Regional Organizations

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 1. There’s a reason we’re told not to poke bears. Hackers posted medical records of several U.S. athletes online this week, claiming the stolen documents proved the athletes, including Simone Biles and the Williams sisters, were using banned drugs. The World Anti-Doping Agency (WADA), an international organization that combats the use of performance-enhancing drugs by athletes, confirmed that the files had been stolen from its servers by a hacker group known as Fancy Bear or APT 28, which several cybersecurity firms believe to be affiliated with Russian intelligence. The hackers adopted the Fancy Bear moniker, posting the stolen files on a gif-laden website of the same name, following an approach similar to that used in leaking the files stolen from the Democratic National Committee earlier this summer (more of which were put online this week). Russian President Vladimir Putin disavowed any knowledge of the hack, but said that by exposing disparities in WADA’s treatment of Russian and American athletes, what the hackers had done was “of interest to the international community.” 2. Looks like you’re not regulated enough. Let me help you with that. Two jurisdictions rolled out digital regulations this week. First, the state of New York is proposing regulations that would require entities overseen by its department of financial services to take certain a number of steps to improve their cybersecurity. Specifically, regulated financial services will need to establish a cybersecurity policy, employ a chief information security officer, undergo regular penetration testing and vulnerability assessments, deploy multi factor authentication, and encrypt all non-public information in transit and at rest. Second, as anticipated, the European Commission announced a draft telecommunications reform directive that would extend some regulations that apply to telcos to new entrants like Skype and Viber, also known as over-the-top providers. The Commission’s proposal also included proposed copyright reforms that would allow viewers in one EU country to access the same online content than one in another EU member. 3. It’s Snowden week! The House Permanent Select Committee on Intelligence released an unclassified summary of a 36-page report on Edward Snowden, the information he leaked, and its implications for the U.S. intelligence community, just a few days ahead of the release of an Oliver Stone biopic on the former NSA contractor. The House report mostly sums up information that’s already been reported elsewhere and opinions on Snowden we’ve heard many times before from government officials (Snowden is a “serial exaggerator” who is “not a whistleblower”). Snowden’s defenders fired back that the report is “aggressively dishonest” and also launched a campaign calling on President Obama to pardon Snowden. On Lawfare, Timothy Edgar, former director of privacy and civil liberties for the National Security Council, and Jack Goldsmith, a former assistant attorney general, held a thoughtful debate about whether Snowden should be pardoned that’s worth checking out. 4. Are mom and dad getting a divorce? According to multiple reports, Secretary of Defense Ash Carter and Director of National Intelligence James Clapper have recommended to President Obama that he approve separating CYBERCOM from the National Security Agency (NSA), which are currently led by the same person, Admiral Micahel Rogers. Over the last few years, some observers, including a presidential review commission, have advocated splitting up the leadership of CYBERCOM and the NSA on the grounds that both organizations serve different functions and that they are too big to be led by a single person. At a Senate Armed Services Committee hearing this week, Senator John McCain vowed to block a leadership split, believing the Obama administration was rushing to make a decision before the president leaves office. For background on the proposed split, you can find out more here.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 1. Is the IANA transition going off the rails? The U.S. Department of Commerce notified the Internet Corporation for Assigned Names and Numbers (ICANN) that it might extend the IANA functions contract beyond its expiry date at the end of September. As part of the IANA transition process (covered extensively here, here and here), the Department of Commerce planned on permanently transferring the IANA functions to ICANN, whose management of those functions would be overseen by the global multistakeholder internet community, by October 1. Commerce gave no reason for the delay, but it is widely believed that some legal and ICANN accountability issues need to be ironed out before the transition can take place. The delay is giving longtime transition opponents, such as U.S. Senator Ted Cruz, more time to drum up support against the transition though it’s hard to see how they will succeed given that arcane internet governance discussions generally draw more yawns than excitement amongst elected officials. 2. Domo Arigato Mr. Brexit. Last weekend, the Japanese foreign ministry published an open letter to the United Kingdom and the European Union, in which Japan expressed concerns about Brexit’s potential to interrupt data flows across the English Channel. Their concerns are warranted. With the UK’s anticipated exit from the European Union, the country may pull out from the bloc’s data protection rules and some observers have questioned whether Brussels would consider the UK’s data protections adequate should Brexit happen. The Japanese foreign ministry’s letter calls for negotiations on data transfers between the UK and EU to be transparent to reduce uncertainty for Japanese businesses, and urges the two parties “to maintain…free transfer of data.” While a public letter of this sort is a rather unusual move for the foreign ministry, it underscores the potential impact of a halt in data flows on the 1,400 Japanese firms operating in the United Kingdom. 3. European Union rumored to extend telecoms regulation to messaging apps. According to Reuters, the European Union is set to unveil a reform of its telecommunication regulations next week that will extend some provisions to "over-the-top" players--industry lingo for apps and services that use the internet to deliver content.  Specifically, companies like Facebook, Microsoft and Google will be required to report security breaches that affect their operations "without undue delay" to national authorities and internet telephony services, like Skype or Viber, will need to provide support for 911 calls (or 112 calls as they’re known in Europe). As with all proposed EU directives, the final regulatory language will need to be negotiated between the European Commission, Parliament and Member States meaning that it might change significantly as it moves through the legislative process. Silicon Valley’s increased lobbying presence in Brussels might have a role to play in shaping the law’s outcome. According a Google regulatory filing, the search giant spent over 15 percent more in lobbying in 2015 than it did in 2014.