From the Snowden Affair to Sovereign AI: The Fragmenting Internet and the Future of Data Sovereignty

Isn’t it incredible to think of a cabinet holding all the world’s information? Brad Smith, chairman of Microsoft, compared the cloud to this very ‘digital filing cabinet.’ But it’s not just an old cabinet stacking files. It’s like a massive heart driving the global economy, society, and each of our lives.

The core theme running through his book Tools and Weapons is the duality of technology. It can be an incredible tool that propels humanity forward, yet at the next moment, it can become a terrifying weapon that threatens and divides society. Facing the enormous waves of AI and cloud computing, we stand at a historic turning point. This is why new rules suited to this new era have become urgently necessary.

“If your technology has changed the world, you also have a responsibility to help people adapt to that world.”

This statement is a weighty declaration thrown at Silicon Valley, which often only shouts about ‘disruptive innovation.’ Now, let’s dive into the complex story surrounding this ‘cabinet of the world.’

Part 1: Borderless Data vs. Territorial Laws: The Clash of Sovereignty

The Beginning of Everything: Snowden and the Collapse of Trust

In 2013, everything changed. The name Edward Snowden, a contractor for the U.S. National Security Agency (NSA), shattered the rosy illusion of a ‘borderless cloud’ in an instant. The documents he leaked were shocking: the U.S. government was peering into the data of people worldwide through domestic big tech servers as if it were their own living room.

This incident shook global trust in U.S. tech companies to the core. People began asking, “Where is my data now, and who can see it?” The cloud industry, which had operated on the invisible asset of ’trust,’ entered an era of verification and control. At this point, the concept of Data Sovereignty emerged at the heart of global politics.

Claiming the Role of ‘Custodian’ of Our Data

With trust broken, tech companies including Microsoft had to adopt a new philosophy called ‘Data Custodianship’ to survive. Just as banks safeguard our money, cloud companies declared their duty to protect customers’ data not only from hacking but also from undue government interference.

The data owner is not the service company but solely the customer, and the company is merely a custodian entrusted with safe keeping. This was more than legal defense—it was a desperate business strategy to regain customers’ trust in an age of distrust.

The Trial of the Century: U.S. Government vs. Microsoft

The role of ‘data custodian’ was immediately tested in court. The U.S. Department of Justice demanded Microsoft hand over emails stored in its data center in Dublin, Ireland.

• U.S. Government: “Microsoft is a U.S. company and must comply with our laws.”
• Microsoft: “The data is on Irish soil, so Irish and EU laws apply.”

This long battle was a direct clash between borderless digital services and outdated laws tied to specific territories. Ultimately, this case led to the 2018 enactment of the CLOUD Act by the U.S. Congress. It clearly showed that tech companies have become complex ‘digital diplomats’ who sometimes must fight their own governments to protect global customers’ rights.

Part 2: The Fragmenting Internet and the Birth of New Markets

The collapse of trust and legal uncertainty ignited global demands for Data Localization. The once unified internet began fracturing along geopolitical lines, deepening the phenomenon known as the ‘Splinternet.’

• 🇪🇺 European Model (Rights First!): Protects personal privacy as a human right through GDPR.
• 🇨🇳 Chinese Model (State-Centric!): Controls data flow completely via the Data Security Law (DSL).
• 🇮🇳 Indian Model (Somewhere In Between): Seeks balance between personal rights and national development with the Digital Personal Data Protection Act (DPDPA).

Turning Crisis into Opportunity: The Rise of Sovereign Cloud

Global cloud providers turned this challenge into an opportunity by creating premium services called ‘Sovereign Cloud’ that comply with each country’s strict regulations. This was a sophisticated business strategy to package sovereignty as a product and sell it at a premium. They pioneered a new market from the crisis of geopolitical fragmentation.

The New Battlefield of Sovereignty: Sovereign AI

The advent of generative AI has expanded the concept of sovereignty to cover every stage of AI development. Countries are pursuing ‘Sovereign AI’ strategies to control AI ecosystems that align with their own laws and cultures.

However, a serious ‘paradox of sovereignty’ lurks here. Essential resources for cutting-edge AI model development, like Nvidia GPUs, are monopolized by a few U.S. companies. Nations calling for digital independence face the dilemma of having to rely on foreign platforms they once saw as threats to their sovereignty.

Conclusion: We Need a New Social Contract

At the end of the path traced through Tools and Weapons, we reach one conclusion: the questions raised by cloud and AI cannot be solved by any single company or nation alone. To bridge the gap between the speed of technology and the slower pace of laws and institutions, a new social contract involving all of us is essential.

1. Greater Responsibility from Tech Companies: They must proactively consider and take responsibility for the social side effects of technology.
2. Intelligent Government Regulation: Wisdom is needed to protect citizens without stifling innovation.
3. Cross-Border Cooperation: International norms to protect civilians in cyberspace—namely a ‘Digital Geneva Convention’—are urgently needed.

Closing the gap between the speed of technology and law is a critical challenge for our generation. Ensuring that the cloud—the world’s cabinet—remains a tool for shared prosperity rather than a weapon of division is a responsibility we all share.