 400 dollars a year, and poor economies will certainly lack financial resources to sustain such a voluntary, non commercial effort. However, the governance structure of Mastodon also contributes to this situation. Despite the ideological stance for decentralization, governance is still centralized in key figures, undermining possibilities and interest of activism from the margins. Some activists criticize Rochko’s management and development of Mastodon as a reproduction of the “Benevolent Dictator For Life” model (Valens, 2019), an opinion shared by a moderator of a Brazilian instance who has engaged over years with Mastodon governance: “He [Eugen Rochko] is a very privileged person, who has a corresponding worldview that sometimes make it difficult for him to accept other perspectives” (interviewee I4). Reflecting on the development structure of Mastodon around a “benevolent dictator” and the overwhelming majority of Anglo-American white people, this interviewee reports that marginalized groups coming from the global periphery resist to join it: “This [the difficulties to participate in Mastodon] is especially true if we look at black people, indigenous peoples and many other marginalized groups who have several problems to express themselves and be heard by those who develop the software and moderate the communities” (interviewee I4). This interviewee complements: “The very few Black people who are on Mastodon now are there for the sake of resistance” (interviewee I4). According to this interviewee, it is common that persons from these countries and social groups come from Twitter and join a Mastodon instance for a while but, after perceiving its whiteness, return to Twitter, where there are already established communities such as the Black Twitter.

Thus, even if the Fediverse might be celebrated by its possibilities of decentralization, the lack of participation of the Global South in Mastodon brings again to the fore the shortcomings of merely technical approaches. More than openness and federation, politicization of social media infrastructure requires collaboration, negotiation, and explicit choices at all possible layers. “The code might be open, but there is no real collaboration if Eugen [and the small group of developers around him] is not open to discussion,” complemented the same interviewee (interviewee I4).

Despite the hurdles to actively participate in and shape the ecosystem of federated social media, Brazilian administrators and moderators see positive repercussions in their country, especially for the marginalized groups of populations. One interviewee reinforces this idea: “White, European, North American people still dominate the internet. Federated social media allow us to reach these marginalized people which Facebook and Elon Musk don’t know. Marginalized people fighting together with marginalized people” (interviewee I2). This must be read, of course, as optimism regarding the potential of alternative social media, and not as a factual observation, as Fediverse figures still do not allow to affirm any significant reach. At best, they suggest more autonomy and independence for some individuals within these collectives.

If, on the one hand, Brazilian collectives of civil society are meant to be empowered, the nation-state in its territorial sense, on the other hand, is not thought of as an actor that could enjoy more sovereignty with the Fediverse, weakening once more state digital sovereignty claims. The dismay in face of Bolsonaro’s ultraconservative government at the time of the interviews and the perception that the independence of Brazilian institutions was under threat, as some interviewees explicitly expressed (interviewees I1, I2, and I4), might have increased skepticism regarding strong sovereignty measures by the state, such as data localization and publicly funded internet services. Only one instance, “Ursal.zona,” considers the necessity of a more active role of the nation-state in the development of an independent Brazilian and Latin American digital communication.

This emphasis on collectives of the civil society when thinking about the Global South, instead of the territorial framing of nation-states, represents a reformulation of collective struggles that often favors cross-country allegiances around shared experiences and subjectivities over national solidarity. This is in line with late resignifications of the Global South beyond its geographical categories (Mahler, 2018). Nonetheless, there is also a risk in this approach, namely to excessively minimize the geopolitical dimensions of technological power. The business model of tech companies benefits from and reproduces, at least to a certain extent, the old patterns of colonialism and exploitation from the Northern nation-states, as scholars have increasingly argued (Avila Pinto, 2018; Couldry & Mejias, 2019). In fact, geopolitical power imbalance has been a matter of concern in digital sovereignty discourses from the Global South, including those which have focused on FOSS as part of the strategy (Schoonmaker, 2018), but it is almost non-existent in the discourse and practices of Mastodon activism in Brazil. Federated social media activists would provide an even richer contribution to the politicization of social media infrastructure if they could integrate into their framework a geopolitical dimension that acknowledges nation-state as a site of struggle, which also bears the capacity to tackle power imbalances and protect its citizens from exploitation.

9.4 Conclusion

In this chapter, I proposed to understand the digital sovereignty claims in Brazilian activism on Mastodon. Clearly this activism has a well-organized narrative and advances a politicized notion of digital social networking that differs from the alleged neutrality of the FOSS movement. It distances itself from individual claims of sovereignty by reinforcing the role of collectives of civil society in the management of the digital resources. The state is not rejected tout court. Activists expect it to regulate big business, making it more transparent, and support free software initiatives, which could expand the spectrum of alternative social media. But they clearly do not see an active role by the state such as operating publicly funded networks. Considering Couture and Toupin’s (2019) categorization, Brazilian activism positions the Fediverse in social movements and digital sovereignty discourses, roughly equivalent to the “commons digital sovereignty” explained in the introduction of the book.

However, Brazil and other peripheral countries still lag behind in their capacity of shaping the development of federated social media in the benefit of their populations. Shortcomings in the project, such as economic constraints in hosting networks and the predominance of male, white, Anglo-European people in both governance and usage, undermine participation from marginalized groups. In addition, Brazilian activism still attaches little value to the geopolitical dimension of struggles regarding social media, missing a historical contribution of technological sovereignty claims from the Global South and possibly a broader understanding of the conditions that sustain current power imbalances. Even if state sovereignty does not belong to the core concerns of Fediverse activists, it is unlikely that the sovereignty they aim at, namely of social movements, will succeed without resisting the nearly universal reach of corporate social media. This will require at least some alliance with local political and economic powers, without which federated online communication will continue to be a paper tiger fighting the enormous economic and intellectual resources available in the core of capitalism. At the time of writing, even after Musk has taken several controversial decisions, Twitter still has a hundred times more active users than Mastodon. Facebook, thousandfold.

Brazilian activism on Mastodon represents, therefore, a further step in the politicization of the FOSS movement and the commons digital sovereignty, away from any value-neutral thinking. On the other hand, it is departing from the historical politicization of global inequalities in technological power promoted by earlier FOSS appropriations in the Global South, which stressed the inexorable reality of state power in the reproduction of digital inequalities and upheld counterpower at the same level.

10 Conclusion Digital Sovereignty in the BRICS: Structuring Self-Determination, Cybersecurity, and Control

Luca Belli and Min Jiang

10.1 Introduction: Digital Sovereigns or Digital Subjects?

This chapter acknowledges both the fluidity and complexity of the notion of digital sovereignty, while also highlighting the necessity of digital sovereignty strategies, policies, and governance mechanisms, envisaged especially by leading emerging economies. As we discuss in the introductory chapter, digital sovereignty suffers from a lack of a consensus regarding both the substance and contours of the concept. In this regard, the analysis of various conceptualizations of this notion as well as its concrete implementations in BRICS countries allows us to move beyond the conventional, normative, state-centric approach toward “sovereignty” that dominates in Western scholarly, policy, and popular debates. Doing so also allows us to engage with how “digital sovereignty” is perceived and practiced in reality by not only nation-states but also empowered individuals, companies, indigenous populations, activist groups, and even supranational entities including the BRICS.