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 1. Iran rolls out its halal internet. After six years of work, the Iranian government has finally completed the first phase of a planned domestic internet, which would only contain Islamic content approved by the Iranian government. Dubbed the "halal internet," this new Iranian version of the internet is cut off from the global internet and is only accessible from within the country, contrary to other "national internets" like China’s great firewall system which is connected to the global internet but uses a system of filters to keep unwanted content out of the country. Think of Iran’s new internet like a company’s internal corporate network but built for 77 million people. Unsurprisingly, human rights groups have criticised the move as another attempt by Iranian authorities to stifle free speech and assembly online. For its part, the Iranian government argues that the new national internet will offer security improvements (i.e. less denial of service attacks from the outside world) and promote local content. 2. FBI warns about possible compromise of state election systems. According to a document obtained by Yahoo! News, the FBI warned election officials across the country to beware of malicious cyber actors attempting to infiltrate election systems and voter databases using widely-available penetration testing software. The warning comes after foreign hackers targeted Illinois and Arizona’s board of elections earlier this summer. Speculation as to the purpose of the election board compromises is rampant. With the recent alleged Russian hacking of the DNC’s network, some are pointing fingers at Russia, who could use the incidents to sow doubt about the integrity of election results or surreptitiously alter data. Alternatively, it could be a much more mundane incident, where online criminals try to access reams personal data for identity theft purposes. If the hackers were after voter rolls, it’s unclear why they would go through the trouble of breaking into an election board’s network given that many states, including Illinois, sell their voter rolls for a small fee. 3. European net neutrality supporters rejoice. Net neutrality campaigners in Europe rejoiced this week when an EU telecommunications regulatory body approved guidelines that tell telecommunications companies how they can treat the data they handle. Under the new rules, European telcos cannot block or slow internet traffic except in very limited circumstances. They are also very limited in offering zero-rating data packages, where data from an online service like Spotify is exempt from a user’s overall data cap. Facebook and some telcos have been big proponents of zero-rating as way to reduce the cost of online access and gain new customers. Earlier drafts of the regulations gave neutrality activists a scare as they would have allowed for zero-rating and allowed telcos to speed up the traffic of "specialized online services" without narrowly defining them. After appeals from internet pioneers like Tim Berners Lee and Lawrence Lessig, over 500,000 comments were submitted to the regulator asking for more stringent net neutrality protections. 4. Is China buying into the concept of multistakeholder governance? According to a report in the Wall Street Journal, the Chinese government has invited foreign companies to comment on the development of the country’s cybersecurity standards. Recent Chinese legislative efforts has come under fire from U.S. and European firms for demanding that only products that are "secure and controllable" and whose manufacturers can provide source code examination can be admitted into the country. Microsoft, Intel, Cisco, and IBM have been invited to participate in the standards setting body that will define what software and hardware counts as "secure and controllable," giving them some input over the process. No word yet on whether China will actually listen to their input.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 1. Release of NSA hacking tools raises questions about vulnerability disclosure. A group calling itself the “Shadow Brokers” posted hacking tools online last weekend it claims were created by the Equation Group, a threat actor identified by Kaspersky Labs in 2015 suspected of being the NSA. According to security experts, the claims appear to be legitimate, and the tools are based on major vulnerabilities in software from several major router manufacturers, including Cisco Systems and Juniper Networks. The source of the leaks isn’t clear: some speculate that an insider leaked the tools, while others have claimed that Russian state hackers stole them from an NSA staging server. Either way, it looks bad for the NSA, both because the Shadow Brokers claim to have more such tools, and because it raises questions about the extent to which the NSA actually discloses software vulnerabilities, as the White House claims it does. 2. Guccifer 2.0 strikes again. Guccifer 2.0, a group of hackers believed to be Russian intelligence services, returned from a month-long hiatus last weekend, publishing the contact information of nearly two hundred legislators and congressional staffers. The group leaked a large amount of internal Democratic Party documents earlier this summer that it stole from Democratic National Committee (DNC) and Democratic Congressional Campaign Committee networks. WordPress, where the new documents were published, subsequently took them down, but not before it was too late; individuals whose personal information was leaked suffered spearphishing attacks and harassing messages over the weekend. In response to the hacks, the DNC created an advisory board to improve the party’s cybersecurity, which was summarily mocked for not including any actual security experts. 3. SWIFT long aware of security holes. According to a report from Reuters, SWIFT, a network that helps banks conduct cross-border transactions and which was central to the theft by hackers of $81 million from the central bank of Bangladesh earlier this year, had suspected for years that there were weaknesses in its system that might enable such an attack. Former employees say the organization simply did not consider security a priority. That’s changed now: earlier this week, SWIFT announced a new effort to increase security across its system. Meanwhile, Bangladesh Bank dropped plans to sue SWIFT and the Federal Reserve Bank of New York, which transferred the money to the hackers on orders that were spoofed to look like they’d come from Bangladesh Bank. 4. Privacy Shield up and running. Privacy Shield, an agreement governing data transfers between the European Union and the United States, officially went live this week, with companies self-certifying that they are compliant with EU data protection laws. At the time of this writing, forty-two companies have successfully applied to be covered by the pact (a full list of covered firms can be found here). It may not last, however. Germany’s data protection authority (DPA), which oversees compliance with EU data law, announced earlier this month that it plans to challenge the legality of Safe Harbor in EU courts, arguing that the new agreement does not fix the problems that led the Court of Justice of the European Union to strike down Privacy Shield’s predecessor, Safe Harbor, late last year.

