Geopolitics, jurisdiction and surveillance

The rise of digital information communication technology has major implications for how states wield coercive power beyond their territorial borders through the extraterritorial geographies of data flows. In examining the geopolitics of data, transnational surveillance, and jurisdiction, this collection makes a significant contribution to the field of global internet governance. It shows how the internet is a forum for geopolitical struggle with states weaponising jurisdiction and exerting power beyond their own borders directly, and via infrastructures owned and operated by transnational technology companies. These dynamics challenge existing conceptual and theoretical categories of contemporary law across the fields of international relations, criminology, and digital media, and raise urgent questions about if and how individual rights can be protected in an era of ubiquitous transnational surveillance conducted by private companies and governments alike.


INTRODUCTION
With this special issue we offer critical commentary and analysis of the geopolitics of data, transnational surveillance and jurisdiction, and reflect upon the question of if and how individual rights can be protected in an era of ubiquitous transnational surveillance conducted by private companies and governments alike. The internet provides a number of challenges, and opportunities, for exercising power, and regulating, extraterritorially to the sovereign nation Geopolitics, jurisdiction and surveillance Internet Policy Review | http://policyreview.info 3 September 2020 | Volume 9 | Issue 3 state. These practices are shaped and influenced by geopolitical relations between states.
Certainly, the trans-jurisdictional nature of the internet means that the legal geographies of the contemporary digital world require rethinking, especially in light of calls for a more sophisticated and nuanced approach to understanding sovereignty to govern, and also protecting individual rights in the electronic age (Johnson & Post, 1996;Goldsmith & Wu, 2006;Brenner, 2009;Hilderbrandt, 2013;Svantesson, 2013;2017;DeNardis, 2014). These issues raise a host of additional contemporary and historical questions about attempts by the US to exert power over extraterritorial conduct in various fields including crime, intellectual property, surveillance and national security (see e.g., Bauman et al., 2014;Boister, 2015;Schiller, 2011 further new dimensions to the rule of law and also self-or co-regulation (see for example Goldsmith & Wu, 2006;DeNardis & Hackl, 2015;Brown & Marsden, 2013;Daly, 2016).
The idea for this special issue emerged from a workshop that we co-convened in 2016 in which we sought to explore a range of questions: the impact of domestic and international cybercrime, data protection and intellectual property laws on sovereignty and extraterritoriality; the geopolitical impacts of domestic and international surveillance and cybercrime laws such as the