In this spirit, the chapter notes that digital sovereignty narratives and initiatives play a pivotal role in fostering self-determination,¹ while increasing cybersecurity capabilities and strengthening the capacity to exercise control over digital infrastructures and data of the various types of “digital sovereigns.” Importantly, depending on the conception of digital sovereignty that we decide to utilize and the initiatives at stake, a “digital sovereign” can be an individual, a community, a corporation, a state, or even a supranational organization.²

Indeed, the examples analyzed in this volume illustrate how individuals, communities, corporations, states, and supranational organizations can become digital sovereigns by understanding, developing, and regulating the use of digital technologies, according to their needs, aspirations, and values. Conversely, aspiring digital sovereigns can be turned into digital subjects when there is insufficient understanding, development, or command of such technologies even when “digital sovereignty” policies and plans are formally adopted.

As we contend along the chapters of this book, digital sovereignty is a multifaceted and contested concept. It may be considered something positive or negative, depending on who the sovereign entity is, and how the entity decides to structure its sovereignty capability. It is important to emphasize that remarkably similar policies may be aimed at defending a nation from cyberattacks or surveilling it, may strive to promote local talent, fostering the development of indigenous technologies, or blatantly enact protectionist agendas, preserving the position of cronies. Chiefly, the positive or negative assessment of this concept will strongly rely on how the construction and deployment of digital sovereignty affects the rights and agency of others. As such, the digital sovereignty label indicates the idea that digital sovereigns assert their agency, authority, and capacity to “pursue their economic, social and cultural development”³ through the digital technologies they use. Such a vision introduces a new element of complexity, dependent on the capability of a sovereign entity to understand and exercise power through technology without being necessarily bound to a specific territory. These elements challenge the traditional state-centric conceptions of sovereignty, which rely on a nation-state’s domestic authority and control over a given population in a specific territory and its monopoly in the definition of international legal instruments, alliances, and exercise of military power.

The concept of digital sovereignty does not obliterate the importance of the above-mentioned elements but brings to the fore the essential role of technology systems in expanding authority, self-determination, and control. In this perspective, a digital sovereign is the entity that owns, operates, and, ultimately, has the capacity to understand, regulate, and control the technology can and will be used. To appreciate the breath and relevance of digital sovereignty, it is therefore useful to emphasize the “structural power” of (digital) technology. The structural power concept was first elaborated by political scientist Susan Strange in States and Markets (1988). In her vision, power can be exercised not only through command and control and the ability to compel someone to do something by establishing regimes that regulate societies but also through the power to shape the structures defining the frameworks within which people, corporations, and states relate to each other.

Strange’s conception of structural power can be seen as a sovereign entity’s capability to shape the bureaucratic, commercial, or even technological “labyrinths” enabling interactions among people, organizations, businesses, and states. The sovereign defines where walls or doors will be in the labyrinth, shaping its “architecture” (Lessig, 1999a, 2006), thus ultimately exercising power by controlling and regulating the capacity of those who use the labyrinth to move and interact. In this sense, Strange’s work provides a useful perspective from which we can read Lessig’s concept of software and hardware architectures as regulation. Here, architectures act as constraints that can structure (cyber)spaces in both the physical⁴ and digital realms, determining whether specific behaviors are allowed by design, and thus playing a regulatory function (Belli, 2022).

Awareness of the use of digital technology for surveillance or “data colonialism” (Benyera, 2021; Couldry & Mejias, 2018) has been matched by the increasing understanding of the central role played by digital technology to structure national economy, society, and governance. Hence, understanding the relevance of the structural power of technology is essential to realizing the relevance of digital sovereignty and, more broadly, the regulatory function of technology (Benyera, 2021; Couldry & Mejias, 2018). It would be either incorrect or hubristic – or both – to argue that the nation-state is the only possible digital sovereign. Indeed, individuals, communities, organizations, and businesses that understand, develop, and deploy digital technologies can all be considered digital sovereigns as they are not only regulated by technologies but also enjoy self-determination thanks to technology and may even be able to elude the implementation of traditional state sovereignty through the exercise of their digital sovereignty.

As this volume demonstrates, especially from a Global South perspective, a very large spectrum of different entities may engage in understanding, developing, and mustering digital technologies. Importantly, as we have stressed previously, the entities that manage to become digital sovereigns are not only states. Community networks built and operated by local communities are interesting examples in this regard, which can be found in several BRICS countries. These crowd-sourced, bottom-up networks are excellent examples of entities pursuing a form of Commons Digital Sovereignty, which frequently emerges not only as a community-driven alternative to corporate and state approaches, but as a concrete strategy to cope with the limitations and failures of the traditional public and private approaches.

Internet access infrastructures created by local communities to overcome digital divides and achieve “network self-determination”⁵ illustrate that digital sovereignty can stem from the actions of empowered communities, where individuals cooperate to build technology, understand its functioning, and exert control over the local digital infrastructure, thus appropriate the benefits of tech-enabled social, economic, and cultural developments (Belli, 2017). The commons approach to digital sovereignty, with mounting evidence from several BRICS countries including Brazil, India, and South Africa, can be seen as a by-product of communities yearning for network self-determination (Belli & Hadzic, 2022; Belli & Hadzic, 2023; GISWatch, 2018). Indeed, such examples demonstrate that even vulnerable and marginalized communities such as Brazilian quilomobola⁶ women or rural communities and slum-dwellers in South Africa and India can become the protagonists and participants of their digital futures, learning how to build and use new digital infrastructures and new services for the local communities, based on the needs and characteristics of the local communities.

Indeed, as we have demonstrated in the chapter of this volume, digital sovereignty is not only fostered by states but can also be crafted by local communities. Despite not having explicit digital sovereignty agendas, community networks offer intriguing examples of “good digital sovereignty” (Belli, 2023), illustrating how new digital architectures can be constructed, managed, and self-regulated using a bottom-up approach (Belli, 2017). They tellingly demonstrate that internet connectivity and entire digital ecosystems can be built by the local communities for the local communities, demonstrating that groups of individuals that previously were scarcely connected or totally unconnected can become digitally sovereign. Such commons-based conception of digital sovereignty can not only lead the local community to start understanding the functioning and developing digital technology but also strive to shape their economic, social, and cultural developments (Belli, 2017; Belli & Hadzic, 2022; Belli & Hadzic, 2023; Bidwell & Jensen; 2019; GISWatch 2018).

Besides providing access to previously disconnected populations, these community networks also give rise to an ample range of positive externalities, including the construction of new infrastructure with limited investment, the engagement of locals in the development of new self-governance models, the revitalization of social interactions among local community members, and the emergence of new opportunities for accessing information, learning, doing business, and creating employment (Belli, 2017; Bidwell & Jensen, 2019).

In this perspective, these initiatives are real laboratories of digital sovereignty for local communities that experiment with digital technologies to understand their functioning, thus developing a better understanding not only of the technology itself but of the type of governance and regulation compatible with their community. It leads the local communities to develop “good digital sovereignty,” thanks to their capacity to understand, develop, and regulate their local digital ecosystems, while connecting them to the global internet (Belli, 2017; Belli & Hadzic, 2023).