James Pooler is a political science student at New York University and an intern for the Council on Foreign Relations’ Digital and Cyberspace Policy program.  Following David Cameron’s resignation after the United Kingdom’s vote to leave the European Union, Theresa May became the country’s second female prime minister. As most of the attention has focused on the political reshuffling at the top – the new cabinet, committees, and Brexit negotiators—there has been considerably less attention given the Investigatory Powers Bill, a surveillance bill meant to consolidate and formalize the authority of British intelligence and law enforcement agencies, which the new prime minister championed in her previous job as Home Secretary. In March 2016, the bill passed the House of Commons by a landslide 281 to 15 vote. The Liberal Democrats voted against it, dubbing it “Snooper’s Charter.” The bill recently underwent a second reading at the House of Lords, and is expected to pass by the end of this year. While it has been significantly edited, privacy advocates are alarmed over issues of collection and retention of data, encryption, and warrants for law enforcement that had not been explicitly defined. The bill has four major provisions. First, it requires communication service providers (CSPs) such as telcos, messaging app providers, and social networking sites, to collect and retain internet connection records of all their users for up to a year. The records include but are not limited to IP address, browsing history, names of services consulted and other metadata, but exclude content of communications. A cabinet minister would have the power to require CSPs to make information readily available to law enforcement as to identify “which individual has used a specific internet service, how a subject of interest is communicating online, or whether an individual is accessing or making available illegal material.” Second, it explicitly legalizes government-enabled equipment interference, colloquially known as lawful hacking. Intelligence, armed forces, and law enforcement would be able to apply for targeted equipment interception warrants for six months, and could require compliance from CSPs to facilitate interference. These warrants are required for both targeted and bulk interceptions—the latter in the event that intelligence cannot identify a target, a practice the Federal Bureau of Investigation has been pushing for in the United States with its request to amend Rule 41. Third, it empowers cabinet ministers to issue “technical capability notices” to CSPs, which would “impose any obligations relating to the removal by a person of electronic protection applied by or on behalf of that person to any communications or data.” While the bill does not mandate backdoors, it expects CSPs to maintain the ability to decrypt end-to-end encryption. Given the current debate about encryption, this provision has garnered some of the most controversy. Fourth, the draft legislation reforms the oversight of these new and existing powers by creating a dedicated investigatory powers commission and a new way of authorizing warrants. The commission would be an independent body dedicated to the oversight of communications data, interception, equipment interference, and related work of law enforcement and intelligence agencies. The new warrant procedure would require that interception warrants granted by a cabinet minister be approved by the investigatory powers commission. Facebook, Google, Microsoft, Twitter and Yahoo unanimously expressed their opposition in a written statement to the British Parliament. Their primary concern is the legal conflicts such a law would create when tech companies seeking to comply with the law take measures that have extraterritorial effect. For example, it is not inconceivable that UK authorities could ask a company like Microsoft to hand over customer data held in another country whose laws forbid such disclosure. Apple also expressed concern over the bill’s “technical capability notices” and their consequences on encryption, noting that “companies should remain free to implement strong encryption to protect customers.” Opposition has also come from the Court of Justice of the European Union (CJEU), which deemed bulk data collection to only be lawful when used to investigate serious crimes. A CJEU representative declared that data retention laws should “limit interference with fundamental rights” to what is strictly necessary. Moreover, the CJEU has a history of rejecting bulk collection. In the wake of Edward Snowden’s revelations, the court invalidated the EU Data Retention Directive adopted in 2006 following bombings in London and Madrid, deeming that bulk collection’s “wide-ranging and particularly serious interference […] with the fundamental rights at issue is not sufficiently circumscribed to ensure that that interference is actually limited to what is strictly necessary.” For all of the opposition that the bill has received, there are a few silver linings. First, the bill formalizes and brings to light powers that the UK government had once exercised in the shadows. The new transparency and accountability mechanisms, overseen by the judiciary, will ensure that these issues remain in the public domain. Furthermore, the Home Secretary will be required to provide a review of the legislation’s implementation five years after it enters into force, possibly providing a mechanism for review. Second, the bill isn’t nearly as intrusive as other interception and surveillance regimes, such as France’s year-old intelligence bill and Russia’s new anti-terrorism laws both of which have less oversight mechanisms. Despite its seemingly Orwellian features, the Investigatory Powers Bill introduces few new powers that the UK authorities didn’t already have, brings transparency to those powers, and provides the oversight and accountability mechanisms that such extraordinary powers deserve.