Council of Europe's Convention on Cybercrime (Budapest Convention), the recent United States
Clarifying Lawful Overseas Use of Data (CLOUD) Act and other lawful access regimes including European Union e-Evidence proposals; the application of due process requirements in the contemporary policing of digital spaces; the objectives of justice in the study of private governance in online environments; and the implications of these transnational developments for current and future policy and regulation of online activities and spaces.
Since 2016, we have witnessed striking developments in the geopolitical and geoeconomic relationships between states, global technology companies, their transnational surveillance practices, and corresponding governance frameworks. In particular, the rise of China and the globalisation of its internet industry is a major development in this time, along with the Trump presidency in the US and the ensuing trade war (Daly, in press Safe Harbour agreement in 2015) with significant ramifications for the transfer of the data of EU citizens to the US as a consequence of the US' extensive state surveillance, and insufficient safeguards protecting privacy. The exact impacts that this decision will have for transborder data transfers are yet to be fully understood, but will undoubtedly be significant. At the same time, the US is negotiating executive agreements under its Clarifying Lawful Overseas Use of Data (CLOUD) Act that allow for authorised states to access the content of communications held by US technology companies without prior judicial authorisation, and for the US to compel US technology companies to provide access to data stored extraterritorially to the US jurisdiction (as per the initial Microsoft case rendered moot by the introduction of the CLOUD Act, see further Warren, 2015;Svantesson, 2017;Mann & Warren, 2018;Mulligan, 2018).
This all comes at a time when nations, and indeed regions, are asserting their "digital sovereignty" through data localisation initiatives that limit transborder data flows, as witnessed recently with France and Germany enacting their plans for European digital sovereignty (ANSSI, n.d.) and the corresponding launch of the GAIA-X cloud computing project (GAIA-X, n.d.) that creates a European data infrastructure independent of both China and the US.
China has also started asserting itself legally beyond its territorial borders. Hong Kong's new controversial National Security Law includes provisions which criminalise secession, subversion, terrorism, and collusion with foreign powers and via Art 38, purports to apply to non-HK permanent residents committing these offences even if they are based in other countries. In addition, Art 43 enables the Hong Kong Police Force when investigating national security crimes to direct service providers to remove content and provide other assistance. How these provisions will be applied to Hong Kong's transnational internet (which to date has included both Chinese and Western internet companies and services including some which are banned in mainland China) remains unclear, some US-based companies such as Facebook and Twitter have already announced their suspension of compliance with data requests from the Hong Kong authorities (Liao, 2020).
Taken together, these most recent developments highlight the significance of the geopolitical and geoeconomic dimensions of data, private-public surveillance interests, and associated impacts for human rights and international trade. They also demonstrate that extraterritoriality is no longer just a feature of US internet law and policy and equally that national sovereignty is no longer just a feature of Chinese internet law and policy.
These dimensions become more relevant with the concurrent reinforcement of physical borders amid a new global crisis brought by the COVID-19 pandemic that also has significant implications for cross-border information sharing and data storage e.g., immunity passports, contact tracing applications with data stored on the cloud (see Taylor et al., 2020). Certainly, expanded surveillance and information collection by states and private companies have proven to be central to the global response to bio(in)security created by the pandemic, with significant extraterritorial implications (Privacy International, 2020). For example, one of the main criticisms leveled at the Australian COVIDSafe contact tracing application was that Amazon was contracted to host the contact tracing information on its web services (AWS), with the potential for the US to access the data via the US technology company. In response, and like Germany and France, the Australian government is considering the development of a "sovereign cloud" for the storage of Australia's data (Besser & Welch, 2020;Sadler, 2020 (Daly, in press), yet simultaneously cement their infrastructural power (Veale, 2020).

MAIN CONTRIBUTIONS TO THIS SPECIAL ISSUE
With these brief introductory remarks in mind, we Huawei and geopolitical struggle' (Cartwright, 2020) shows how the US has exploited the international market dominance of US-based internet companies to internationalise its own state power through surveillance programmes. Using Huawei as a case study, Cartwright also examines how Chinese companies threaten the dominance of US companies as well as the geopolitical power of the US state, and in response, how the US has sought to shrink the 'geoeconomic space' available to Huawei by using its firms, such as Google, to disrupt Huawei's supply chains. The analysis demonstrates how states may use internet companies to exercise power and authority beyond their borders. Extraterritorial exercise of power by non-state actors is explored further in 'Public and private just wars: distributed cyber deterrence based on Vitoria and Grotius' (Thumfart, 2020). In Johannes Thumfart's contribution, the role of nonstate actors in cyber attacks are considered from the perspective of just war theory. He argues that private and public cyber deterrence capacities form a system of distributed deterrence that is preferential to state-based deterrence alone.
In While the US, due to historical reasons as the birthplace of the internet and the de facto international hegemon in the 1990s/2000s, has been the focus for private and public extensions of political and economic power via the internet, the increasing multipolarity of the world and its impact on technology law and policy is impacting upon the relationship between jurisdiction and power online, as can be seen through this collection's contributions. The EU has been gaining prominence as a 'regulatory superpower' especially since the introduction of the GDPR,

Geopolitics, jurisdiction and surveillance
Internet Policy Review | http://policyreview.info 7 September 2020 | Volume 9 | Issue 3 and the emergence of China as a global internet player is now also apparent through the globalisation of its internet services and the extraterritorial reach of the new Hong Kong National Security Law. Increasing attention ought to be paid to such developments beyond the US and EU, particularly from BRICS countries, and how these interact with, and impact upon, global internet governance and internet law and policy with the West too.