It becomes increasingly evident that a comprehensive plan guided by a long-term perspective is essential to the successful implementation of digital sovereignty initiatives. Those who manage to do so may have a better chance of becoming digital sovereigns, where they can avoid or minimize the risks brought by technical and economic dependence on foreign technology. Those who do not may turn into digital subjects (or digitally colonized) by other more powerful digital sovereigns. Unfortunately, the “vision” of digital sovereignty of most states often lacks farsightedness and a holistic approach to this issue.

Importantly, a variety of different goals may be explicitly or implicitly included within digital sovereignty narratives, as digital technologies and their structural power can facilitate enormous social and economic advancements but can also be weaponized against individuals, corporations, and nation-states. In such contexts, this chapter takes a more agnostic approach toward digital sovereignty, exploring a selection of practices and providing insight into what this concept means in practical terms. In this respect, BRICS countries’ approaches offer some telling examples of how and why the need for digital sovereignty can emerge as well as how confused, contradictory, and even dysfunctional the implementation of policies aiming at digital sovereignty can be.

10.2 The Emergence of the Digital Sovereignty Discourse in the BRICS

The heterogeneity, cultural richness, and historical backgrounds of the BRICS are also reflected in their diverse approaches to digital sovereignty. The differences in their state digital sovereignty strategies can be partly explained by their divergent political stances.

As noted by Johannes Thumfart’s contribution in this volume, Russia and China, and to a lesser extent India, have traditionally played an antagonistic role to the digital superpower, the US, and have structured their approaches to digital sovereignty based on such antagonism. Their clear intention to avoid reliance on US technology is a decades-long strategic choice. Historically, the RIC⁷ countries have not only had a strongly suspicious and frequently confrontational attitude toward the US but also associated dependence on US technology with high risks.

A telling example is the existence of alternatives to the Global Positioning Systems (GPS), which was established by the US in the late 1970s. GPS, an essential component of a wide range of digital products and services, plays a critical role for many for military technologies used for defense purposes. Out of the five alternatives to the dominant US system, the first three were developed by Russia, China, and India.⁸ The EU and Japan have also decided to create alternative systems in recent years as they become increasingly mindful of how critical it is to be strategically autonomous.⁹

India, Brazil, and South Africa have also strong historical reasons for being particularly attached to their (digital) sovereignty. These span from postcolonial resentments against imperialist attitudes of old colonizers, feeding several decades-long engagements in “South-South cooperation” (The South Commission, 1990)¹⁰ through numerous initiatives, such as the Group of 77, the Non-Aligned Movement and Group of 15, the IBSA Trilateral¹¹ and, finally, the BRICS grouping.¹² These countries also harbor strong sensitivities stemming from the US abuses of its dominant position in the digital realm.

Such egregious abuses have pushed the BRICS to seek alternative paths of digital development and policymaking. Notably, former NSA contractor Edward Snowden revealed the Brazilian head of state Dilma Rousseff herself was personally a victim of illegal wiretapping (MacAskill & Dance, 2013). Such an episode represented a true wake-up call for the BRICS grouping. Indeed, post-Snowden, BRICS nations have been reorganizing their postures to enhance their cooperation on digital matters – especially in cybersecurity (Belli, 2021a, 2021b, 2021c) – as a reaction to the unlimited digital sovereignty exercised by the US globally.

Snowden revelations exposed the strategic risks associated with the massive use and dependence on foreign technologies. The real costs of “free services” are paid de facto by granting a license to large-scale collection of personal data as well as the consequent loss of privacy, competition, sovereignty, and informational self-determination.¹³ However, it may be argued that the actor mainly responsible for the global awakening of the risks associated with the “weaponization” of digital policies was the Trump Administration that frequently targeted adversaries with several executive orders (Jiang, 2019) accompanied by bombastic announcements via social media.

Indeed, the periodic use of executive orders in prohibiting US tech firms from supplying software or hardware components to Chinese manufacturers such as ZTE and Huawei has led many governments and businesses around the world to reconsider their supply chains and grasp the importance of digital sovereignty in terms of strategic autonomy, self-sufficiency, and self-determination.¹⁴ While such concerns have been particularly acutely felt among BRICS countries, many Western countries shared them as well, especially at the EU level (von der Leyen, 2020).

Recent years have witnessed the considerable transformation of the perception of digital sovereignty from an initial negative connotation associated with authoritarian ambition to a more positive conceptualization for recognizing its relevance in community, national, and international agendas. A growing chain of events has shown there are concrete risks associated with the inability to exercise digital sovereignty, thus being subject to the unilateral decisions of those able to assert agency, power, and control over digital infrastructure, data, services, and protocols. Indeed, the notion of digital sovereignty gradually progressed from a niche concept, primarily supported by China and few other developing countries, and frequently purported as an autocratic cliché, to a mainstream issue now advocated by EU leaders as an essential tussle to reassert strategic autonomy.

10.3 Resisting Foreign Espionage, Meddling, and Sanctions

We must note that the various initiatives that emerged over the past decade in the BRICS countries and beyond to pursue digital sovereignty have not been merely motivated by a mere desire to avoid US espionage. On the contrary, the increasing awareness of the US’s invasive behaviors through its technological apparatus has led BRICS countries to realize that without alternatives, their technological disadvantage would have led to irreversible economic dependence and ultimately (digital) colonization.

First, on top of fearing being victim of weaponized digital policies, countries around the world understand that the main concerns raised by Edward Snowden in 2013 remain substantially unchanged. In July 2020, the European Court of Justice (ECJ) in its Schrems II case invalidated the Trans-Atlantic transfer of personal data from the EU to the US due to the nature of US government access to data held by American corporations under existing intelligence activities. Particularly the Court held that such activities undermine “the minimum safeguards resulting, under EU law, from the principle of proportionality, with the consequence that the surveillance programmes based on those provisions cannot be regarded as limited to what is strictly necessary” (Data Protection Commissioner v Facebook Ireland Ltd, 2020, para 184).

To understand why the digital sovereignty sentiments have been growing globally, motivated by mistrust toward dominant US technologies, it is instructive to consider the normative analysis of the ECJ. Section 702 of the Foreign Intelligence Surveillance Act (FISA) authorizes the collection, use, and dissemination of electronic communications content stored by US platforms (such as Facebook, Google, and Microsoft) or transported across the internet’s “backbone” infrastructure, thus compelling US connectivity providers (such as AT&T and Verizon) to cooperate with national intelligence agencies (Data Protection Commissioner v Facebook Ireland Ltd, 2020, para 184).¹⁵

The reactions that this situation triggered in the BRICS countries are tellingly illustrated by former Brazilian President Dilma Rousseff’s opening remarks at 68th UN General Assembly, describing the NSA scandal in the following terms:

As many other Latin Americans, I fought against authoritarianism and censorship, and I cannot but defend, in an uncompromising fashion, the right to privacy of individuals and the sovereignty of my country.

In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy. In the absence of the respect for sovereignty, there is no basis for the relationship among Nations.