Coauthored with Drew D’Alelio, intern in the International Institutions and Global Governance program at the Council on Foreign Relations. The rise of populism has been widely interpreted as a global phenomenon, from Donald Trump’s surge in the United States to Brexit in Europe to the election of Rodrigo Duterte in the Philippines. At last month’s African Union Summit in Rwanda, however, few gave integration a bad name. Heads of state lavished praise on the African Union’s (AU) efforts to develop a common passport, while subregional blocs made advances toward a single currency. Having seen the downside of decades of fragmentation and severe restrictions on the free movement of people and goods in Africa, leaders appear determined to buck the trend. Nevertheless, the anti-globalization wave across the West ought to give Africans pause as they speed ahead in their quest for a unified continent encompassing twice the population of the European Union. Prior to the founding of the AU, its predecessor, the Organization of African Unity (OAU), placed a premium on respect for national sovereignty as leaders sought to establish order and territorial integrity in the post–colonial era. As African nations consolidated independence, those principles became less essential, while the organization’s commitment to noninterference drew criticisms in the 1990s when the OAU failed to prevent war and atrocities in Democratic Republic of Congo, Rwanda, and Somalia. African leaders replaced the OAU with the AU in 2002 and committed to balance the demands for sovereignty and those for integration. Since then, the AU has wasted little time setting lofty goals, enshrined in the body’s guiding document, Agenda 2063. These include a high speed transportation network, a common passport, a free trade area, an end to all violent conflict, and more. The cornerstone of this pan-African vision is a common passport using biometric data, which the AU hopes to complete by 2020. Advocates argue that this African e-passport will increase cross-border economic activity by eliminating visa costs and removing barriers to intra-African trade. An e-passport would also centralize recordkeeping of people’s movements and reduce risks of identity theft. In parallel, African leaders are attempting to complete a Continental Free Trade Area by 2017. This would include all fifty-four African countries, encompassing a market of 1.3 billion people that currently generates $3 trillion in GDP. Today, intra-African trade accounts for an abysmal 11 percent of total African trade. (Comparable figures are 60 percent for Europe, 25 percent for Asia). A single market could increase intra-African trade volume by as much as $35 billion annually. Whereas electorates in Europe and the United States are increasingly skeptical about mega-regional trade agreements, all fifty-four African heads of state have signaled support for the deal. Already, twenty-seven African countries from Egypt to South Africa agreed last year on a Tripartite Free Trade Area, which commits members to lower tariffs and removes non-tariff barriers. Meanwhile, planned subregional currency agreements should provide a platform toward an eventual African monetary union. The Economic Community of West African States (ECOWAS) has committed to finalizing its “eco” currency by 2020, the Southern African Development Community (SADC) is testing a cross-border payment system and encouraging more member states to adopt the South African rand, and the East African Community (EAC) plans to have a subregional currency within the decade. These monetary unions should help attract foreign investment and reduce exchange rate uncertainties. These are grand ambitions. But they could easily be derailed, given Africa’s weak institutional capacities and competing security priorities. Consider the e-passport: today, only thirteen out of fifty-four African countries have a biometric passport system, and just one-fifth have a functioning civil-registration system. Visa fees also bring in substantial revenue, suggesting some governments might not play ball if the appropriate economic incentives are not in place. Finally, open borders could further the spread of terrorist groups like Boko Haram, al-Shabab, other affiliates of al-Qaeda and the self-proclaimed Islamic State. Preventing the spread of terrorism while simultaneously ensuring the free movement of goods, money, and people will require continental strategies to fill security voids, invest in poverty reduction, and counter extremist ideologies. Europe’s Schengen Area experience suggests that before opening their borders, Africans should put in place adequate intelligence sharing systems. This in turn will require building trust and overcoming longstanding rivalries among neighboring countries. African nations must also agree to protect the rights of migrants under the Kampala Convention and the International Convention on the Protection of All Migrant Workers and Members of Their Families—treaties that many conflict-ridden countries have not yet ratified. Finally, African governments must establish domestic employment adjustment programs to assist citizens who lose jobs to migrants—or risk the sort of anti-migrant backlash that has gripped South Africa in recent years. In parallel with these steps, the African Union needs to achieve fiscal sustainability, an issue with which it continues to struggle. The AU’s operational budget is $782 million, but only $200 million of that comes from African member states. This dependence on external sources has slowed the development of the AU’s own crisis response capabilities. From 2008 to 2011, the AU funded only 2 percent of its peace and security operations, and depended on a select few African countries for the bulk of that funding.  In early 2015, African heads of state promised to fund 25 percent of AU peacekeeping operations by 2020. Given the AU’s history of not following through on ambitious proposals, such as the African Standby Force, donors are understandably skeptical. But in a promising sign, at last month’s summit in Kigali, leaders approved a new AU Peace Fund, which would raise $65 million from each of the AU’s subregions through a 0.2 percent tax on certain imports. Success will depend on overcoming significant obstacles to implementation, notably ensuring transparency and compliance among all fifty-four member states. The United States and other Western partners should support the AU’s Peace Fund, as well as other continent-spanning integrationist initiatives, including the new African Centers for Disease Control and Prevention, established in the wake of the Ebola epidemic. Washington should also continue to promote economic liberalization through the African Growth and Opportunity Act to further remove trade barriers between the United States and Africa. Deepening integration should advance African prosperity, stability, and security. Free movement of people, goods, and capital promise increased competition and growth, and stronger continent-wide institutions should enhance human security and human development. Still, fulfilling the promise of Agenda 2063 will require difficult compromises among the AU, heads of state, and African citizens. National governments will have to cede some authority over border management, and sacrifice some tools of economic statecraft such as exchange rate control and currency intervention. If the EU experience is any guide, AU leaders will need to anticipate growing populist resentment over perceived sovereignty losses, inadequate accountability, and the distribution of benefits and losses of integration. If the AU does advance toward an “ever closer union,” it should do so with its eyes open.

The United Kingdom’s vote to leave the European Union has prompted pundits and politicians to speculate on what the result means for the country, Europe, and the world. To paraphrase Churchill, never before have so few created such doubt for so many. These speculations touch on the practical politics and philosophical implications of the United Kingdom’s disengagement from the European Union. The Brexit process will affect practical and philosophical aspects of cyberspace politics as well. In practical terms, the Brexit impact on cyber policy will be determined by how the United Kingdom approaches data protection and privacy issues previously under EU authority, ensures the British economy the benefits from digital trade, and manages cybersecurity. In philosophical terms, Brexit raises questions about democratic self-governance, sovereignty, and cyberspace’s future. Data protection and privacy Brexit means the United Kingdom will no longer be subject to EU law, including on data protection. The British government has to decide whether it will follow the privacy-centric EU approach or chart a new course. U.S.-EU difficulties over transatlantic data flows and privacy now become relevant for British calculations. The European Union has not backed down in pushing the United States on these issues, making it unlikely Brussels would cut London any slack either. However, Brexit does not relieve the United Kingdom of privacy obligations under the European Convention of Human Rights or undo the Human Rights Act implementing this treaty. Digital trade Brexit removes the United Kingdom from the European Union’s Single Digital Market designed “to make the EU’s single market fit for the digital age.” The remaining twenty-seven EU member states will probably not change this strategy after Brexit. As it must do with trade generally, the United Kingdom must decide whether it wants to play by EU rules for the single digital market or forgo the full benefits of access to this market for British digital goods and services. For its members, the European Union negotiates trade agreements with non-EU states. Now, the United Kingdom will negotiate for itself, including on digital trade. The post-Brexit trade agenda is daunting. The British need to reach trade arrangements with the European Union and countries subject to EU-concluded agreements, such as Economic Partnership Agreements. The United Kingdom will also be outside any Transatlantic Trade and Investment Partnership (TTIP) agreement the United States and the European Union might reach. How well the British can advance their interests in digital trade without being within the EU market remains to be seen. Cybercrime, cybersecurity, and intelligence The European Union has limited authority in criminal law and national security, so Brexit should not redirect British policy on cybercrime and cybersecurity. The United Kingdom will now be outside EU efforts on cyber crime, including the European Cybercrime Centre, but Brexit will not affect British participation in other cybercrime regimes, including the Budapest Convention on Cybercrime. The European Union has adopted some cybersecurity policy and legal measures, which the United Kingdom no longer has to follow. References to the European Union in the UK cybersecurity strategy and the latest strategy progress report are infrequent and unimportant compared with the emphasis on the United Kingdom’s global leadership in this area. Whether this leadership continues post-Brexit is not clear because, in part, the United Kingdom’s influence has been connected with its participation and stature in the European Union. Another open question involves whether the political dislocation and economic fallout from Brexit will cause cybersecurity to become less important in British policymaking and less well funded by Parliament. Brexit also should not upend British cooperation with the United States on national security matters, including intelligence sharing. The United Kingdom has been part of the “Five Eyes” during its EU membership, and Brexit will not affect its status in this intelligence cooperation arrangement. Again, the major concern is whether short- and long-term political and economic costs from Brexit will weaken British national security and intelligence capabilities, making the United Kingdom less important for U.S. national security and cybersecurity interests. “We want our country back” The Brexit referendum result simultaneously caused incredulity that the United Kingdom is leaving the most important community of European democracies in history and celebration that Britons exercised their power of democratic self-government. What Brexit means for democratic countries and the liberal international order that democracies crafted is important for cyber policy. Certainly, the “Leave” and “Remain” campaigns underscored social media’s importance in democratic politics, with the Leave effort apparently winning this battle. But Brexit has deeper implications. The referendum unleashed among Britons a desire to regain sovereignty, raising fears this attitude might spread within the United Kingdom, the European Union, and beyond. Similar impulses increasingly appear in cyberspace politics, with countries complaining about losing sovereign control as the internet creates vulnerabilities to outside forces. These concerns feed, in various ways, a momentum toward “internet sovereignty,” where countries seek to assert their borders and jurisdiction on the internet. After Brexit, are we facing a convergence of demands for national and internet sovereignty that might transform how nation-states behave in real space and cyberspace?