We face, Mr. President, a situation of grave violation of human rights and of civil liberties; of invasion and capture of confidential information concerning corporate activities, and especially of disrespect to national sovereignty. (Rousseff, 2013) [emphasis added]

It is in this context that BRICS countries have started some of their most ambitious initiatives aimed at reasserting digital sovereignty, both independently and as a grouping. Since the BRICS Summit issued the 2013 eThekwini Declaration and Action Plan in Durban, South Africa, BRICS nations have made explicit their desire to enhance their cooperation on cybersecurity, expressing for the first time their desire “to contribute to and participate in a peaceful, secure, and open cyberspace” while calling for the elaboration of “universally accepted norms, standards and practices” (BRICS, 2013). Consequently, BRICS leaders established the “Working Group of Experts of the BRICS States on security in the use of ICTs” with a mandate to, inter alia, “develop practical cooperation with each other in order to address common security challenges in the use of ICTs” (BRICS, 2015).

Individual initiatives also followed suit as the governance, regulation, and development of digital technologies have swiftly gained prominence in each BRICS country’s agenda. In 2014, Brazil approved its Internet Rights Framework (Marco Civil da Internet) to regulate inter alia data protection in the online environment and agreed to start the construction together with the EU of EllaLink,¹⁶ a new submarine fiber-optic cable. This cable connects Seixas, Portugal directly with Fortaleza, Brazil without having to pass through Miami, US, where all previous submarine cable landed as part of US telecom backbone. The inauguration of EllaLink in June 2021, after several years of development, is an example of an infrastructure initiative aimed at strengthening digital sovereignty to enhance strategic autonomy from US technology while reducing dependency on US suppliers.

The considerable time and financial cost of the initiative, however, are also a stark reminder of how complex it is to build such strategic autonomy, how necessary it is to adopt a systemic long-term plan, and how difficult it is to maintain a particular digital sovereignty stance in an unstable geopolitical environment. Understanding how digital technologies works, crafting a sound and comprehensive strategy to frame their governance, securing adequate resources to implement such a strategy, and having a stable environment to avoid disruption are key elements in implementing digital sovereignty, be it exercised by individuals, communities, corporations, states, or supranational entities. Such elements are much easier to crystallize in countries that enjoy strong political stability and a systemic approach to technology, while they are much rarer in countries where administrations lack technological understanding and subsequently hold radically different – or frequently contradictory – postures toward digital sovereignty.

Within BRICS, China is clearly a country enjoying relative political stability, systematic governance, and deployment of digital technologies. However, even the presence of these elements does not guarantee the achievement of digital sovereignty without a long-term plan. For example, in Russia, the regulation of internet infrastructure and calls for cyber sovereignty started to appear as early as the 2010s. Since then, a number of initiatives have been gradually implemented over the subsequent decade with the goal of achieving digital self-sufficiency and enhancing the country’s digital cyber-control, cyber-defense, and offense capabilities. Importantly, Russia, China, and other members of the Shanghai Cooperation Organization (SCO) released the first version of their International Code of Conduct for Information Security, updated in 2015, stressing that “policy authority for Internet-related public policy issues is the sovereign right of States.” (Ministry of Digital Development, Communications and Mass Media of the Russian Federation, 2015).¹⁷

In 2012, Russia established a legal framework for website blocking and in 2015 introduced data localization provisions, which mandate the storage of personal data in servers located in the national territory (Shcherbovich, 2021). These policies laid the ground for the institutionalization of the “internet sovereignty” discourse, articulated by Deputy Chairman of the State Duma Irina Yarovaya and consecrated into legislation in 2019, frequently dubbed as “Yarovaya Law” (Shcherbovich, 2021). Russia has dedicated considerable efforts to territorialize its digital infrastructure¹⁸ and exert control over information flows in a bid to not only assert control over the national digital environment but also resist foreign cyberattacks and skirt the disruptive effects of foreign sanctions. The establishment of a national segment of the internet, known as the “RuNet,” heavily reliant on the adoption of Russian hardware and software facilitates the pervasive control of information flows by Russian Internet Service Providers, while also providing strategic autonomy to a country that has massively bet on digitalization.

It is important to note that the Russian case illustrates the juxtaposition of cybersecurity, digital sovereignty, and (social) control narratives. Undeniably, the Russian government has frequently utilized the same measures that are branded as enhancing digital sovereignty to monitor Russian citizens and unduly block undesired content online.¹⁹ As argued in this book by Olga Bronnikova and colleagues, the implementation of the various iterations of SORM (System for Operative Investigative Activities) illustrates how digital sovereignty and cybersecurity discourse may also represent a convenient way to expand national surveillance operations.

However, the Russian push for the “sovereignization of the internet” (Grover & Thomas, 2021) has been justified not only by the fear of foreign meddling exposed by Snowden revelations or the willingness to control online speech but also by the increasing need to develop a self-sufficient national network able to resist the disruption of foreign sanctions and mitigate foreign cyberattacks on national digital infrastructure as seen in Russia’s ongoing war in Ukraine. For instance, in June 2019, the New York Times reported that the US Cyber Command was stepping up its “digital incursions” into Russia’s electric power grid in accordance with the Command’s attributions to “conduct clandestine military activity to deter, safeguard or defend against attacks” (Sanger & Perlroth, 2019).

Concrete initiatives aimed at constructing digital sovereignty in Russia have emerged partly out of the need for survival. This is the case of Mir,²⁰ a Russian payment system established in 2014 to overcome total denial of e-payment service imposed on Russian banks by US-based Visa and MasterCard. After the annexation of Crimea, US sanctions against Russia left millions of Russian customers with no access to credit card services. As a response, the Central Bank of Russia established Mir that is fully operated by the Russian National Card Payment System, a subsidiary of the Central Bank of Russia. This episode demonstrated that digital sovereignty initiatives often emerge out of the perceived risks of disruption and the possible weaponization of foreign technologies on which a country, an individual, a community, or a corporation relies.

Similar considerations can be seen in the ambitious plan of BRICS countries, chiefly China and Russia, to develop their own national digital currencies²¹ in a bid to compete with and reduce dependence on the US dollar at the international level, enabling a process of “dedollarization” (Huang, 2020). Furthermore, as stressed by Hariharan and Natarajan in this volume, the consequences of the Visa-MasterCard episode are far from trivial and represented a further wake-up call for the BRICS nations, only one year after the NSA scandal. Increasingly aware of the risks linked to overreliance on foreign technology, India launched the development of its indigenous payments system, the Unified Payments Interface (UPI) and the National Payments Corporation of India (NPCI), as well as the Digital India²² program. As we will argue in the following section, the ultimate goal of the latter plan is the development of a digital public infrastructure (DPI) that enables India’s digital transformation by fostering the emergence of a sound national digital ecosystem and reducing the country’s reliance on foreign hardware and software, thus reasserting digital sovereignty.

Lastly, it is also interesting to note that similar concerns and increasing alignment of Russia and India regarding the relevance of their digital sovereignty on electronic payment systems also emerged from the countries’ explicit political statements. Indeed, in late 2021, India and Russia expressed interest in enhancing their cooperation toward the mutual acceptance of national payment systems within their respective national payment infrastructures, promoting “interaction of Unified Payments Interface (UPI) and the Faster Payments System of the Bank of Russia (FPS). [In this occasion, t]he Russian Side invited Indian credit institutions to connect to the financial messaging system of the Bank of Russia to facilitate faultless interbank transactions” (Ministry of External Affairs of India, 2021).