This piece has been co-authored by John Campbell and Nathan Birhanu. Nathan is an intern for the Council on Foreign Relations Africa Studies program. He is a graduate of Fordham University’s Graduate Program in International Political Economy & Development. International attention is focused on Brexit, the resulting turmoil in the international financial markets, and the resignation of UK Prime Minister David Cameron. There is the risk of overlooking a dangerous confrontation between Ethiopia and Eritrea that could lead to war and further destabilize the Horn of Africa. After sixteen years of cease-fire from a border war, Eritrea and Ethiopia clashed on June 12. Hundreds have been reported dead. Both countries are pointing fingers at the other as the original instigator of the incident while maintaining a tenuous, tactical stalemate position. The border war Eritrea and Ethiopia fought against each other from 1998-2000 left approximately 80,000 dead. The war over claims to border towns was largely due to cultural and historical differences between the two states in the aftermath of Eritrea’s independence from Ethiopia. The disputed border towns had no significant economic value, with the fight once described as “two bald men fighting over a comb.” After a final attack by Ethiopia, the war came to a halt, and the two countries signed the Algiers Agreement to implement a ceasefire. The Algiers Agreement was the vehicle for establishing an independent adjudicator titled the Eritrea-Ethiopia Boundary Commission (EEBC). Both countries agreed to accept the decision of the EEBC. The EEBC ruled in favor of Eritrea’s claim over the main border town; Ethiopia was unsatisfied with the decision and requested a political dialogue before withdrawing from the disputed territory. The disputed territory thereupon became in effect a buffer zone between Ethiopia and Eritrea with sporadic skirmishes over the past sixteen years, until Sunday’s significantly larger clash. What could have caused the recent clash to occur, as either country has little to benefit from a renewed conflict? Ethiopia’s Information Minister, Getachew Reda, has speculated that the attack came from Eritrea to divert attention away from a new UN report that claims Eritrea is guilty of crimes against humanity, including indefinite forced conscription. Reda’s comments also insinuate Eritrea initiated the border incident to legitimize its need for mass conscripts and to win enhanced domestic support. In a similar vein, Eritrea’s Ambassador to Kenya, Beyene Russom, alleged the attack came from Ethiopia in hopes of taking advantage of the negative spotlight focused on Eritrea from the UN report. Ambassador Russom has denounced the UN report as false. In addition, Eritrean Presidential Advisor Yemane Ghebreab told the UN Human Rights Council that Ethiopia is preparing to start a full scale war. In fact, Ethiopian Prime Minister Hailemariam Desalegn has recently stated publicly several times that he was prepared to use military force against Eritrea in response to its “provocations.” Investigation of the clash is still underway. Ambassador Russom has acknowledged that satellite imaging could help identify the initiator of the clash, as any large-scale motion of military equipment would be observed. Eritrea has requested the United Nations Security Council (UNSC) to intervene to prevent escalation of the border conflict and to initiate dialogue. What is clear is that little, if any, would be gained by either country from continued escalation of conflict. Ethiopia’s current administration is proud of the growth of Ethiopia’s economy over the past fifteen years. Part of Ethiopia’s growth strategy is attracting additional international investors, which renewed conflict would undermine. On the other hand, many in the Ethiopian political class have never really accepted Eritrea’s independence from Ethiopia. As for Eritrea, it currently faces a loss of youth fleeing the country: Eritreans account for a sizable percentage of refugees arriving in Europe. The hemorrhaging of the youth would likely escalate if a border war were to restart. The Eritrean government appears to wish to avoid a renewed border war. Eritrea’s approach to the UNSC indicates Asmara’s willingness to work for a diplomatic resolution. The sooner communication and dialogue is started, the better. Even in the aftermath of Brexit, Washington needs to keep this potentially nasty conflict on its radar screen.

Coauthored with Daniel Chardell, research associate in the International Institutions and Global Governance program at the Council on Foreign Relations. As the international tribunal at The Hague prepares to issue its much-anticipated ruling on the legality of China’s claims to nearly the entire South China Sea, Beijing and Washington have already begun lobbing rhetorical shots across the bow. “We do not make trouble but we have no fear of trouble,” warned a senior People’s Liberation Army official at the Shangri-La Dialogue earlier this month, in reference to U.S. freedom of navigation operations (FONOPS). U.S. Secretary of Defense Ash Carter, for his part, cautioned China against “erecting a great wall of self-isolation” as it continues to construct, expand, and militarize artificial islands in the disputed waters over the objections of its Southeast Asian neighbors. Clashes in the South China Sea have captured the world’s attention for good reason. Whether through miscommunication, accidental escalation, or outright provocation, these disputes could spark a devastating regional conflict. Yet U.S.-China regional competition extends well beyond the South China Sea, permeating everything from trade and investment to the politics of the Association of Southeast Asian Nations (ASEAN), the region’s premier intergovernmental organization. To acquire a more nuanced understanding of Southeast Asian views of U.S.-China regional competition, the International Institutions and Global Governance program at the Council on Foreign Relations joined with the Australia-based Lowy Institute for International Policy in convening a workshop in Singapore. Here are four major takeaways. 1. Disputes in the South China Sea present a quandary for Southeast Asian countries, as they seek to shape Chinese behavior while maintaining ASEAN solidarity and centrality. ASEAN has long been predicated on cohesion and solidarity among its ten member states. The grouping operates by consensus and advances the principle of “centrality,” according to which ASEAN, not external powers, should play the primary convening role in regional diplomacy. For decades, these principles have enabled ASEAN members to preserve their autonomy while reaping the benefits of relations with great powers. South China Sea disputes have exposed rifts within ASEAN, threatening to upset this delicate balance. ASEAN’s failure to adopt a robust, unified position against China’s aggressive behavior has infuriated the Philippines and Vietnam, the most vocal of the group’s five claimants to the disputed waters. Meanwhile, China’s large-scale reclamation in the Spratly Islands and fishing activities in the maritime jurisdiction of Malaysia and Indonesia have made it increasingly difficult for Kuala Lumpur and Jakarta to ignore Chinese assertiveness. And yet Cambodia and Laos continue to lean toward China, precluding the adoption of a tougher collective stance. Singapore, which has long sought to play a bridging role among China, Southeast Asian claimants, and the United States, remains reluctant to assume an overly critical stance vis-à-vis Beijing. Divisions within ASEAN have only invited further incursions by China in the South China Sea—and countermoves by the United States—threatening ASEAN centrality. Concerned that leaving Chinese claims unchallenged will set a troubling precedent, Washington has undertaken several FONOPS and doubled down on its security commitments to the Philippines, which filed the case against China in Permanent Court of Arbitration at The Hague in 2013. If the arbitral tribunal rules that China’s so-called “nine-dash line” has no basis in international law, Beijing could react defiantly, accelerating its land reclamation and declaring an air defense identification zone over the South China Sea (as it did over the East China Sea in 2013). Such moves could increase the likelihood of a clash between China and the Philippines, raising the specter of a broader regional conflagration involving the United States. 2. The reputational cost of not approving the Trans-Pacific Partnership (TPP) would be extremely high for the United States, since many Southeast Asian policymakers regard the trade deal as a symbol of U.S. commitment to the region. A pillar of the U.S. rebalance to Asia is the Trans-Pacific Partnership, an ambitious free-trade agreement encompassing twelve major economies along the Pacific Rim, including ASEAN members Brunei, Malaysia, Singapore, and Vietnam. Although the ultimate economic benefits of the agreement for Southeast Asia are uncertain, the TPP has become symbolic of Washington’s commitment to the region. Given how much political capital Southeast Asian participants have invested in the agreement’s success, its rejection by Congress will carry high reputational costs to the United States, reinforcing the widespread perception that its commitment to Southeast Asia is waning. Beijing is well-positioned economically to profit from this scenario. Beyond championing the Regional Comprehensive Economic Partnership—a trade agreement encompassing all ten ASEAN members plus Australia, China, India, Japan, New Zealand, and South Korea—Chinese President Xi Jinping has personally spearheaded the One Belt, One Road initiative, which aims to channel hundreds of billions of dollars into infrastructure projects spanning Eurasia. President Xi has also overseen the launch of the Asian Infrastructure Investment Bank, a new regional development bank that many regard as a rival to the U.S.-dominated World Bank and the Japan-dominated Asian Development Bank. 3. Southeast Asian borders are porous, and Southeast Asian states’ capacity to police the illicit flow of goods and people—including terrorists—across them presents governance and security challenges. Assistance from Washington and Beijing could help close these gaps. Many of Southeast Asia’s security challenges are transnational, thanks to the region’s intricate network of land and maritime borders. A number of governments struggle to manage the cross-border flow of terrorists, migrants, illicit goods, and victims of human trafficking. The regional terrorist threat has grown acute recently due to the advent of the self-declared Islamic State, its sophisticated propaganda, and its aggressive use of social media for recruitment. Hundreds of fighters from Indonesia, Malaysia, Singapore, and other Southeast Asian nations have traveled to the Middle East to join the Islamic State and other jihadist groups. The January 2016 terrorist attacks in Jakarta, though modest in scope, evince the desire of Islamic State affiliates to launch attacks in the region itself. There is an obvious opportunity for ASEAN, the United States, and China to cooperate on counterterrorism, since the Islamic State and its ilk provides them with a common enemy. When providing capacity-building assistance, however, the United States and China must not unwittingly exacerbate weak local governance. Worse still, the threat of Islamic State terrorism has already compelled some Southeast Asian governments to further entrench draconian counterterrorism laws, which are counterproductive for human rights and governance. 4. Rather than choose between the United States and China, ASEAN members should wield their collective influence to constrain the U.S.-China rivalry through regional rules and institutions, and to channel competition toward productive ends. ASEAN should not only maintain its “strategic autonomy” amid U.S.-China competition, but also leverage its centrality in efforts to steer Washington and Beijing away from confrontation. To realize these objectives, ASEAN needs bold ideas and reinvigorated leadership. ASEAN might start by rethinking its commitment to “egalitarian multilateralism”—the notion that all members are on equal footing—since the absence of decisive leadership within the group will only invite China or the United States to fill the power vacuum. In practice as opposed to rhetoric, ASEAN has always been hierarchical, as might be expected given the yawning economic gap between its most developed (Singapore and Brunei) and least developed (Laos and Myanmar) members. For ASEAN, the imminent ruling of the arbitral tribunal is a double-edged sword. It could offer an opportunity for the group to demonstrate unity in the face of great power competition. Or, if its members fail to adopt a common position on the court’s ruling, its fissures could deepen. How ASEAN responds to the ruling, and whether it proves capable of navigating a potentially defiant Chinese response, could determine the course of regional peace and security for years to come. To learn more, read the full report: “Southeast Asian Perspectives on U.S.-China Competition”

Tyler Falish is an intern for the Council on Foreign Relations Africa Studies program, and a student in Fordham University’s Graduate Program in International Political Economy & Development. On April 29, ten of the fifteen UN Security Council members voted to renew the mandate for the United Nations Mission for the Referendum in Western Sahara (MINURSO), one day before its expiration. Prior to the vote, Angola, a non-permanent member, requested an informal, confidential Security Council meeting held outside the Security Council room, to allow Joaquim Chissano, Special Envoy of the African Union (AU) for the Western Sahara, to brief the council. NGOs were barred from attending and no translation services were provided. Morocco, which is the only African country without AU membership and considers the AU biased toward the Sahrawi Arab Democratic Republic (SADR), opposed the meeting with Chissano on the grounds that the UN is the sole intergovernmental organization legitimately involved in the issue. Angola—along with Russia and New Zealand—ultimately abstained from the vote, while Venezuela and Uruguay voted in opposition. Despite continued U.S. support for Morocco’s plan for autonomy for Western Sahara, Rabat has expressed displeasure with the U.S. role in the resolution. Apparently, the first draft, for which the U.S. was responsible, contained considerably stronger language than the resolution that was ultimately passed. As passed, Resolution 2285 pushed lightly on Rabat to allow MINURSO to be restored to full-strength, and calls on UN Secretary-General Ban Ki-moon to report back within ninety days on the matter. However, Morocco has called the decision to remove support for the peacekeeping mission “irreversible.” Previous to the April 29 vote, the Polisario Front—the Sahrawi national liberation movement—made it clear that restoring MINURSO (which, even with the resolution, is far from a certainty) is necessary but not sufficient to maintain peace in the region. Short of a Security Council-approved timeline for a referendum—including the option for self-determination—the resurgence of war remains a possibility. Following Polisario Front military maneuvers in the “liberated territories” on April 23, Sahrawi Defense Minister Abdelah Lehbib asserted their forces have “the necessary human and material resources to counter any escalation” from Morocco. As a necessary compromise, the UN pushed lightly on Rabat to allow for the full restoration of MINURSO. Morocco has thus far shown no intention of doing so, and maintains that it will not consider a referendum that includes independence as an option. The Polisario Front has warned of war in the absence of at least a viable plan for a referendum including an option for an independent Western Sahara, an effort that has made little progress since 1991. Both Morocco and SADR are pursuing ‘corner solutions’ in Western Sahara: the former from a position of strength; the latter from the point of desperation. The refugee camps in Tindouf, having recently entered their fifth decade, could in theory exist in perpetuity, and remain a telling scar on the face of the UN and the AU, not to mention a North African tinderbox. At present, however, nothing is likely to happen until the secretary-general’s report comes due, at which point the Security Council will revisit the issue.