Importantly, the relevance of digital payments systems is fundamental from a state digital sovereignty perspective, especially for giant countries with large populations such as the BRICS. On the one hand, e-payments have been traditionally controlled by dominant US providers such as Visa and MasterCard, thus creating an enormous vulnerability for all countries relying on such systems, as the abovementioned Russian example illustrates tellingly. On the other hand, electronic payments have garnered major relevance due to the enormous amount of data and revenue they generate. Aware of the strategic importance of e-payments, BRICS nations have heavily invested in this data-intensive sector.

In less than a decade, China, India, and Brazil have become global leaders in instant online payments, leapfrogging virtually all developed countries (ACI Worldwide & Global Data, 2022).²³ India and China have achieved the first and second positions of the global ranking of countries with highest number of real-time online payments. Even more impressively, Brazil has reached the top ten of the ranking, starting from the bottom, in only two years since the introduction in 2020 of Pix, its national digital payment system established by the Brazilian Central Bank.²⁴ Although not always mentioned explicitly, digital sovereignty is becoming the key concern underpinning new digital payment initiatives in the BRICS. Pix is now used by 70% of Brazilians to transfer money at no cost, while before its introduction the only available option to process instantaneous electronic payments was to use the networks of foreign e-payment giants such as Visa and MasterCard, which charge a 3% fee on each transaction besides centralizing data collection of all their users (Belli, 2023). These latter points are the main reasons why the development of public digital infrastructures such as Pix are enormously relevant from a “good digital sovereignty” perspective: it democratizes digital payments, reduces market and data concentration, and provides unique insight onto the national economy to the Central Bank of Brazil (rather than to two foreign actors), thus reverting a trend many scholars have defined as data colonialism (Belli, 2023).

This concern was evident in the Brazilian Central Bank’s order to suspend the plan of WhatsApp – the dominant instant messaging app in Brazil, owned by the US conglomerate Meta – to introduce the app’s own payment system several months before the release of the Pix payment system (Mandl & Versiani, 2020). The rationale of the Brazilian Central Bank’s order is that the first mover advantage of WhatsApp – the use of which is subsidized to consumers by all Brazilian operators in the context of the so-called “zero-rating” schemes²⁵ – would have created “irreparable damages” to competition, privacy, and data protection in Brazil. Hence, the suspension of WhatsApp’s plan was necessary to “preserve an adequate competitive environment that can ensure the functioning of a payment system that is interoperable, fast, secure, transparent, open, and cheap” (Banco Central do Brasil, 2020).

We are witnessing a new generation of techno-regulatory initiatives that aim at embedding digital sovereignty into technology. This new approach to policy and regulation by technology, seen from the BRICS experiences, deserves academic, policy, and public attention. While not necessarily a trend toward techno-authoritarianism where technology becomes an instrument of control, embedding digital sovereignty into technology can also be a positive exercise of self-determination. The India Stack, for instance, fosters the digitalization of the entire country through the development of digital public goods based on open source technology. It is a fascinating example of digital sovereignty fostered by the state but implemented in a decentralized way by technologists through technology, no less effective than state policy. This and other initiatives from BRICS and the Global South need to be carefully studied and understood by researchers, policymakers, and civil society advocates alike, as it holds promise to a future shape of governance, policy, and regulation.

10.4 Resistance to Data Colonialism or Construction of Digital Protectionism?

Digitalization can enable important benefits but depending on how such a process is structured, it may also entail considerable risks for state digital sovereignty. Such considerations particularly relate to extensive adoption of foreign software, introducing risks spanning from unsustainable dependence of both private and public sectors on foreign technology to various threats to national security, uncontrolled extraction of strategic national resources – notably (personal) data of entire populations and economic sectors – and unfair competition. In this perspective, as we have noted in the introduction, Brazil was a pioneer of software autonomy through a Commons Digital Sovereignty stance more than two decades ago.

Indeed, the Lula administrations of the 2000s realized that by being a mere software consumer, Brazil was facing an unsustainable future, destined to be a digital vassal like most other countries. In retrospect, the Free Software policies adopted by Brazil 20 years ago – and unwisely reversed, under the Temer administration – were remarkably forward-looking in reducing software dependency and public expenditure, while enhancing security and control over Brazilian digital infrastructures. Even if these policies have never been explicitly labeled as “digital sovereignty,” they are some of the earliest and strongest examples of State Digital Sovereignty.

It is also necessary to stress that digital sovereignty policies may also be primarily driven by economic protectionism. Indeed, a further element of complexity in digital sovereignty discussions is the potential protectionist dimension. Digital sovereignty narratives lend themselves well to the inclusion – and to some extent confusion – of a variety of goals, including resistance to data colonialism (Ávila, 2018), the implementation of digital development agendas, the establishment of protectionist measures, the tightening of social control, and political exploitation of post-colonial resentments.

Digitalization can enable important benefits but, depending on how such a process is structured, it may also entail large risks. China and India provide interesting insight in this regard. While the Snowden revelations have triggered vitriolic reactions in the Brazilian government and boosted Russian plans for “internet sovereignty,” the Chinese authorities perceived them as exposing China’s vulnerable position as long as it relied on foreign technology. The Chinese approach to digital technology has been extremely cautious, understanding not only the potential of digital technologies to foster development but also the importance to assert control at the national level.

From the perspective of the Chinese authorities, the 2013 Snowden revelations and the 2014 US sanctions on Russia have exposed both external and internal threats. The reliance on and limited control of foreign technologies undoubtedly created vulnerabilities for both external and internal actors. Furthermore, China perceived its strategic disadvantage in a global digital economy dominated by US technologies, as well as a situation of weakness in a global digital governance landscape dominated by Western actors’ narratives. Clearly, in the Chinese authorities’ view (Arsène, 2016), this situation called for an immediate and organized reaction, carefully blending policies, politics, and developmental approach to redefine Chinese digital sovereignty.

In 2014, the Xi Jinping administration established the Cyberspace Administration of China (CAC) and the Central Commission for Cybersecurity and Informatization, creating a new cybersecurity and informatization xitong, a cluster of institutions with various digital-related competences, which has been personally chaired by Xi Jinping to date (Creemers, 2020). In the same year, the first World Internet Conference (WIC) was organized, creating a China-led global multi-stakeholder forum on digital governance. The first Wuzhen Declaration, proposed as a WIC outcome, featured “cyber sovereignty” in a prominent position among the advocated principles. In the following year, at the opening ceremony of the WIC 2015, President Xi Jinping himself stressed the importance of every country’s right “to choose its online development path, its network management model and its public Internet policies, and to equal participation in international cyberspace governance” (Xi, 2015).

Simultaneously, China started paying more close attention to digital innovations. It is hoped through innovations Chinese researchers, developers, and ultimately the Chinese state could achieve a sovereign position rather than relying on existing Western, mainly US, technologies. Due to reduced production costs and increasing advancement in Chinese technology competitiveness, the production and large-scale exportation of Chinese hardware seemed to have solidified and expanded the Chinese state’s digital sovereignty. Not surprisingly, the Internet of Things (IoT), featured as a prominent area of the “Made in China 2025” strategic plan in 2015, aimed to expand China’s development of connected devices to reach 95% of the market by 2025. Such ambitious goals were part of the comprehensive “Digital Silk Road” initiative and the larger Belt and Road Initiative (Jiang, 2021).

Artificial Intelligence (AI) appears to be another area of essential importance for the preservation and expansion of Chinese digital sovereignty. The Chinese State Council issued an AI Development Plan in July 2017, prompting various initiatives from local governments and businesses to establish AI funds and local plans with the goal of becoming the world’s “primary” AI innovation center by 2030 (Ding, 2018). The goal of such a plan aims to reproduce the success of the State Council 2015 Plan for “mass entrepreneurship and mass innovation” that created thousands of technology incubators, entrepreneurship zones, and government-backed funds in attracting an enormous level of private venture capital.²⁶ At the same time, since 2018 China has started piloting the inclusion of computer coding in the curricula for primary and middle school students. Since 2020, such curricula were incorporated into national planning, denoting a clear understanding of the key role of digital capacity building to achieve full digital sovereignty (Zou, 2020): only a country whose population knows how to develop and use digital technologies can truly be digitally sovereign.

Hence, apart from the yearning to resist US intelligence programs, BRICS countries initiatives demonstrate that an equally, if not more, relevant preoccupation is the preservation and expansion of the local digital economy while avoiding digital colonization. However, understanding, planning, coherence, and implementation capabilities of each BRICS country vary enormously, spanning from a holistic Chinese approach to more fragmented or even unorganized postures.

BRICS policies and initiatives also vary in their understanding of the structural power of technology. As mentioned in the introduction of this chapter, awareness of the structural power technology plays is essential to understand the relevance of digital sovereignty and, chiefly, how to organize the concrete implementation of this multifaceted notion. However, not all BRICS countries and the individuals, the entities, and communities that compose them may have achieved the same understanding of this issue. Due to their reduced size and power (whether a BRICS member or not), they may not even be able to elaborate any measure to resist digital colonization, even if they wished to do so.

In this context, Vashishta Doshi and Henrique Delgado’s contribution to this volume reminds us that US technology providers are at the core of the digital economy. It is through the likes of tech giants such as the notorious GAFAM (Google, Amazon, Facebook, Apple, and Microsoft) and more recently OpenAI and Nvidia that the US maintains an upper hand in the technology field, exercises its digital sovereignty, and expands this power globally. Reliant on US digital infrastructures, middle powers such as Brazil and India as well as most other countries find themselves in a situation of at least partial digital colonization, where the only available option to undertake a “digital transformation” is the use of foreign digital products and services.

In this perspective, the Digital India initiative focuses on the three digital architecture layers that are considered essential enablers of digital sovereignty: expansion of connectivity, digitization of public services, and establishment of DPI. The Indian government is aware of not only the key role of digital connectivity but also the fact that not all types of internet access offerings are equal and existing differences may have enormous impact on national and community digital sovereignty. It is interesting to note that one of the most assertive and impactful digital sovereignty measures established by India over the past decade has been the adoption of strict Net Neutrality regulation in 2016, prohibiting the so-called “zero-rating”²⁷ practices where a few dominant US platforms such as Facebook offered “free” access to the unconnected population as a purported inclusive access initiative (Belli, 2017a).

While these plans were heralded as a way to “connect the unconnected” by their proponents, the opponents to such practices have stressed that sponsoring access to a few dominant apps would have exacerbated the dominance by a few foreign commercial actors. Simultaneously these practices can considerably increase data concentration in the hands of the few sponsored platforms, creating strong dependence on such services in the entire (developing) world (Belli, 2017a). To understand the zero-rating services especially in low- and middle-income countries where average individuals cannot afford internet access fees, it must be considered that for the largest application providers, it is worth sponsoring internet access limited to their applications to enlarge and retain user base to perpetuate user dependency on such applications.²⁸

We may fairly assume that when the Indian government decided to prohibit the zero-rating practices, one of the main goals was not only to preserve internet openness, competition, and free expression, but a key consideration behind India’s decision to prohibit zero-rating services was mainly to avoid the concentration of Indian internet users and the consequent collection of Indian user data in a few foreign apps, capable to exert enormous control, extract enormously valuable insights and profits under foreign tax law, store user data in foreign servers, enhance foreign software and AI development thanks to such data, and sharing them with foreign intelligence agencies through numerous programs revealed by the Snowden episode.

Hence, the 2016 order of the Telecommunications Regulation Authority of India (TRAI) prohibiting zero-rating practices denotes the same “digital sovereignty” rationale applied by the Brazilian Central Bank to the suspension of WhatsApp Payments to preserve openness, competition, and data privacy in the Brazilian digital payment system. Indeed, BRICS institutions seem to have an increasingly sophisticated understanding of the digital colonization dynamics underpinning the provision of “free services” by dominant foreign tech giants, notably regarding the fact that such services, presented as free, are de facto paid with a waiver on the individuals’ and country’s possibility or ability to exercise sovereignty over data (Belli, 2021b).

Clearly, the use of foreign technology is not something negative per se as long as such technology does not become a Trojan horse aimed at undermining capability of the user – be this an individual, a corporation, a specific community, or a country – to exercise (digital) self-determination. In this spirit, the considerable increase in digital policies and notably data-related regulations in the BRICS in recent years may be seen as a clear reassertion of digital sovereignty to protect critical national resources. It is useful to recall that together Brazil, Russia, India, China, and South Africa are home to 3.2 billion people, representing roughly 42% of the world’s population. In effect, BRICS countries sit on 42% of “the most valuable resource” (The Economist, 2017) on the planet: personal data (Belli, 2021a, 2021b).

Members of the BRICS grouping are aware not only that they are the main producers of personal data but also that higher levels of connectivity concretely would produce more wealth and productivity.²⁹ They have also developed an increasing understanding that digital services provided by foreign corporations and portrayed as “free” are not exactly so, but rather paid with an open-ended license to extract personal data and, ultimately, undermine state and individual digital sovereignty. This situation has become even more palpable in the context of the ongoing “scramble for data,” launched by dominant tech businesses. This rush to offer “free” digital services to developing countries may indeed be seen as a strategy to be the first in capturing the attention of poor users and drilling as much data as possible out of entire populations who frequently lack data protection frameworks to prevent undue exploitations. The indigenous populations are increasingly seen by the new digital colonizers as convenient data wells.

As argued in this book, digital infrastructures play a particularly relevant role to structure digital sovereignty. Hence, it is obvious that India’s Net Neutrality regulation, its ban of zero-rating services, together with the Digital India program have been essential to reducing India’s exposure to foreign digital sovereignty and building its own. The simultaneous promotion of connectivity and ban of zero-rating practices paved the way to the entrance of Reliance Jio, a new domestic player, in India’s mobile internet market, which with its low-rate offering managed to reduce gigabit prices by almost 95%, double the number of connected Indians and increase more than twentyfold data consumption in less than 5 years.³⁰ To capitalize on such a staggering expansion of connectivity infrastructure, Digital India fostered the creation of a set of Application Programming Interface (APIs)³¹ commonly referred to as the “India Stack”³² that play a key role in India’s DPI, on top of which new home-grown digital services can be built.