Greenpeace’s disclosure of negotiating documents concerning the proposed Transatlantic Trade and Investment Partnership (TTIP) agreement between the United States and the European Union (EU) has renewed controversies about TTIP specifically and trade agreements generally. Although the released documents do not cover all issues under negotiation or include the negotiating text on electronic commerce, the leaks highlight factors that spell trouble for the goal of modernizing international trade law for the digital age. The need to adapt international trade law to support and foster e-commerce has been apparent for some time, and countries began including e-commerce provisions in bilateral and regional trade agreements and working on digital trade issues within the World Trade Organization (WTO). With WTO efforts not making progress, the proposed Trans-Pacific Partnership (TPP) agreement and TTIP offered better opportunities for crafting new international trade law for e-commerce. Indeed, the Obama administration argued TPP’s e-commerce chapter promised to link “some of the world’s most sophisticated Internet economies with rapidly growing developing nations across four continents” through “the most ambitious trade policy ever designed for the Internet and electronic commerce.” In TTIP negotiations, the United States and the EU have tabled proposals on electronic communications/telecommunications services and e-commerce. Greenpeace posted the consolidated negotiating text for electronic communications/telecommunication services, an important area but distinct from e-commerce. The TTIP leak did not include the consolidated text on e-commerce, so it is not possible to compare what the United States and the EU are discussing with the TPP’s e-commerce provisions. At present, only the EU has made its e-commerce proposals public. One document Greenpeace released—an EU note on the “Tactical State of Play of the TTIP Negotiations” from March 2016—described the e-commerce talks as covering “all proposals except for the provisions on data flows and computing facilities,” addressing non-discriminatory treatment of digital products (except audio-visual services), and considering EU proposals on e-trust and e-authentication services and on the prohibition of requirements for prior authorization for online services. The EU note also mentioned negotiations concerning conformity assessment principles for information and communication technology products that use encryption, with the TPP text as the basis of these discussions. On this issue, the EU stressed “the sensitivities of Member States, which are competent in this area and which would not like to see its right to regulate curtailed in a security-related area.” The EU note briefly described ongoing work among the negotiators on other digital trade issues, including e-labeling, e-accessibility, and e-health. In its criticisms of the disclosed documents, Greenpeace did not address e-commerce issues and emphasized its belief that the EU and U.S. positions in the TTIP negotiations threaten the ability of governments to protect health and the environment from corporate interests. However, unlike the TPP negotiations, the TTIP talks have unfolded in the midst of contentious transatlantic digital relations. The European Court of Justice struck down the U.S.-EU Safe Harbor agreement as incompatible with EU privacy rules in 2015. The United States and the EU then concluded the Privacy Shield agreement in February 2016 in a new attempt to calibrate EU privacy protections with EU-U.S. data flows, but privacy experts from EU member states raised serious concerns about Privacy Shield in April 2016. Actions by EU competition law authorities against U.S. technology companies, such as Google, have also agitated transatlantic digital relations. These privacy and competition law problems between the EU and the United States do not constitute insurmountable obstacles to progress in TTIP negotiations on e-commerce issues. But, TTIP negotiations, including on competition law issues, will not resolve these problems, which are more significant politically and economically than differences the United States and the EU have over what TTIP’s e-commerce provisions should include. The TTIP leaks by Greenpeace threaten the contributions TTIP could produce in the area of e-commerce by making TTIP more controversial, especially in Europe, and could undermine the prospects the United States and the EU can complete the agreement before President Obama leaves office. The negotiating texts Greenpeace disclosed suggest the United States and the EU have much work to do on many issues in a period of time that is now worryingly short and saturated with controversies. In addition, with all leading U.S. presidential candidates railing against trade agreements, congressional approval of TPP and a completed TTIP before the Obama administration ends is increasingly unlikely. No matter who it is, the winner of the presidential election will not enter office with the desire or mandate to pursue TPP, TTIP, or other trade agreements. In this context, leadership on developing international trade law to support and expand e-commerce will not come from the United States. Unfortunately, should this come to pass, the world economy will have bigger problems on its hands than missed opportunities on e-commerce.