10.5 Disordered Approaches to Digital Sovereignty

BRICS countries have developed an understanding of the strategic importance of data, software, and infrastructures to constructing digital sovereignty. Data is an essential resource used as raw material to develop AI applications by powering highly complex algorithms. Software, on the other hand, plays an essential role in creating “high-growth, high-margin, highly defensible businesses” (Andreessen, 2011) as an increasingly large number of industries are redefined by software. From the automation of agriculture and manufacturing to the digitization of public services and personal apps in our smartphones. “Software is eating the world” famously stated by Marc Andreesen. The stellar market evaluation of some technology giants means that in practical terms if a digital sovereign – be it a corporation or a nation-state – can exercise control over popular software, it may earn very large returns on investments. Conversely, one is likely to perpetually pay a usage fee along with the contractual conditions unilaterally defined by the digital sovereign over digital infrastructure, data, services, and protocols.

This latter point is of utmost importance, especially when industry segments are increasingly automated by large-scale usage of software (or AI). When the software in question is not owned by the user, it is highly likely that in the long term, the main beneficiary of such automations will be the software producer, that is, the digital sovereign. Admittedly software automation will generate efficiency gains for users and price will likely decrease, and some services may even be provided “for free.” However, when such services are not paid with money by users, they are paid with user data. This shift in payment either through a fee to the software provider or through personal data or both is the de facto payment with the user’s individual sovereignty, which entails a choice between self-determination and dependency.

It is understandable that different digital sovereigns, as with their different capacity to muster, develop and deploy digital infrastructure, data, service, and protocols, follow their own agendas and interests, which frequently conflict with those of others. Several BRICS countries, notably Russia, India, and China (RIC), have developed an increasingly systemic thinking about digital sovereignty that can lead to positive or negative outcomes. Brazil and South Africa, on the other hand, may have had intended to do so but have struggled to develop or implement a coherent vision, due to unstable political environments, inconsistent policies, or timid implementation of such policies.

Brazil offers, again, a telling tale. While it reacted vehemently when attempts in undermining its digital sovereignty were revealed, its posture denotes a certain disorder, typical of most politically unstable countries aspiring to achieve digital self-determination and independence from foreign technology. The fact is that shortly after condemning NSA surveillance, former President Dilma Rousseff actively promoted the zero-rating service offered by Facebook in Brazil (Belli, 2015), thus opening the path for the digital colonization of the country³³ by a foreign corporation. That Facebook to date has been cooperating with US intelligence agencies such as the NSA suggests President Rousseff’s promotion of free-rating services can be now seen as a willful waiver of Brazil’s state digital sovereignty.

It is interesting to note that, according to recent research by the Brazilian Institute for Consumer Protection (IDEC), 85% of Brazilian mobile users have prepaid plans including limited data volumes and zero-rated social networks (typically WhatsApp and Facebook) (IDEC & Instituto Locomotiva, 2021). Due to the subsidized nature of such apps, this enormous part of the Brazilian population utilizes the internet primarily to access US-based social media, especially in the last part of a month when the data allowance is entirely consumed and the only accessible applications are the zero-rated ones, which become also the only ones with concentrated data collection. It is difficult to think that the Brazilian government does not realize that this situation implies the cession to foreign actors the right to extract personal data from the entire connected population and generate enormous and nearly untaxed profit with value generation on foreign servers.

Another remarkable example illustrates the confused and even conflicting Brazilian approach to digital sovereignty. In the context of its privatization program, the Bolsonaro administration announced in 2019 the intention to sell two public enterprises deemed the crown jewels of Brazilian IT: the Federal Data Processing Service or Serviço Federal de Processamento de Dados (Serpro) and the Information Technology for Pensions Corporation or Empresa de Tecnologia e Informações da Previdência (Dataprev). Serpro is the largest government-owned corporation of IT services in Brazil, created in 1964 to modernize strategic public sector. Dataprev is a Brazilian public company, responsible for managing the Brazilian Social Database with five software development units and three data centers throughout the country. Both are under the control of the Ministry of the Economy.

These corporations including the software they produce and the enormous databases they control are highly valuable strategic assets in terms of digital sovereignty. While selling these corporations to foreign investors could generate considerable financial gains, it would also incur many unintended consequences for Brazil’s state digital sovereignty. After several years of feasibility studies, the Brazilian Congress has kept postponing selling these state assets until it reached the electoral period when the sale of state-owned enterprises becomes de facto impossible (Lobo, 2022). The strategy of the Brazilian Congressmen has been effective, even unorthodox, to achieve the preservation of the two public companies and their digital assets. However, the episode goes far beyond highlighting the lack of understanding of the implications of digital sovereignty of the Bolsonaro administration. It explains tellingly the dependency of digital sovereignty on politics and public policies.

Such dependency became clear with the recent change at the helm of the Brazilian federal government. One of the first executive orders adopted by the new Lula administration has suspended the privatization of public companies deemed as nationally strategic assets, including Serpro and Dataprev (Presidência da República, 2023). While such reversal indicates a welcomed renewed sensitivity to digital sovereignty issues, it also proves that in most countries as in Brazil digital sovereignty policies are ultimately a function of politics.

Corporate digital sovereigns – typically large business actors – build and manage expansive digital infrastructures with their own agendas to fostering self-interest that may conflict with the interest of other sovereign entities using the technology they supply, which could include their users, advertisers, and the public they purportedly serve. Further, private developers of digital infrastructures may become proxies for the expansion of State Digital Sovereignty where they are headquartered. As demonstrated by the Snowden revelations and as contended by Stefano Calzati in his contribution for this book, the expansion of digital infrastructures and services overseas makes it possible for a given state to project its digital sovereignty well beyond its borders, whether American or Chinese.

It is also essential to note that initiatives branded as digital sovereignty may be frequently used to disguise ambitions to intensify control through digital means. The reader might think of China and Russia as frequently suggested examples in this sense, but such ambitions are rather widespread well beyond these two countries. As stressed by Enrico Calandro’s contribution to this volume, South African digital sovereignty discourse finds itself at the crossroad of securitization and ICT development, as happens in many other African countries.

South African authorities as well as other developing countries have a considerable opportunity to construct solid basis for digital sovereignty through more modernized digital policies to properly regulate the functions and consequences of ICTs. For South Africa, the state construction of digital sovereignty aims to enhance self-determination, cybersecurity, and the rule of law in the digital environment. At the national level, South Africa has also stressed “data ownership, data sovereignty, and data protection are critical elements for the digital economy” (Department of Communications & Digital Technologies, 2021, p. 20). In April 2021, the South African government presented its Draft National Data and Cloud Policy Data, which explicitly recognizes that and “seeks to strengthen the capacity of the State to deliver services to its citizens, ensure informed policy development based on data analytics, as well as promote South Africa’s data sovereignty and the security thereof” (Department of Communications & Digital Technologies, 2021, p. 8).

As for any government, however, it is also very tempting to utilize the digital sovereignty narrative to expand state control over computer systems and digital communications, facilitating surveillance and online censorship. For instance, in October 2019, South Africa adopted the Films and Publications Amendment Act (2019), dubbed “Internet Censorship Law” (Vermeulen, 2022), which allows the South African content regulation authority, the Film and Publication Board, to request the removal of any content deemed harmful. It went into effect in 2022. According to the law, any internet service provider (ISP) with knowledge that its service is being used to distribute or host content that incites imminent violence, serves as propaganda for war, advocates hatred against a person or an identifiable group, or sexually exploits children must immediately remove the content and communicate the identity of the person who published the prohibited content to the Film and Publications Board or the South African Police Services.

South Africa offers an interesting example. On the one hand, the country has recently enacted and adopted progressive data protection and cybersecurity legislations. On the other hand, it has simultaneously established a securitization agenda and increasing censorship measures in reaction of cyber threats (Belli, 2021c). Similarly, while South Africa is home to several outstanding examples of Commons Digital Sovereignty, spanning from community networks to smart villages, led by empowered local communities, it also simultaneously advocates a number of “Fourth Industrial Revolution” policies opening the path to a large number of data colonialism practices (Benyera, 2021).

10.6 Conclusion: Digital Sovereignty Options

An agnostic approach to digital sovereignty in the BRICS acknowledges that different digital sovereigns may pursue self-determination, cybersecurity, and control with different goals and outcomes. These leave us fundamentally with three options to structure digital sovereignty. The first one is a form of hard digital sovereignty amounting to near digital isolation of the digital sovereign in order to exercise the highest possible level of control and the establishment of tightly controlled gateways to regulate information exchanges. This option might be the most effective choice for isolated communities willing to create their own intranets to communicate among themselves without necessarily communicate with the rest of the world – as even some community networks do (Belli, 2017; GISWatch, 2018) – or countries eager to build strong control on their national segment of the internet and tightly regulate communications, such as China and Russia, but it can only be afforded in the long-term by those that can manage to be digitally self-sufficient and thrive, even while being relatively isolated.

The second option, which is ideal in the opinion of these authors, would be shared global rules to frame and regulate digital technologies and their uses, providing a leveled regulatory playing field, so that any entity would have an incentive to cooperate rather than engaging into antagonist behaviors. Unfortunately, while this option would be ideal, it seems highly unlikely it could be easily reached, given the considerable conflicting interests at stake, the lethargic times of international policymaking, the considerable intellectual and financial resources needed to implement this option in practice, and the democratic deficit of which many intergovernmental organizations – on which such option would have to rely – are frequently accused.

The third and final option seems also possible and palatable. It consists of the establishment of regional blocks or aligned groupings that share common – or at least (legally) interoperable (Belli & Doneda, 2022; Belli & Zingales, 2023) – regulatory frameworks and technological tools. Such groups may limit information flows and technology exchanges with other blocs to the few sectors where shared agreements exist. This option would be less ideal than the establishment of shared global norms and technologies, but would have the benefit of facilitating international exchange, attracting entities with less restrictive digital sovereignty thinking toward other areas, thus increasingly enlarging overlapping areas of interest. As such, different areas would also compete, attracting an ever-larger number of entities and expanding their system globally.

This latter option seems particularly interesting for BRICS countries in light of the grouping’s recent expansion (BRICS, 2023) as well as their commitment to enhance cooperation on digital policy frameworks with particular regard to cybersecurity issues. At the 15th BRICS Summit, chaired by South Africa in August 2023, the grouping’s heads of states “have decided to invite the Argentine Republic, the Arab Republic of Egypt, the Federal Democratic Republic of Ethiopia, the Islamic Republic of Iran, the Kingdom of Saudi Arabia and the United Arab Emirates to become full members of BRICS from January 1, 2024” (BRICS, 2023). It is clear that the inclusion of these new partners in the grouping hopes to expand the BRICS role as a gathering hub of Global South regional leaders, especially by strengthening the presence in Africa (e.g., Ethiopia hosts the headquarter of the African Union) and including some the most influential countries from the Middle East region, which have already acquired significant global relevance. Such a move becomes particularly relevant in the context of the Ukraine and Gaza wars, which have created enormous instability and prompted many countries to reassess and redefine their strategic alliances and their value chains, desperately looking for strategic autonomy and stability.

Such a scenario has obvious ramifications in digital affairs. In this context of the recent cybersecurity, commitments of the BRICS leaders sound prescient. Indeed, since the New Delhi Declaration, issued as an outcome of the 2021 BRICS Summit, the bloc’s leaders expressed the intention to:

[…] advance practical intra-BRICS cooperation in this domain, including through the implementation of the BRICS Roadmap of Practical Cooperation on ensuring Security in the Use of ICTs and the activities of the BRICS Working Group on Security in the use of ICTs, and underscore[d] also the importance of establishing legal frameworks of cooperation among BRICS States on this matter and acknowledge[d] the work towards consideration and elaboration of proposals, including on a BRICS intergovernmental agreement on cooperation on ensuring security in the use of ICTs and on bilateral agreements among BRICS countries.

(BRICS, 2021)

The elaboration of such legal frameworks and intergovernmental agreement would be a useful test bed to gauge the extent to which such cooperation can exist in practice. Cybersecurity issues, and notably cybercrime, as well as most digital policies that would fit into the large state digital sovereignty umbrella, are intimately intertwined with strong economic and political interests of each digital sovereign and grounded on quintessentially domestic cultural and legal particularities. The attractiveness of the BRICS bloc remains unchanged, even if some of the countries might have underperformed the original predictions that led to the creation of this bloc. Such attractiveness would notably increase, should BRICS countries create a BRICS digital sovereignty area with shared and compatible digital policies.

A scenario where the BRICS promote legal interoperability would allow the grouping to act as a platform to conjugate digital sovereignty with openness and inclusion (Belli & Doneda, 2022; Belli & Zingales, 2023). This could be an even more powerful strategy considering the current context of expansion of the BRICS through the BRICS+ initiative (Razumovsky, 2022). On the one hand, this scenario would allow the BRICS to fulfill its fundamental mission of fostering international cooperation and building a multipolar order and inclusive global governance, led by the Global South for the benefit of developing countries. On the other hand, this would also allow the BRICS to act both as an “integrator of integrators,” fostering the interoperability of regional projects where the participating countries are leaders (Eurasian Economic Union, Mercosur, and South African Customs Union) and as a “union of regionalisms,” where regional associations (African Union, Community of Latin American and Caribbean States, and SCO) can interoperate thanks to compatible normative frameworks (Razumovsky, 2022). Sovereignty and openness can and should be seen as mutually reinforcing rather than as antithetic goals that can and should be pursued simultaneously. BRICS have the potential to demonstrate that the Global South can lead in digital governance, promoting openness while preserving sovereignty: as former Brazilian President Luiz Inacio Lula da Silva – generally known as Lula – noted, “the logic behind BRICS [is] to do something different and not copy anybody […] trying not to be dependent” (Escobar, 2019; Prashad 2012).³⁴